Popping Candy and Cookies

POPIA

Share This Post

Cookies and Pop rocks, remember how that would’ve got us excited back in the day! Although today’s article is not as sweet, the contents are still pretty saccharine.  We have all seen the little pop-ups appear on the bottom right of your computer screen when you open a website, “this website uses cookies in order to offer you the most relevant information, etc”. However, are they allowed to do this now that the POPI act has come into effect? Does a cookie track every move we make on our computers? Is it even a chocolate chip cookie? Before we ask the tough questions, let’s figure out exactly what a cookie is, then let’s break down POPI to their relevant sections and see how they knead.

 

What is a cookie?

Technically termed an HTTP Cookie, is a small piece of data that is stored from a website on your computer. The function this small piece of data serves is really quite simple actually, it can track your activity on the specific website being used – which can be used to serve up targeted ads that relate to the items you are looking at the most or adding to your cart often. This is why when you’re browsing through backpacks on Takealot, you will notice backpack ads on your Facebook later that day. They can also have a simpler function, such as remembering your login details for a website, this is good to know because when you click ‘remember me’ on your favourite website it is comforting to know that your computer is storing that information and not the website’s server. One last important function they have that we can discuss is the ability for website owners to track how many unique users are browsing their website, as every cookie stored on your computer has a unique ID. If you visit a website more than once a day, they can still track the number of unique users on their site every day which is an extraordinary tool for small businesses trying to find their feet in the vast recesses of the internet.

 

When was this cookie cooked up and why?

Now I am not the biggest history fan and typically wouldn’t have even included this information in the article, but when researching the cookie, I found this both intriguing and sharp. So let’s take a short trip back in time… It’s 1994, you are running an online store and are working on Windows 3 on a computer that although almost the size of a house, could not achieve 1% of what a phone can today. While running a server that is storing all your client’s cart information, the store’s server begins to struggle with keeping up and housing all this data. That’s where Lou Montulli comes in and says why don’t we download a small “vault” for lack of a better word, on the users’ computers and store that information on their own computer. Therefore, saving us a lot of money on constant server upgrades and the cookie was born to resolve the server conundrums.

 

Cookies are saving our data and tracking my activity?

This is starting to sound like a little bit of a breach of privacy! Let’s look at POPI and find out if this act is a big fan of cookies. The POPI act was initially introduced back in November of 2013 and over the years it has grown into what we have today. Entering slap bang in the middle of 2019 with a one-year transition period. POPI, not the biggest supporter of storing and sharing information, so it must not be the biggest fan of cookies, right?

Well, yes and no. Overall if we look at a cookie, it is there to make your client’s life more convenient. So, if you have a website and inform users that you use cookies for precise purpose/s, and you get the requisite consent to do so, you would already be complying with 6 of the 8 basic conditions of POPI. Strictly speaking, this compliance refers to the website and not your company as a whole, which requires additional adherence to the 8 conditions mentioned.

Breaking it down, we can see exactly how:

  • Condition 2 Processing Limitation, you are disclosing the exact reasons for storing the cookies and you are, hopefully, not using them for any other reasons.
  • Condition 3 Purpose Specific, you are laying out the exact purpose of why you want to make use of the information you process.
  • Condition 4 Further Processing, the act does allow us to process beyond the scope of what we have notified our clients of, under strict circumstances, such as storing login information and cart information so your client’s computer can die and once the load shedding has stopped and the laptop turns back on the cart is still there.
  • Condition 5 Information Quality, because a cookie is constantly updating while the user makes use of your site, their information constantly updates as they go.
  • Condition 6 Openness, we have half covered this condition by notifying our users that we are using their cookies, you will just need to complete this condition by ensuring your website has the correct policies uploaded and a PAIA manual.
  • Condition 8 Data Subject Participation, this is the condition that really gets neglected when it comes to companies pushing for POPI compliance. We satisfy that by obtaining consent to make use of cookies. However, we also need to give our data subjects the option to request, correct, or delete this information. Because a cookie is stored on their computer, it is constantly updating and is easy to delete from their computer.

 

That leaves us with a few conditions we will still need to tackle:

  • Condition 1 Accountability. Remembering that a cookie can identify a person which means it will fall into the definition of Personal Information in terms of the POPI act. We can handle this by ensuring we have taken full accountability for that information. So if you’re using a third-party service provider to run your website and they processing your client’s information, then we have to ensure the correct Operators’ Agreements are in place and that we have the correct data handling procedures in place at the workplace.
  • Condition 7 Security Safeguards – Let’s imagine clients have now given you consent to store and process their information for direct marketing, but we need to honor our side and protect that information. Personal Information has now become an asset to a business, if you do not have it, your business can take a massive hit. With the POPI act officially in place, the value of your asset has just increased as now we now have fines to worry about. Owing to this, Data Theft via hacking and phishing has increased massively in the past year. We can prevent this by implementing an effective and tailored Data Protection Framework in your business. This can be achieved through the use of Policies, Procedures, and training.

 

At the end of the day, we are not against cookies. It makes our internet browsing experience very pleasant and tailored. We do, however, advise caution when accepting cookies on a website that is not, for lack of a better word, trusted. When it comes to Amazon, Takealot, and the like, we feel it drives forward the effective and efficient life we all desire in this day and age. Treat information like you would money; protect it, don’t share it frivolously, and use it wisely. And that my friends, is the way the cookie crumbles.

 

For more information and assistance with your current or upcoming B-BBEE verification, kindly contact your regional LabourNet office.

0861 LABNET (0861 522638).

Not yet a LabourNet client, but would like to know more about our service and products?

Email us: support@labournet.com

More To Explore

POPIA
Information Compliance

The Practical Side of POPIA

The Protection of Personal Information Act (“POPIA) has been in force for over 12 months. Organizations – private and public were given a one year grace period to become compliant.

LabourNet
Information Compliance

What’s PAIA got to do with it?

Prior to the promulgation of the Protection of Personal Information Act 4 of 2013 (POPIA), the only real legislation available for the access to information was the Promotion of Access