Law About Data Protection in South Africa and Examples
- Featured article by LAWYERS-ONLINE.CO.ZA - June 2019
Everyone knows the struggle of answering the phone and being greeted by an over-eager telemarketer on the other end, and lately even a robotic “HELLO”. Often we are left wondering how these people even got our number, and why they still think you’re an unmarried man when you are clearly a woman. Well, all that will soon come to an end, as South Africa starts to crack down on the protection of data thanks to the Protection of Personal Information Act 2013 known is POPI. This act will repeal The Electronic Communications and Transactions Act, 2002.
Under this act, the processing of personal information will be highly regulated and no longer a free-for-all data selling underground where phone numbers are traded for cash. Under the POPI act, a person’s right to privacy is now enshrined regarding data too. To use a practical example, your phone number may not be distributed without your express permission under the POPI act.
The act came about in order to be in line with the European Union’s General Data Protection Regulation, a set of data and protection laws that were adopted by the European Parliament in 2016. Those businesses with cross-border interests will already be aware of these regulations when dealing with businesses in EU states.
Although POPI is not yet in effect, a regulator as established by the act has already been appointed as per chapter 5 of the act, and both the minister and regulator already have the power of POPIA regulations. However, just because the full act is not yet in effect as of writing this article, it does not mean that businesses and persons should not be making work toward compliance already.
So what will POPI have the most influence on? Well, the act has made provisions for the following:
- Automated decision making
- Direct marketing
- Processing of cross-border flows of data
Under the POPI act, penalties for breaking the law can be up to 10 year’s imprisonment as well as a fine.
But what exactly constitutes the data that will be protected by the POPI act? Let’s take a look at some examples below:
- Information on a person’s education, medical, criminal and employment history
- Identifying data such as email addresses, phone numbers, physical addresses or other online identifiers (presumably private social media accounts)
- Biometric information
- All information related to race, gender, sexual orientation as well as mental health and disabilities
And what does processing of data or personal information entail? Well, it comes down to any means of collecting, storing and transmitting information related to a person – for example, a file at a doctor’s office, or the information on your account at a retailer. Therefore under the POPI act, marketers may not buy lists of potential client’s and their numbers from places that have stored this information, and hopefully, it will put an end to that robotic voice unenthusiastically trying to sell you a phone you don’t need.
If you have any questions regarding data protection laws in South Africa and the regulation thereof, please do not hesitate to contact us and we can refer you to a lawyer who may be able to offer expert insights on the matter.