Plugins and POPI: A Critical Discussion into the Legal Implications of Social Plugins and the Protection of Personal Information

Q3 Social Sciences

Potchefstroom Electronic Law Journal Pub Date : 2024-03-04 DOI:10.17159/1727-3781/2023/v26i0a15758

Helga Schultz, Warren Freedman

{"title":"Plugins and POPI: A Critical Discussion into the Legal Implications of Social Plugins and the Protection of Personal Information","authors":"Helga Schultz, Warren Freedman","doi":"10.17159/1727-3781/2023/v26i0a15758","DOIUrl":null,"url":null,"abstract":"Social plugins are one of the many trackers used by companies with an online presence. However, under the Protection of Personal Information Act 4 of 2013 (POPI), these trackers have certain legal consequences for internet users. The main reason for this is that trackers tend to process personal information without informing internet users that their data are being collected, the reason for the collection or processing thereof, or who the responsible parties are that are collecting and processing the personal information. The article looks at these issues, amongst others, in the light of a 2019 judgment from the Court of Justice of the European Union or CJEU, namely, Case C-40/17 Fashion ID GmbH & Co. KG v Verbraucherzentrale NRW e.V. EU:C:2019:629. Due to the fact that it has had data protection legislation for much longer than other countries or legal jurisdictions, including South Africa, the European Union (the EU) has a substantial body of case law interpreting the data protection legislation of the EU itself as well as that of the individual member states. One of the main instruments used as guidance by the drafters of POPI was Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (hereafter Directive 95/46). Directive 95/46 was previously considered the gold standard, before Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation) (hereafter the GDPR) was enacted and Directive 95/46/EC was finally repealed. Since Directive 95/46 was one of the main guiding documents used in drafting POPI, one may expect that the South African courts may turn to the EU and consider how the CJEU has interpreted the similar provisions contained in Directive 95/46, especially since there is very little South African jurisprudence available on POPI. The four main issues under discussion are: who, other than the internet users, has the locus standi to bring an application in terms of POPI? Second, what are the responsibilities of joint responsible parties towards internet users? Third, where there are joint responsible parties, do both need a legitimate interest to process personal information? Lastly, who will be responsible for obtaining the necessary consent to process the personal data?","PeriodicalId":55857,"journal":{"name":"Potchefstroom Electronic Law Journal","volume":"95 24","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-03-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Potchefstroom Electronic Law Journal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.17159/1727-3781/2023/v26i0a15758","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Social Sciences","Score":null,"Total":0}

引用次数: 0

Abstract

Social plugins are one of the many trackers used by companies with an online presence. However, under the Protection of Personal Information Act 4 of 2013 (POPI), these trackers have certain legal consequences for internet users. The main reason for this is that trackers tend to process personal information without informing internet users that their data are being collected, the reason for the collection or processing thereof, or who the responsible parties are that are collecting and processing the personal information. The article looks at these issues, amongst others, in the light of a 2019 judgment from the Court of Justice of the European Union or CJEU, namely, Case C-40/17 Fashion ID GmbH & Co. KG v Verbraucherzentrale NRW e.V. EU:C:2019:629. Due to the fact that it has had data protection legislation for much longer than other countries or legal jurisdictions, including South Africa, the European Union (the EU) has a substantial body of case law interpreting the data protection legislation of the EU itself as well as that of the individual member states. One of the main instruments used as guidance by the drafters of POPI was Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (hereafter Directive 95/46). Directive 95/46 was previously considered the gold standard, before Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation) (hereafter the GDPR) was enacted and Directive 95/46/EC was finally repealed. Since Directive 95/46 was one of the main guiding documents used in drafting POPI, one may expect that the South African courts may turn to the EU and consider how the CJEU has interpreted the similar provisions contained in Directive 95/46, especially since there is very little South African jurisprudence available on POPI. The four main issues under discussion are: who, other than the internet users, has the locus standi to bring an application in terms of POPI? Second, what are the responsibilities of joint responsible parties towards internet users? Third, where there are joint responsible parties, do both need a legitimate interest to process personal information? Lastly, who will be responsible for obtaining the necessary consent to process the personal data?

查看原文本刊更多论文

插件与 POPI：对社交插件的法律影响和个人信息保护的批判性讨论

社交插件是拥有在线业务的公司使用的众多跟踪器之一。然而，根据 2013 年第 4 号《个人信息保护法》（POPI），这些跟踪器对互联网用户具有一定的法律后果。其主要原因在于，跟踪器在处理个人信息时，往往不会告知互联网用户其数据正在被收集、收集或处理的原因，或收集和处理个人信息的责任方是谁。本文主要根据欧盟法院（CJEU）2019 年的一项判决（即 C-40/17 Fashion ID GmbH & Co.KG v Verbraucherzentrale NRW e.V. EU:C:2019:629。由于欧盟（EU）制定数据保护立法的时间远远长于包括南非在内的其他国家或法律管辖区，因此欧盟拥有大量判例法来解释欧盟本身以及各成员国的数据保护立法。欧洲议会和欧洲理事会 1995 年 10 月 24 日关于在处理个人数据时保护个人及个人数据自由流动的第 95/46/EC 号指令（以下简称第 95/46 号指令）是《个人信息保护法》起草者用作指导的主要文书之一。在欧洲议会和欧盟理事会 2016 年 4 月 27 日颁布《关于在处理个人数据时保护自然人以及个人数据自由流动的第 2016/679 号条例》（以下简称《一般数据保护条例》）（以下简称《GDPR》）、第 95/46/EC 号指令最终被废止之前，第 95/46 号指令曾被视为黄金标准。由于第 95/46 号指令是起草《个人信息保护法》时使用的主要指导文件之一，人们可能会期望南非法院转向欧盟，考虑欧盟法院如何解释第 95/46 号指令中的类似条款，尤其是因为南非有关《个人信息保护法》的判例很少。讨论的四个主要问题是：除了互联网用户之外，谁有资格根据 POPI 提出申请？第二，共同责任方对互联网用户应承担什么责任？第三，在有共同责任方的情况下，双方是否都需要有处理个人信息的合法权益？最后，谁将负责获得处理个人数据所需的同意？

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Potchefstroom Electronic Law Journal Social Sciences-Law

CiteScore

0.60

自引率

0.00%

发文量

审稿时长

24 weeks

期刊介绍： PELJ/PER publishes contributions relevant to development in the South African constitutional state. This means that most contributions will concern some aspect of constitutionalism or legal development. The fact that the South African constitutional state is the focus, does not limit the content of PELJ/PER to the South African legal system, since development law and constitutionalism are excellent themes for comparative work. Contributions on any aspect or discipline of the law from any part of the world are thus welcomed.