- By Gabriella Razzano
Facebook’s been ‘spying’ on you, and privacy is a farce. For many, these sorts of revelations have been a startling and upsetting reality check, rather than the histrionics of nerds previously ignored. For others, it was a “but of course” moment. For us at the Open Democracy Advice Centre, it has instead been a “and so we must” moment.
Personal data and privacy is not just about people knowing about you. The terrifying revelation for many about the role of Cambridge Analytica in the Facebook data leak is how power over data can even extend to influencing you. And the extent of what is known about you may go beyond what you have imagined too – as Dylan Curran, of the Guardian, painfully noted, the data Facebook or Google hold on you could be your movements, your emails, your stickers, information you hold and information you deleted. Not to be put too fine a point on it, they essentially hold your thoughts. And we trust them somewhat unthinkingly to defend this data (though in many senses, we gave it to them to ‘own’ for free).
The Internet in many ways confronts us with new forms of risk we might not feel ready to handle. But the law has been responsive to these threats, which in many ways echo the fundamental way rights have been threatened since the Universal Declaration of Human Rights was declared. And the impact of these risks has been felt directly in South Africa, with data breaches hitting the headlines with almost disturbing regularity. If you use a computer or a smart phone, you should realise that your personal data is not just bits and bytes- and you have to learn how to protect it.
In South Africa, the Protection of Personal Information Act (POPIA) was written specifically to defend and protect your personal data. Yet the agency charged with implementing and operationalising this law is not yet fully able to function. South Africa’s Information Regulator knows its own relevance – it wrote a letter to Facebook to question what steps would be taken to comply with POPIA. But as any citizen will tell you, writing angry letters will never be enough. If the Information Regulator was fully operational, fines or even prison time could be on the cards for violators.
If you care about the Facebook data breach, or about those annoying phone calls you get on your cell phone (and think how did they get my number? How do they know my name?), you should care about the Information Regulator. But the question then has to be: what can we do to get the Regulator operationalised?
When addressing Parliament, the Regulator noted that blame for the failure to be fully able to establish itself lay somewhere between the Department of Public Services and Administration, National Treasury and the Public Finance Management Act. All we know at ODAC is – if you stay in contact with us over the next few weeks – we’ll be doing our best to find practical solutions to getting your data safe, even if the powers that be aren’t prioritising it.