There are several issues that the information regulator is aiming to address this year. Still, the two key priorities are addressing concerns around AI and automated decisions and regulating cross-border transfers of personal information. 

  1. AI and automated decision-making:  international data protection agencies are worried about large language models used in AI that process vast amounts of personal and general data. South Africa’s current legislation lacks provisions for situations where automated decisions are made without human oversight. The information regulator monitors proposed international legislation on AI regulation but hasn’t formed its own opinion yet. 
  2. Regulating cross-border transfers of personal information: The information regulator prefers a model similar to the EU’s GDPR, which uses adequacy determinations to assess data protection levels in other countries. The GDPR framework doesn’t offer the information regulator enough power to make these adequacy findings. The information regulator is developing a guidance note for entities doing cross-border transfers, including recommending appropriate measures based on existing laws.