Political parties may not bombard voters with messages without their consent, says the Information Regulator.
- Political parties may not “bombard” prospective voters without first obtaining their consent.
- Furthermore, if a person objects to the use of their personal information, political parties must stop.
- This according to the Information Regulator who participated in a webinar titled Misinformation, Disinformation and Data Protection during the Election Period on Monday.
With elections fast approaching, prospective voters might expect their cellphones’ notification alerts to start chiming every so often with those dreaded messages from political parties begging for their support.
However, parties may only message potential voters if they have consented to receiving communication from the party and have to adhere to the Protection of Personal Information Act (POPIA).
On Monday, International Data Privacy Day, the Information Regulator, the Electoral Commission of South Africa and Media Monitoring Africa hosted a webinar titled Misinformation, Disinformation and Data Protection during the Election Period.
The Information Regulator’s executive overseeing POPIA, advocate Tshepo Boikanyo, said a party could only process information it reasonably needed directly from voters.
They may not make use of data brokers.
Furthermore, a voter can object at any stage to a party processing their personal information. Then, it may no longer process that person’s information.
Boikanyo said:
A political party may not bombard voters with messages without first obtaining the voters’ consent to process their personal information.
Furthermore, a party may only ask a person for their consent to solicit donations through electronic communication once.
Should consent be withheld, the party may not contact them again.
It provided the following examples:
- Purchasing of marketing lists and lifestyle information from data brokers without sufficient due diligence around those brokers and the degree to which the data has been properly gathered and consented to.
- Using third-party data analytics companies with insufficient checks that those companies have obtained data with consent for that particular use.
- The provision of contact lists of voters to social media companies without having done the necessary checks and verifications.
The Information Regulator noted parties often obtained and used personal information in a manner which might be contrary to POPIA’s provisions.
The Information Regulator has several concerns relating to data security during an election, including a lack of transparency, which means voters are unaware of their rights, the possibility of voter surveillance, the processing of high-risk information like political beliefs, race, and gender, the flow of information across borders and the unlawful gathering of personal information.
Boikanyo said if voters felt their rights in terms of POPIA have been breached, they could lodge a complaint with the Information Regulator.
This will be investigated and may be referred to its enforcement committee.
Recent Comments