Earlier in May, Facebook reported that 96,134 South African Facebook users were potentially impacted by the recent Cambridge Analytica data breach – which means that their personal information may have been harvested without their consent if they used a personality quiz app called “thisisyourdigitallife”.
In February 2018, Zulu King Goodwill Zwelethini received a phone call on his private number from an employee of insurance company MiWay who addressed him by his first name and attempted to sell him insurance premiums. The taped conversation was subsequently posted on social media.
All year round, South African marketers and political parties make unsolicited phone calls, and send unsolicited texts, to people who are not customers or party members and have never knowingly given permission for this contact.
These three situations all represent breaches of privacy that South Africa’s Information Regulator should be able to act against.
But as Parliament heard on Tuesday, the only forms of action the watchdog can currently take are limited to writing letters and asking for meetings with the bodies responsible for these privacy breaches.
In the presentation made to the Justice Committee by Information Regulator Pansy Tlakula, the problem was expressed starkly:
“Regulator does not have the powers to enforce and settle complaints.”
That there is clearly a need for the regulatory service which should be provided by the Information Regulator, however, is evidenced by the fact that the regulator has already received over 180 complaints to date.
This is despite the fact that, as lobby group Right2Know points out, awareness of the existence of the Information Regulator is minimal.
“In the communities in which we are present and amongst the different constituencies with whom we work, there is no visible sign of the existence of the Information Regulator,” Right2Know said in a statement issued earlier in May.
It added that “in the past year there has been a deafening silence from the Information Regulator regarding issues of national significance in relation to the abuse of personal information of people”.
President Jacob Zuma appointed Tlakula in the newly created role of Information Regulator in October 2016. More than 18 months later, what’s the hold-up?
“We are stuck,” Tlakula told MPs candidly on Tuesday.
The problem, it appears, is twofold. One issue is that South Africa’s Protection of Personal Information Act (POPIA), despite being promulgated in 2013, is yet to come into full force. Another is that the Information Regulator cannot make appointments – such as that of CEO – without the approval of National Treasury.
But when the regulator’s members approached Treasury in this regard, they were sent to the Department of Public Service and Administration. There, department officials advised that the regulator’s organisational structure could only be approved when the Information Regulator is listed as an approved entity as envisaged by the Public Finance Management Act.
It is, in short, a bureaucratic mess – which Tlakula assured MPs she is working to resolve as soon as possible. It is envisaged, however, that permanent executive positions will only be filled in the fourth quarter of 2018 at the earliest.
The Information Regulator does not even have an office at present. It was explained that it is currently being housed in the Department of Justice, but that “proper accommodation” would be sourced later in the year.
There was some sympathy for Tlakula’s situation among the MPs of the Justice Committee, with chair Mathole Motshekga commenting that Tlakula and her handful of colleagues had been “hitting the ground running with their hands tied behind their back”.
But the importance of the office was also made clear.
“This regulator is to perform a vital function in our maturing democracy,” said the DA’s Werner Horne.
In October 2017, Australian researcher Troy Hunt found that the personal records of more than 60 million South Africans – both living and dead – could have been harvested as a result of a data breach stemming from a real estate company. The data breach, believed to be the largest in South African history, included records such as ID numbers, email addresses and phone numbers.
At the time, it was pointed out that if the Information Regulator had been up and running, those responsible for the data breach could have faced massive fines or even prison time. But as things stood, said Tlakula, it remained a “free-for-all situation”.
In that situation, all that the currently embryonic regulator was able to do was convene a meeting of government institutions such as the Hawks and the National Credit Regulator which were independently investigating the data breach.
In the case of the recent Facebook breach, all the regulator was able to achieve was a letter from Facebook indicating the extent of the South African exposure to the breach.
And when it came to the Miway-Zwelethini matter, an exchange of letters was again the extent of the regulator’s powers.
On Tuesday, Tlakula told MPs that evidence of South African institutions’ cavalier attitude to personal data was right on their doorsteps.
When she had entered Parliament’s visitor centre, she explained, she had been asked – as is routine – to supply all sorts of private information.
“Why is Parliament asking for my cell number?” Tlakula demanded to know.
“I think Parliament has to lead by example.” DM
Want to watch Richard Poplak’s audition for SA’s Got Talent?
Who doesn’t? Alas, it was removed by the host site for prolific swearing*... Now that we’ve got your attention, we thought we’d take the opportunity to talk to you about the small matter of book burning and freedom of speech.
Since its release, Pieter-Louis Myburgh’s book Gangster State, has sparked numerous fascist-like behavior from certain members of the public (and the State). There have been planned book burnings, disrupted launches and Ace Magashule has openly called him a liar. And just to say thanks, a R10m defamation suit has been lodged against the author.
Pieter-Louis Myburgh is our latest Scorpio Investigative journalist recruit and we’re not going to let him and his crucial book be silenced. When the Cape Town launch was postponed, Maverick Insider stepped in and relocated it to a secure location so that Pieter-Louis’ revelations could be heard by the public. If we’ve learnt one thing over the past ten years it is this: when anyone tries to infringe on our constitutional rights, we have to fight back. Every day, our journalists are uncovering more details and evidence of State Capture and its various reincarnations. The rot is deep and the threats, like this recent one to freedom of speech, are real. You can support the cause by becoming an Insider and help free the speech that can make a difference.
*No video of Richard Poplak auditioning for SA’s Got Talent actually exists. Unless it does and we don’t know about it please send it through.
Sushi is traditionally eaten by hand and not with chopsticks.