Electronic Theses and Dissertations (Masters)

Permanent URI for this collectionhttps://hdl.handle.net/10539/37939

Browse

Filters

2022 - 20243

Settings

Subject: search.filters.subject.POPIA

Search Results

Now showing 1 - 3 of 3
  • Thumbnail Image
    Item
    Artificial intelligence and automated decision making under the GDPR and the POPIA
    (University of the Witwatersrand, Johannesburg, 2024) Goldman, Gavin David; Zitzke, E.
    This analysis considers the concepts of AI and machine learning and examines their reliance on the processing of personal data and the challenges this poses from a data- privacy and human-rights perspective, particularly in relation to profiling. It evaluates the effectiveness of the General Data Protection Regulation (GDPR) and the Promotion of Personal Information Act 4 of 2013 (POPIA) in regulating Automated Decision Making (ADM) and considers the limitations of the right to an explanation under these provisions. The analysis proposes that the current framework of the GDPR and POPIA does not clearly address the issue of explainability and that the focus should shift to providing a data subject with a counterfactual to give practical effect to this right which would better serve data subjects
  • Thumbnail Image
    Item
    Protecting South African Employees' Special Personal Information Against Data Breaches
    (University of the Witwatersrand, Johannesburg, 2024) Mampa, Kgothatso Lesetja Simon
    The widespread use of computers and acceleration of online activity have increased the importance of personal information in modern society. Processing personal information has become an indispensable part of daily life. The (mis)management of personal information in the employment context is particularly concerning because employers also process special personal information (SPI). This research report considers the legal treatment of processing SPI in the world of work in South Africa by identifying and evaluating those provisions of POPIA that could offer employees protection in the event of a data breach. Furthermore, the research examines the effectiveness of those provisions against predetermined criteria in order to establish whether the provisions provide direct employee protection, create an opportunity for the responsible independent authority, namely the Information Regulator (IR), to include protective conditions in respect of processing employee SPI; and whether the provisions eliminate or limit threats to breaches of employee SPI. Sheburi v Railway Safety Regulator is the only known POPIA related case and it is referenced to highlight the ease with which POPIA provisions can be misinterpreted in practice. The case also demonstrates the fallibility of the consent requirement and supports the argument that employees need reinforced protection against the ever-looming threat of data breaches. The key finding of this study is that POPIA was not specifically designed to render full protection to employees in the event of a data breach. However, some of the existing provisions in POPIA render some level of protection. The research concludes by suggesting possible ways to improve the legal protection of employee SPI and ultimately calls for specific regulation of employee SPI in the context of data breaches.
  • Thumbnail Image
    Item
    The protection of personal information act: a critique through the lens of libertarian legal theory
    (University of the Witwatersrand, Johannesburg, 2022-10-31) Meyer, Jonathan Alan; Zitzke, Emile
    This paper offers a critical analysis of the Protection of Personal Information Act 4 of 2013 (POPIA) and its impact on freedom of trade, occupation and profession (freedom of trade) as found under s 22 of the Bill of Rights in the Constitution of the Republic of South Africa, 1996 (the Constitution) from a libertarian legal theory perspective. Owing to a lacuna in South African law, the provisions of POPIA that seem to impede free trade will probably not result in an unconstitutional infringementof the section 22 right. Those provisions in POPIA that restrict free trade may nevertheless be critiqued from the perspective of libertarian legal theory. More specifically, libertarian legal theory’s rejection of over-regulation. In this research report, the ultimate finding is that the cardinal issue with POPIA is that, paradoxically, and despite POPIA’s proclamation to promote a free-flow of information in balancing such purpose with the Constitutional right to privacy found under s 14 of the Constitution, POPIA serves to limit, over- restrictively, the free flow of information between businesses and business, and businesses and natural persons. The research report conducts a cursory analysis of the right of freedom of trade and investigates certain important provisions of POPIA through a libertarian-legal lens. There are three weaknesses in POPIA that are identified in this research report. Firstly, POPIA has a negative impact on trade because both natural and juristic persons receive data protection in terms of th e Act, whereas in jurisdictions where the GDPR operates, only natural persons receive such protection. It will be shown how this aspect of POPIA is potentially overly onerous on businesses. Secondly, the security requirements under POPIA are not only unreasonably onerous on, and expensive for, companies, to implement, but they are cumbersome, contradictory and vague. It will be shown how this could negatively affect free trade. Thirdly, POPIA’s sections dealing with civil liability are too far- reaching in their consequences of business, while also providing for defences to responsible parties which are prejudicial to data subjects. This amounts to an over- regulation, which is antithetical to libertarian legal theory