Clarifying the legal requirement for cross-border sharing of health data in POPIA: Recommendations on the draft Code of Conduct for Research

Main Article Content

L Abdulrauf
A Adaji
H Ojibara

Abstract





The draft Code of Conduct for Research is an important initiative towards assisting the scientific community in complying with the provisions of the Protection of Personal Information Act 4 of 2013 (POPIA). However, its approach towards cross-border data sharing should be reconsidered to clarify the ambiguities inherent in the legal requirements for the cross-border sharing of health data in the POPIA. These ambiguities include the concept of ‘transfer of information’, the application of adequacy as a legal mechanism for transfer, the nature of consent for cross-border sharing and the scope of the recipient third party. We suggest that the draft Code of Conduct for Research can be improved by:




  • Explaining or defining the concept of ‘transfer of information’ and when it applies to cross-border sharing in research




  • Clarifying the application of adequacy as a legal mechanism for transfer vis-à-vis the other alternatives




  • Expanding on the interpretation and application of consent as a legal mechanism for cross-border transfers




  • Expanding the category of persons who may be recipients of personal information in a third country







Article Details

How to Cite
Clarifying the legal requirement for cross-border sharing of health data in POPIA: Recommendations on the draft Code of Conduct for Research. (2024). South African Journal of Bioethics and Law, 17(1), e1696. https://doi.org/10.7196/sajbl.2024.v17i1.1969
Section
Research Articles

How to Cite

Clarifying the legal requirement for cross-border sharing of health data in POPIA: Recommendations on the draft Code of Conduct for Research. (2024). South African Journal of Bioethics and Law, 17(1), e1696. https://doi.org/10.7196/sajbl.2024.v17i1.1969

References

Townsend B. The lawful sharing of health research data in South Africa and beyond. Inf Commun Technol Law 2022;31(1):17-34. https://doi.org/10.1080/13 600834.2021.1918905

Jervis CEM. International transfers: Johnson v Secretary of State for the Home Department [2020] and diplomatic missions. Int Data Priv Law 2022;12(1):53-62. https://doi.org/10.1093/idpl/ipab026

Academy of Science of South Africa (ASSAf ). Draft Code of Conduct for Research. ASSAf;2022. https://www.assaf.org.za/wp-content/uploads/2022/09/20220923_ ASSAF_Draft-Code_V8.7.pdf (accessed 1 July 2023).

Staunton C, Adams R, Botes M, et al. Enabling the use of health data for research: Developing a POPIA code of conduct for research in South Africa. S Afr J Bioethcs Law 2021;14(1):33-36. https://doi.org/10.7196/SAJBL.2021.v14i1.740

Thalder D. Research and the meaning of ‘public interest’ in POPIA. S Afr J Sci 2022;118(3/4):1-3. http://dx.doi.org/10.17159/sajs.2022/13206

Thalder D, Townsend B. Exempting health research from the consent provisions of POPIA. Potchefstroom Electr Law J 2021;24:1-32. https://doi.org/10.17159/1727- 3781/2021/v24i0a10420

Hallinan D, Bernier A, Cambon-Thomsen A, et al. International transfers of personal data for health research following Schrems II: A problem in need of a solution. Eur J Hum Genet 2021;29:1502-1509. https://doi.org/10.1038/s41431-021-00893-y

BBMRI-ERIC. The Code of Conduct for Health Research. https://www.bbmri-eric. eu/services/the-code-of-conduct-for-health-research/ (accessed 27 October 2022) 9. Adams R, Adeleke F, Anderson D, et al. POPIA Code of Conduct for Research. S Afr

J Sci 2021;117(/6):1-12. https://doi.org/10.17159/sajs.2021/10933

De Stadler E, Hattingh IL, Esselaar P, Boast J. Over-thinking the Protection of

Personal Information Act. Juta (Pty) Limited; 2021. ISBN: 9781485136828.

Maximillian Schrems v. Data Protection Commissioner (C-362/14). EU:C:2015:650. https://curia.europa.eu/juris/document/document.jsf?text=&docid=169195&pa

geIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=5700244

General Data Protection Regulation (EU) 2016/679, European Union.

Bodil Lindqvist (C-101/01). ECLI:EU:C:2003:596. https://eur-lex.europa.eu/legal-

content/EN/TXT/PDF/?uri=CELEX:62001CJ0101&from=EN

Kuner C. Transborder data flows and data privacy law. Oxford: Oxford University Press; 2013. https://doi.org/10.1093/acprof:oso/9780199674619.001.0001 (accessed 1 July 2023).

The Data Protection (General) Regulations, 2021. Kenya. http://161.35.8.237:8080/ wp-content/uploads/2021/06/Data-Protection-General-regulations.pdf

Slokenberga S. Biobanking and data transfer between the EU and Cape Verde, Mauritius, Morocco, Senegal, and Tunisia: Adequacy considerations and Convention 108. Int Data Priv Law 2020;10(2):132-145. https://doi.org/10.1093/idpl/ipaa006

BBMRI-ERIC. A Code of Conduct for Health Research. https://code-of-conduct- for-health-research.eu/

Similar Articles

You may also start an advanced similarity search for this article.

Most read articles by the same author(s)

1 2 3 4 5 6 7 > >>