May 22,2020 / News / E-Bulletin

by Ahmore Burger-Smidt, Director and Head of the Data Privacy practice

There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You had to live – did live, from habit that became instinct – in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinised – George Orwell, 1984.

In their book titled Computer Ethics and Professional Responsibility, Bynum & Rogerson state that during the nineteenth century, privacy mainly focussed on the unlawful access of a person’s property or the personal space, such as a hotel room. However, this concept grew and by the mid twentieth century, it was accepted to also include aspects such as health, and by the end of the twentieth century we have to accept that the concept of privacy cannot be separated from technology that influences all spheres of our lives.

The absolute requirement for data privacy legislation can to a certain extent not be separated from the world of technology and the forth industrial revolution informing how we go about dealing with personal information. What is obviously problematic, is when technological advancement, impedes the ability of individuals to manage how personal information is being treated, what is done with it, where it is held, for how long and by whom.  What is even worse, is when individuals are completely deprived of their right to protection of their personal information or when transparency does not exist.

As lawyers we know that privacy is deemed a personality right that deserves protection and privacy, as such, is an important consideration when we talk about dignitas. In Financial Mail v Sage Holdings, the court specifically considered the right to privacy in relation to the disclosure of an individual’s personal information.

Furthermore, section 14 of the Constitution specifically provides for the right to privacy. Not only does the Constitution guarantee the general right to privacy, but also provides for the protection against certain forms of invasion of privacy.

Further afield, the Hungarian government has been afforded new emergency powers midst the COVID-19 pandemic. Relying on these emergency powers, during early May, the Hungarian government communicated plans to suspend obligations to a number of protections outlined in the General Data Protection Regulation (“GDPR“), as part its efforts to combat the coronavirus outbreak. The GDPR suspension allows the Hungarian government to, amongst others things, access personal information and erase such personal information. There has also been a relaxation on the obligation of authorities to notify individuals when personal data is being collected. More worrisome is that fact that in Hungary, under the suspension of the GDPR provisions, citizens who are concerned about their personal information and want to raise a complaint, or seek a judicial remedy, will have to wait until the end of the Hungarian state of emergency period is over before they can take any steps.

On 18 May 2020, speaking to reporters on publication of the European Data Protection Board’s 2019 annual report, Chair Andrea Jelinek noted her concern at the recent move by the Hungarian authorities.

“I am personally very worried at the suspension of several articles of the GDPR by the Hungarian government”

The new emergency powers allow the ruling Fidesz party in Hungary to rule by decree, without a set time limit, for as long as the state of emergency is in effect – a timeline decided by the government.

The European Data Protection Board, the EU’s umbrella organisation overseeing the application of EU data protection rules, has voiced its concern over the suspension of EU data protection rights in Hungary, and rightly so. The Hungarian government has suspended data protection to a large extent for all Hungarian citizens.

South Africa has to date failed to enact the Protection of Personal Information Act, 2013 in full. But all South Africans are afforded the right to privacy in terms of the Constitution.  That said, section 36 of the Constitution provides that certain fundamental rights may be limited to the extent that the limitation is reasonable and justifiable in an open and democratic society based on human dignity, equality and freedom, taking into account all relevant factors, amongst others the nature of the right; the importance of the purpose of the limitation; the nature and extent of the limitation; the relation between the limitation and its purpose; and whether less restrictive means to achieve the purpose are available.

We ought to critically consider the impact on privacy during the tenure of the Disaster Management Act and Regulations and in so doing ensure that any impact thereof on privacy will indeed meet the test as per section 36 of the Constitution.