Skip to main content
NOPE
In Effect Law Data Protection Context Relevance

South Africa POPIA

Protection of Personal Information Act (POPIA)

South Africa's comprehensive data protection law. Section 71 restricts automated decisions. Film and Publications Amendment Act adds chatroom safety duties.

Jurisdiction

South Africa

ZA

Enacted

Nov 19, 2013

Effective

Jul 1, 2021

Enforcement

Information Regulator South Africa

Who Must Comply

This law applies to:

  • Responsible parties processing personal information in South Africa
  • Foreign entities processing SA residents' data

Who bears obligations:

Data ControllerData Processor

Safety Provisions

  • Section 71: Prohibition on decisions based solely on automated processing with legal/significant effects
  • Sections 26-33: Special personal information (health, children) requires explicit consent
  • Section 35: Children's data requires parent/guardian consent
  • Film and Publications Amendment: Chatroom safety; child protection for digital services
  • Mandatory breach notification

Enforcement

Enforced by

Information Regulator South Africa

Penalties

ZAR 10M; criminal (up to 10yr)

Max fine: $10,000,000
Criminal liability(up to 10y)

Up to ZAR 10M (~$550K); up to 10 years imprisonment.

Quick Facts

Binding
Yes
Mental Health Focus
Yes
Child Safety Focus
Yes
Algorithmic Scope
Yes

Why It Matters

Largest African economy; Section 71 applies to AI mental health recommendations. Gateway for African market.

Recent Developments

National AI Policy Framework (Oct 2024) signals future AI legislation. Information Regulator increasingly active.

What You Need to Comply

You need: explicit consent for health AI; parental consent for children; human review for significant automated decisions; breach notification.

NOPE can help

Cite This

APA

South Africa. (2013). Protection of Personal Information Act (POPIA). Retrieved from https://nope.net/regs/za-popia

BibTeX

@misc{za_popia,
  title = {Protection of Personal Information Act (POPIA)},
  author = {South Africa},
  year = {2013},
  url = {https://nope.net/regs/za-popia}
}

Related Regulations

In Effect ZM Data Protection

Zambia DPA

Zambia's comprehensive data protection law with special protections for vulnerable persons and DPIA requirements for high-risk processing.

In Effect BW Data Protection

Botswana DPA

Botswana's modernized data protection law requiring Data Protection Impact Assessment and establishing age 16 for consent.

In Effect SC Data Protection

Seychelles DPA

Seychelles' modern data protection law requiring DPO for large-scale processing and recognizing Cross-Border Privacy Rules certification.

In Effect RW AI Safety

Rwanda AI Policy

First African country to adopt comprehensive national AI policy. Establishes Responsible AI Office (RAIO) under MINICT. Implements RURA ethical guidelines covering beneficence, non-maleficence, autonomy, justice, explicability, transparency. Non-binding framework.

In Effect INTL Child Protection

UNICEF AI for Children

Most specific international guidance on children and AI. Ten requirements for child-centered AI including development/wellbeing support, data/privacy protection, and safety.

In Effect NP AI Safety

Nepal AI Policy

Nepal national AI policy establishing governance framework and development priorities. Creates AI Governance Council (chaired by Minister for Communications and IT), AI Regulation Council, National AI Centre, and AI Regulatory Authority. Six pillars including ethics, human resource development, and sectoral application.

Back to all regulations Check if this applies to you