4 déc 1996 · Australian Law Reform Commission Review of Australian Privacy Discussion Paper 72 September 2007 Bainbridge D Data Protection CLT
| Previous PDF | Next PDF |
[PDF] Full report - Global Class Actions Exchange
30 jui 2007 · Ross Abbs (from 5 February 2007 to 15 June 2007) Samantha Burchell (until Victorian Law Reform Commission - Civil Justice Review: Report 2 Contents 7 Preface England and France in addition to Finland: Andrews
[PDF] LRC 2009 Report on its Activities - LAW REFORM COMMISSION
Law Reform Commission of Mauritius [LRC] – 2009 Report on the Activities of the Commission has established in October 2009 a Committee, under section 8 of powers, duties and accountability) in the French criminal justice system [and the 3 In December 2007, the Commission, as part of its Criminal Justice Reform
[PDF] The Work of the Law Reform Commission
State” [June 2007], the Commission considered, as the Presidential circumstances: it was designed for the imperial legal set-up in France in the early 19 th
Competitive Restrictions in Legal Professions 2007 - OECD
28 jan 2008 · Commission, France, Hungary, Indonesia, Ireland, Italy, Korea, Lithuania, the Netherlands, Legal Professions, held by the Competition Committee in June 2007 that the reform of the legal profession does not only affect
[PDF] the law commission cohabitation: the financial consequences of
The Law Commission was set up by the Law Commissions Act 1965 for the purpose of jurisdictions (such as France, Australia and New Zealand) 1 19 The Law Commission's Ninth Programme of Law Reform set out the terms of Payments Bill was introduced in June 2007 47 The Bill has no direct implications
[PDF] This Report reflects the law, and the policies of federal bodies, as at
Law Reform Commission Act 1973 (Cth) and reconstituted by the Australian Law On 29 November 2007, the then Attorney-General, the Hon Philip Ruddock MP , rules as to the protection of confidentiality in France from an amalgam of 'le
[PDF] ALTERNATIVE DISPUTE RESOLUTION - Law Reform Commission
Report on the Third Programme of Law Reform 2008 - 2014 (LRC 86 – 2007), Project 5 in Legal Service: Preliminary Report (The Competition Authority, February 2005) These countries include Austria, Bulgaria, Denmark, Finland, France,
[PDF] public order - DARPG
1 jui 2007 · Maintenance of public order and the rule of law is a key sovereign function to be called the second Administrative Reforms commission (ARc) to second Administrative Reforms commission by one year upto 31 8 2007 for submission and the public prosecutor, as in France, the investigation of police
[PDF] Trinidad CV Edited 16 July 2007 1800 - the International Criminal
Note reference ICC-ASP/6/S/10, dated 1 June 2007, which advised of the decision taken by different Law Reform Commission, to replace Mr Hudson- Phillips
[PDF] SOUTH AFRICAN LAW REFORM COMMISSION - Department of
4 déc 1996 · Australian Law Reform Commission Review of Australian Privacy Discussion Paper 72 September 2007 Bainbridge D Data Protection CLT
[PDF] June 2012 JANE K. BROWN Department of Germanics, Box 353130
[PDF] June 2013 - Challenged Child and Friends
[PDF] june 2013 - cote for paris
[PDF] June 2013 newsletter - Anciens Et Réunions
[PDF] June 2014 Question Paper 1 - France
[PDF] June 2015 - École des Neurosciences Paris Île de France
[PDF] June 2016 - St-Pierre - France
[PDF] June 2016 1 sur 5 COMMENT DÉPOSER UNE - Email
[PDF] June 2016 – Vol 60 (2) - Canadian Phytopathological Society - Anciens Et Réunions
[PDF] June 21, 2015 (Pentecost 4 B) 2 Corinthians 5:1 - Saints Des Derniers Jours
[PDF] June 25, 2016 Thunder Bay Schutzhund Club Judge: Doug Deacon
[PDF] June 30, 2015 - Anciens Et Réunions
[PDF] June 4-5, 2015 Final Program
[PDF] June :2015 Level : 3AM Third Term English Exam Time:1h30 - Anciens Et Réunions
[PDF] June Anderson - Anciens Et Réunions
-iii- TO MR E SURTY, MP, MINISTER OF JUSTICE AND CONSTITUTIONAL
-iv- -v-
Bainbridge D Data Protection CLT Professional Publishing Welwyn Garden City 2000. Bennett C J "The Protection of Personal Financial Information: An Ev aluation of the Privacy Codes of the Canadian Bankers Association and the Canadian Standards Association" Prepared for the "Voluntary Codes Project" of the Office of Consumer Affairs Industry, Canada and Regulatory Affairs Treasury Board, March 1997 available at http://web.uvic.za/polisci/bennett. Bennett CJ "Prospects for an International Standard for the Protection of Personal Information: A Report to the Standards Council of Canada" August 1997 available at accessed on 29/10/2002. Bennett CJ "What Government Should Know About Privacy: A Foundation Paper" Presentation prepared for the Information Technology Executive Leadership Council's Privacy Conference, June,19 2001 (Revised August 2001) available at http://web.uvic.za/polisci/bennett, accessed on
[PDF] June 2013 - Challenged Child and Friends
[PDF] june 2013 - cote for paris
[PDF] June 2013 newsletter - Anciens Et Réunions
[PDF] June 2014 Question Paper 1 - France
[PDF] June 2015 - École des Neurosciences Paris Île de France
[PDF] June 2016 - St-Pierre - France
[PDF] June 2016 1 sur 5 COMMENT DÉPOSER UNE - Email
[PDF] June 2016 – Vol 60 (2) - Canadian Phytopathological Society - Anciens Et Réunions
