The rapid advancement of artificial intelligence (AI) is seeing South Africa’s Information Regulator (InfoReg) starting to pave the way to help local firms ethically use the emerging technology for the protection of personal information.
This was the word from Alison Tilley, member of the InfoReg, speaking at the recent annual stakeholder engagement session. The event aimed to discuss the InfoReg's operational functions, challenges and opportunities, and future plans.
Responding to questions from the audience, Tilley highlighted the importance of developing a framework that will govern emerging technologies, such as AI, which has created much discussion around its opportunities and dangers.
Regulators across the globe are increasingly focused on developing frameworks for AI, or expanding their existing policies to safeguard citizens, while ensuring they take advantage of the full potential of AI.
“There are new things that we didn't really see coming our way and I think that AI is one of them. AI and data protection go to together like a horse and carriage. We are going to be drawn in to make sure AI treats people with dignity. And that is going to be a new area for us to work in.
“The regulator’s view around AI has shifted a little, given the international and local developments around AI. Regulators, in the same way as state protection authorities, are being asked to step up and scrutinise the way in which personal information is being used, in order to generate AI models and decisions.
“The POPIA [Protection of Personal Information Act] tried to anticipate this to some extent, by stipulating that if companies are taking automation-based decision-making, there has to be a human being in the loop. But that’s only one element of it.”
The other element, she explained, is implementing this and continuing to look at other sections of the data protection law, to ensure it adequately deals with the complex risks posed by emerging technologies.
“As a data protection authority, we are going to engage with the question of AI and how to make sure that when people’s personal information and decisions are made, that it is used in a way that is consistent with the POPIA.
“This is something that we are going to have to pay more and more attention to. We've been taking notes. We do have plans and they are in a great deal of detail. We can't pivot quickly to new things; we have to constantly make sure the work we are doing is relevant and is as fresh as it possibly can be.”
The InfoReg is mandated to ensure organisations put in place measures to protect the data privacy of South Africans under the POPIA.
As organisations across the globe race to rollout AI systems, there are growing concerns over the potential risks of AI-based technologies, relating to infringement of user rights, copyright protection and manipulation.
Italy previously banned ChatGPT due to data protection concerns, and other countries – including China, Iran, North Korea, Eswatini, Russia, Syria and Cuba − have also been reported to have restricted or blocked its access, according to Telangana Today.
The InfoReg’s office has been conducting high-profile investigations relating to the Promotion of Access to Information Act and POPIA complaints received over the past year.
From 1 April 2024, to date, the information watchdog says it has received “an alarming” 2 023 complaints from the public, specifically relating to data security compromises and mishandling of personal information.
Another 1 092 complaints have been lodged against direct marketing, gated complexes and local organisations that have allegedly failed to comply with the requirements of the POPIA.
“There are a lot of exciting new areas that we are having to find our feet in. One of the things that we really have to wrestle with, is that when we make an order, how do we make sure that order is enforced?
“This is something that we are going to have to pay more and more attention to. We've talked about law reform and we've had some experience with these laws and some of the things we have to do. We are starting to see where the gaps are, and law reform is something that is going to be front and centre for us.”
Last week, the InfoReg announced it had established an online portal for reporting data breaches. As part of moving away from reporting via e-mail, the data privacy enforcer set up a new Security Compromises Reporting functionality on its eServices portal.
It urged public and private bodies to report data breaches via the online system.
Share