Tag: law

In the early days of the commercial Internet, back in the mid 1990s, one of the things that technology platform companies lobbied hard for was the notion that they were like the town square – passive conduits for the actions of others, facilitating a variety of activities and thoughts, but not responsible for any of them.

The idea was that the garage entrepreneurs starting message boards and chat rooms, or the nascent search engines, simply did not have the legal or economic bandwidth to monitor or be liable for the actions of users, and that to require them to do so would stymie the development of the internet itself.

How times have changed. Not only can the largest Internet companies like Facebook and Google monitor nearly everything we do, they are also policing the net with increasing vigour. Witness the variety of actions taken by Facebook, Google, GoDaddy and PayPal, in the wake of racially charged violence in Charlottesville, to block or ban rightwing hate groups from their platforms.

You can argue that this is laudable, or not, depending on your relative concern about hate speech versus free speech. But there’s a key business issue that has been missed in all the hoopla. It is one that was summarised well by Matthew Prince, the chief executive of Cloudflare, a web-infrastructure company that dropped the rightwing Daily Stormer website as a client, under massive public pressure and against the firm’s own stated policies. “I woke up in a bad mood and decided someone shouldn’t be allowed on the internet,” said Mr Prince following the decision. “No one should have that power.”

Powerful tech companies do. Yet they also continue to benefit, in the US at least, from laws that treat them as “special” and allow them to get around all sorts of legal issues that companies in every other kind of business have to grapple with. This amounts to billions of dollars in corporate subsidies to the world’s most powerful industry.

The golden goose is a little-known bit of Federal Trade Commission legislation. Section 230 of the Communications and Decency Act (CDA) was crafted in 1996 to allow tech firms exemption from liability for nearly all kinds of illegal content or actions perpetrated by their users (there are a few small carveouts for things like copyright violations and rare federal criminal prosecutions). In recent years, the tech industry has thrown a tremendous amount of money and effort into ensuring that it maintains section 230 as a “get out of jail free” card.

But this law is being challenged by powerful politicians. On August 1, a bipartisan group of senators, led by Democrat Claire McCaskill and Republican Rob Portman, introduced legislation that would create a carve-out in section 230 for tech firms that knowingly facilitate sex trafficking. The impetus for this was the horror of backpage.com, a firm that actively created a platform for online sex trafficking for its own profit.

It is a piece of legislation that everyone, it seems, can get behind – except the largest tech companies and their industry lobbying groups . They are concerned that it would open a Pandora’s box of legal issues for them. These groups had the rough copy of the bill for months before its introduction, yet refused to offer edits during its crafting. Keith Smith, a spokesperson in Mr Portman’s office, says: “We did our due diligence, met with the tech community on a bipartisan basis for months and yet they offered no constructive feedback.”

The firms say that is because any amendment to 230 is a no-go; they suggested alternatives like tougher criminal laws. Noah Theran, a spokesperson for the Internet Association, a trade group that represents companies such as Google and Facebook, says: “The entire internet industry wants to end human trafficking. But, there are ways to do this without amending a law foundational to legitimate internet services.”

Still, Big Tech realises the cognitive dissonance involved in censoring online activity while continuing to portray itself as the town square. See, for example, the recent Electronic Frontier Foundation statement fretting about the slippery slope of censorship. The industry simply does not have the ability, or the right, to self-police any longer. In a world where Big Tech has the power not only to fan the flames of hate speech and fake news, but also remove it when and where it likes, it is clear that the internet is a fundamentally different place than it was in 1996 – one that needs fundamentally different rules.

The conversation about what those rules should look like is heating up. Olivier Sylvain, an associate professor of law at Fordham University, notes that as the business model and power of technology change and grow, so too should the law.

“The concept of immunity in 230 as originally conceived is no longer relevant in a world in which the largest tech firms are engineering an environment in which they can extract all kinds of information about users for their own profit,” says Prof Sylvain. He recently proposed that the CDA be recrafted to “shield providers from liability for third-party user online conduct only to the extent such providers operate as true passive conduits”.

Regulators and politicians, take note: Big Tech should no longer have its cake and eat it too.

