There have been radical developments in various artificial intelligence (AI) models, with ChatGPT being the most prominent. ChatGPT serves as a language-based AI chatbot that uses a set of techniques referred to as deep learning that has continuous learning capabilities. As a result of these revolutionary AI developments, businesses have acknowledged the valuable insights that AI platforms can provide. It facilitates the generation of contracts, marketing content, CVs, articles, essays, and much more. It does so by gathering and processing data sourced from the internet, encompassing large sets of data derived from books, articles, and other online resources. PR de Wet and Jako Fourie, from VDT Attorneys Inc., examine the impact of POPIA on AI developments, with a specific focus on the processing of data by automated means through AI.

Personal data is one of the most sought-after commodities of the 21^st century¹, and as a result, consent has, in recent years, become increasingly prevalent as a codified legal mechanism intended to enable the informational self-determination² of data subjects. Whilst consent is only one of various lawful bases upon which controllers³ can process personal data⁴, consent notices have become ubiquitous. The efficacy of consent as a privacy-preserving mechanism, however, is not so straightforward, as the manner in which it is defined, interpreted, and applied can have a significant impact upon numerous rights that data subjects are afforded under current data protection laws. Alon Lev Alkalay, assisted by Mahir Ahmed and Mudda Sulaiman, from Lighthouse Law, compare and analyse how consent is defined under the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR')⁵ and South Africa's Protection of Personal Information Act, 2013 (Act 4 of 2013) ('POPIA'), as well as what constitutes valid, binding consent.

While cloud services had seen small-scale uptake within South Africa prior to 2020, the national working environment was fundamentally challenged by the onset of lockdown regulations following the COVID-19 pandemic. As staff members were required to stay at home, many organisations were obliged to shift their data onto cloud platforms for staff members to continue working. In many instances, this emergency operational modification did not consider the legislative implications of data migrations and, following the relaxation of lockdown regulations, companies have been forced to consider the risk and compliance aspects of their migration.

In this Insight article, PR De Wet and Davin Olën, from VDT Attorneys Inc., unpack the regulatory position of cloud service providers and organisations making use of cloud services. To shed light on the phenomenon, this article commences with an overview of the most relevant legislative provisions regarding cloud storage facilities, followed by the applicable operational aspects of the regulatory framework.