Legal updates and opinions
Authors
News / News
POPIA and social media posts
Processing of personal information on social media platforms
A great deal of attention has been given to juristic entities’ compliance with the Protection of Personal Information Act No. 4 of 2013 (“POPIA”). With the pending full commencement of POPIA on 1 July 2021, juristic entities are in the final stages of ensuring compliance with POPIA.
In this article, we discuss a lesser explored subject, being the implications of POPIA on natural persons taking into account the processing of personal information on social media platforms.
POPIA aims to protect an individual’s right to privacy by offering protection against the unlawful collection, retention, dissemination and use of personal information. The question that we explore in this article, is whether or not the protection afforded by POPIA also extends to photos of, and pictures including “memes”, of “data subjects”, as defined in POPIA, which are posted on social media platforms.
In the event that an individual discovers a “post”, on a social media platform disclosing certain of his/her “personal information”, as defined in POPIA, including a photograph, on a prima facia reading of POPIA, the subject of the post may be considered a data subject and the person who posted the photograph may be considered a “responsible party”, as defined in POPIA.
Posting personal information on social media would also, arguably amount to the dissemination of personal information, as contemplated in the definition of “processing” in POPIA. Thus, the responsible party may be obliged to comply with the provisions of POPIA.
The consequences of being considered a “responsible party”, in terms POPIA are substantial and include the requirement for a responsible party , inter alia, to comply with the eight conditions of lawful processing of personal information, as prescribed in POPIA. The conditions include a requirement to obtain the consent of the data subject prior to posting a photograph or the views of that data subject on a social media platform. The responsible party would also be required to appoint an information officer and publish and comply with a POPIA manual as read with section 51 of the Promotion of Access to Information Act No. 2 of 2000.
Arguably, the application of POPIA in the above circumstances would lead to an absurd result where every individual who posts photos, memes, videos or the views of another person, is considered a responsible party who must comply with onerous conditions.
To prevent the abovementioned situation from arising, section 6(1)(a) of POPIA states that POPIA does not apply to the processing of personal information in the course of a purely personal or household activity.
The repercussions of section 6(1)(a) of POPIA, quoted above are, arguably, that –
- POPIA applies only to business or professional activities; and
- in so far as any pictures or video taken or views shared are disseminated on social media or any other platform in a personal capacity, POPIA arguably does not apply.
POPIA does not define the terms “personal activity” or “household activity”. The aforementioned terms may have to interpreted not only by the ordinary grammatical meaning of the words but also by taking into account, on a case-by-case basis, what contemplates work as opposed to personal use in respect of the relevant social media user.
Disgruntled individuals who find their personal information posted on social media platforms without their consent are, however, not without legal remedy. Our common law, as codified in the Constitution of the Republic of South Africa, 1996, protects individual’s right to privacy on a professional and personal basis. Thus, social media users who post what may be considered as personal information, should do so, keeping in mind that the subject of the posts, although falling out of the ambit of POPIA, is still protected by the common law in the event that the post unlawfully breaches the privacy of the subject.
Discover POPIA: A Guide to the Protection of Personal Information Act of South Africa
by Zamathiyane Mthiyane, Senior Associate
reviewed by, Neil Kirby Director and Head of Healthcare and Lifesciences and Helen Michael, Director
Latest News
Privacy. Who is looking after the children?
As we celebrate International Privacy Day on 28 January 2025, we are called to look inward and ask how the [...]
Can language proficiency policies be used to exclude individuals who lack the required language skills from employment?
Our Constitution recognises 12 official languages and commits to promoting their development and use. Viewed through the lens of language, [...]
Hey POPIA, is the publication of a person’s HIV status, positive or negative?
The right to privacy and the rights of public figures came before the court in the case of Tshabalala-Msimang versus [...]
Error 404 – when facial recognition does not see you – a tale of how R1, R2 and R7 wages were paid for a week’s work
Since its inception, facial recognition technology has been regarded as the future for security, safety, technology and innovation.[1] Indeed, the [...]
Cybersecurity Breaches vs The SABS Breach of “Standards”
Issues of maladministration and mismanagement at the South African Bureau of Standards ("SABS") have been the subject of much contestation [...]
No, you cannot do and say whatever you feel like! Even if you are the scorned lover or wife
The internet and digital platforms have significantly impacted privacy rights and the legal landscape. Social media, blogs, and other online [...]
