First published in the Daily Maverick 168 weekly newspaper.
Government’s proposed data policy in which the government will become co-owner of all data generated in SA has come under withering fire from local and foreign legal and digital experts.
SA’s Draft National Policy on Data and Cloud, released on 1 April 2021, seeks to put government at the heart of data control, ownership and distribution in SA, proposing a data policy that is massively more state-centric than the global norm.
The policy is ostensibly designed to secure national data and establish rules associated with what has become one of the world’s most valuable resources. But the nationalistic and government-centric aspects of the policy proposal are gradually being recognised locally and internationally, with varying degrees of concern.
Yet it is also acknowledged, even by critics of the policy proposal, that aspects of the policy are welcome, particularly proposals about extending provision of government data. In addition, the concerns about data privacy and security are internationally recognised.
But, outside of those issues, opinions diverge dramatically, with commentators widely seeking clarity on what the very broad and general statements made in the policy document actually mean.
By far the most concerning is the stipulation that, “All data generated from South African natural resources shall be co-owned by government and the private sector participant/s whose private funds were used to generate such”.
The policy says a copy of this data would be stored in a new, government-centric institution called the High-Performance Computing and Data Processing Centre. Furthermore, the policy document says that “to ensure ownership and control: data generated in South Africa shall be the property of South Africa, regardless of where the technology company is domiciled. Government shall act as a trustee for all government data generated within the borders of South Africa.”
According to Boston-based data consultancy Xalam, the policy overall is “one of the most dispiriting statements of intent on cloud services we have seen in emerging markets in some time. If its core tenets were translated into formal regulation, South Africa’s proposed cloud policy would considerably dampen the outlook for an otherwise thriving cloud market, with a materially adverse impact on Africa’s broader cloud services opportunity.”
Although the document does not specifically say that the government will have access to private data, commentators are worried about what “co-ownership” might mean legally. It at least opens the possibility that the government would have the right to snoop on enormous quantities of private information.
Bowmans partner Livia Dyer says usually co-ownership would entail access rights. There is also the question of whether the government could exploit this data commercially if the policy were enacted. “We need a lot more information about what this means. One’s kneejerk reaction is to say this does not sound right, but maybe with more clarity we could understand the intention better.”
The most obvious legal problems with government assuming co-ownership of data produced in SA are privacy issues and intellectual property rights. The fundamental approach of most governments around the world has been to focus on individual rights and seek to enforce those rights, said Dyer. The approach of the government’s data policy proposal is primarily to enhance the state’s rights.
In its response to the gazetted document, Xalam says the proposed policy offers a stark window into how South African public authorities – some of them, at least – see the cloud.
“Cloud services are viewed as a potential threat to the country’s sovereignty and digital inclusion when, better harnessed, they can be precisely the opposite. The draft policy is less about how to make South Africa harness cloud services and infrastructure to drive inclusive growth; it is mostly a defensive screed that seeks, after the fact, to put government at the centre of the cloud services ecosystem.”
The document also takes a distinctly Russian approach to data storage, stipulating that, although data may be kept outside SA, a copy has to be kept in SA for law enforcement purposes. This is very different from the European Union’s General Data Protection Regulation, which focuses on the security of data wherever it is stored.
The proposal is also distinctly anti-private-sector and anti-foreign, questioning market dominance and the proportion of SA data stored in foreign countries by foreign-owned companies. But it also does endorse measures to enhance foreign investment in data centres.
The document mirrors an international concern about the prospect of large, hyperscale companies that dominate the processing and storage of data. But, unlike the social network business, which is dominated by Facebook, and the search engine business, which is dominated by Google, data storage happens to be one of the most competitive markets in the digital space.
Apart from the big three – Amazon, Google, and Microsoft – literally hundreds of local players are currently present in the SA market. Partly, this is because data storage services are often associated with particularly digital software utilities.
The document does not appear to appreciate the specifics of the digital market in SA. On the contrary, Xalam says, the policy remedies are “inconsistent with public pronouncements of ushering [in] the fourth industrial revolution in South Africa.
“It is also a perfect instrument to scare off companies grappling with the decision to migrate their workloads to the cloud and global cloud providers looking to develop locally based cloud nodes.” DM168
This story first appeared in our weekly Daily Maverick 168 newspaper which is available for free to Pick n Pay Smart Shoppers at these Pick n Pay stores.
The 2016 Rio Olympic medals are already showing defects including rusting and chipping.
Daily Maverick © All rights reserved