The United Nations special rapporteur on data and privacy protection says South Africa is dragging its feet behind other countries when it comes to implementing legislation that is supposed to safeguard the personal information of citizens.
Professor Joseph Cannataci was in the country to address a roundtable discussion at the Human Sciences Research Council on the state of privacy in South Africa.
He said although South Africa has already developed laws, it is being slow to implement them.
The Protection of Personal Information Act (Popi) was signed into the statute books in 2013, but it took another three years for the national information regulator to be appointed. The law will take effect only in April this year.
The information regulator is a statutory body set up to handle complaints from the public and has the legal power to act on their behalf if data and privacy rights have been infringed.
“Privacy laws started decades ago. By 2001 there were more than 20 countries that brought legislation up to certain levels. South Africa is about 30 years behind. The first data privacy laws were written in Sweden in 1973. Other European countries then followed shortly. South Africa, in 2020, is only now playing catch up,” said Cannataci.
The Malta-based privacy lawyer said it appears that South Africa wants to position itself as an information and communications technology (ICT) powerhouse, yet it doesn’t have the laws to ensure that ICT-related industries are compliant with the law.
Lack of capacity
“Looking at what other countries have done, you will forgive my perplexity when I look at the South African office of the information regulator which, depending on who I believe, has something between five, 10, and 20 staff. That’s a ridiculously low number. A country similar to South Africa, Colombia, recently appointed 200 staff to work solely and exclusively on privacy and data protection,” Cannataci said.
Information regulator Pansy Tlakula has for some time now complained to Parliament that she has too few staff members to do her job.
Cannataci said the office needs to be bolstered if the government is to take privacy protection seriously.
“You need warm bodies to get things done. Privacy and data protection can be achieved but you need the technical staff, you need the ICT staff to investigate, you need the lawyers and the admin staff to cope with all the demands to check on what private companies and governments are doing, he said.
“Citizens have never been as surveilled as they are today. On the other hand, people have never talked about privacy as they do today. Does this mean there is enough awareness? No. What we are seeing is a growing consciousness around technology has meant citizens are being surveilled anywhere and everywhere. And both the state and large corporations have the ability to profile citizens.”