DATA PRIVACY IN SOUTH AFRICAN LAW Brendan Hughes 2 nd International Direct Marketing Conference September 2006.

Slides:

Advertisements

Similar presentations

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.

Advertisements

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

1 Patients’ Rights and Responsibilities. PATIENT RIGHTS 2 Every healthcare facility is mandated to display the following Rights and Responsibilities:

EDUCATION Directive 2002/14/EC of 11 March 2002 establishing a general framework for informing and consulting employees in the European Community.

Zápatí prezentace Free movement of persons, free movement of workers, prohibition of discrimination based on nationality.

The Data Protection (Jersey) Law 2005.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.

Hong Kong Privacy Code on Human Resource Management

The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.

What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;

INTERNET and CODE OF CONDUCT

Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Data Protection Overview

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

Data Protection for Church of Scotland Congregations

Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

Hague Conference on Private International Law Convention on Protection of Children and Co-operation in respect of Inter-country Adoption.

. South African Airways South African Airways Applications for vacant position required: POSITION:Flight attendant DUTIES:Serve passengers; Ensure flight.

Equal Opportunities and Sport

Ethical Guidelines for Suppliers and Subcontractors Purchasing for the University of Guelph.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

JáN KIMÁK LEGAL CONCEPT OF EQUALITY IN INTERNATIONAL & NATIONAL LAW

Contract Models for Virtual Teaching Helsinki University Porthania III 24 October 2001 Kristiina Harenko Attorneys at Law Borenius & Kemppinen Oy.

The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.

Data Protection & FOI Data Protection: Background Human Right to Privacy Unenumerated right under Irish Constitution Explicit right under European Convention.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

IT Applications Theory Slideshows By Mark Kelly Vceit.com Privacy Laws.

IM NETWORK MEETING 20 TH JULY, 2010 CONSULTATION WITH 3 RD PARTIES.

FACULTY DIRECTOR TRAINING OFFICE OF EDUCATION ABROAD 1 Legal Issues and Education Abroad.

DG Information Society The EU and Data Retention Data Retention Meeting London, 14 May 2003 Philippe GERARD, DG Information Society The positions.

Oracle Fusion Applications 11gR1 ( ) Functional Overview (L2) Manage Inbound Logistics (L3) Manage and Disposition Inventory Returns.

What does the European citizenship entail? Citizenship is about coexisting, stating your opinion, listening to one another, respecting one’s opinion,

The Protection of Personal Information Bill 13 February

DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,

Workshop on Privacy of Public Figures and Freedom of Information - Skopje, 9-10 October 2012.

Data protection—training materials [Name and details of speaker]

Sharing Information Legally Lindsay Ould London Borough of Lewisham.

Privacy and Personal Information. WHAT YOU WILL LEARN: What personal information is. General guidelines for the collection of personal information. Your.

EPHA Presentation Healthcare and social services treated equally as estate agents or advertising companies excluded from the Directive or Healthcare and.

Article 19, 21and 22 chapter 111 of ICCPR Right to freedom of expression Right to Peaceful assembly Right to freedom of association.

Week 12. Lecture 2. Health Law & the EU Cross-border healthcare: patients’ rights.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 2– Freedom Movement for Workers Bilateral.

Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.

Protection of Personal Information Act An Analysis on the impact.

Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.

Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency.

TRANSBORDER DATA FLOWS INA MEIRING. THE PROTECTION OF PERSONAL INFORMATION ACT (“POPI”) > 'personal information' means information relating to an identifiable,

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Oracle Proprietary and Confidential. 1.

Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.

The fundamental rights of LGBT citizens in Europe – EU legislation and the Charter of Fundamental Rights.

Data Protection and Confidentiality

THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,

Privacy principles Individual written policies

Issues of personal data protection in scientific research

General Data Protection Regulation

EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.

Data Protection & Freedom of Information- An Introduction

Bob Siegel President Privacy Ref, Inc.

Automation in an XML Authoring Environment

Data Protection principles

Relocation CARNIVAL come one…come all

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .

Mathew Norman, Policy & Public Affairs Officer, RLA Wales

The activity of Art. 29. Working Party György Halmos

PERSONAL INFORMATION BILL

Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas

Outline Background: development of the Commission’s position

Presentation transcript:

DATA PRIVACY IN SOUTH AFRICAN LAW Brendan Hughes 2 nd International Direct Marketing Conference September 2006

Presentation Outline 1.Understanding the legal terminology 2.The purpose of data protection legislation 3.Current and anticipated data protection mechanisms in South Africa 4.Main features of the anticipated legislation from a direct marketing perspective 5.Suggested actions

1.Understanding the legal terminology “personal information” or “personal data” includes: information relating to the name, address, identity number, race, gender, reproductive status, marital status, national, ethnic or social origin, employment or criminal history, financial information, sexual orientation, age, physical or mental health, disability, religion, conscience or belief, culture, language or identifying detail assigned to a person.

