Privacy - Constitutional Crisis Parallel to the SASSA Debacle
On the 14th March 2017 the Social Development Minister Bathabile Dhlamini asserted in parliament that there was “no crisis” relating to the payment of social security grants and that this was merely something that the “prophets of doom” had created. On the 15th March the Chief Justice disagreed with her, expressing the views of most South Africans in indicating that the Minister acted incompetently and “did not have her finger on the pulse”. It is not necessary to elaborate further on that issue as the contempt with which the Minister, the Executive and apparently even the President regard their constitutional duties is already well documented.
What may have gone unnoticed is a parallel constitutional crisis which is highlighted by the facts that have been revealed in papers before the Constitutional Court. It has become apparent that Cash Paymaster Services (“CPS”) is not only profiting handsomely from the payment of grants, but it and its affiliates Net 1, Grindrod bank and others, are apparently are also profiting substantially from the use of personal information belonging to 10 million South Africans, provided to CPS for the purpose of paying grants but being used in what has been described as “predatory financial practices”. This prompted the Black Sash to request that on the completion of the contract, the personal information in the hands of CPS and its cohorts be returned to and “owned” by SASSA. As noble as its intentions may be, it is startling that in dealing with the matter at such high profile that the simple concept of the constitutional right of privacy and who owns information is so grossly misunderstood by eminent lawyers.
This turn of events begs the question: Who is responsible for the “Dhlamini neglect” that has allowed the constitutional right of privacy, and in this instance the rights of 10 million South Africans, to have been plundered by unscrupulous business?
The answer is self-evident to those that follow these issues. The Department of Justice, the supposed custodian of the Protection of Personal Information Act, displaying the contempt for the Constitution and the rights of South African’s that has characterised the conduct of the Executive and the President on many occasions in recent years, has failed miserably in the discharge of its custodial duties. No doubt the Ministers and Deputy Ministers will hastily point to the fact that an Information Regulator has been appointed. This is indeed a great step forward, but it masks their ineptitude in establishing the critical mechanisms to “deliver” protection of personal information to South African’s in the same manner as Minister Dhlamini has proved herself not fit to hold the office to which she has been appointed, to all but her political allies.
What is to be welcomed is the action of the Information Regulator in the Application brought by the Black Sash. Indeed, one of the few glimmers of light we have in the bungling efforts to resolve the SASSA crisis is that, despite the ridiculously meagre budget apportioned to the Information Regulator (quite possibly designed to assure the failure of it achieving its true purpose) the Information Regulator instructed counsel to oppose the prayer that SASSA became the owner of the information and pointed the Constitutional Court to the fact that data subjects are indeed the owners of their information. The Information Regulator is to be commended in attempting to ensure that this basic concept is correctly dealt with in the highest court in our land.
Had it not been from the gross negligence, alternatively wilful obstruction of government, in delaying the appointment of the Information Regulator and commencement of PoPIA, perhaps 10 million citizens would not have had their rights trampled upon by what increasingly appears to be unscrupulous business focussed solely on profit. Perhaps, even if it seems a remote possibility given the attitude demonstrated to the SASSA issue by government, SASSA would have fulfilled its duties in terms of PoPIA to safeguard the personal information of South African citizens, in respect of which it is the responsible person.
There is little doubt that the immediacy of the SASSA crisis and understandable anxiety of the poorest of the poor not receiving money to feed themselves, allied to the gross incompetence of Minister Dhlamini and her almost unbelievable disregard for the law and contempt of the Constitutional Court, deserves all of the public, political and judicial outrage that it has received. But it should not be forgotten that, even if a side issue in the SASSA debacle, the same disregard for the constitutional right of privacy is no less reprehensible.
The Cybercrimes and Cybersecurity bill (“Cyber Bill”) has been published by parliament. Despite alerting the Deputy Minister of Justice to the necessity of balancing the right of privacy against powers that may be granted to law enforcement and in the name of State Security, the bill, in defining cybersecurity structures and cybersecurity safeguards, ignores the necessary consultation between the law enforcement and state security on the one hand and the Information Regulator on the other. The recent utterances by the Minister of State Security relating to the regulation of Social Media make this omission even more concerning.
For those dealing with privacy and cybersecurity legislation to not know or understand the importance attributed globally to privacy and the cybersecurity necessary to protect our privacy, is “Dhlamini remiss”. It is, in the light of the assertions of the Chief Justice, unacceptable. Hopefully (we do live in hope), representations on the Cyber Bill will highlight the dangers of the very real assault on their privacy and indeed their victimisation by cybercriminals of South Africans. We also hope beyond hope that in some miraculous way government is freed from its inertia in this regard and we can avoid yet another shameful dereliction of its duty to citizens.