South Africa's PNR regime: Privacy and data protection

Abstract

There has been an increase in the collection and use of Passenger Name Record (PNR) data for security purposes globally. Though academic analysis of this trend has remained focused largely on the North American and European context, the Government of South Africa has been using PNRs since 2014 for security purposes. South Africa was the first country on the African continent to implement such a regime and is one of only thirteen states internationally to link its Advanced Passenger Information (API) and PNR systems. While there has been little attention on South Africa's use of PNRs, an inquiry into the country's PNR practices reveals striking privacy concerns, including the potential permanent retention of PNR data and a failure of the state to fully disclose if, and under what conditions, PNR data can be shared with other states. While South Africa has implemented a PNR regime that is comparable to the highest international standards, the data protection requirements appear to be far less developed. In fact, South Africa's PNR regime remains enigmatic as all indications and mention of PNR are elusive and scattered across government publications. As such, this paper aims to provide an introduction into the elements of South African PNR use, including the implications as they relate to law, data protection, and privacy.