In South Africa, the definition of a data subject is similar to that of the GDPR, as it relates to a natural person to whom the personal data relate. Under POPIA, this will be extended to legal persons such as companies or other institutions. The party that decides on the purpose and means of the processing of a data subject`s personal data is the responsible party within the meaning of POPIA and the controller within the meaning of the GDPR. The role of an operator in the context of POPIA is to process personal data on the instructions of the controller. This is essentially the same concept as that of a subcontractor under the GDPR. It is regrettable that MTA SA does not provide guidance to the South African research community regarding recommended (or proven) intellectual property provisions. Finally, intellectual property is the currency of the knowledge economy and something that South Africa should manage with caution. In addition, intellectual property and its use are also linked to the compensation of benefits. If the benefits of health research are to be distributed equitably, it would be useful for the SA MTA to propose guidelines on how to guide intellectual property and its use in order to achieve a fair outcome. We propose to develop guidelines on good practices in intellectual property, in consultation with stakeholders.
In its current form, the SA MTA provides that the HREC must sign the MTA last ( paragraph 6.2); and that the MTA takes effect (only) with the signature by the HREC ( paragraph 8).