Regulating Data and Cloud by Takeover

South Africa’s draft National Policy on Data and the Cloud is an interesting document. I am especially suspicious when governments use lofty words, and this document claims that the South African government is seeking to govern and improve privacy, competition and trade, cybersecurity measures, localisation and cross border data transfer, governance and institutional mechanisms, skills, research, innovation and human capacity development!

The policy then goes on to state:

Government shall act as a trustee for all government data generated within the borders of South Africa. All research data shall be governed by the Research Big Data Strategy of the Department of Science and Innovation (DSI). All data generated from South African natural resources shall be co-owned by government and the private sector participant/s whose private funds were used to generate such.

Great, so the government will be the trustee but in some cases, if you are the one who whipped out your cheque book to generate this data, you can have a seat at the table. It seems to be some sort of appropriation of data rights. Commenting on the difficulty of implementing this policy, the law firm of Werksmans rightly observes:

What is of particular concern with the draft policy is that it does not take cognisance of the fact the internet is borderless and consequently, laws that try to own and regionalise data would inevitably be defective

….additionally, to the extent that government is in fact empowered to take ownership of all data generated in South Africa, this could fly in the face of intellectual property rights – which rights specifically protect and enforce the rights of the creators and owners of inventions, writing, music and other works

If regulations are to be effective, authorities must not just write directives (presumably for ‘our own good’) and push them through. Doing so leads to confusion, rules that cannot be implemented and suspicion that the government is not up to any good.

Joseph Nderitu
Joseph Nderitu
Joseph Nderitu is a director at Integrated Risk Services Ltd and specializes in revenue assurance. He previously worked as Head of Revenue Assurance and Fraud Management at Vodacom's operation in Tanzania, having previously served in the same role at Vodacom Mozambique.

Before his work with Vodacom, Joseph was an internal audit manager for Airtel, with responsibility that covered their 17 countries in Africa. Whilst at Airtel, Joseph led reviews of the Revenue Assurance, Customer Service and Sales & Marketing functions.

Prior to his stint at Airtel, Joseph was an RA manager at Safaricom in Kenya. He holds an MSc Degree in Information Systems.