“A key concept for understanding the purpose of the draft Bill is ‘information privacy’. The trouble with ‘privacy’ is that it is a concept that is notoriously difficult to define. [See for example, the entry on ‘Privacy’ in the Stanford Encyclopedia of Philosophy.] The definition adopted by the South African Constitutional Court is that the concept of ‘privacy’ in the Bill of Rights extends to those aspects of existence in regard to which a ‘legitimate expectation of privacy can be harboured’. A ‘legitimate expectation of privacy’ has two components ‘a subjective expectation of privacy . . . that the society has recognized . . . as objectively reasonable’. [Bernstein v Bester NO 1996 (2) SA 751 (CC) para 75.] Privacy is, in other words, what feels private, though that feeling has to be a reasonable one, ie a feeling of privacy that is objectively shared rather than entirely personal or eccentric.One expectation of privacy that has been recognised as legitimate is an expectation that one should be able to control information about oneself. The right to privacy recognises and protects an individual’s interest in what has been called ‘informational self-determination’. This is an interest in restricting the collection, use of and disclosure of one’s private information by others. It also encompasses a related interest in having access to personal information that has been collected by others in order to ascertain its content and to check its accuracy.Technological developments pose a considerable threat to this aspect of privacy. Digital technology allows the collection, storage and processing of previously unimaginable quantities and types of personal data. Advances in communications technology allow instant and worldwide dissemination of this data. Miniaturisation has allowed the use of surveillance technology such as cameras and audio surveillance equipment to become commonplace. Personal and public security concerns are used to justify increasing monitoring of one’s daily activities. [For non-paranoid commentary on threats to privacy from new technologies see the blog http://www.privacyspot.com/]In response to concerns about the erosion of information privacy in the information age many jurisdictions have developed regulatory laws governing the collection, processing and dissemination of personal information. These laws are variously called Data Protection laws, Personal Information laws or simply Privacy Laws. Moreover, because information can no longer easily be confined to one jurisdiction important international instruments have been developed to regulate international data flows. These are the Council of Europe’s 1981 Convention for the Protection of Invididuals with Regard to the Automatic Processing of Personal Data [COE Convention] and the OECD’s 1981 Guidelines Governing the Protection of Privacy and Transborder Data Flows of Personal Data [OECD Guidelines]. The OECD Guidelines, structured around a set of Principles for the lawful processing of personal information, have been extremely influential in the development of the information privacy laws of a number of domestic jurisdictions. This is true also of the SALRC draft legislation.Another crucial international development is the European Union’s 1995 Data Protection Directive [EU Directive]. The Directive constrains EU members from transmitting personal information of EU citizens to jurisdictions without an ‘adequate level of protection’ for that information. This has had the effect of pressurising countries trading with the EU that do not have specific regimes for protection of personal information to develop them in order not to be excluded from data flows from EU members.South Africa has general privacy protection in the Bill of Rights [s 14]. The right is protected by a private law action to interdict current or anticipated privacy infringments or to recover damages for infringements that have already occurred. Though information privacy is encompassed in the constitutional protection of privacy, there is no specific legislative regulatory regime for this aspect of privacy. The Promotion of Access to Information Act protects personal information from disclosure in response to a request made in terms of the Act, but has no application outside the context of such a request. It is this absence of legislation that the SALRC draft Bill intends to remedy.”
One of the central features of the Bill is the creation of an Information Protection Commission which would become the regulator charged with enforcing the provisions of the proposed legislation. This legislation is probably long overdue given the rapid pace of development of the Internet and the constant flow of personal information over data networks.A copy of the bill is available for download by clicking on the image below:
(via MyADSL)Update:Buys Incorporated has published a very handy guide to the new Bill. You can download it by clicking here.Technorati Tags: privacy, protection of personal information
RSS – Posts
What do you think?