If there is a silver lining to most crises, the accelerated move toward digitized commerce globally and in Africa may be one positive outcome of the COVID-enforced lockdown. It is welcome news there that the South African Minister of Communications and Digital Technologies (“Minister”) published the Draft National Data and Cloud Policy (in Government Gazette no. 44389) (“Draft Policy”) for public comment. The Draft Policy seeks to create an enabling environment for the provision of data and cloud services in an effort to move “towards a data intensive and data driven South Africa” that ensures social and economic development and inclusivity. The Draft Policy affects a few key areas, which we briefly highlight below.

The objectives of the Draft Policy are to:

  • Encourage universal access to broadband connectivity, along with access to data and cloud services;
  • Eliminate regulatory barriers and enable competition in the data and cloud sector;
  • Implement effective measures to ensure the security of cloud infrastructure;
  • Create institutional mechanisms to govern data and cloud services;
  • Support the development of small, medium, and micro enterprises (“SMMEs”);
  • Promote research, innovation, and technological developments in relation to cloud;
  • Increase the government’s capacity to deliver relevant data and cloud-based services to the public;
  • Promote data sovereignty and security with respect to South African data; and
  • Encourage alignment with the Fourth Industrial Revolution (“4IR”), the OECD Framework and standards adopted by the European Union.

Draft Policy proposal relating to digital infrastructure

The Draft Policy recognizes that digital transformation in South Africa relies upon further developing electronic communication networks, mobile communication networks, and cloud and data infrastructure services in the country.

In relation to universal access and service delivery obligations, the Draft Policy recommends a government-backed digital platform and for all South African citizens to be provided with an online identity in order to receive services more easily.

The Draft Policy discusses the need for a Wireless Open Access Network (“WOAN”) “to extend the digital infrastructure footprint and services” across the country. The Draft Policy also refers to various measures to ensure the deployment of electronic communication infrastructure, which will help to bridge the digital divide by ensuring universal access to cloud and data infrastructure services for all South Africans.

The Draft Policy also proposes that existing networks of state-owned enterprises, such as Sentech and Broadband Infraco, be consolidated to form a State Digital Infrastructure Company (“SDIC”), which will provide network connectivity for the State.

Draft Policy proposal relating to cloud computing infrastructure

The Draft Policy also highlights the need to process data using cloud computing infrastructure and makes provision for pliable data storage architecture and the purchase of capacity from cloud service providers.

The Draft Policy highlights the importance of cloud services and their ability to enhance the potential of 4IR technologies (e.g. blockchain, the Internet of Things (“IoT”) and artificial intelligence (“AI”).

In order to leverage the full potential of the South African economy through digital technologies, the Draft Policy proposes that a Digital Transformation Centre (“DTC”) act “as a catalyst to lead Digital South Africa”.

In addition, the Draft Policy proposes the establishment of a High-Performance Computing and Data Processing Centre (“HPCDPC”) for the purpose of managing cloud computing capacity for the State and its functionaries, universities, research centers and South African registered business, and to provide user-on-demand cloud services for the State and its functionaries .

The Draft Policy specifically provides that investment in data centres will be centralised in large metropolitan areas in South Africa, like Gauteng, KwaZulu-Natal and the Western Cape. Further, the Draft Policy proposes supporting local and foreign investment in data and cloud infrastructure and services by establishing a digital or ICT ‘Special Economic Zone’ (“SEZ”).

Draft Policy proposal on data protection, data localization and cross border data transfers

The Draft Policy states that the processing of personal data or personal information, specifically metadata (for example, IP addresses), must be compliant with applicable laws like the Protection of Personal Information Act 4 of 2013 (“POPIA”), the Promotion of Access to Information Act 2 of 2000 (“PAIA”), and international best practice (such as the General Data Protection Regulation (“GDPR”) in the European Union).

There are currently no data localization requirements in South Africa (under POPIA or otherwise). However, the Draft Policy seeks to impose data localization requirements and defines data localization as the “…requirements for the physical storage of data within a country’s national boundaries, although it is sometimes used more broadly to mean any restrictions on cross border data flows”.

On the issue of data localization, the Draft Policy provides inter alia that:

  • Data generated in South Africa shall be the property of South Africa, regardless of where the technology company is domiciled.
  • Ownership and control of personal information and data shall be in line with the POPIA.
  • The Department of Trade, Industry and Competition through the Companies and Intellectual Property Commission (“CIPC”) and the National Intellectual Property Management Office (“NIPMO”) shall develop a policy framework on data generated from intellectual activities including sharing and use of such data.

Draft Policy proposal on cybersecurity measures

The Draft Policy proposes that the Electronic Communications and Transactions Act 25 of 2002 (“ECTA”) be reviewed to align with cybersecurity policy and legislation.

