The recent announcement by Facebook, which is the parent company of WhatsApp, regarding the modification of their data collection structure to its terms and conditions, was met with caution and cynicism the world over.
The protection and privacy of personal information has been a much-debated issue in the past decade. The alleged data breaches at Cambridge Analytica and Yahoo! in the United States are quickly brought to the fore by proponents of stricter data protection policies, in light of the fact that in the case of Yahoo! a class action had to be settled eventually.
Subsequently, privacy policies of entities that collect personal data (responsible parties) have undergone major revamps with governments putting in place measures that encourage responsibility and transparency in the handling of personal information. The General Data Protection Regulation (GDPR), which came into effect in May 2018 in Europe, is one such measure.
South Africa enacted the Protection of Personal Information Act 4 of 2013 (POPIA), which provides in s 2, that it seeks to ‘give effect to the constitutional right to privacy, by safeguarding personal information when processed by a responsible party, subject to justifiable limitations’. POPIA came into effect on 1 July 2020 with a grace period of 12 months, although some of its sections had commenced in 2014.
To comply with POPIA in the processing and gathering of personal information, responsible parties must adhere to POPIA in general and, in particular to the eight conditions provided in its regulations, namely:
POPIA is applicable in the workplace too, whereby the employees’ personal information must be collected in compliance with the conditions set out above for operational reasons.
It is imperative that responsible parties put measures in place to fully comply with POPIA on or before 30 June 2021, prior to the lapse of the 12-month grace period. The Act aims to eradicate the unlawful processing of personal information and it remains to be seen how successful it will be.
In the meantime, companies must ensure that their terms and conditions, particularly their privacy policies, comply with POPIA.
Mohau Romeo Tsusi LLB (UWC) is a Chief Executive Officer and legal practitioner at MRT Law in Cape Town.
This article was first published in De Rebus in 2021 (April) DR 40.
De Rebus proudly displays the “FAIR” stamp of the Press Council of South Africa, indicating our commitment to adhere to the Code of Ethics for Print and online media, which prescribes that our reportage is truthful, accurate and fair. Should you wish to lodge a complaint about our news coverage, please lodge a complaint on the Press Council’s website at www.presscouncil.org.za or e-mail the complaint to enquiries@ombudsman.org.za. Contact the Press Council at (011) 4843612.
South African COVID-19 Coronavirus. Access the latest information on: www.sacoronavirus.co.za
|