The technical working committee presented its 7th and final draft of the POPI (Protection of Personal Information) Bill to the Portfolio Committee at Parliament on the 19th of June 2012.
During the presentation particular reference was made to the definition of a child and the Regulator's potential role concerning exceptions to the rule pertaining to the processing of childrens' personal information.
At this point in time no real consensus exist as to whether a child's age in terms of the proposed legislation should be a person under 13 (thirteen), or a person under the age of 18 (eighteen). This would in effect imply that a person (the responsible party) processing personal information may not process personal information relating to any person (data subject) under any of the given ages (depending on which age consensus would have been reached to establish whether he or she is a child or not), unless the responsible party have met certain criteria.
In other words, a social networking site domiciled in South Africa for example, would for instance be prohibited from processing individuals' personal information if such individuals are considered to be children (either under 13 or under 18) in terms of the proposed legislation. An exception would be if the Regulator would permit them to do so under special circumstances and after the responsible party have submitted an applictation. Consent from a competent person might also justify the processing, for instance where the child's parent or guardian has granted his or her consent. But in today's age of technological advances and equally savvy kids, this might prove probelematic to enforce.
Interesting enough is that the EU in its new regulations have defined the age of a child as somebody under the age of 13 (thirteen).
Another area that was debated was whether processing notification to the Regulator by a Resonsible Party should be made an obligation in terms of the proposed Act. This was raised specifically to highlight the proposed changes or regulations in the EU where notification has been abolished to be replaced by a mechanism where the Responsible Party itself will retain certain documentation to illustrate its processing. The Technical Working Committee will report back with its own findings on this issue.
The Bill still seems on target to be promulgated before the end of 2012.
A copy of the latest version of the POPI Bill can be downloaded here.
During the presentation particular reference was made to the definition of a child and the Regulator's potential role concerning exceptions to the rule pertaining to the processing of childrens' personal information.
At this point in time no real consensus exist as to whether a child's age in terms of the proposed legislation should be a person under 13 (thirteen), or a person under the age of 18 (eighteen). This would in effect imply that a person (the responsible party) processing personal information may not process personal information relating to any person (data subject) under any of the given ages (depending on which age consensus would have been reached to establish whether he or she is a child or not), unless the responsible party have met certain criteria.
In other words, a social networking site domiciled in South Africa for example, would for instance be prohibited from processing individuals' personal information if such individuals are considered to be children (either under 13 or under 18) in terms of the proposed legislation. An exception would be if the Regulator would permit them to do so under special circumstances and after the responsible party have submitted an applictation. Consent from a competent person might also justify the processing, for instance where the child's parent or guardian has granted his or her consent. But in today's age of technological advances and equally savvy kids, this might prove probelematic to enforce.
Interesting enough is that the EU in its new regulations have defined the age of a child as somebody under the age of 13 (thirteen).
Another area that was debated was whether processing notification to the Regulator by a Resonsible Party should be made an obligation in terms of the proposed Act. This was raised specifically to highlight the proposed changes or regulations in the EU where notification has been abolished to be replaced by a mechanism where the Responsible Party itself will retain certain documentation to illustrate its processing. The Technical Working Committee will report back with its own findings on this issue.
The Bill still seems on target to be promulgated before the end of 2012.
A copy of the latest version of the POPI Bill can be downloaded here.
RSS Feed