Electronic Theses and Dissertations (Masters)

Permanent URI for this collectionhttps://hdl.handle.net/10539/37939

Browse

Filters

20242

Settings

Subject: search.filters.subject.GDPR

Search Results

Now showing 1 - 2 of 2
  • Thumbnail Image
    Item
    Artificial intelligence and automated decision making under the GDPR and the POPIA
    (University of the Witwatersrand, Johannesburg, 2024) Goldman, Gavin David; Zitzke, E.
    This analysis considers the concepts of AI and machine learning and examines their reliance on the processing of personal data and the challenges this poses from a data- privacy and human-rights perspective, particularly in relation to profiling. It evaluates the effectiveness of the General Data Protection Regulation (GDPR) and the Promotion of Personal Information Act 4 of 2013 (POPIA) in regulating Automated Decision Making (ADM) and considers the limitations of the right to an explanation under these provisions. The analysis proposes that the current framework of the GDPR and POPIA does not clearly address the issue of explainability and that the focus should shift to providing a data subject with a counterfactual to give practical effect to this right which would better serve data subjects
  • Thumbnail Image
    Item
    Protecting South African Employees' Special Personal Information Against Data Breaches
    (University of the Witwatersrand, Johannesburg, 2024) Mampa, Kgothatso Lesetja Simon
    The widespread use of computers and acceleration of online activity have increased the importance of personal information in modern society. Processing personal information has become an indispensable part of daily life. The (mis)management of personal information in the employment context is particularly concerning because employers also process special personal information (SPI). This research report considers the legal treatment of processing SPI in the world of work in South Africa by identifying and evaluating those provisions of POPIA that could offer employees protection in the event of a data breach. Furthermore, the research examines the effectiveness of those provisions against predetermined criteria in order to establish whether the provisions provide direct employee protection, create an opportunity for the responsible independent authority, namely the Information Regulator (IR), to include protective conditions in respect of processing employee SPI; and whether the provisions eliminate or limit threats to breaches of employee SPI. Sheburi v Railway Safety Regulator is the only known POPIA related case and it is referenced to highlight the ease with which POPIA provisions can be misinterpreted in practice. The case also demonstrates the fallibility of the consent requirement and supports the argument that employees need reinforced protection against the ever-looming threat of data breaches. The key finding of this study is that POPIA was not specifically designed to render full protection to employees in the event of a data breach. However, some of the existing provisions in POPIA render some level of protection. The research concludes by suggesting possible ways to improve the legal protection of employee SPI and ultimately calls for specific regulation of employee SPI in the context of data breaches.