Defend Truth


Sassa Grants: The small information win hiding in the grant crisis


Gabriella Razzano is the Executive Director of OpenUp ( and an Atlantic Senior Fellow in Social and Economic Equity. She also acts as legal consultant and researcher, focused on issues of transparency, open data, technology and law.

We will feel the impact of the grant crisis caused by the Department of Social Development for some time. The Constitutional Court victory for Black Sash, which sought to ensure some fairness in the suspension of the declaration of invalidity of the contract between the South African Social Security Agency (Sassa) and Cash Paymaster Services (CPS), was an important moment for civil society organisations fighting social injustice and a moment of considered stretching by the Constitutional Court. But there is also an additional victory for information rights worth commenting on.

The big victory was that grants were distributed to the people who need them, and judicial reasoning controlled the terms of the contract left in place to an admittedly questionable service provider. There was, however, an additional victory for information rights worth commenting on. Among the long list of parties applying, responding and intervening in the case was a seventh respondent many South Africans may not be aware of: the country’s new Information Regulator. The Information Regulator members only took office on 1 December 2016; the office was created under the Protection of Personal Information to have oversight of both that act, and the Promotion of Access to Information (PAIA). It is thus an office that stands as a protector of both your personal privacy, but access to information as well.

There has always been an information battle that has played out in relation to the grants crisis, well articulated by Black Sash. Deductions have been made directly to the grants of South Africans that Black Sash allege were facilitated by the sale and distribution of their personal grant information to vulture companies such as airtime service providers and other direct marketing services. The lack of adequate protection of this personal information has left grant recipients exposed. It stands as an excellent example of how the abuse of information by powerful entities impedes directly on the dignity and security of vulnerable people.

Seeing this, Black Sash sought to attempt to control the illegal distribution of this information (the Sassa contract sought to prevent disclosure of confidential information, but CPS automatically opted in beneficiaries to marketing from their partner companies anyway). Why then did the Information Regulator oppose part of the relief the Black Sash sought? The issue was quite a discrete, but important one – in trying to make sure that Sassa protected the personal information, Black Sash asked for the order to recognise that the “…personal information of beneficiaries is the property of Sassa”. The Regulator insisted that this was not the case – that the personal information of beneficiaries remained their personal information, but that Sassa nevertheless had obligations to protect it. Black Sash conceded to this argument in its Heads of Argument.

Why did this matter? I’d argue there are two main reasons:

  • Clarity was provided on what it means to have personal information that is worthy of protection;
  • and a champion for information rights is already starting to emerge from the Information Regulator’s Office very early in its inception.

On the first point, the court did in its subsequent order create a provision that ensured personal data was protected, and directly precluding “invitations” to grant beneficiaries to opt-in to the sharing of their information for marketing purposes. This recognises an important reality – the idea that people “freely” enter into many of their relationships where they hand over their personal information is a fiction. This is why the protection of personal information law talks about “informed consent”. Private companies cannot be permitted to steam-roll people freedoms under the guise of a contract. The court itself noted in paragraph 50: “No party has any claim to profit from the threatened invasion of people’s rights.” And, throughout all, your personal information remains your own, and is never the property of those who merely hold it.

On the second point, it is notable that the Information Regulator has already sought to intervene in a Constitutional Court case to ensure information rights are protected, and has managed to also do so successfully, only three months into its existence. The protection of both privacy and access to information rights in South Africa, in spite of our laws, has been weak. In 2016, a group of information activists noted for instance that – in spite of PAIA being over 10 years old – official requests for information were simply ignored in 27% of cases. Questions of who holds what information, how they hold it, and how they share it are, some of the most fundamental questions of political power in the modern world. It is hugely important that state and non-state champions of access to information and privacy receive support to deal with the answers to those questions, with our human rights protections serving as the starting point. This case provides a glimpse of the potential role the Regulator may be able to play in protecting these rights. DM


Please peer review 3 community comments before your comment can be posted