The protection of personal information Act 4 of 2013 and direct marketing (with specific reference to behavioral advertising) in South Africa

Submitted in partial fulfilment of the requirements for the degree of Master of Laws (by coursework and research report) in Commercial and Business Law at the University of the Witwatersrand, Johannesburg 2018 === As at 20 September 2017, barely a year since its establishment in terms of the Protect...

Full description

Bibliographic Details
Main Author: Malindi, Jabulile
Format: Others
Language:en
Published: 2019
Online Access:https://hdl.handle.net/10539/26718
Description
Summary:Submitted in partial fulfilment of the requirements for the degree of Master of Laws (by coursework and research report) in Commercial and Business Law at the University of the Witwatersrand, Johannesburg 2018 === As at 20 September 2017, barely a year since its establishment in terms of the Protection of Personal Information Act 4 of 2013 (POPI), the Information Regulator had received a number of complaints relating to the processing of personal information without consent for direct marketing purposes by the banking, insurance and telecommunications industries. It is generally accepted that the processing of personal information without the consent or knowledge of the person to whom the information relates is a violation of their right to privacy. Direct marketing is currently regulated in South Africa by the Electronic Communications and Transactions Act 25 of 2002 (ECTA) and the Consumer Protection Act 68 of 2008 (CPA). Both these pieces of legislation permit direct marketing communication until a consumer opts out of it. These Acts do not address the processing of personal information for purposes of direct marketing. Until the enactment of POPI in 2013, South Africa did not have comprehensive data protection legislation. Limited data protection provisions were contained in various statutes such as ECTA and the Promotion of Access to Information Act 2 of 2000 (PAIA), however, as neither legislation has data privacy as its objective, the data protection provisions contained therein have not adequately protected personal information. In the absence of dedicated data protection legislation, the consequences have been the processing of personal information often without the consent of the individuals to whom the personal information relates for a number of purposes including direct marketing and the building of consumer profiles in order to serve targeted advertising. The direct marketing industry which is dependent on consumer information (such as their names, contact details and purchasing behaviour) collected from a number of sources, including public records, social media, tracking technology such as cookies and sometimes directly from consumers, has benefited from processing personal information without restrictions. Not only will POPI alter the manner in which personal information is processed generally, it will also restrict how direct marketing is carried out. === XL2019