Ramaphosa's energy plan Webinar banner

We'd like our readers to start paying for Daily Maverick

More specifically, we'd like those who can afford to pay to start paying. What it comes down to is whether or not you value Daily Maverick. Think of us in terms of your daily cappuccino from your favourite coffee shop. It costs around R35. That’s R1,050 per month on frothy milk. Don’t get us wrong, we’re almost exclusively fuelled by coffee. BUT maybe R200 of that R1,050 could go to the journalism that’s fighting for the country?

We don’t dictate how much we’d like our readers to contribute. After all, how much you value our work is subjective (and frankly, every amount helps). At R200, you get it back in Uber Eats and ride vouchers every month, but that’s just a suggestion. A little less than a week’s worth of cappuccinos.

We can't survive on hope and our own determination. Our country is going to be considerably worse off if we don’t have a strong, sustainable news media. If you’re rejigging your budgets, and it comes to choosing between frothy milk and Daily Maverick, we hope you might reconsider that cappuccino.

We need your help. And we’re not ashamed to ask for it.

Our mission is to Defend Truth. Join Maverick Insider.

Support Daily Maverick→
Payment options

Popi Act: confessions of a convert

South Africa


A fresh perspective: Confessions of a convert to the Popi Act

The author writes that he was initially sceptical of the Protection of Personal Information Act, but upon close examination has changed his mind. But the act is being widely misinterpreted. (Photo: Flickr user Marco Verch)

This new law will ensure that information about those of us living in South Africa is kept where it belongs but it is being widely misinterpreted.

When then-president Jacob Zuma signed the Protection of Personal Information Act (Popia) into law in 2013, I gave the typical South African sigh. Yet another piece of unnecessary legislation, already well covered by common law, I thought. Another costly regulator. I also gave a little sigh of relief — its commencement was postponed. There was a limited implementation in 2014; full implementation on 1 July 2020, with a year for businesses to become compliant. I could look at it later. Now I have.

New regulation creates confusion, irritation, misapprehension, and opportunists looking for a quick buck off the overwhelmed and uninformed. Popia achieved all that.

But, Popia has a history.

Regulation seems to have become overwhelming. Libertarians and free-marketeers want it gone. But ordinary people are prone to abuse in today’s world of fast movements of money and information.

In 1890, Warren and Brandeis wrote in the Harvard Law Review: “The intensity and complexity of life, attending upon advancing civilisation, have rendered necessary some retreat from the world, and man, under the refining influence of culture, has become more sensitive to publicity, so that solitude and privacy have become more essential to the individual; but modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury.”

In 1890, data was kept in vaults — on paper. Now it is on hard drives, memory sticks and in the cloud. Storing and selling personal data is an industry.

Leading South African academics have called for personal data protection regulation since the 1970s. Government had other priorities. In Europe, Germany, Sweden and France passed data protection laws in the 1970s. In 1981, the Council of Europe passed a convention on the issue which was binding on its members. The Paris-based Organisation for Economic Development issued similar guidelines. In 1995, the European Parliament issued data protection directives, prohibiting data sharing with countries that had inadequate data protection regulation. The United Nations also published guidelines encouraging member states to adopt legislation.

In 2000, the South African Law Commission investigated the matter, and a few years later, recommended legislation. Popia came nearly a decade later.

Without Popia, South Africa could be grey-listed by the EU and other countries — bad news for banks and the financial industry, and the country. Hopefully, Popia will comply with the international requirements. Popia does not re-define privacy. It deals with data.

The definition of privacy and the invasion of privacy will remain in the common law as developed in terms of section 14 of the Constitution. The concept of privacy and intrusions into privacy remains amorphous and elusive (as described by Judge Laurie Ackermann in 1995). It is a sliding scale of facts about oneself that deserve protection from publication. It differs from one person to another and is determined by the prevailing public policy, as interpreted by the courts.

Privacy law does not provide a blanket prohibition against releasing private data. Private data can be obtained if another law allows and it can be requested in terms of the Promotion of Access to Information Act (Paia).

Popia does not apply to the media, provided the media is independently regulated. Nor does it deal with the data of organisations or the state.

Popia regulates the data that private persons (called data subjects) disseminate to data receivers (called responsible parties). It regulates what the responsible party may do with that data, how it must secure the data, and under what circumstances it may trade in or disseminate the data. It links to Paia on how third parties may obtain the data and it removes the management of Paia from the Human Rights Commission to the Information Regulator.

The Information Regulator also, without substituting for the courts, now provides an administrative appeal to people who requested, or whose information was requested from responsible persons in terms of Paia, where a request was granted or refused.

Popia has been criticised. Some of the criticism is fair and some is not. Fair criticism is that it is long, that the definition of personal information is perhaps too wide, and that it places an administrative burden on small business.

Perhaps the criticism should not be directed at the law, but at the interpreters of the law. I have heard the most ridiculous claims about Popia — too many to repeat. Popia is wrongly invoked by all who confuse the Act with privacy laws.

Having read the Act and understanding the history, I have changed my view. I can no longer stand with the anti-Popia chorus. Popia is there to ensure that the data that I give to another to be kept in custody remains in custody — and if it does not, I will have a remedy. After all, it is a measure that the intensity and complexity of an advancing civilisation has imposed on us. DM

First published by GroundUp.



Comments - share your knowledge and experience

Please note you must be a Maverick Insider to comment. Sign up here or sign in if you are already an Insider.

Everybody has an opinion but not everyone has the knowledge and the experience to contribute meaningfully to a discussion. That’s what we want from our members. Help us learn with your expertise and insights on articles that we publish. We encourage different, respectful viewpoints to further our understanding of the world. View our comments policy here.

No Comments, yet

Please peer review 3 community comments before your comment can be posted