News Archives

Sunday, February 26, 2017

Implementation of POPI Proceeds in South Africa

Progress in the implementation of South Africa’s Protection of Personal Information Act, passed in 2013, continues, albeit at a slow pace.  The supervisory authority, known as the Information Regulator, has finally been established and funded, and recently launched its dedicated website.  On February 13, during a briefing in Cape Town, the Regulator announced that work on implementing regulations for POPI (or POPIA, as it calls the Act) was underway, with a goal of introducing them to the Parliament in six months or so and then setting a POPI commencement date that would occur before the end of 2017. Recognizing that this may be an ambitious schedule, the Regulator indicated that the commencement date might be sometime in 2018.  Given the one-year grace period that follows the commencement period, POPI is unlikely to come into effect until 2019 or even 2020.

Tempting as it may be to conclude that development of data protection and other laws moves more slowly in Africa than elsewhere, it is worth remembering that the first consultation on the reform of the EU Data Protection Directive was held in 2009.  The outcome of the reform process, the General Data Protection Regulation, will come into effect in May 2018, some nine years later. And how long has an update to the Electronic Communications Privacy Act (ECPA) been pending in the U.S.?  Time may indeed move more slowly in Africa, but you wouldn’t necessarily know this from the history of POPI.  

No comments:

Post a Comment