[PDF] June 21, 2015 (Pentecost 4 B) 2 Corinthians 5:1 - Saints Des Derniers Jours
[PDF] June 25, 2016 Thunder Bay Schutzhund Club Judge: Doug Deacon
[PDF] June 30, 2015 - Anciens Et Réunions
[PDF] June 4-5, 2015 Final Program
[PDF] June :2015 Level : 3AM Third Term English Exam Time:1h30 - Anciens Et Réunions
[PDF] June Anderson - Anciens Et Réunions
SOUTH AFRICAN LAW REFORM COMMISSION
Project 124
PRIVACY AND DATA PROTECTION
REPORT
2009-iii- TO MR E SURTY, MP, MINISTER OF JUSTICE AND CONSTITUTIONAL
DEVELOPMENT
I am honoured to submit to you in terms of section 7(1) of the South African Law Reform Commission Act 19 of 1973 (as amended) for your consideration, the Commission's report on privacy and data protection.Y MOKGORO
CHAIRPERSON: SOUTH AFRICAN LAW REFORM COMMISSION
2009-iv- -v-
INTRODUCTION
The South African Law Reform Commission was established by the South Afr ican LawCommission Act, 1973 (Act 19 of 1973).
The members of the Commission are -
The Honourable Madam Justice Y Mokgoro (Chairperson) The Honourable Mr Justice W L Seriti (Vice-Chairperson)The Honourable Mr Justice D M Davis
Adv C Albertyn
Ms T Madonsela (full-time member)
Mr T Ngcukaitobi
Adv D Ntsebeza SC
Prof PJ Schwikkard
Adv M Sello
The Commission's offices are on the 12th floor, Sanlam Centre c/o Pretor ius and Schoeman Streets, Pretoria. Correspondence should be addressed to:The Secretary
South African Law Reform Commission
Private Bag X668
PRETORIA 0001
Telephone: (012)392-9566
Fax: (012)320-0936
E-mail: analouw@justice.gov.za
Website: www.doj.gov.za/salrc/index.htm
The members of the Project Committee for this investigation are:The Honourable Mr Justice CT Howie
Prof J Neethling
Prof I Currie
Ms C da Silva
Ms C Duval
Prof B Grant
Ms A Grobler
Mr M Heyink
Ms S Jagwanth
Ms A Tilley
The Chairperson is Mr Justice CT Howie, the Project Leader is Prof J Nee thling and the researcher is Ms Ananda Louw. -vi- SUMMARY OF RECOMMENDATIONS FOR LEGISLATIVE REFORM Privacy is a valuable aspect of personality. Data or information protection forms an element of safeguarding a person's right to privacy. It provides for the legal protection of a person in instances where his or her personal information is being collected, stored, used or communicated by another person or institution. In South Africa the right to privacy is protected in terms of both the common law and in sec 14 of the Constitution. The recognition and protection of the right to privacy as a fundamental human right in the Constitution provides an indication of its importance. The constitutional right to privacy is, like its common law counterpart , not an absolute right but may be limited in terms of law of general application and has to be bal anced with other rights entrenched in the Constitution. In protecting a person's personal information consideration should, therefore, also be given to competing interests such as the administering of national social progra mmes, maintaining law and order, and protecting the rights, freedoms and interests of others, incl uding the commercial interests of industry sectors such as banking, insurance, direct marketing, health care, pharmaceuticals an d travel services. The task of balancing these opposing interests is a del icate one. Concern about information protection has increased worldwide since the 1960's as a result of the
expansion in the use of electronic commerce and the technological environment. The growth of centralised government and the rise of massive credit and insurance industries that manage vast computerised databases have turned the modest records of an insular society into a bazaar of information available to nearly anyone at a price. Worldwide, the surveillance potential of powerful computer systems prompt demands for specific rules governing the collection and handling of personal information. The question is no longer whether information can be obtained, but rather whether it should be obt ained and, where it has been obtained, how it should be used. A fundamental assumption underlying the answer to thes e questions is that if the collection of personal information is allowed by law, the fairness, integ rity and effectiveness of such collection and use should also be protected.There are now well over fifty countries that have enacted information protection statutes at national
or federal level and the number of such countries is steadily growing. The investigation into the possible development of information privacy legislation for South Africa is therefore in line with international trends. Early on, it was, however, recognised that information privacy could not simply be regarded as a domestic policy problem. The increasing ease with which personal information could be transmitted outside the borders of the country of origin produced an interesting history of -vii- international harmonisation efforts, and a concomitant effort to regulate transborder information flows.Two crucial international instruments evolved:
a) The Council of Europe's 1981 Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data (CoE Convention); and b) the 1981 Organization for Economic Cooperation and Development's (OECD) Guidelines Governing the Protection of Privacy and Transborder Data Flow s ofPersonal Data.
