The MTA SA requires that the distribution of benefits between the supplier and the recipient be «discussed and negotiated» before material can be transferred ( paragraph 7.1). This request is vague: the words «discussed and negotiated» do not mean the same thing as «an agreement.» In fact, the words «discussed and negotiated» do not really require agreement on the distribution of benefits. We propose that the parties to an MTA ensure that they have effectively agreed on the sharing of benefits prior to the signing of the MTA and that they adhere to and integrate their benefit-sharing agreement between the MTA. In the interest of legal security, we propose to amend the SA-MTA to replace «discussed and negotiated» with the term «agreed.» We propose that a fair solution be that the supplier`s jurisdiction is generally the applicable legal system and the place of assessment for all MTA-related disputes, whether through legal proceedings or arbitration. The main reason for this proposal is that it would ensure better access to justice for researchers, since researchers will likely be in the same country as the supplier. In the event that researchers have a direct and material interest in a dispute between a supplier and a recipient, they could join the dispute in their own country and not in a foreign country and with a foreign legal system. However, our proposed solution should not be interpreted as a rigid rule; Parties should have the opportunity to address the Minister (or his delegate) to grant a waiver of the general rule if there is justification. Another important aspect of POPIA, which cannot benefit from any potential exemption or authorization, is its export regulations ( Sections 72, 57). First, a supplier may only transmit personal data to a recipient of a foreign country if there is a legal reason for transfer ( Section 72).
These legal grounds include the consent of the «person concerned» and the fact that the law under the recipient`s jurisdiction or the contract between the supplier and the recipient must provide an «appropriate» level of protection for the processing of personal data ( Section 72). Second, where a supplier in South Africa intends to transmit specific personal data to a recipient of a foreign country that does not offer an «adequate» level of protection, the supplier must obtain prior authorization from the information regulator for the proposed transfer ( Section 57.1(d)).