Addressing The Gaps In The Data Protection, Privacy And Surveillance Legislation 5.1.7. Imposition of additional obligations on data controllers The Cyber and Data Protection Act should impose additional duties on data controllers and processors about conducting risk assessments where fundamental rights and freedoms are at stake, preparing standard and adequate privacy policies, and conducting data protection by design and by default. 5.1.8. Tightening of the obligations of data controllers and adoption of international cooperation mechanisms with regards to cross-border transfer The scope of considerations that a data controller must consider in assessing the adequacy of the level of protection afforded by a third party for purposes of cross-border data transfer in the Cyber and Data Protection Act should be broadened to expressly include the rule of law, respect for human rights and fundamental freedoms, and case law, among other factors. Further, the Act should provide for mutual legal assistance and multilateral and bilateral treaties as a mechanism of international cooperation in enforcing data subject rights in relation to cross-border data transfers. 5.1.9. Provision of civil remedies in favour of data subjects The Cyber and Data Protection Act should expressly recognise and codify civil remedies that entitle data subjects to receive compensation from a data controller or processor for financial or emotional damage suffered because of infringement of the Act. 5.2. Surveillance Legislation 5.2.1. Definition of key terms The Interception of Communications Act should include a definition of the term monitoring to guard against abuse of surveillance powers by delineating what the authorities should and should not do while monitoring communications. 5.2.2. Adoption of judicial oversight The Interception of Communications Act and the Postal and Telecommunications Act should require that decisions related to authorising the interception of communications be made by a competent, impartial, and independent judicial authority. 5.2.3. Adoption of safeguards in respect of the handling of intercepted communications The Interception of Communications Act and the Postal and Telecommunications Act should stipulate the proper procedure to be adopted when authorities are examining, copying, sharing, sorting through, using, destroying and/or storing intercepted communication. 16 www.misa.org