Data privacy is a human right - popi act, gdpr

On the 21st March South Africans were commemorating Human Rights Day. As we have been approaching this day I’ve taken some time to reflect on our universal right to privacy. In 1948, the United Nations adopted the Universal Declaration of Human Rights, and article 12 of this declaration is dedicated to our universal right to privacy. The Declaration states that “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks”

This right became well established and understood especially before the age of the proliferation of mass-market consumer computing devices, social media, as well as the widespread digital migration in every sector. Even law enforcement agents are required to possess a signed warrant before they can search your private home out of respect for an individual’s private life. 

It seems that as people started recording their personal information on computer systems and later on over the internet, we failed to carry over the protection of this basic right onto the digital landscape. However, the collection of private and sensitive information that we as individuals have captured on various platforms online more than adequately reflects our entire lives, family relations and associations. 

 Many high profile data breaches and data leaks have exposed billions of personal data records putting billions of people at risk. On a more sinister level, we’ve also witnessed companies who misappropriate personal information and recorded online behavior to manipulate people to behave in certain ways including influencing their political decisions. All these incidents remind us that our right to privacy and our right to have our protected personal data needs to be enforced.   

Sweden became the first country in the world to enact a national data protection law in 1973 to address the concerns around the increase of computers processing and storing personal data. In 2019, the World Economic Forum published an article specifying that 4.2 billion people in the world share their personal data online, while only 100 countries have data protection laws in place. One of the most well-known data protection regulations that was passed recently is Europe’s General Data Protection Regulation (GDPR). This regulation has seen a lot of activity and effort being invested to address how companies who collect or use personal data have reviewed their policies, actions, processes and controls. Many large and well-known companies have already received massive fines and penalties under the GDPR, which has motivated others to review their data protection programs and put more effort into compliance. Despite many companies facing penalties and fines for the mishandling of personal data, the GDPR has been criticized by others for not being effective enough to enforce compliance and data protection. What it has achieved through, is an increase in awareness around data protection and reminded the general public that they do have a right to expect that their personal data should be protected.  

The South African Protection of Personal Information Act was signed into law almost seven years ago and we are still awaiting for this Act to come into full force. In the build up and anticipation to having this law we have seen a disturbingly high number of data breaches in the country recently. This has led to many people in the industry calling for the Information Regulator to speed up action and so we can finally see the personal data of South Africans protected. In the meantime, it is important for companies who collect and use personal data to understand that privacy and personal data protection is not just a legal compliance issue but is a fundamental human right that should be respected and upheld.