Legal updates and opinions
Authors
News / News
POPIA and social media posts
Processing of personal information on social media platforms
A great deal of attention has been given to juristic entities’ compliance with the Protection of Personal Information Act No. 4 of 2013 (“POPIA”). With the pending full commencement of POPIA on 1 July 2021, juristic entities are in the final stages of ensuring compliance with POPIA.
In this article, we discuss a lesser explored subject, being the implications of POPIA on natural persons taking into account the processing of personal information on social media platforms.
POPIA aims to protect an individual’s right to privacy by offering protection against the unlawful collection, retention, dissemination and use of personal information. The question that we explore in this article, is whether or not the protection afforded by POPIA also extends to photos of, and pictures including “memes”, of “data subjects”, as defined in POPIA, which are posted on social media platforms.
In the event that an individual discovers a “post”, on a social media platform disclosing certain of his/her “personal information”, as defined in POPIA, including a photograph, on a prima facia reading of POPIA, the subject of the post may be considered a data subject and the person who posted the photograph may be considered a “responsible party”, as defined in POPIA.
Posting personal information on social media would also, arguably amount to the dissemination of personal information, as contemplated in the definition of “processing” in POPIA. Thus, the responsible party may be obliged to comply with the provisions of POPIA.
The consequences of being considered a “responsible party”, in terms POPIA are substantial and include the requirement for a responsible party , inter alia, to comply with the eight conditions of lawful processing of personal information, as prescribed in POPIA. The conditions include a requirement to obtain the consent of the data subject prior to posting a photograph or the views of that data subject on a social media platform. The responsible party would also be required to appoint an information officer and publish and comply with a POPIA manual as read with section 51 of the Promotion of Access to Information Act No. 2 of 2000.
Arguably, the application of POPIA in the above circumstances would lead to an absurd result where every individual who posts photos, memes, videos or the views of another person, is considered a responsible party who must comply with onerous conditions.
To prevent the abovementioned situation from arising, section 6(1)(a) of POPIA states that POPIA does not apply to the processing of personal information in the course of a purely personal or household activity.
The repercussions of section 6(1)(a) of POPIA, quoted above are, arguably, that –
- POPIA applies only to business or professional activities; and
- in so far as any pictures or video taken or views shared are disseminated on social media or any other platform in a personal capacity, POPIA arguably does not apply.
POPIA does not define the terms “personal activity” or “household activity”. The aforementioned terms may have to interpreted not only by the ordinary grammatical meaning of the words but also by taking into account, on a case-by-case basis, what contemplates work as opposed to personal use in respect of the relevant social media user.
Disgruntled individuals who find their personal information posted on social media platforms without their consent are, however, not without legal remedy. Our common law, as codified in the Constitution of the Republic of South Africa, 1996, protects individual’s right to privacy on a professional and personal basis. Thus, social media users who post what may be considered as personal information, should do so, keeping in mind that the subject of the posts, although falling out of the ambit of POPIA, is still protected by the common law in the event that the post unlawfully breaches the privacy of the subject.
Discover POPIA: A Guide to the Protection of Personal Information Act of South Africa
by Zamathiyane Mthiyane, Senior Associate
reviewed by, Neil Kirby Director and Head of Healthcare and Lifesciences and Helen Michael, Director
Latest News
Enforcement notice issued to Dis-Chem due to contravention of POPIA
and Chiara Ferri, Candidate Attorney The importance of compliance has once again been highlighted as the Information Regulator issued an [...]
What are you worth? “if you’re not paying for a product, then you are a product.”
In the digital world, this happens to be true. But it is not only companies that have realised the value [...]
The privacy of customers seemingly protected by RICA
The Regulation of Interception of Communications and Provision of Communication Related Information Act 70 of 2002 ("RICA") was enacted more [...]
The publication of information by the Auditor General in terms of PAIA
and Chiara Ferri, Candidate Attorney In the High Court judgment of Sakeliga NPC v The Auditor-General South Africa (36297/2022) [2023] [...]
The Financial Services Tribunal’s position on the withholding of a pension benefit pursuant to a criminal complaint
In this article we will discuss the extent to which employers may withhold a pension benefit if such employer has [...]
OpenAI vs Open AI
OpenAI Inc ("OpenAI"), the originator of ChatGPT, has launched trade mark infringement and unfair competition proceedings in the USA against [...]