Understanding the legal terminology “data subject” means the person to whom personal information relates. “consumer” means a person to whom goods or services are advertised, offered, supplied, leased, sold or delivered in the course of business.

Understanding the legal terminology “data controller” or “responsible party” means the person who determines the manner in which, and purpose for which data shall be processed. “data processor” means the person who processes personal information for the data controller or responsible party. “supplier” means a person who offers to supply or supplies any goods or services in the course of business.

2.The purpose of data protection legislation Primary purpose: To establish voluntary and mandatory mechanisms which uphold the right to privacy in an era in which technology increasingly facilitates the circulation and exchange of personal information. Opinions are divided as to how far the protection of privacy should extend.

The purpose of data protection legislation In Bernstein and Others v Bester and Others NNO (CC): “The truism that no right is to be considered absolute implies that …each right is always limited... In the context of privacy this means that it is only the inner sanctum of a person, such as his/her family life, sexual preference and home environment, which is shielded... This implies that community rights and the rights of fellow members place a corresponding obligation on a citizen…... Privacy is acknowledged in the truly personal realm, but as a person moves into communal relations and activities such as business and social interaction, the scope of personal space shrinks accordingly.” 1996(2) SA 751 (CC) at paragraph 67.

The purpose of data protection legislation Secondary purpose: To stimulate trade with EU member states. cf: Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of Data.

EU Data Protection Directive The transfer of personal data to a third country for processing may take place only if the third country in question ensures an “adequate” level of protection. Without data protection legislation, personal data of EU subjects may not be processed unless contractual agreements containing appropriate data protection safeguards are in place.

In the meantime.. EU “pre-approved” contractual provisions may be incorporated into international data processing agreements.

3.Data protection legislation Currently - section 14 of the Constitution guarantees the right to privacy in addition to laws of specific application and codes of conduct. Anticipated-two new laws of general application:  Consumer Protection Bill,  Protection of Personal Information Bill, %20B%20DRAFT%20LEGISLATION.pdf

4. Main features of the new legislation Consumer Protection Bill Defines “confidential information” very broadly and gives all “personal information” confidential status. Section 13 “A supplier must not use, direct or permit any other person to use, any confidential information pertaining to a consumer or prospective consumer for, or in relation to, any promotional purpose…. unless the consumer has consented to such use…”.

Consumer Protection Bill Section 14(1) The right of every person to privacy includes the right to refuse to accept, or pre- emptively block, any electronic communication to that person where the communication is primarily for marketing goods and services. 14(2) The National Consumer Commission may establish a register in which any person may register such a pre-emptive block.

Protection of Personal Information Bill Section 9 Personal information may only be processed where the data subject has given consent thereto; where the processing is necessary for the performance of a legal or contractual obligation or where the processing is necessary for upholding the legitimate interests of a responsible party or third party to whom information is supplied.

Protection of Personal Information Bill Section 10 Personal information must be collected directly from a data subject unless contained in a public record, the data subject authorizes collection from someone else or non-compliance would not prejudice the interests of the data subject.

5.Suggested Actions Industry submissions to the legislative authorities.  Assess the manner in which your organisation handles personal information; implement or review data management processes and policies.  Consider merits of adopting industry Code of Conduct.

Suggested Actions  Assess limiting impact of new legislation on other constitutional rights, including: section 16 (freedom of expression, including the right to freely impart information) section 22 (right to trade) section 32 (right of access to limitation). A law that seeks to protect one right (section 14 - privacy) may not limit other constitutional rights in an irrational or disproportionate manner, if it does, it may be unconstitutional.

THANK YOU © Brendan Hughes, Michalsons Attorneys 2006 This document contains proprietary information that is protected by copyright. All rights are reserved. No part of this document may be photocopied, reproduced, or translated to another language without the prior written consent of the author and of Michalsons Attorneys. This document is protected by South African copyright laws and is proprietary to the author and Michalsons Attorneys. Disclosure, copying, reproduction, merger, translation, modification, enhancement, or use by anyone other than authorized employees or licensees of the author or Michalsons Attorneys without the prior written consent is prohibited. Michalsons Attorneys makes no warranty of any kind with regard to the material, including, but not limited to, the implied warranties of fitness for a particular purpose. Michalsons Attorneys shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.