These two agreements have had a profound effect on the enactment of national laws around the world, even outside the OECD member countries. They incorporate technologically neutral principles relating to the collection, retention and use of personal inf ormation.Although the expression of information protection in various declarations and laws varies, all require
that personal information be dealt with according to specific principles know n as the "Principles of Information Protection" which form the basis of both legislative regulation and self-regul ating control. Some account should also be taken of the UN Guidelines, the APEC initiative, as well as the Commonwealth Law Ministers' proposed Model Laws. In all these instances coun tries are encouraged to enact legislation that will accord personal information an appropriate measure of protection, and also to make sure that such information is collected only for appropriate purposes and by appropriate means. In 1995, the European Union furthermore enacted the Data Protection Directive in order to harmonise member states' laws in providing consistent levels of protection for citizens and ensuringthe free flow of personal data within the European Union. It imposed its own standard of protection
on any country within which personal data of European citizens might be process ed. Articles 25 and26 of the Directive stipulate that personal data should only flow outside the boundaries of the Union
to countries that can guarantee an "adequate level of protection". Privacy is therefore an important trade issue, as information privacy concerns can create a barrier to international trade. Considering the international trends and expecta tions, information privacy or data legislation will ensure South Africa's future participation i n the information market, if it is regarded as providing "adequate" information protection by interna tional standards. A pertinent example in this regard is the importance for South Africa to ensure a successful 2010 FIFA Soccer World Cup. In order to enforce proper customs and immigration control measures through passenger surveillance and monitoring, the personal information of large numbers ofinternational travelers, who will be making use of international airlines, will have to be facilitated by
-viii- 1References in brackets are to the applicable clauses, parts and chapters in the Protection of Personal Information Bill
set out in Annexure C to this Report. SARS, SAPS and the Department of Home Affairs. However, the international airlines will be unable to provide the advance passenger information needed until South Africa can guarantee the adequate protection of the information. It should be noted that the promulgation of information protection legislation in South Africa will necessarily result in amendments to other South African legislation, most notably the Promotion of Access to Information Act 2 of 2000, the Electronic Communications and Transactions Act 25 of2002 and the National Credit Act 34 of 2005. All these Acts contain interim provisions regarding
information protection in South Africa. The recommendations of the Commission, as set out in the Bill accompany ing this report asAnnexure C, can be summarised as follows:
1 a) Privacy and information protection will be regulated by a general information protection statute, with or without sector specific statutes, which will be supplemented by codes of conduct for the various sectors and will be app licable to both the public and private sector. Automatic and manual processing will be covered and identifiable natural and juristic persons will be protected [Chapter 2, clauses 3-6]. b) General principles of information protection have been developed and incorporat ed in the legislation. The proposed Bill gives effect to eight core information protection principles, namely accountability, processing limitation, purpose specification, further processing limitation, information quality, openness, security safeguards and data subject participation. Provision is made for exceptions to the information protection principles [Chapter 3, Part A, clauses 7-24]. Exemptions are furthermore possible for specific sectors in applicable circumstances [Chapter 4, clauses 33-34]. Special provision has furthermore been made for the protection of special (sensitive) personal information [Chapter 3, Part B, clauses 25-32]. c) A statutory regulatory agency should be established. Provision has been made for an independent Information Protection Regulator.[Chapter 5, Part A, clauses 35-47]. The Regulator will, inter alia, be responsible for the implementation of both the
