One more sleep till voting day.
With South Africa’s national election not around the corner, but in fact on our doorstep. Here are a few details to consider when casting that all-important vote in respect of data privacy. The Protection of Personal Information Act No. 4 of 2013 (POPI) and the Promotion of Access to Information Act No. 2 of 2000 (PAIA) set out strict protocols in respect of political parties not only canvassing for votes but how they treat and publish personal information during their campaigns.
Political persuasions can be a controversial and sensitive topic in any country, which is considered special personal information according to POPI. Particularly in South Africa whose democracy has turned 30 this year, just making the cut-off for millennial status. South Africa, one hopes, is putting those messy early twenties behind it and entering its ‘Thirty, flirty, and thriving’ era.
With the nation’s birthday celebrations well underway, the Information Regulator has a stern word for political parties and their seemingly lacklustre attitude toward both POPI and PAIA. This comes at a particularly critical point when the annual PAIA report submissions are in progress. This report is required by sections 32 and 83(4), compelling public and private entities, respectively, to report to their PAIA requests by 30 June 2024.
PAIA: The New Political Party Playbook
First things first, thanks to the Constitutional Court’s 2018 landmark decision in My Vote Counts NPC v Minister of Justice and Correctional Services and Another, political parties are now considered “private bodies” under PAIA.
Here’s what they need to do:
- Appoint Officers:
- Name your Deputy Information Officers (DIOs) and register them with the Information Regulator. Don’t forget the Information Officer (IO)!
- Create PAIA Manuals:
- Draft a handy guide on how the public can request your info and make it available. Transparency, people!
- Keep Detailed Records:
- Document every donation as per section 52A (1)(a) of PAIA and Regulation 6(1). No cutting corners here.
- Host Inspections:
- Get ready for the Regulator’s onsite inspections. Clean those desks!
POPI: Privacy is Paramount
POPI sets out eight golden rules for handling voters’ personal data. Here’s the lowdown:
- Accountability: Own it. Ensure lawful data processing.
- Processing Limitation: Only handle necessary information with direct voter consent. Data brokers? Not welcome. Voters can opt-out anytime.
- Purpose Specification: Use data solely for your political mandate.
- Further Processing Limitation: Keep additional data use consistent with the original purpose.
- Information Quality: Make sure data is accurate and up-to-date.
- Openness: Tell voters when their data is being used.
- Security Safeguards: Protect data from loss or misuse. Notify the Regulator of breaches.
- Data Subject Participation: Voters can access, correct, or delete their data.
Direct Marketing: Don’t Be That Party
Section 69 of POPI bans unsolicited direct marketing unless voters consent or are already party members. Campaigning and canvassing? Go ahead. But requesting donations via unsolicited messages? Big no-no. Political persuasion data can be processed for party activities under section 31 of POPI, but other personal information needs voter consent. A word to the wise, check with your party what information they have and to whom it’s been shared!
2024: The Year of Transparency-ness!
The Information Regulator has stated that the 2023/2024 Annual Performance Plan that it has set out to achieve will be all about transparency, given the National elections on 29 May 2024.
As Chairperson Adv. Pansy Tlakula put it, “We included political parties in our assessments to strengthen transparency within political parties and considering that the 2024 National elections are upon us”. Tlakula further stated, “If anything, political parties – especially those represented in Parliament- should lead the way in shining the light on the value of openness and transparency. We are hoping the reports submitted to them pointing out the gaps in their compliance will make sure they comply fully”.
In a media briefing given by Advocate Tlakula Pansy 24 March 2024, The Regulator shared its findings after having assessed 13 political parties, only those represented in parliament, and found that 54% are generally non-compliant with PAIA, with only 46% of political parties having some level of compliance.
So, who will have the Final Say?
To date, there have been zero submissions from political parties on the portal.
Political parties are treading on thin ice with the Information Regulator and come election time and the closing date of the PAIA report portal, we can’t imagine based on current data that our parties will have gotten their Acts together, so to speak.
With the Information Regulator on the case, transparency isn’t just a buzzword—it’s the law.
Happy Voting!