Privacy and data protection concerns have been triggered by Public Protector Busisiwe Mkhwebane’s reliance on President Cyril Ramaphosa’s private emails and bank statements of various entities used by his CR17 presidential campaign team. These records were used by Mkhwebane to support her report, which found that Ramaphosa had misled Parliament by failing to declare the donations made to his CR17 presidential campaign.

The Information Regulator has announced that it will be applying to the Gauteng High Court on 3 October 2019 to be admitted as a friend of the court in Ramaphosa’s application to review Mkhwebane’s report.

Most of the provisions in POPI are not yet in force – for instance, the conditions for lawful processing of personal information, the rights of data subjects and enforcement actions. This means that no private or public person can be found to be in contravention of POPI.

It therefore seems unlikely that the court will decide in the Regulator’s favour and allow the application to join the review proceedings as a friend of the court. The court’s decision will bear on the role of the Regulator and whether it is empowered to join court proceedings in this capacity.

The Regulator has been quite active in engaging parties and making public statements relating to other matters that affect the protection of personal information. It is clear that the Regulator is taking its role and office seriously – once the President signs POPI into force, the Regulator will finally have teeth to enforce compliance.

We encourage our clients to ensure that their processing activities are POPI-compliant. Should you have any questions, reach out to a member of our technology team.