The regulation of privacy on cloud computing services in terms of the Protection of Personal Information Act 4 of 2013

- Malahleka, Mthuthukisi

Title
The regulation of privacy on cloud computing services in terms of the Protection of Personal Information Act 4 of 2013
Creator
Malahleka, Mthuthukisi
ThesisAdvisor
Mashinini, Nomalanga
Subject
South Africa. Protection of Personal Information Act, 2013
Subject
Cloud computing Law and legislation South Africa
Subject
Data protection Law and legislation South Africa
Subject
Personal information management South Africa
Subject
Data privacy South Africa
Subject
Computer security Law and legislation South Africa
Subject
‎General Data Protection Regulation (GDPR)
Date
2022-04-06
Type
Academic theses
Type
Master's theses
Type
text
Identifier
http://hdl.handle.net/10962/290731
Identifier
vital:56779
Description
There is a relatively new development in Information Technology (IT) space known as cloud computing, software and service delivered remotely through the Internet without installing software on a computer. Cloud computing has quickly gathered steam as one of the most prominent topics in IT, and indeed within the business sector as a whole. Cloud computing is one such development associated with opportunities and benefits, especially in the commercial sector. Due to the development of IT and many businesses adopting e-commerce business-related strategies, cloud computing has revolutionised how personal information is processed. The advent of cloud computing as a mechanism to process personal information has brought many legal challenges for protecting the right to privacy enshrined under section 14 of the South African Constitution, which is a vulnerable part of one’s personality right. The right to privacy has long been protected even before adopting the Constitution under the common law of delict (actio iniuriarumn). As the adoption rate of cloud computing services by businesses continues to increase, the legal considerations and risks become more prevalent. The lawmakers struggle to keep pace with the rapidly changing technological advancements, at least for now. Both the common law and the Constitution could not address all the legal aspects of data protection and the adoption of cloud computing services hence the promulgation of the Protection of Personal Information Act 4 of 2013 (POPI Act). The POPI Act’s main objective is to protect the personal information of both natural and juristic persons. Personal information about an individual forms part of privacy. Unlawful processing of such personal information is a violation of the right to privacy of an individual. It is now widely recognised that the unregulated processing of personal information significantly impacts fundamental human rights like privacy, personality, and autonomy. A close analysis of cloud computing regulation is necessary, as legal protection mechanisms must safeguard the processing of personal information and establish extraterritorial jurisdiction to regulate the use of cloud computing within national legislation as cloud computing provides a transnational characteristic on the cross-border flow of personal information. In this thesis, a question is asked on whether the current data protection laws in South Africa on protecting the right to privacy in the cloud computing services context are adequate. The analysis will determine whether the overlaps between these pieces of data protection laws are competent to deal with the ever-increasing threats on the right to privacy and if they meet the international data protection standards set by the European Union’s General Data Protection Regulation (GDPR). The research seeks to analyse and reveal the shortcomings under the Constitution and the common law that led to adopting the POPI Act by studying the regulation of cloud computing services. This analysis will determine the shortcomings of the POPI Act as well in the context of cloud computing. The research will then follow a comparative analysis of the POPI Act and the GDPR to determine the application of the GDPR on international data breaches and compare its provisions with the POPI Act in the context of cloud computing. Finally, the research will address the question as to whether a multi-faceted approach, which includes a Model Law on cloud computing, would be an appropriate starting point setting out requirements for the use of this technology can be sufficient in protecting data subjects. And as cloud computing risks are not only a national but also a global problem, South Africa needs to look at the option of entering into mutual agreements with other countries and organisations to regulate cloud computing at an international level.
Description
Thesis (LLM) -- Faculty of Law, Law, 2022
Format
computer, online resource, application/pdf, 1 online resource (265 pages), pdf
Publisher
Rhodes University, Faculty of Law, Law
Language
English
Rights
Malahleka, Mthuthukisi
Rights
Use of this resource is governed by the terms and conditions of the Creative Commons "Attribution-NonCommercial-ShareAlike" License (http://creativecommons.org/licenses/by-nc-sa/2.0/)
  • Hits: 1596
  • Visitors: 2118
  • Downloads: 610

Collections

RU Department of Law
Thumbnail File Description Size Format
SOURCE1 MALAHLEKA-ML-TR22-55.pdf 1 MB Adobe Acrobat PDF
  • Disclaimer
  • Privacy
  • Copyright
  • Contact