News / Legal Brief

The right of access to information vs. The right to privacy

Nov 2,2022

Ahmore Burger-Smidt - Head of Regulatory and Dale Adams - Senior Associate

The right of access to information is a unique right in the Constitution of the Republic of South Africa, 1996 as it places an obligation on both public and private bodies to allow access to records held by them.[1]

To this end, the Promotion of Access to Information 2 of 2000 (PAIA) was enacted to give effect to the right of access to information and foster a culture of transparency and accountability in public and private bodies.

However, PAIA cannot be considered in isolation.

The Protection of Personal Information Act 4 of 2013 (POPIA), on the other hand, is long in form, broad in scope and powerful in its effect so much so that when requests for access to records are made in terms of PAIA, POPIA must be considered as well, especially when the record in question contains personal information of third parties.

The High Court recently had the occasion to deal with the situation of how to deal with a PAIA request which contains personal information of third parties in Smuts N.O. and Others v Member of the Executive Council: Eastern Cape Department of Economic Development Environmental Affairs and Tourism and Others (1199/2021) [2022] ZAECMKHC 42 (26 July 2022) (Smuts case).

In this case, a request was made to the Information Officer of the Eastern Cape Department: Economic Development, Environmental Affairs and Tourism (the Department) to provide access to all applications received and permits issued by the Department to trap, kill, hunt or translocate any leopards in or from the Eastern Cape from 2017 – 2019. [2]

Section 34 of PAIA

The information requested was refused by the Department on the ground that it would entail the unreasonable disclosure of personal information of third parties and in terms of section 34 of PAIA which provides for the mandatory protection of the personal information of third parties where such disclosure would involve the unreasonable disclosure of personal information about that third party.

The personal information sought included names, identity numbers, residential and postal addresses of the applicants and the identity of the party from where the leopards are to be captured or controlled.[3]

However, in opposition, it was argued that there can be no reasonable expectation of privacy on the part of the third parties concerned when considering the nature of the information requested.[4] Therefore, disclosure on this basis would not be unreasonable.

The crux of the dispute came down to a proper interpretation of the meaning of “unreasonable disclosure of personal information” as contemplated in section 34 of PAIA.

The right to access information

The importance of the right to access information is directly linked to the cultivation of an accountable, responsive and open society, and this was recognised by the Court.[5] Also recognised by the Court was that privacy is not an absolute right and access to information can be limited in instances where the limitation is aimed at the reasonable protection of privacy.[6]

The Court held that an Information Officer must determine whether the disclosure of the information involves the “unreasonable” disclosure of personal information about a third party, if so, the request must be refused.[7] It was held that this interpretation gives effect to the careful balance to be struck between the right of access to information and the right to privacy.[8]

In relation to the possible application of POPIA,[9] the Court found that the relevant provisions of POPIA may be interpreted to accord with or supplement section 34 of PAIA.[10] If this was not the case, then the word “unreasonable” would not be included in section 34 of PAIA.

However, this does not mean that we must overlook the importance of POPIA. Personal information must nevertheless be lawfully processed in terms of POPIA.

The Court ultimately found that there was no reasonable expectation of privacy in relation to the request for a permit to perform a restricted activity as the application process in and of itself “acquired a social dimension outside the private domain“.[11]

In coming to this decision, the Court importantly noted that the refusal of access must however itself be reasonable. The mere say-so of the Information Officer or rectification of the words of PAIA to justify refusal is insufficient.[12]

Therefore, sufficient evidence justifying a refusal of access must be put forward.

Disclosure of the information

Accordingly, it was held that the disclosure of the information in question does not involve the unreasonable disclosure of personal information about a third party and is not unlawful in terms of POPIA.[13] To this end, it was held that:[14]

the personal information contained in the applications and permits falls outside the legal realm of privacy, does not enjoy constitutional protection from disclosure and may be reasonably disclosed to the applicants in the circumstances. That also puts paid to any suggestion that the information should be disclosed in a redacted fashion. Put differently, the objection against disclosure cannot be said to be on reasonable grounds given the legitimate pursuit of information linked to conservation and management of a vulnerable species and the constitutional right to a healthy environment.

The Smuts case is important as it sheds light on how Information Officers, particularly of public bodies, should process requests for access to records. Access requests must be properly considered and balanced in terms of PAIA and POPIA.

Even though PAIA and POPIA are related, they cover different areas of the law, therefore, a delicate balance must be struck to give effect to the right of access to information and right to privacy.

The judgement is also important for requesters alike who must appreciate that when requests for access are made to public bodies, such requests enjoy lesser protection of privacy given the nature of public bodies in the public realm.

Information Officers are urged to take note!

An Information Officer may be held personally liable for the failure to adequately perform his or her responsibilities and/or duties in terms of PAIA and/or POPIA. The penalties that can be levied in this regard could be a fine and/or imprisonment.

To end off with the words of the Chairperson of the Information Regulator:[15]

Yes, we do, the “Promotion of Access to Information Act” was adopted by parliament in 2000, and came into effect in 2002. On the African continent we were one of the first countries to introduce this kind of legislation…We were putting the culture of secrecy behind us…

▶︎ Please contact us should you require Information Officer training.


Footnotes
[1] See section 32 of the Constitution of the Republic of South Africa, 1996 (“Constitution”).
[2] See paragraph 3 of the judgement.
[3] See footnote 5 of the judgement.
[4] See paragraph 4 of the judgement.
[5] See paragraph 11 of the judgement.
[6] See paragraph 13 of the judgement.
[7] See paragraph 23 of the judgement.
[8] See paragraph 24 of the judgement.
[9] The respondents argued that the effect of section 11 of POPIA is that an objection by a third party to the distribution or dissemination of personal information results in an Information Officer being prohibited from granting access. Considering POPIA’s protection of personal information, section 33 of PAIA demands that an Information Officer must refuse a request for access to a record contemplated in section 34(1) of PAIA, unless the provisions of section 46 of PAIA apply which relate to the mandatory disclosure in the public interest .
[10] See paragraph 34 of the judgement.
[11] See paragraph 40 of the judgement.
[12] See paragraph 36 of the judgement.
[13] See paragraphs 41 and 42 of the judgement.
[14] See paragraph 41 of the judgement.
[15] See the interview with the Chairperson of the Information Regulator available here, accessed on 31 October 2022.