Interestingly, the Draft Policy does not mention the Cybercrimes Act 19 of 2020, which is now an official Act of Parliament. The Cybercrimes Act aims to established a comprehensive cybersecurity framework and provides for the criminalisation of a broad range of cyber-related crimes. The date on which the Cybercrimes Act comes into force is yet to be announced.

Nevertheless, the Draft Policy proposes the establishment of a National Cybersecurity Policy Framework (“NCPF”) which, together with other policies, legislation and international best practice, will provide guidance as to cybersecurity initiatives and measures, and will be reviewed from time to time to ensure that the NCPF is responsive to cybersecurity threats and risks.

In addition, the Draft Policy proposes that the government develop and implement cybersecurity awareness initiatives to educate the public.

Next steps

Upon finalization of the Draft Policy, it will apply to all levels of government (i.e. national, provincial and local authorities); state-owned entities, the private sector (i.e., multi-national entities seeking to invest in the digital infrastructure of South Africa); and the general public.

For further information, please reach out to Witney Schneidman at WSchneidman@cov.com, Deon Govender at DGovender@cov.com, Dan Cooper at DCooper@cov.com, Mosa Mkhize at MMkhize@cov.com or Shivani Naidoo at SNaidoo@cov.com.

 

Print:
EmailTweetLikeLinkedIn
Photo of Witney Schneidman Witney Schneidman

Witney Schneidman has nearly 40 years of experience working across Sub-Saharan Africa.

Drawing on his experience in the State Department, the World Bank, think tanks and his own consulting practice, Dr. Schneidman, a non-lawyer, has advised energy, technology, consumer and health companies, among…

Witney Schneidman has nearly 40 years of experience working across Sub-Saharan Africa.

Drawing on his experience in the State Department, the World Bank, think tanks and his own consulting practice, Dr. Schneidman, a non-lawyer, has advised energy, technology, consumer and health companies, among others, on projects in more than 30 African countries. He has also served as Deputy Assistant Secretary of State for African affairs, and on the Africa advisory committees in the Office of the U.S. Trade Representative and at the U.S. Export-Import Bank.

Dr. Schneidman provides strategic advice on the varied political, economic, social and regulatory issues that are critical to companies’ success in Africa. This includes issues related to Corporate Social Responsibility, compliance, market entry and risk mitigation. He played a leading role in the passage and recent reauthorization of the African Growth and Opportunity Act and was a delegate to the Global Entrepreneurship Summit co-hosted by President Obama during his visit to Kenya.

Dr. Schneidman chairs Covington’s Africa Practice Group and is a senior member of the firm’s Public Policy Practice Group, the International Strategy Group and the International Trade and Finance Group.

Photo of Dan Cooper Dan Cooper

Daniel Cooper heads up the firm’s growing Data Privacy and Cybersecurity practice in London, and counsels clients in the information technology, pharmaceutical research, sports and financial services industries, among others, on European and UK data protection, data retention and freedom of information laws…

Daniel Cooper heads up the firm’s growing Data Privacy and Cybersecurity practice in London, and counsels clients in the information technology, pharmaceutical research, sports and financial services industries, among others, on European and UK data protection, data retention and freedom of information laws, as well as associated information technology and e-commerce laws and regulations. Mr. Cooper also regularly counsels clients with respect to Internet-related liabilities under European and US laws. Mr. Cooper sits on the advisory boards of a number of privacy NGOs, privacy think tanks, and related bodies.

Photo of Deon Govender Deon Govender

Deon Govender focuses his practice on project development and corporate and project finance transactions across Africa, with particular emphasis on southern Africa. His experience ranges from advising on the development and financing of renewable energy and thermal power projects and various other infrastructure…

Deon Govender focuses his practice on project development and corporate and project finance transactions across Africa, with particular emphasis on southern Africa. His experience ranges from advising on the development and financing of renewable energy and thermal power projects and various other infrastructure assets in the transportation and telecommunications sectors. Mr. Govender’s experience additionally includes advising on financing independent power producer projects under the South African government’s Renewable Energy Independent Power Producer Procurement Programme.

Photo of Mosa Mkhize Mosa Mkhize

Mosa Mkhize is a policy advisor in the firm’s Africa Practice Group through which she provides strategic policy and regulatory advice to clients doing business with and across Africa.

Ms. Mkhize, a non-lawyer, has over a decade of experience in international trade and…

Mosa Mkhize is a policy advisor in the firm’s Africa Practice Group through which she provides strategic policy and regulatory advice to clients doing business with and across Africa.

Ms. Mkhize, a non-lawyer, has over a decade of experience in international trade and public policy. During this time, she has supported senior policymakers and private sector companies on a broad range of issues including policymaking and development, negotiating complex international trade deals, and advocating for policies and regulations related to science and technology. In addition to this, Ms. Mkhize’s capabilities include building strategic relationships and coalitions in support of smart technologies. Furthermore, she is currently working with government officials, private corporations, academia, and the general public on facilitating policies in the smart technology space.