Privacy is a fundamental human right as enshrined in section 14 of the Constitution of the Republic of South Africa. It is further protected under the common law.
The Protection of Personal Information Act (POPIA) gives effect to the right to privacy, and seeks to balance it against other important rights such as access to information. The Act was signed in 2013 and has come into operation incrementally. The final sections of POPIA came into force on 1 July 2020, giving Responsible Parties one year within which to comply.
Under POPIA, the right to privacy includes a right to protection against the unlawful collection, retention, dissemination and use of personal information. This includes the right to be notified of the collection of one’s information, and to be informed of unauthorised access to personal information by an unauthorised party.
Other rights held by data subjects include rights to:
- establish whether personal information is held by a responsible party, and request access to such information;
- request that if necessary, their personal information be deleted, corrected or destroyed;
- object to the processing of their personal information, provided that such objection is reasonable, unless the data subject was allowed to object free of charge, and failed to do so upon the initial collection of the data;
- object to the processing of personal information for direct marketing purposes at any time, unless the data subject gave their consent and is a customer of the responsible party;
- not have their personal information processed by means of unsolicited electronic communications;
- submit a complaint to the Information Regulator regarding alleged interference with their personal information; and
- institute civil proceedings in relation to the alleged interference with the protection of their personal information.
Pansy Tlakula is the Chairperson of the Information Regulator of South Africa