Is Government upholding the constitutional right of privacy?
The pronouncement by the Chief Justice in the Nkandla matter reaffirming Parliament’s duty to uphold and respect the Constitution has, according to government, been accepted and is respected. However, government still fails to protect the privacy of South African citizens, despite this being recognised globally as a critical foundation for a 21st century democracy.
The question that arises is: “Is this simply a failure to understand our modern world, or does the ANC have a more sinister motive in allowing, and being an accomplice to, South African citizens’ constitutional right of privacy being trampled upon by unscrupulous business and regarded with disdain by government agencies?”
Twenty years have passed since the right of privacy was enshrined in our Constitution. The necessity to address online threats has been obvious throughout that time. The South African Law Reform Commission started its work in 2002 and after researching the issues, consulting with relevant parties and preparing a draft Bill, made recommendations to the Minister relating to establish the mechanisms to protect our personal information in 2005. Eventually enacted in 2013 the operational provisions of the act have yet to commence. These delays are all directly attributable to failures or deliberate obstruction on the part of government.
Since 2013 there appears to have been stubborn resistance within government to take the steps necessary to appoint the Information Regulator, a critical actor in the protection of personal information framework adopted in the Act. Eventually, on the 17th May 2016 the names of 5 persons appointed to establish and fulfil the regulatory functions required in the Act were announced. The vote to confirm their appointment by the House of Assembly then failed as a result of the ruling party not having sufficient of its members in Parliament to achieve the overall majority required for the appointment. In consequence of this a further 3 months will be lost while South African citizens are denied protection of their personal information.
The lethargy of government (whether deliberate or otherwise) is brought sharply into focus, when contrasted against the fact that between early 2012 and the 24th May 2016 the European Union managed to draft, negotiate, finalise and “enact” the General Data Protection Regulations applicable across 28 countries. This has strengthened the privacy protections necessary in the face of global threats to privacy and deficiencies in the enforcement of privacy laws. During that same period the relatively simple task of appointing a Regulator has seemingly proved beyond the capability of government.
Information Regulator set up to fail?
The funding allocated to the Regulator by the Department of Justice seems woefully meagre if the Regulator is to achieve the aims required in the Act and give effect to the constitutional right of privacy. The sums of R10 million for the 2016/2017 financial year, R26 million for 2017/2018 and R27 million for the 2018/2019 financial years are simply insufficient to establish the operational functionality that is demanded of the Regulator.
No doubt fiscal restraint will be “trotted out” as a reason for the underfunding of the Regulator. But this argument does not bear scrutiny against the well documented wasteful expenditure of government. How can citizens be expected to accept that quarter of a billion Rand is spent on the security of the President’s home, millions are spent on vehicles for his wives and millions are incurred in legal fees by government defending the indefensible, yet money cannot be found to protect a constitutional right of 50 million citizens?
So why is government turning a blind eye to the issues that countries around the world recognise and are addressing as critical to their future prosperity in the information society and economy?
Is it because government is the primary culprit in failing to provide access to information when requested and redress against these failings will now lie in the hands of the Regulator? Government’s aversion to oversight or accountability has been very much to the fore in recent times.
From an information security perspective government information systems are notoriously porous and it is unlikely that across the board it can provide the security safeguards demanded by the act. The fact is that the Minimum Information Security Standard, against which security in government is gauged, was first published in 1996. It was already inadequate in our then nascent Internet Society and has not been amended to meet the challenges of the 21st century since its publication. Having witnessed the contempt show by ANC for the office of Public Protector can we expect a different attitude to the Regulator, which if it allowed to perform its job properly, must promote appropriate safeguards for personal information?
Possibly the motive, that will no doubt be disclaimed, but finds sufficient evidence in governments actions to support it, is the fact that developing a right to privacy will inhibit the securocratic aims of the Justice, Crime Protection and Security cluster hawks. While the need to protect our citizens in cyberspace is a clear and present imperative, a responsibility in respect of which government has been in dereliction of its duty for years, suddenly with almost indecent haste, considerable energy and with extremely limited consultation with other important players, government is pushing for the enactment of Cybercrime and Cybersecurity legislation this year. The need for cybersecurity is recognised and has been called for by many commentators for years. However, the view of several legal and internet security experts is that the Bill is badly defective and there has been no effort in its drafting to establish the proper balance between civil liberties and law enforcement powers. On the contrary it grants almost unfettered powers to law enforcement and security agencies that threatens civil liberties. It also introduces the draconian penalties that chill civil debate in the same manner as government sought to achieve with the notorious Secrecy Bill.
Government, if it respects the constitution, owes citizens an explanation as to why it has been so dilatory in protecting our online security and privacy of personal information and why, despite ignoring calls for it to act urgently for many years, it suddenly seems intent to, with indecent haste, to establish a law that simply disregards the balance that must be stuck between our civil liberties, particularly privacy, and security?
©Mark Heyink 2016