Ewan Sutherland, ‘The Governance of Data Protection in South Africa’

Data protection is a whole-of-nation problem, encompassing government, business, non-governmental and voluntary organisations that hold personal data, presenting challenges of coordination and engagement. It requires treaties, statutes, regulations, agencies, and information campaigns and must be coordinated with equally complex legislation and policies on cybersecurity. This single country case study of South Africa allows an examination in depth. Its government was surprisingly slow to put in place the statutory and institutional framework, largely because ministers underestimated its importance. Its parliament did not press ministers to act, failed to spot unconstitutionality in the RICA Act and struggled to oversee the intelligence service. While businesses took some steps, under corporate social responsibility (CSR), they have reported surprisingly few data breaches, which must rise with new statutory obligations. There has been little outreach to the voluntary sector to ensure they are compliant. Coordination with cybersecurity institutions and policies appears superficial. International coordination has been weak, especially with the major destinations of outbound data flows: China and the United States. The data protection framework has relied on foreign borrowings, with only limited evidence of commitment or adaptation to national circumstances. Coordination between departments has been limited with ministers seeing few rewards and having other priorities.

Sutherland, Ewan, The Governance of Data Protection in South Africa (September 12, 2021).

First posted 2021-11-05 13:00:07

Leave a Reply