proposed Protection of Personal Information Act (see Annexure C) and the Promotion of Access to Information Act, 2000. Data subjects will be under an obligation to notify the Regulator of any processing of personal information before they undertake such processing [Chapter 6, Part A, clauses 50-54] and provision has also been made for prior investigations to be conducted where the information being collected warrants a stricter regime [Chapter 6, Part B, clauses 55-56]. Options have been provided in the text of the report [Chapter 7, para 7.2.189(h)] -ix- for different alternatives regarding the structure of the Regulator. The basic structure set out in the Bill will be adjusted according to the options chosen. d) Enforcement of the Bill will be through the Regulator using as a first step a system of notices where conciliation or mediation has not been successful. Failure to comply with the notices will be a criminal offence. The Regulator may furthermore assist a data subject in claiming compensation from a responsible party for any damage suffered. Obstruction of the Regulator's work is regarded in a very serious light and constitutes a criminal offence [Chapter 10, clauses 70-94 and Chapter11, clauses 95-100]
e) A flexible approach should be followed in which industries will develop their own codes of conduct (in accordance with the principles set out in the legi slation) which will be overseen by the regulatory agency. Codes of conduct for individ ual sectors may be drawn up for specific sectors on the initiative of the specific sector or of the Regulator itself. This will include the possibility of making provision for an adjudicator to be responsible for the supervision of information protect ion activities in the sector. The Regulator will, however, retain oversight authority. Although the codes will accurately reflect the information protection principles as set out in the Act, it should furthermore assist in the practical application of the rules in a specific sector [Chapter 7, clauses 57-65]. f) Specific provision has been made for the protection of data subjects' rights in so far as unsolicited electronic communications (spam) and automated decision makin g are concerned [Chapter 8, clauses 66-68]. g) It is the Law Commission's objective to ensure that the legislation provides an adequate level of information protection in terms of the EU Directive. In this regard a provision has been included that prohibits the transfer of personal information to countries that do not, themselves, ensure an adequate level of information protection [ Chapter 9, clause 69] The recommendations and draft legislation are the result of a very tho rough consultation process. Should these recommendations be adopted by Parliament, the protection of information privacy in South Africa willl be in line with international requirements and develo pments. -x-TABLE OF CONTENTS
PageINTRODUCTION (v)
SUMMARY OF RECOMMENDATIONS (vi)
LIST OF SOURCES (xv)
TABLE OF CASES (xxxv)
SELECTED LEGISLATION
(xli) CONVENTIONS, DIRECTIVES, GUIDELINES AND DECLARATIONS (xlvii)CHAPTER 1: INTRODUCTION 1
1.1 History of the investigation 1
1.2 Exposition of the problem 2
1.3 Terms of reference 13
1.4 Methodology 14
CHAPTER 2: RIGHT TO PRIVACY 16
2.1 Recognition of the right to privacy 16
2.2 Nature and scope of the right to privacy 27
2.3 Infringement of the right to privacy 33
a) Essentials for liability 34 b) Defences/Justification 43 c) Remedies 532.4 Safeguarding the right to privacy with particular reference to
information protection 56 -xi- CHAPTER 3: PROPOSED INFORMATION PROTECTION LEGISLATION FOR SOUTH AFRICA: THE PROTECTION OF PERSONAL INFORMATION BILL 613.1 Introduction 61
3.2 Purposes of the Bill 63
3.3 Substantive scope of the proposed legislation 66
a) Proposals in the Discussion Papers 66 b) Evaluation 68 (i) Automatic and manual files 68 (ii) Existing and future information bases 70 (iii) Sound/image information 72 (iv) Natural v juristic persons 72 (v) Public v private sector 84 (vi) Critical information 88 vii) Special personal information (Sensitive information) 106 (viii) Household activity 108 (ix) Anonymised/ De-identified information 109 (x) Professional information (including provider information) 114 (xi) Processing of personal information for journalistic, artistic or literary purposes 116 (xii) Information in the public domain 132 c) Recommendation 137 CHAPTER 4: PRINCIPLES OF INFORMATION PROTECTION 1414.1 Origins of the information protection principles 141
