South Africa’s personal information law in force soon

Speaking at the CPDP conference in Brussels today, Sizwe Snail, Commissioner at South Africa’s Information Regulator said that the 2013 Protection of Personal Information Act will now finally enter into force in the second quarter of 2020. The regulator has been established for three years and consists of five members, who enforce both data protection and freedom of information.

The CPDP panel on BRICS countries (Brazil, Russia, India, China and South Africa) discussed international harmonisation of data protection networks. Bruno Gencarelli, Head of International Data Flows and Protection Unit at the European Commission said that unlike in many other areas, within privacy, convergence is real and happening. Data protection is no longer seen as a European obsession, he said. We try to develop a system that is open to data flows, and that is why we are keen to work even more intensively with countries (seeking adequacy).

Professor Luca Belli of Rio Law School in Brazil said that all of the BRICS countries apart from Russia have included the possibility of adequacy decisions in their data protection frameworks.

Brazil’s privacy law will be in force in August 2020, and the supervisory authority is being appointed, perhaps already in February. An unofficial English translation of the law is now available at

The CPDP conference continues tomorrow. Read more about it in the next PL&B International Report and follow @LauraLinkomies on Twitter.