Privacy in South Africa: overview

A Q&A guide to privacy in South Africa.

This Q&A guide gives a high-level overview of data protection rules and principles, including obligations on the data controller and the consent of data subjects; rights to access personal data or object to its collection; and security requirements. It also covers cookies and spam; data processing by third parties; and the international transfer of data. This article also details the national regulator; its enforcement powers; and sanctions and remedies.

To compare answers across multiple jurisdictions, visit the Data Protection Country Q&A tool.

This Q&A is part of the global guide to data protection. For a full list of contents, please visit www.practicallaw.com/dataprotection-guide.

Contents

Legislation

1. What national laws (if any) regulate the right to respect for private and family life and freedom of expression?

South African presently has common law and constitutional protections together with restrictions on the interception and monitoring of communications.

The Bill of Rights in Chapter 2 of the Constitution of the Republic of South Africa (Constitution) gives every person a broad right to privacy (see Question 3).

The Constitution also gives every person the right to freedom of expression. Section 16 of the Constitution states that everyone has the right to freedom of expression, which includes:

  • Freedom of the press and other media.

  • Freedom to receive or impart information or ideas.

  • Freedom of artistic creativity.

  • Academic freedom and freedom of scientific research.

 
2. Who can commence proceedings to protect privacy?

The Bill of Rights applies to all law, and binds the legislature, the executive, the judiciary and all organs of state.

As such any natural or legal person, if and to the extent applicable, taking into account the nature of the right and of any duty imposed by the right may commence proceedings.

 
3. What privacy rights are granted and imposed?

Section 14 of the Constitution states that everyone has the right to privacy, which includes the right not to have:

  • Their person or home searched.

  • Their property searched.

  • Their possessions seized.

  • The privacy of their communications infringed.

 
4. What is the jurisdictional scope of the privacy law rules?

Privacy law rules are applicable nationally in South Africa.

 
5. What remedies are available to redress the infringement of those privacy rights?

Civil actions for damages or a constitutional challenge on the basis of infringement of constitutional rights are available in cases of privacy rights' infringement.

 
6. Are there any other ways in which privacy rights can be enforced?

The Protection of Personal Information Act 2013 (Act) was signed by the President in November 2013 and certain sections of the Act came into force in April 2014. Once the Act is fully in force (on a date yet to be announced), data subjects will be able to make complaints to the Information Regulator and institute civil actions for damages suffered as a result of the infringement of their privacy rights under the Act.

 

Contributor profiles

Rohan Isaacs, Director

Norton Rose Fulbright South Africa Inc

T +27 11 685 8871
F +27 11 301 3262
E rohan.isaacs@nortonrosefulbright.com
W www.nortonrosefulbright.com

Professional qualifications. South Africa, Attorney, 1994

Areas of practice. Information and communication technology; e-commerce; broadcasting; privacy.

Recent transactions (privacy-related)

  • Creating online virtual privacy law advisor, POPI Counsel.

  • Advising the National Treasury on legislation and policy regarding the interface between technology, telecommunications and the banking sector.

  • Advising the Driver's Licence Card Account (a trading entity of the Department of Transport) on their obligations in terms of the Act as a large-scale processor of personal information.

  • Creating a comprehensive guide on practical compliance with the Act for distribution to the South African Property Owners Association's members.

  • Advising the South African Insurance Crime Bureau in relation to the sharing of personal information with member organisations for insurance crime detection and prevention purposes.

  • Advising Hyphen Technology Proprietary Limited on the privacy implications of an advance payment debit scheme through payroll management.

  • Ongoing advice to Louis Vuitton Malletier in respect of its customer knowledge database in South Africa.

  • Advised VISA Inc (South Africa) on the privacy implications of its credit scoring system used in the context of fraud prevention.

Languages. English, Afrikaans

Professional associations/memberships. Law Society of the Northern Provinces.

Publications

  • Rohan Isaacs, Nerushka Deosaran, Kerri Crawford, Norton Rose Fulbright hosts seminar on Big Data and the Internet of Things, Cover, 2015.

  • Rohan Isaacs and Tatum Govender, New structures to fight cybercrime, Financial Institutions Legal Snapshot, 2015.

  • Rohan Isaacs Challenges to banking and tech: data and cybercrime, Financial Institutions Legal Snapshot, 2015.

  • Rohan Isaacs and Nerushka Deosaran, Retailers must institute protection against cybercrime, Bizcommunity/com, 2014.

