South African law coming to grips with cyber crime

May 1st, 2013

By Kevin O’Reilly

On 4 and 5 April the Lex Informatica 2013: Cyber Law, ICT Law and Information Ethics Conference was held in Pretoria.

Deputy Minister of Justice and Constitutional Development, Andries Nel, gave a keynote address at the conference on the topic ‘Advancement of cyber law in Africa and globally’.

Mr Nel said that there were various initiatives on the African continent to improve cyber security and combat cyber crime.

He referred to a draft convention on the establishment of a legal framework for the use of cyber security, which is ‘currently receiving attention under the auspices of the African Union’.

‘In September 2012 the draft convention on cyber crime was approved by the fourth African Union Conference of Ministers responsible for Information and Communications Technology,’ Mr Nel said.

He added that the objective of the convention, which is expected to be in force by 2014, was to ‘harmonise legislation relating to e-transactions, development of personal data protection, cyber security promotion and the fight against cyber crime’.

Deputy Minister Nel also referred to several cyber crime cases that have made their way through South African courts and concluded: ‘These examples illustrate that cyber threats are real, but also that the seriousness with which our Justice, Crime Prevention and Security cluster is taking these threats is not virtual; it is very real.’

Social media and misconduct

Lenja Dahms-Jansen from law firm Bowman Gilfillan spoke on social media and misconduct.

Ms Dahms-Jansen said that the posting of disparaging or offensive comments on online social media sites by employees had been recognised as a fair reason for employers to dismiss them.

‘The Commission for Conciliation, Mediation and Arbitration is prepared to consider what an employee says on his or her social media profile in determining the substantive fairness of a dismissal,’ she added.

‘Employees who make derogatory, harassing or discriminatory remarks on social media do so at their own peril,’ Ms Dahms-Jansen said.

She also cited four cases as examples in this regard, namely:

  • Sedick and Another v Krisray (Pty) Ltd (2011) 8 BALR 879 (CCMA).
  • Fredericks v Jo Barkett Fashions [2011] JOL 27923 (CCMA).
  • Media Workers Association of SA obo Mvemve v Kathorus Community Radio (2010) 31 ILJ 2217 (CCMA).
  • Smith v Partners in Sexual Health (non-profit) (2011) 32 ILJ 1470 (CCMA).

With the increasing use of online social media, she stated that employers should be aware of the following legislation:

  • The Protection of Personal Information Bill (B9B of 2009).
  • The Regulation of Interception of Communications and Provision of Communication-related Information Act 70 of 2002.
  • The Electronic Communications and Transactions Act 25 of 2002 (ECT Act).
  • Section 6 of the Employment Equity Act 55 of 1998.

Ms Dahms-Jansen said that every company engaging in social media, or that had employees engaging in social media, should have a social media policy in place that includes –

  • clear guidelines on acceptable and unacceptable social media use;
  • a distinction between personal and professional social media use;
  • guidelines on the risks of social media to personal and professional brands;
  • consequences of breaching the social media policy; and
  • a clear indication of who owns the social media accounts, content and followers.

‘Social media is still an underdeveloped area of law … . How our courts will deal with issues arising out of social media usage is still, to a large extent, uncertain, but normal rules of fairness and equity will apply to all instances of social media misconduct,’ Ms Dahms-Jansen concluded.

Online defamation

University of South Africa Professor Sanette Nel spoke about online defamation and the right to freedom of speech and defamation in the context of social media.

She also discussed the recent case of H v W (GSJ) (unreported case no 10142/12, 30-1-2013) (Willis J).

‘The print media always had rules and regulations pertaining to what they publish, but … there is no regulation on ordinary people and they do not realise that once they publish something on the internet, they publish it for purposes of publication and there should also be certain rules and regulations that apply to them,’ Professor Nel said.

In the H v W case the respondent posted a defamatory message on Facebook relating to the applicant. The applicant sought an interdict restraining the respondent from posting certain information on social media websites and removing postings already made. The applicant was substantially successful in the matter and the respondent was ordered to remove all postings that she had placed on Facebook that referred to the applicant, and to pay the applicant’s costs.

In coming to its decision, the court noted that the common law needed to develop in respect of remedy where infringements of privacy take place on social media.


Sylvia Papadopoulos from the University of Pretoria’s law faculty spoke on the topic ‘The changing face of spam regulation in South Africa’.

Ms Papadopoulos noted that South African law dealt with spam across a number of pieces of legislation.

Prior to the enactment of the Consumer Protection Act 68 of 2008, the only legislation directly regulating spam in South Africa was s 45 of the ECT Act, she said.

Ms Papadopoulos added that the Protection of Personal Information Bill, when enacted, would also deal with aspects of spam.

However, she said that having different pieces of legislation dealing with spam was problematic.

Cyber crime – a South African perspective

Sizwe Snail from Snail Attorneys spoke on cyber crime in South Africa and various sections of the ECT Act dealing with different types of cyber crime.

Mr Snail noted that the ECT Act would be amended by the Electronic Communications and Transactions Amendment Bill, 2012.

It is being proposed that there will be maximum penalties from 12 months’ to ten years’ imprisonment, alternatively a fine of R 10 million, for people who contravene s 86(1) to 86(3), said Mr Snail. ‘The fines are now serious, it appears as if cyber criminality is now a reality,’ he added.

Mr Snail noted that there were other statutory remedies that could apply to cyber crime, including the Prevention of Organised Crime Act 121 of 1998 and the Financial Intelligence Centre Act 38 of 2001.

In concluding, Mr Snail said: ‘I believe that the ECT Act is very good and is a noble endeavour by South Africa. I do, however, believe that our South African courts should try and test the ECT Act now so that we can have case law that we can follow.’

Kevin O’Reilly,

This article was first published in De Rebus in 2013 (May) DR 14.

De Rebus