a) Introduction 141 b) Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (CoE Convention) 143 c) Organisation for Economic Cooperation and DevelopmentGuidelines (OECD Guidelines) 145
d) Other OECD Guidelines 148 e) European Union Directive on the Protection of Individuals with regard to the Processing of Personal Data and on theFree Movement of Such Data (EU Directive) 148
-xii- f) Other relevant EU Directives 153 g) United Nations Guidelines 155 h) Commonwealth Guidelines155 i) Asia Pacific Economic Cooperation framework 1574.2 Discussion of Information Protection Principles 158
A) Introduction 158
B) Principles of Information Protection 161 a) Principle 1: Accountability164 b) Principle 2: Processing limitation (fair and lawful processing) 168 c) Principle 3: Purpose specification / collection limitation192 d) Principle 4: Further processing limitation206 e) Principle 5: Information Quality224 f) Principle 6 Openness230 g) Principle 7: Security safeguards241 h) Principle 8: Data subject participation2724.3 Processing of special personal information (sensitive information) 290
a) Proposals in the Discussion paper290 b) Evaluation293 (i) General293 (ii) Children294 (iii) Religion299 (iv) Race301 (v) Political persuasion301 (vi) Health and sex life302 (vii) Criminal behaviour315 c) Recommendation3164.4 Exemptions and exceptions322
CHAPTER 5: RIGHTS OF DATA SUBJECTS IN SPECIFIC CIRCUMSTANCES 3325.1 Direct marketing and unsolicited electronic communication (SPAM)332
5.2 Profiling/Information Matching (automated decision making)366
5.3 Credit reporting378
-xiii-CHAPTER 6: CROSS-BORDER INFORMATION TRANSFERS399
CHAPTER 7: MONITORING AND SUPERVISION428
7.1` Introduction428
7.2 Supervisory systems432
a) Proposals in the Discussion Papers432 (i) Regulatory system432 (ii) Self-regulatory system447 (iii) Co-regulatory system459 (iv) The proposed information protection system for South Africa 459 b) Evaluation 465 (i) Regulatory system466 (ii) Self-regulatory system499 (iii) Co-regulatory system504 (iv) Information Protection Officer507 c) Recommendation5097.3 Notification, regulation and licencing schemes525
7.4 Codes of conduct547
CHAPTER 8: ENFORCEMENT566
8.1 Introduction566
8.2 Complaints procedure570
8.3 Assessment/audit578
8.4 Advisory approach582
8.5 Enforcement powers584
8.6 Courts/ judicial remedies591
8.7 Compensation594
8.8 Conclusion599
-xiv-CHAPTER 9: COMPARATIVE LAW 615
9.1 Introduction 615
9.2 International Directives 616
9.3 United States of America 620
9.4 United Kingdom of Great Britain and Northern Ireland 627
9.5 Kingdom of the Netherlands 630
9.6 New Zealand 633
9.7 Canada634
9.8 Commonwealth of Australia 639
9.9 Other countries 643
CHAPTER 10: DRAFT BILL ON THE PROTECTION OF PERSONAL INFORMATION 646LIST OF ANNEXURES
ANNEXURE A: LIST OF WRITTEN RESPONSES TO ISSUE PAPER 24 651 ANNEXURE B: LIST OF WRITTEN RESPONSES TO DISCUSSION PAPER 109 653 ANNEXURE C: PROTECTION OF PERSONAL INFORMATION BILL 656ANNEXURE D: EU DIRECTIVE 95/46/EC 754
ANNEXURE E: OECD GUIDELINES ON THE PROTECTION OF PRIVACY ANDTRANSBORDER FLOWS 791
-xv-LIST OF SOURCES
Ad hoc Joint Committee of South African Parliament Report of the Ad Hoc Joint Committee on the Open Democracy Bill [B67-98], 24 January 2000. Alvarez R "On guard: Electronic Health Records and Safeguarding Pati ent Privacy" Presentation made at the Health Information Privacy Day in Toronto on 24 September 20 07. Australian Law Reform Commission Keeping Secrets: The Protection of Classified and Security Sensitive Information ALRC 98 June 2004 accessed at on 18/3/2005. Australian Law Reform Commission Review of Australian Privacy Discussion Paper 72 September 2007.Bainbridge D Data Protection CLT Professional Publishing Welwyn Garden City 2000. Bennett C J "The Protection of Personal Financial Information: An Ev aluation of the Privacy Codes of the Canadian Bankers Association and the Canadian Standards Association" Prepared for the "Voluntary Codes Project" of the Office of Consumer Affairs Industry, Canada and Regulatory Affairs Treasury Board, March 1997 available at http://web.uvic.za/polisci/bennett. Bennett CJ "Prospects for an International Standard for the Protection of Personal Information: A Report to the Standards Council of Canada" August 1997 available at accessed on 29/10/2002. Bennett CJ "What Government Should Know About Privacy: A Foundation Paper" Presentation prepared for the Information Technology Executive Leadership Council's Privacy Conference, June,19 2001 (Revised August 2001) available at http://web.uvic.za/polisci/bennett, accessed on