The The Problem of Trans-Border Information Flows in the Protection of Personal Information

Abstract

Cross-border transfers of personal information have become an important integrant of international trade, global economic activities enabler and a component of digital services driver, however, they are faced with the limitations of cross-border personal information transfers and data localisation laws. Various methodologies are used to process and transfer personal information across the borders such as cloud computing. Cloud computing has grown to include more users across different countries through its transnational characteristics on cross-border personal information transfers and triggers the Protection of Personal Information Act 4 of 2013 (POPIA) application. POPIA seeks to promote and protect personal information when processed by public or private bodies. Personal information also forms part of privacy which is a fundamental right enshrined under section 14 of the Constitution of the Republic of South Africa, 1996. Therefore, the processing of personal information unlawfully across South Africa is a violation of the fundamental right to privacy and the POPIA. A comparative analysis of the provisions of the European Union (EU) General Data Protection Regulation (GDPR) on cross-border data transfers will be used to illustrate the shortcomings of section 72 of the POPIA in the cloud computing context. The GDPR has set a benchmark for international data protection standards and POPIA must comply with those standards if South Africa wants to maintain its status as part of the international information technology market.