Definitions pertaining to consent, children, blocking and aspects relating to exclusions, appeal periods and fines were raised, debated and addressed. The new proposed Data Protection Regulations in the EU were also thrown in the mix but it was agreed amongst participants that such proposed measures should only be used as a guidance and not as a reason to make new changes to the Bill.
One aspect that stood out was a slight amendment to the application of the Bill in chapter 2 section 3.
In the previous version, section 3(1)(b)(i) read that the proposed Act is applicable to a Responsible Party where the Responsible Party is domiciled in the Republic.
Now it states that: where the Responsible Party is domiciled in the Republic AND the information is processed in the Republic.
Although this little insertion might seem insignificant, it could still prove to have negative consequences for data subjects whose personal information are processed in the so-called CLOUD or beyond the Republic's borders.
BUT, with that being said, it might be a fair presumption to state that with the current definition of "responsible party" referring to inter alia "...alone or in conjunction with others..." and with the definition of "processing" being so wide, it would be difficult for Responsible Parties in South Africa to escape the application of the proposed Act irrespective of where they might think or assume processing takes place.
Only time will tell and various matters such as the above pertaining to Cloud Computing, including jurisdiction, might still come to haunt legislators, not only here, but across the globe.
To access a copy of the latest version of the Bill, please click here to download.