The enactment of the Protection of Personal Information Act, No. 4 of 2013 (“POPI”) will have a direct effect on the manner in which businesses use electronic marketing. Most of us have been victims of spam via email and SMS and many will be relieved POPI provides consumers with greater protection against unscrupulous marketers.
Section 66 regulates the use of electronic communication with regard to the processing of consumers’ personal information. Subsection 66(1) of POPI goes so far as to prohibit the use of automatic dialling devices, faxes and emails for the purpose of direct marketing to individuals. Exceptions are made in cases where the individual consents to such communications and also subject to section 66(2) of POPI, where the latter is a customer of the marketer.
Where the individual is a customer, her information may only be processed if her contact details were obtained via a sale of goods or services or with the aim of direct marketing of similar products and services.
Section 66(2)(c) of POPI provides that at the time that such information is collected as well as on all subsequent occasions of direct marketing, the individual must be afforded the opportunity to object at no cost and without needless formalities to the use of her personal information. Naturally this will only apply where the data subject has not already objected to such usage.
Prior to the advent of POPI, companies assumed that by default, consumers were happy to be contacted for marketing purposes, the consequence being that the consumer needed to explicitly opt out in order to prevent being contacted by marketers. As a result, it was often very difficult for consumers to avoid being spammed by overzealous marketers. POPI has reversed the situation so that consumers would need to opt in in order for companies to be able to contact them. The new regulations will thus empower consumers by granting them a greater degree of control over the processing of their personal information.
It is also great that consumers will now have greater recourse against offenders as an Information Protection Regulator will be appointed to ensure compliance with POPI. Further, consumers will be able to bring civil and / or criminal sanctions against offending parties.
Although POPI will only come into effect after a year’s grace period, companies should not delay but should apprise themselves of its contents and make preparations to become compliant.