  • Rohan Isaacs and Nerushka Deosaran, Insurance marketers beware, Moneyweb.co.za, 2014.

Nerushka Bowan, Senior Associate

Norton Rose Fulbright South Africa Inc

T +27 11 685 8691
F +27 11 301 3232
E nerushka.bowan@nortonrosefulbright.com
W www.nortonrosefulbright.com

Professional qualifications. South Africa, Attorney, 2012

Areas of practice. Privacy; information and communication technology; e-commerce; broadcasting.

Recent transactions (privacy-related)

See above, Rohan Isaacs, Recent transactions. In addition, UK (2014):

  • Helping roll out blacklisting/employee data protection training to a large construction company.

  • Assisting with advising another law firm on handling a difficult data subject access request made against them for its client's data.

  • Developing and delivering training to insurers and assisting with the co-ordination work for the AIG CyberEdge product across Europe.

  • Advising on cross border disclosure mitigation steps to Japan and the US, among other multi-jurisdictional group initiatives run from the London office.

Australia (2014):

  • Drafting numerous privacy policies and privacy collections statements for various corporates and not-profit organisations.

  • Drafting a data sharing agreement and a sublicence agreement for customer relationship management software containing personal information for a group of companies.

Languages. English, Afrikaans

Professional associations/memberships. Law Society of the Northern Provinces.

Publications

  • Nerushka Bowan, Cybercrimes and Cybersecurity draft Bill released for public comment, Insurance Gateway, 2015.

  • Nerushka Bowan, Navigating social media policy, Directorship, 2015.

  • Nerushka Bowan 175 000 South African "Have An Affair" Details Posted On Dark Net, Go Legal, Insurance Gateway, Polity, The Legal Times 2015.

  • Nerushka Bowan, POPI Information Regulator to be appointed, Insurance Gateway, 2015.

  • Nerushka Bowan, Technology will be vital in future, Business Day Business Law & Tax Review, 2015.

Kerri Crawford, Senior Associate

Norton Rose Fulbright South Africa Inc

T +27 11 685 8929
F +27 11 301 3200
E kerri.crawford@nortonrosefulbright.com
W www.nortonrosefulbright.com

Professional qualifications. South Africa, Attorney, 2014

Areas of practice. Information and communication technology, privacy, e-commerce, and broadcasting.

Recent transactions (privacy-related)

  • Creating online virtual privacy law advisor, POPI Counsel.

  • Advising the Driver's Licence Card Account (a trading entity of the Department of Transport) on their obligations in terms of the Act as a large-scale processor of personal information.

  • Advising the National Treasury on legislation and policy regarding the interface between technology, telecommunications and the banking sector.

  • Creating a comprehensive guide on practical compliance with the Act for distribution to the South African Property Owners Association's members.

  • Advising the South African Insurance Crime Bureau in relation to the sharing of personal information with member organisations for insurance crime detection and prevention purposes.

  • Advising Hyphen Technology Proprietary Limited on the privacy implications of an advance payment debit scheme through payroll management.

  • Ongoing advice to Louis Vuitton Malletier in respect of its customer knowledge database in South Africa.

Languages. English, Afrikaans

Professional associations/memberships. Law Society of the Northern Provinces.

Publications

  • Kerri Crawford, Can you be sued over Bitcoin? Insurance Gateway, 2016.

  • Kerri Crawford, Can you be traced through your internet activity, Insurance Gateway, 2015.

  • Kerri Crawford Mobile payments vs Cryptocurrencies, Business Brief, IT Web Brainstorm, 2015.

  • Kerri Crawford, Can Bitcoin be insured? Insurance Gateway, 2015.

  • Kerri Crawford, POPI benefits SA companies, IT Online, Bizcommunity, 2014.


{ "siteName" : "PLC", "objType" : "PLC_Doc_C", "objID" : "1248121023435", "objName" : "Privacy in South Africa overview", "userID" : "2", "objUrl" : "http://us.practicallaw.com/cs/Satellite/us/resource/3-601-9285?null", "pageType" : "Resource", "academicUserID" : "", "contentAccessed" : "true", "analyticsPermCookie" : "25e8a493e:15b1c9c023e:-4da4", "analyticsSessionCookie" : "25e8a493e:15b1c9c023e:-4da3", "statisticSensorPath" : "http://analytics.practicallaw.com/sensor/statistic" }