Donrich Thaldar ^*

• University of KwaZulu-Natal, Durban, South Africa

A clear legal and data management framework is crucial for protecting privacy and upholding ethical standards in health research. This collection includes several articles addressing these aspects, presenting actionable insights for researchers, institutions, and policymakers. The Anatomy of a Data Transfer Agreement for Health Research by Lee Swales et al. provides a comprehensive guide to creating data transfer agreements (DTAs) that align with data protection legislation, such as POPIA.This article underscores the importance of detailed DTA provisions that protect both data privacy and the legal interests of institutions when sharing sensitive research data. The research presented in this article formed the foundation for a freely accessible DTA template that was developed for the South African research community (Swales et al., 2023;Thaldar et al., 2024a;Thaldar et al., 2024b Thaldar et al. (2022) that explored the various legal dimensions of genetic data under South African law-including privacy, ownership, and intellectual property rights-but go further by advocating for a decolonial approach to health research governance, urging the NHREC to empower local research institutions by acknowledging their ownership of the data that they collect and generate. In The Human Genome as the Common Heritage of Humanity and Regulating Human Genomic Research in Africa: Why a Human Rights Approach Is a More Promising Conceptual Framework than Genomic Sovereignty, Faith Kabata and Donrich Thaldar examine two approaches to human genomic data as forms of public property, highlighting their practical and ethical implications.The "common heritage" model views the human genome-often represented by the human reference genome-as a shared asset that belongs to all of humanity. This concept, grounded in international human rights, aims to protect genomic data from privatisation by framing it as an international public good, freely accessible for scientific advancement and collaboration. The focus is on global inclusivity, with genomic resources managed for the collective benefit of humanity.In contrast, the genomic sovereignty model shifts from a global perspective to a national or community-based one, claiming that genomic data is the exclusive property of specific groups or nations. This approach, driven by concerns over resource exploitation and national interests, empowers countries or population groups to assert control over their genetic resources, restricting external access to protect local interests. The genomic sovereignty model, however, has been criticised for limiting international collaboration.Kabata and Thaldar propose that a human rights-based framework offers a more balanced and ethical pathway. This approach respects individuals' rights to benefit from scientific advancements while allowing for private ownership of genomic data. In Does Data Protection Law in South Africa Apply to Pseudonymised Data?, Donrich Thaldar examines whether pseudonymised datasets fall under POPIA in South Africa, arguing that identifiability-and therefore POPIA's applicability-depends on the specific context of the party handling the data. By interpreting POPIA's exclusions clause and research exception through established South African legal principles, Thaldar concludes that identifiability should be assessed contextually: A dataset remains personal information for a provider retaining both the pseudonymised and linking datasets, but becomes non-personal for a recipient without access to linking data. This approach balances privacy protection with data-sharing flexibility, enabling responsible, context-sensitive data management in health research. Thaldar's insights are particularly valuable as South African institutions navigate complex privacy demands, highlighting the need for legal clarity in an evolving research environment. Adding depth to AI governance, Meshandren Naidoo's What Does It Mean to Be an Agent? proposes a practical framework for assessing AI agency, focusing on empirical characteristics rather than abstract notions like consciousness. This grading system provides a structured, adaptable model for regulating AI, considering both legal accountability and suitability for specific research contexts. Naidoo's The Open Ontology and Information Society further frames AI governance within a broad ethical and legal structure, proposing a qualitative analysis of information to inform regulatory approaches. These articles lay a groundwork for legally and ethically responsible AI governance in African healthcare, ensuring that AI serves the public good within a framework of accountability and participant protection. Together, these articles provide a comprehensive guide to advancing data governance in African health research. Each contribution demonstrates a commitment to addressing Africa's unique challenges, from privacy laws and consent frameworks to policy guidance and AI governance. This collection offers insights that will help shape Africa's health research landscape in a way that respects individual rights, supports responsible innovation, and aligns with evolving ethical and legal standards.The future of data governance in African health research is a complex, rapidly evolving field, but with a foundation rooted in law and ethics, African researchers and policymakers are well-positioned to navigate it with confidence.