The Effect of Protection of Personal Information Act No. 4 of 2013 on Research Data Ethics in South Africa

Background

POPIA is based on the OECD privacy principles (OECD) and the General Data Protection Regulation (GDPR) mapping (OECD 2013). The principles are accountability, processing or use limitation, collection limitation, purpose specification, information quality, openness, security safeguards, and data subject contribution or access. The POPIA was enacted to ensure data is protected against unauthorized users. The POPIA is aligned with the Constitution of the Republic of South Africa Act of 1996 to promote privacy rights. The Constitution mentions privacy in its Bill of Human Rights as the basic human rights and dignity of all South African. The bill of Rights is the cornerstone of democracy in South Africa. This shows that part of the Constitution requires the protection of privacy rights. South African universities are required to comply with the POPIA. The Bill of Rights (Chapter 2 of the Constitution) enshrines the rights of all people and affirms the democratic values of human dignity, equality, and freedom. Section 12 (2) (c) specifies the right of the individuals “not to be subjected to medical or scientific experiments without their informed consent”. Section 16 (1) (d) states that individuals have the right to freedom of expression which includes academic freedom and freedom of scientific research. Section 24 refers to the rights of individuals to an environment that is not harmful to their health or well-being, and to have the environment protected for the benefit of present and future generations.

The book chapter highlights areas of universities that need to improve compliance with POPIA. Most research on privacy has not addressed broader compliance on POPIA as the legislation is relatively new in South Africa. Prior research found that research on privacy issues was reactive based on organization functions in South Africa. There is concern about universities' potential ethical violations inherent during the collection and harvesting of student data especially during a digital era where online teaching is a norm (Parsons 2021). Questions related to privacy and ethics in connections to learning analytics have been an ongoing concern since the early days of learning analytics in education (Gasevic, Dawson, & Jovanovic 2016). Issues on privacy and autonomy are at the forefront of ethical concerns. Ethical questions related to ownership of data, access, and sharing of personal information need to be clear from various stakeholders.

Ethical behavior and compliance with POPIA are necessary for South African universities' protection of personal information and privacy. However, it appears that the implementation of POPIA is a challenge in the education sector such as universities. This is so because some universities are not yet developed systems and processes to comply with the POPIA. Hence, It is a world trend for countries to develop a private information to ensure the protection of personal information. Botha, Glober, & Eloff (2017) alluded that enactment of the act was done towards the worldwide tendency to modernize personal information protection.