Legal updates and opinions
Search Author
When a misdirected email becomes a data breach: The Information Regulator issues an enforcement notice on internal and accidental security compromises
by Armand Swart, Director, Hlonelwa Lutuli, Associate and Isabella Keeves, Candidate Attorney On 22 May 2026, South Africa’s Information Regulator served an enforcement notice on the [...]
Renting out your home? The Consumer Protection Act does not apply to you says Supreme Court of Appeal
In the judgment of Els v Venter and Another (449/2024) [2025] ZASCA 163 (27 October 2025), the Supreme Court of Appeal ("SCA") clarified the application of [...]
Mind the Conduct: A Guide to COFI – Part 4: Principles and Conduct Requirements
by Hilah Laskov, Director Introduction In this article series, we take a deep dive into the South African Conduct of Financial Institutions (COFI) Bill - a [...]
Leave to Appeal Refused, but Questions Remain: The Matric Results Privacy Dispute and the Meaning of Personal Information under POPIA
by: Armand Swart, Director and Isabella Keeves, Candidate Attorney On 3 June 2026, the Gauteng High Court refused the Information Regulator's application for leave to appeal [...]
Mind the Conduct: A Guide to COFI – Part 3: Consumer Protection and Transparency
by Hilah Laskov, Director Introduction In this article series, we take a deep dive into the South African Conduct of Financial Institutions (COFI) Bill - a [...]
Mind the Conduct: A Guide to COFI – Part 2: Licensing
by Hilah Laskov, Director Introduction In this article series, we take a deep dive into the South African Conduct of Financial Institutions (COFI) Bill - a [...]
Mind the Conduct: A Guide to COFI – Part 1: Purpose and Application
by Hilah Laskov, Director In this article series, we take a deep dive into the South African Conduct of Financial Institutions (COFI) Bill — a major [...]
Your customer consented to direct marketing – but can you still contact them after they have registered on the National Opt-Out Registry?
by Tebogo Sibidla, Director Many businesses assume that once a customer has consented to direct marketing, they may continue contacting that customer unless the consent is [...]
Do not call me I’ll call you …… South Africa’s 2026 CPA Amendment Regulations: operationalising the national opt‑out regime for direct marketing and shifting day‑to‑day anti‑spam responsibility to the National Consumer Commission
by Ahmore Burger-Smidt, Director and Head of Regulatory The Consumer Protection Act Amendment Regulations, 2026 deliver the long‑awaited operational framework for South Africa’s statutory opt‑out regime [...]
The AI Governance Stack and South Africa’s Draft National AI Policy: An Operational Gap in Search of a Framework
by Ahmore Burger-Smidt, Director and Head of Regulatory Author's Note I am presently reading Noah M Kenney's Governing Intelligence: Law, Privacy, Security, and Compliance,[1] and it [...]
Speak now or forever hold your peace. The draft AI policy has been published and parties have 60 days to comment
by Ahmore Burger-Smidt, Director and Head of Regulatory On 10 April 2026, South Africa's Department of Communications and Digital Technologies published its Draft National Artificial Intelligence [...]
Cracking Down or Catching Up? South Africa’s Approach to Crypto Regulation: Part 4 – Exchange Control Update
by Deon Griessel, Director, Armand Swart, Director, Hlonelwa Lutuli, Associate and Khanyisa Tshoba, Associate In our previous article published on 28 October 2025, we identified the [...]
NCR Throws a Lifeline to Consumers Required to Pay Premiums for Mandatory Credit Life Insurance
by Dylan Cunard, Director and Brendan Olivier, Director In a much-needed victory for hard-pressed consumers, the National Credit Regulator ("NCR") has recently published a non-binding opinion [...]
CCTV Footage: What the Information Regulator’s Draft Code Means for Surveillance Governance
by Ahmore Burger-Smidt, Director and Head of Regulatory We are rapidly entering the age of no privacy, where everyone is open to surveillance at all times; where there [...]
Part 2: The “One-Shot” Pre-Merger Consultation in South Africa. Preparation, Risk, and the Question no-one is asking
by Ahmore Burger-Smidt, Director and Head of Regulatory Confidentiality and gun-jumping - the tension at the heart of the process The one-shot design of the pre-merger [...]
Celebrating International Data Privacy Day: “12 years of POPIA – what next?”
by Tebogo Sibidla, Director On 28 January 2026, the global community celebrated International Data Privacy Day. This year, its commemoration landed in a world where privacy [...]
Unpacking the Significant Proposed Changes to the “Generic” Codes of Good Practice (“Codes”) on Broad-Based Black Economic Empowerment (“BBBEE”)
by Pieter Steyn - Director The Codes set out the methodology for calculating a firm's BBBEE rating. Significant changes have been proposed to cater for [...]
Global developments in gambling, betting and e-sports regulation: Lessons for South Africa
by Tebogo Sibidla, Director Like many other sectors of the economy that rely on technology, online gambling, gaming and betting have grown much faster than lawmakers [...]
The Road Ahead: The SCA Gives Green Light to Vehicle Lenders “On the Road Fees” Under the NCA – Subject to Strict Disclosure Requirements
by Armand Swart, Director In a recent judgment, the Supreme Court of Appeal ("SCA") considered if, in terms of the National Credit Act No 34 of [...]
Cracking Down or Catching Up? South Africa’s Approach to Crypto Regulation: Part 2 – Financial Services and FICA
Crypto assets ("crypto") exist in a unique regulatory space. Unlike traditional currency, crypto is not issued by central banks. Crypto can however be used in similar [...]
The Consequences of Lessons not Learnt – A Cautionary POPIA Tale
by Dakalo Singo, Director & Head of Pro Bono and Ahmore Burger-Smidt, Director & Head of Regulatory “All men make mistakes, but a good man yields [...]
Back to the Future: What data protection developments were there in 2024, and what lessons should SA businesses take into 2025 and beyond?
2024 was a big year for data protection in South Africa. The Information Regulator issued various enforcement notices and published draft regulations and guidance notes. There [...]
Privacy. Who is looking after the children?
As we celebrate International Privacy Day on 28 January 2025, we are called to look inward and ask how the Protection of Personal Information Act, 2013 [...]
Hey POPIA, is the publication of a person’s HIV status, positive or negative?
The right to privacy and the rights of public figures came before the court in the case of Tshabalala-Msimang versus Makhanya[1]. In this case, the Sunday [...]
Error 404 – when facial recognition does not see you – a tale of how R1, R2 and R7 wages were paid for a week’s work
Since its inception, facial recognition technology has been regarded as the future for security, safety, technology and innovation.[1] Indeed, the possibilities that arise from the usage [...]