By Rana Foroohar for the Irish Times 

To opt in or opt out: a guide

Introduction

Previous legislation and regulations prior to the arrival of the Protection of Personal Information Act (POPIA) in 2013 required organisations undertaking electronic direct marketing in South Africa to provide the opportunity for recipients to unsubscribe from further communications (commonly referred to as opt-out). According to the Internet Service Provers Association (ISPA), an authoritative industry source, “this was true under section 45 of the Electronic Communications and Transactions Act (ECTA, #25 of 2002), but this will be repealed by section 69 of the POPIA once it is in force [expected to start with a transition period that comes into effect late in 2017 or early 2018].” Section 11 of the Consumer Protection Act (CPA, #68 of 2008) follows in the footsteps of the ECTA by providing that you may refuse to accept, request the discontinuation of (opt-out) or pre-emptively block direct marketing communications, and that any opt-out or pre-emptive block must be respected by marketers, have their receipt confirmed in writing and that the exercise of these right must be performed free of charge.

POPI Act definitions

POPIA defines direct marketing as approaching a data subject (which could be an individual or organisation) either in person or by mail or electronic communications, for the purpose of promoting or offering to supply goods or services to the data subject, or asking them to make a donation. Electronic communication covers a wide variety of methods, including text, voice, sound, image over an electronic network. So this covers use of all the popular methods used today and probably some we are not yet familiar with.

Records of consent and withdrawal of consent for electronic direct marketing

Section 11 of POPIA makes it clear that the Responsible Party (the body doing the direct marketing) must keep adequate records to prove informed consent has been voluntarily given. Records should also be maintained where consent has been denied or is later withdrawn. Consent may be obtained via verbal or written means. The interpretation of voluntary consent in other countries suggests poor practice is to pre-tick or pre-select opt-in choices. Rather the data subject should be presented with an open option to provide consent (e.g. an empty, not pre-ticked, box).

“Section 69 of the POPIA [Direct marketing by means of unsolicited electronic communications] places significant limitations on the circumstances in which a party may engage in direct marketing by means of unsolicited communications by requiring individuals to have either consented to the use of their personal information (opt-in) or for there to be an existing relationship between the parties. An existing relationship between the parties is itself subject to additional limitations and does not result in a freedom to make repeated advances” says ISPA (for more on ISPA visit www.ispa.org.za ).

A request for consent may only be submitted to the data subject once (section 69(2)(a)(ii). However it is not clear whether this “one time opportunity” applies where the data subject moves to a new or different organisation and therefore could be deemed to have a different set of marketing needs. If this is interpreted as one-time-ever then a unique identifier would be required to ensure compliance. It is not sufficient to ask for general consent for marketing. Section 13 requires that “personal information must be collected for a specific, explicitly defined and lawful purpose”.

Section 11(3)(b) of POPIA makes it clear that a data subject may object to any form of direct marketing, not necessarily electronic; section 11(4) clearly states once the data subject (which may be an organisation or juristic entity to use the legal term) has objected, the Responsible Party may no longer process the personal information, by implication for direct marketing, whilst by implication processing may continue for other specific purposes.

Records of consent and withdrawal of consent for non-electronic direct marketing

The rules for opt-out seem to be common and clearly stipulated, whether for electronic or traditional mail. When it comes to consent traditional mail does not merit a specific mention under opt-in. By default permission (consent) should be obtained at the first contact, which may be a first mailer. It is tricky to see how the refusal of consent can be achieved at no cost to the data subject. There also appears to be no limit to the number of mailers that can be sent before consent is denied as the “only once” clause only applies to electronic communication. In summary, some careful wording of your invitation to give consent or withdraw consent would appear to allow an unlimited number of postal mailers to be sent so long as no objection is received.
Role of the Direct Marketing Association South Africa (DMASA)

For any organisation that is engaged in direct marketing activities in South Africa it is recommended that consideration is given to adhering to the DMASA Code of Ethics and Standards of Practice. The DMASA is also known to be developing a Code of Conduct under the POPIA. The DMASA also manages the National Opt Out Database. Registering on this database will mean that individuals will not be contacted by members of the DMASA.

Summary

We are in the early days of understanding the full implications of the impact of the POPIA on direct marketing activities by whatever means. Organisations that take action now to review their policies and procedures will give themselves a competitive advantage by being better prepared to anticipate how to better address the rights of their key stakeholders, such as future and current customers, and demonstrate both legal compliance and good governance, all of which will lead to enhancement of their reputation in the marketplace.

* This article does not constitute legal advice but is based on a practical interpretation of the requirements of the POPI Act.

By Dr Peter Tobin

SA banks once again in trouble

Several local and international banks have been slapped with administrative fines by the South African Reserve Bank, for weak anti-money laundering and combating of financing terrorism controls.

The banks include Investec, Absa, Standard Chartered, as well as Habib Overseas Bank.

Overall, banks were fined a total of R46.5-million.

Absa was fined R10-million for weaknesses related to their transaction monitoring. Investec received the largest fine of R20-million. This was due to their failure to implement adequate processes to screen the related parties of customers.

Meanwhile, Habib bank was fined R1-million for “inadequate controls and working methods pertaining to the reporting of suspicious and unusual transactions”, the Reserve Bank said in its banking supervision report released on Friday.

The decision to pose the penalties was not as a result of evidence that any of the banks had facilitated illegal activity the SARB said, but rather because of the weakness of their control measures.

These banks have been issued with a directive to take remedial action.

Habib Overseas Bank was the target of a fraught acquisition bid by a company with links to Gupta family associate Salim Essa.

In March, Vardospan went to court to try and force the Reserve Bank, the registrar of banks and the finance minister to clear its purchase of Habib.

Vardospan accused the regulators and treasury of dragging their feet in authorising the purchase.

The Mail & Guardian has previously reported how Vardospan concluded a share purchase deal to become the majority shareholder in Habib Bank in August last year.

The deal came shortly after the country’s four major banks closed the accounts of the Gupta family and their related companies.

Vardospan is owned by CINQ Holdings and Pearl Capital Holdings. Vardospan director Hamza Farooqui owns 100% of the shares in Pearl Capital, which has a 33.33% stake in Vardospan. Essa owns 100% of CINQ, which holds the other 66.67% in Vardospan.

The court struck down Vardospan’s attempts to force the authorities hand. Incidentally, the court’s decision came hours after President Jacob Zuma axed former finance minister Pravin Gordhan in a major Cabinet reshuffle late on March 30.

The decision on the application now rests with new finance minister Malusi Gigaba.

By Lynley Donnelly for www.mg.co.za

Ignore Labour Law at your peril

Employers constantly complain that labour law does not allow them to fire employees for breaking the rules. However, employers need to understand that:

• Labour law definitely does allow employers to dismiss employees.

• The CCMA has frequently upheld the dismissal of employees fired for misconduct. We have been directly involved in a great many cases where employees have been fired and, after appealing to the CCMA, have remained fired.

• It is not the firing of employees that the law has a problem with. Instead, it is unfair dismissals that result in the employer being forced to reinstate the employee and/or being forced to pay the employee exorbitant amounts of money in compensation.

• In order to be free to fire employees who deserve dismissal employers need to understand and accept the difference between fair and unfair dismissal. This is because, if the employer has an employee who is causing mayhem or is costing the employer money or is otherwise undesirable, the employer cannot afford for the employee to be reinstated. The reason for this is that it is exceptionally difficult later to dismiss or discipline an employee who has been reinstated by the CCMA or other tribunal.

So while the law does allow dismissals it also requires the employer to be able to prove that the dismissal was both procedurally and substantively fair.

“Procedurally fair” relates to whether the employee was given a fair hearing.

Whether a dismissal is “substantively fair” relates to the fairness of the dismissal decision itself rather than to the disciplinary procedures. Specifically the employer would have to show that:

• The employee really did break the rule

• The rule was a fair one

• The penalty of dismissal was a fitting one in the light of the severity of the offence. AND

• The employee knew or should have known the rule.

Properly trained CCMA arbitrators consider all the above factors together with the circumstances of each individual case in deciding if a dismissal was fair and whether the employee should stay dismissed or should be reinstated.

In the case of Mundell vs Caledon Casino, Hotel and Spa (Sunday Times 15 May 2005) the employee was dismissed for two reasons. Viz:

• She distributed a R15000 tip amongst her colleagues
• She allowed a colleague to take home five cans of cool drink

It was reported that:

• The rule requiring employees to hand in tips to management to go into a monthly kitty had not been given to Mundell
• Mundell had no way of knowing that she was not allowed to distribute the tip money herself
• The tip had been given by the client at an open gathering
• A number of managers were involved in sharing out the tip
• The cool drinks had been intended by the client for consumption by the staff
• Giving the cool drinks to the employee was not serious enough to merit dismissal
• The employer’s failure to prove that the employee knew of this rule rendered the dismissal unfair
• The employer was required to pay the employee six months remuneration in compensation.

The outcome of this case proves that the inability of employers to make dismissals stick is not primarily because of the law but rather because of the lack of labour law expertise of many employers.

By  lvan lsraelstam, Chief Executive of Labour Law Management Consulting

The Deputy Minister of Justice and Constitutional Development, John Jeffery, said the country’s new Cybercrimes and Cybersecurity Bill will be tabled in Parliament soon.

The Bill has already been approved by Cabinet.

“The Bill aims to put in place a coherent and integrated cybersecurity statutory framework to address various shortcomings which exist in dealing with cybercrime and cybersecurity in the country,” stated the SA Government website.

The purpose of the Cybercrimes and Cybersecurity Bill is to:

  • Create offences and prescribe penalties;
  • Further regulate jurisdiction;
  • Further regulate the powers to investigate, search and gain access to or seize items;
  • Further regulate aspects of international cooperation in respect of the investigation of cybercrime;
  • Provide for the establishment of a 24/7 point of contact;
  • Provide for the establishment of various structures to deal with cybersecurity;
  • Regulate the identification and declaration of National Critical Information Infrastructures and provides for measures to protect National Critical Information Infrastructures;
  • Further regulate aspects relating to evidence;
  • Impose obligations on electronic communications service providers regarding aspects which may impact on cybersecurity;
  • Provide that the President may enter into agreements with foreign States to promote cybersecurity; and
  • Repeal and amend certain laws.

How it will affect you

Michalsons law firm has published an overview of the Cybercrimes and Cybersecurity Bill, explaining why we need it and who will be affected by it. The bill is aimed at keeping South Africans safe from cybercrime and consolidates the country’s cybercrime laws into one place.

People who will be affected by the new bill include “everyone who uses a computer or the Internet”, along with:

  • People involved with IT or POPI compliance;
  • Electronic Communications Service Providers;
  • Providers of software or hardware tools that could be used to commit offences;
  • Financial services providers;
  • Owners of copyrights and pirates;
  • Information Security experts; and
  • Anyone who owns an Information Infrastructure that Government could declare as critical.

What the bill deals with
The bill creates around 50 new offences, which are related to data, messages, computers, and networks, said Michalsons.

These offences include:

  • Using personal information or financial information to commit an offence;
  • Hacking;
  • Unlawful interception of data;
  • Computer-related forgery and uttering; and
  • Extortion or terrorist activity.

The penalties for these offences range from 1-10 years in prison or up to a R10-million fine.

The bill also aims to protect critical infrastructure of a strategic nature from interference and disruption.

This infrastructure includes that which aids in keeping the country’s security, defence, and law enforcement operational; and provides essential services.

Powers to investigate

“The Cybercrimes and Cybersecurity Bill gives the South African Police and the State Security Agency extensive powers to investigate, search, access, and seize just about anything – like a computer, database, or network,” said Michalsons.

As part of the requirements of the bill, the Minister of Police must establish a National Cybercrime Centre and a Cyber Response Committee, of which the chairperson will be the Director-General: State Security.

The Minister of Defence must also establish and operate a Cyber Command, while the Minister of Telecommunications and Postal Services must establish a Cyber Security Hub.

Source: www.mybroadband.co.za

The functions of the Information Regulator include:

  • to provide education about the Protection of Personal Information Act, for example, giving advice to data
  • subjects in the exercise of their rights;
  • to monitor and enforce compliance with POPI;
  • to consult with interested parties;
  • to handle complaints;
  • to conduct research and to report to Parliament;
  • to issue codes of conduct and make guidelines to assist bodies to develop codes of conduct; and
  • to facilitate cross-border cooperation in the enforcement of privacy laws.

The Information Regulator will have the power to conduct investigations, order publicity of data breaches, and issue administrative fines of up to R10-million.

Next steps

Regulations must be promulgated under POPI, for example, including regulations setting out the cost of making a subject access request and the prescribed standards for codes of conduct.
The announcement of a commencement date. Organisations will not be liable for fines or non-compliance for a period of 12 months from the commencement date.
If you haven’t started yet, now is the time for organisations to start or ramp up their POPI implementation efforts. Our virtual privacy lawyer, POPI Counsel, can assist with your privacy law questions and provide practical guidance through your implementation process. POPI Counsel produces legal opinions for you on demand, anytime and anywhere. Contact us for more information.

The chairperson, Pansy Tlakula, full-time members, Lebogang Stroom and Johannes Weapond, and part-time members, Tana Pistorius and Sizwe Snail, have been appointed to the Information Regulator with effect from 1 December 2016 and will serve for a period of five years.

By Nerushka Bowan for www.financialinstitutionslegalsnapshot.com

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top