RIA’s Senka Hadzic in webinar covering BRICS digital policies updates

RIA research associate, Dr. Senka Hadzic, participated in a CyberBrics webinar covering recent digital policy updates amongst BRICS nations. You can watch the webinar in the You Tube video above. Her presentation starts at 43: 10. Find a rough transcript of her input below.

Senka talked about two policy developments in South Africa, viz., ICASA’s spectrum release auction and South Africa’s Protection of Personal Information Act (POPIA).

With respect to spectrum, after postponing the spectrum auction several times, ICASA failed to meet their own deadline on the 30th of June 2020. Presently, its plan is to publish the invitation to apply (ITA) for both high demand spectrum as well as Wholesale Open Access Network (WOAN) by the end of this month. This time, the delay was impacted by prioritizing the release of COVID-19 emergency spectrum in April this year, with the idea to provide relief to incumbent operators to meet increased broadband demand.

Research ICT Africa was critical of this move for favouring incumbent operators and not using it as an opportunity to encourage innovation as well as address the issue of digital inclusion because around 50% of the population in South Africa is offline. In fact one of the dominant players who received the emergency spectrum, used this allocation to launch 5G services. This happened in major Metropolitan areas, so those who will benefit from it are existing customers without the likelihood of bringing more people online.

The free temporary spectrum will be closed at the end of November be placed on auction. According to the Minister of Communications, the WOAN is still a priority. Government does recognize that there are over 400 players in the country who hold electronic communication service licenses, but they are not able to access spectrum. The fact that no new spectrum has been allocated to operators in the past 14 years is one of the biggest obstacles to reducing data prices in South Africa. We are hoping to see some changes and price reductions in 2021 after the auction and hopefully bring more people online.

With respect to the POPIA, she reported that in late June the Souht Africa’s President announced that more sections of the Act would come into force as of 1 July–and due to the very wide definition of the term “personal information”, the commencement of the Act will have far reaching applications.

Concerning data breaches, that term generally refers to the access or acquisition of personal information by unauthorized persons. According to the Act, where a data breach appears, there is an obligation of the responsible party to report the breach to the Information Regulator and to the affected data subject.

Lately there have been quite a few data breaches in South Africa and a major one took place in August when the South African branch of the consumer credit reporting bureau, Experian, disclosed a data breach, which compromised the personal information of 24 million South Africans. This number was not disclosed by Experian itself, but reported by the South African Banking Risk Centre, which is an anti-fraud and banking non-profit organization.

Following this incident, Experian stated that the authorities, including the Information Regulator and other major stakeholders were notified. However the Information Regulator then issued a media statement disputing this, noting that they were not even notified by Experian as to whether or not affected data subjects had been notified of the security compromise. This is notwithstanding the fact that Experian have not fully complied with notification requirements. So the regulator would have to follow up, in this regard, because the Act clearly states modifications must be made as soon as reasonably possible after the discovery of a compromise.

However the information regulator only received the report from Experian, and this is only one of four major data breaches in South Africa this year. In the last four months, the Information Regulator has recorded 25 data breaches. So data breaches are increasingly becoming a serious issue being witnessed in all BRICS countries.