SAFETYLIT WEEKLY UPDATE

We compile citations and summaries of about 400 new articles every week.
RSS Feed

HELP: Tutorials | FAQ
CONTACT US: Contact info

Search Results

Journal Article

Citation

Thaldar D. Front. Pharmacol. 2023; 14: e1238749.

Copyright

(Copyright © 2023, Frontiers Media)

DOI

10.3389/fphar.2023.1238749

PMID

38074130

PMCID

PMC10701266

Abstract

The use of pseudonymised datasets is increasingly commonplace as research institutions seek to balance data utility with data security. Yet, a crucial question arises: How does South Africa's Protection of Personal Information Act (POPIA) govern these datasets, especially given their ambiguous state between de-identification and possible re-identification? A thorough examination of POPIA suggests that the determination of whether a pseudonymised dataset is personal information-and thus whether processing the dataset falls within POPIA's purview-must be informed by the specific context of the responsible party in possession of the pseudonymised dataset. When a research institution retains both the pseudonymised dataset and its linking dataset, the pseudonymised dataset remains identifiable and is thus personal information that falls within POPIA's purview. However, when only the pseudonymised dataset-without the linking dataset-is transferred to another entity, it is non-personal information in the hands of such a recipient, thus freeing the recipient from POPIA compliance. Such a delineation offers research institutions greater flexibility in sharing and using pseudonymised datasets. Importantly, because the original provider of the pseudonymised dataset (who has the means to re-identify the dataset) remains governed by POPIA, the privacy rights of data subjects are not undermined.


Language: en

Keywords

South Africa; code of conduct; data protection; POPIA; pseudonymisation; research; transfer

NEW SEARCH


All SafetyLit records are available for automatic download to Zotero & Mendeley
Print