You are currently viewing our desktop site, do you want to download our app instead?
Moneyweb Android App Moneyweb iOS App Moneyweb Mobile Web App

NEW SENS search and JSE share prices

More about the app

Popia and social media posts

The implications of Popia on natural persons taking into account the processing of personal information on social media platforms.
Image: Shutterstock

A great deal of attention has been given to juristic entities’ compliance with Protection of Personal Information Act No. 4 of 2013 (“Popia”). With the pending full commencement of Popia on 1 July 2021, juristic entities are in the final stages of ensuring compliance with Popia.

In this article, we discuss a lesser explored subject, being the implications of Popia on natural persons taking into account the processing of personal information on social media platforms.

Popia aims to protect an individual’s right to privacy by offering protection against the unlawful collection, retention, dissemination and use of personal information. The question that we explore, is whether or not the protection afforded by Popia also extends to photos of, and pictures including “memes”, of “data subjects”, as defined in Popia, which are posted on social media platforms.

In the event that an individual discovers a “post”, on a social media platform disclosing certain of his/ her “personal information”, as defined in Popia, including a photograph, on a prima facia reading of Popia, the subject of the post may be considered a data subject and the person who posted the photograph may be considered a “responsible party”, as defined in Popia.

Posting the personal information on social media would also, arguably amount to the dissemination of personal information, as contemplated in the definition of “processing” in Popia. Thus, the responsible party may be obliged to comply with the provisions of Popia.

The consequences of being considered a “responsible party”, in terms Popia are substantial and include the requirement for a responsible party , inter alia, to comply with the eight conditions of lawful processing of personal information, as prescribed in Popia. The conditions include a requirement to obtain the consent of the data subject prior to posting a photograph or the views of that data subject on a social media platform. The responsible party would also be required to appoint an information officer and publish and comply with a Popia manual as read with section 51 of the Promotion of Access to Information Act No. 2 of 2000.

Arguably, the application of Popia in the above circumstances would lead to an absurd result where every individual who posts photos, memes, videos or the views of another person, is considered a responsible party who must comply with onerous conditions.

To prevent the abovementioned situation from arising, section 6(1)(a) of Popia states that Popia does not apply to the processing of personal information in the course of a purely personal or household activity.

The repercussions of section 6(1)(a) of Popia, quoted above are, arguably, that – Popia applies only to business or professional activities; and in so far as any pictures or video taken or views shared are disseminated on social media or any other platform in a personal capacity, Popia arguably does not apply.

Popia does not define the terms “personal activity” or “household activity”. The aforementioned terms may have to be interpreted not only by the ordinary grammatical meaning of the words but also by taking into account, on a case-by-case basis, what contemplates work as opposed to personal use in respect of the relevant social media user.

Disgruntled individuals who find their personal information posted on social media platforms without their consent are, however, not without legal remedy.

Our common law, as codified in the Constitution of the Republic of South Africa, 1996, protects individual’s right to privacy on a professional and personal basis. Thus, social media users who post what may be considered as personal information, should do so, keeping in mind that the subject of the posts, although falling out of the ambit of Popia, are still protected by the common law in the event that the post breaches the privacy of the subject.

Zamathiyane Mthiyane, senior associate, Healthcare and Lifesciences at Werksmans Attorneys.


You must be signed in to comment.


Try and contact an errant website!

There is a Moldovian website that is a google ads partner that has a mess in its business directory which causes me to receive calls on my mobile for dozens of different businesses each day. Tiresome.

Contact them – only option is email, zero response. Where is Moldovia and can ICASA shut their service down in SA?

Contact Google? Started with trying to do this with real person. Google SA at different times only have a prerecorded message saying that, unfortunately, due to covid, they cannot attend to calls, have a nice day. When you do get through you speak to a half-deaf lady (I presume because she cannot LISTEN before sprouting rubbish). She eventually commits to sending you a form. NOTHING. I once got a Chat going! The chat person verified my login, opened a ticket, I typed my problem. NOTHING.

My last email informed Google that they and/or their business partner are fraudulently/negligently invoicing all those businesses for generated leads on the calls to my number. I thought this might get the attention from a bot in compliance that worries about international wire fraud and corruption and SEC compliance and such. I did this through my own Google Ads logged in account. NOTHING.

Google is one of the largest and supposedly most advanced companies on the planet. I think they make this much profit only because they have no customer service at all. My municipality reacts faster to queries sent to their bot attended email.

End of comments.





Follow us:

Search Articles:
Click a Company: