Follow: Email

There has been a substantial increase in the use of the Internet across the African continent, aided by ongoing investment into local digital infrastructure, reduction in the associated costs, and improved user access. This has allowed both individuals, and private and public entities, the ability to access, collect, process and/or disseminate personal data more easily, which has spurred a number of African countries to enact comprehensive data protection laws and establish data protection authorities. There is also a growing perception among African countries that there is a need to protect their citizen’s personal data, to regulate how public and private entities use personal data, and to establish data protection authorities tasked with enforcing these laws.

While countries like Kenya, Rwanda and South Africa now have comprehensive data protection laws, which share some elements found in the European Union’s General Data Protection Regulation (“GDPR”), many of the proposed data protection laws have specific rules that are different from those in other countries in Africa. Consequently, technology companies conducting business in Africa will be required to keep abreast of the evolving regulatory landscape as it relates to data protection on the continent.
Continue Reading Tech Regulation in Africa: Recently Enacted Data Protection Laws

If there is a silver lining to most crises, the accelerated move toward digitized commerce globally and in Africa may be one positive outcome of the COVID-enforced lockdown. It is welcome news there that the South African Minister of Communications and Digital Technologies (“Minister”) published the Draft National Data and Cloud Policy (in Government Gazette no. 44389) (“Draft Policy”) for public comment. The Draft Policy seeks to create an enabling environment for the provision of data and cloud services in an effort to move “towards a data intensive and data driven South Africa” that ensures social and economic development and inclusivity. The Draft Policy affects a few key areas, which we briefly highlight below.

The objectives of the Draft Policy are to:

  • Encourage universal access to broadband connectivity, along with access to data and cloud services;
  • Eliminate regulatory barriers and enable competition in the data and cloud sector;
  • Implement effective measures to ensure the security of cloud infrastructure;
  • Create institutional mechanisms to govern data and cloud services;
  • Support the development of small, medium, and micro enterprises (“SMMEs”);
  • Promote research, innovation, and technological developments in relation to cloud;
  • Increase the government’s capacity to deliver relevant data and cloud-based services to the public;
  • Promote data sovereignty and security with respect to South African data; and
  • Encourage alignment with the Fourth Industrial Revolution (“4IR”), the OECD Framework and standards adopted by the European Union.

Draft Policy proposal relating to digital infrastructure

The Draft Policy recognizes that digital transformation in South Africa relies upon further developing electronic communication networks, mobile communication networks, and cloud and data infrastructure services in the country.

In relation to universal access and service delivery obligations, the Draft Policy recommends a government-backed digital platform and for all South African citizens to be provided with an online identity in order to receive services more easily.

The Draft Policy discusses the need for a Wireless Open Access Network (“WOAN”) “to extend the digital infrastructure footprint and services” across the country. The Draft Policy also refers to various measures to ensure the deployment of electronic communication infrastructure, which will help to bridge the digital divide by ensuring universal access to cloud and data infrastructure services for all South Africans.

The Draft Policy also proposes that existing networks of state-owned enterprises, such as Sentech and Broadband Infraco, be consolidated to form a State Digital Infrastructure Company (“SDIC”), which will provide network connectivity for the State.
Continue Reading Overview of South Africa’s Draft National Data and Cloud Policy

In Episode 12 of our Inside Privacy Audiocast, together with special guest Advocate Pansy Tlakula, Chairperson of the Information Regulator of South Africa, we discussed the Information Regulator’s mandate, and the implementation of data protection legislation in South Africa.  Now, with less than a month to go before South Africa’s Protection of Personal Information Act, 2013 (“POPIA”) is set to go into full effect on July 1, 2021, it is critical for organizations operating in South Africa to ensure that they are ready if and when the Information Regulator comes knocking.

It is only when organizations start their POPIA journey that they realize just how wide the POPIA net is cast, and that very few businesses fall outside of its reach.  The road to POPIA compliance should be viewed as a marathon, and not a sprint.  While implementing and maintaining an effective POPIA compliance program will take continued effort and resources well beyond the July 1, 2021 go-live date, here we outline five steps to which companies subject to POPIA should give their attention in the short term.
Continue Reading Final Countdown to POPIA Compliance – Five Critical Steps to Take Before July 1st, 2021

Can African governments head off a sustained spike in the spread of COVID-19 and recover economically in 2021? How will the Biden administration engage the continent? Will companies implement more effective due diligence efforts in their supply chains to prevent human rights abuses? What impact will efforts to battle corruption and mitigate climate change have in the coming year? Covington’s Africa Practice offers insights on these questions and other key issues that will define 2021 on the continent.

COVID-19 Recovery: Since Africa confirmed its first COVID-19 case in February 2020, every country has been affected, leading to over 100 million cases and two million deaths. The World Health Organization applauded African governments for their swift responses which curtailed wide-spread infections but contributed to the region’s first economic recession in twenty-five years. Over the last month, Africa has been hit hard by a second wave of COVID-19. Daily case rates have increased to almost twice the rates in July and August 2020, prompting South Africa, among other nations, to re-impose severe measures aimed at preventing deaths.
Continue Reading Top Issues to Watch in Africa: 2021

On June 22, 2020, the South African President announced that certain provisions of POPIA would take effect on July 1, provisions which most regard as essential to the statute, such as those imposing conditions on the lawful processing of personal information, procedures for handling complaints, and general enforcement provisions. Only days later, the South African

South Africa Eases COVID-19 Restrictions

On September 16, 2020, President Cyril Ramaphosa announced that South Africa would move from Alert Level 2 to Alert Level 1 of Risk Adjusted Strategy as of midnight on September 20, 2020. This is in part in response to the relatively low levels of infections and the government led interventions to combat the spread of COVID-19. While South Africa has confirmed over 650,000 infections and has suffered 15,000 deaths, recent data illustrates that the number of new cases has substantially decreased—from nearly 14,000 new daily cases on July 24, 2020 at its peak, to just 1,555 new cases on September 20.

This announcement comes a few days after the Minister of Cooperative Governance and Traditional Affairs (COGTA) announced the extension of the national state of disaster from 15 September 2020 to 15 October 2020, as published in Government Gazette 43713. The reason for the extension of the national state of disaster is to grant government the authority required to continue updating existing legislation and contingency arrangements undertaken to address the impact of the pandemic.
Continue Reading South Africa Eases COVID-19 Restrictions

President Cyril Ramaphosa announced on June 22, 2020, that certain sections of the Protection of Personal Information Act, 2013 (Act 4 of 2013) (“POPIA”) would become effective on July 1, 2020.  POPIA gives effect to the right to privacy in section 14 of the Constitution of the Republic of South Africa, 1996 (Act 108 of 1996).  POPIA will impact all responsible parties that collect, store, process and / or disseminate personal information as part of their business activities.  POPIA defines a responsible party as “a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information”.  The commencement of these essential provisions contained in POPIA, now position South Africa in line with global best practice on data protection and privacy.  The commencement of POPIA signifies a great advance for the South African data protection and privacy legal landscape.
Continue Reading An Update on South Africa’s 2013 Protection of Personal Information Act

On June 17, 2020 South African President Cyril Ramaphosa announced government’s intention to further ease the lockdown restrictions imposed due to COVID-19, allowing more industries to re-open fully under stringent health and safety protocols. This announcement comes two weeks after the government de-escalated the country from Alert Level 4 to Alert Level 3 pursuant to

Following the declaration of the National State of Disaster on March 15, 2020, a number of regulations have been enacted to contain and minimise the spread of COVID-19 in South Africa. On June 2, 2020, Judge Norman Davis of the South African High Court found the regulations issued in terms of section 27 of the