ODAC submission to the shadow report to the African Committee of Experts on the Right and Welfare of the Child
Centre for the Book 23 January 2014
The right to access to information
The Secrecy Bill was introduced in 2010, formally titled the Protection of State Information Bill. This legislation has now been passed by Parliament at the end of 2013, and awaits the signature of the President. This legislation was met by severe criticism from a number of quarters. The legislation sought to allow the State Security Agency to classify a very wide range of information on vague grounds, and introduced severe penalties for breaches of the law. In one of the most criticized aspects of the law, no provision was made for persons in possession of classified information which exposed unlawful activity to blow the whistle, or make such information public.
The legislation was significantly changed, after an unprecedented civil society mobilization against the most egregious features of the draft law. The law as it has been passed is still described by the Right2Know campaign as failing to pass constitutional muster, as well as containing ill advised policy decisions. The number of agencies who can classify has been reduced, the scope of information that can be classified has been narrowed, and protection for a limited group of whistleblowers introduced.
The most significant impact of the legislation is on the right to freedom of expression and the right to access to information. These rights, contained in the South African constitution, may only be limited by a law of general application to the extent that this is reasonable and justifiable in an open and democratic society. These rights apply to all persons under the South African constitution, including children.
It may well be asked what the impact of classification legislation will be on children. There are three areas of concern:
1. The right of access to classified information by Chapter Nine institutions
Chapter Nine institutions are provided for in the Constitution for the protection of rights. They include the South African Human Rights Commission and the Public Protector. These institutions require access to government records in order to assess the implementation of human rights, including the rights of the child, and in order to investigate maladministration in the public sector, including in relation to children.
Chapter 9 institutions such as the public protector, auditor-general and the Human Rights Commission would have to hand over to the police any classified documents that came into their possession, or face prosecution for failing to do so. This potentially limits the role played by these institutions.
Several universities have released statements on the grounds that the Secrecy Bill threatens academic freedom, in that the Bill will make teaching and research on aspects of the security cluster difficult and even risky. Higher Education South Africa (HESA), the national association of University Vice-Chancellors, also made written and oral submissions to the NCOP on the Bill.
The area of most concern in relation to children is classification of police information, and the information held by prison’s services. Information in relation to children in conflict with the law and the subject of both police or correctional services action may be classified on what are overbroad and unclear grounds. While this is of immediate concern to those dealing with children, the question of access to the information by researchers has been raised as a concern.
The Secrecy bill allows classification of police activity at station level by relatively junior police people. The question of information in relation to children in conflict with the law remains of concern. If such information is released by those who come into possession of it, even where unlawfulness is disclosed, both the discloser and the subsequent possessor of the information are criminalised.
The right to privacy
The right to informational privacy is one which is now regulated by South African law in the Protection of Personal Information Act. This was signed into law towards the end of 2013 by the President, but is yet to come into effect.
The Act regulates the privacy of all individuals, in that it regulates the processing of all personal data. Known as data protection, this is “the legal protection of a person with regard to the processing of data concerning himself by another person or institution.” This processing can threaten privacy in two different ways: the compilation of the data threatens the individual's privacy, and false data leads to an infringement of identity.
The Act gives effect to eight core information protection principles, namely processing limitation, purpose specification, further processing limitation, information quality, openness, security safeguards, individual participation and accountability.
The Act creates an ombud to oversee the law, which will be an independent information protection commission. Also, and critically for the Promotion of Access to Information Act, the Committee agreed that the commission would take responsibility for implementing that Act.
The Regulator will consist of a chairperson, and four other ordinary members, two of whom must be full time. The appointments are made in the same way as Chapter 9 institutions in that they are nominated through a committee in the National Assembly of Parliament, approved by the Assembly, and must then be appointed by the President, and they can only be removed by a resolution by the National Assembly.
The two full time members deal with the Promotion of Access to Information Act and the Protection of Personal Information Bill respectively, under the guidance of the Chairperson.
The powers of the Regulator are extensive, including education, monitoring and enforcing compliance, consulting, handling complaints, conducting research and reporting to Parliament, and facilitating cross boarder co operation, especially important in relation to cross boarder data flows.
The legislation takes a strong line on the processing of personal information of children. In general the legislation prohibits the processing of the personal data of children, which are defined as persons under 18. The prohibition on processing personal information of children does not apply if the processing is— (a) carried out with the prior consent of a competent person;
(b) necessary for the establishment, exercise or defence of a right or obligation in
(c) necessary to comply with an obligation of international public law;
(d) for historical, statistical or research purposes to the extent that—
(i) the purpose serves a public interest and the processing is necessary for
the purpose concerned; or
(ii) it appears to be impossible or would involve a disproportionate effort to
ask for consent,
and sufficient guarantees are provided for to ensure that the processing does
not adversely affect the individual privacy of the child to a disproportionate
(e) of personal information which has deliberately been made public by the child
with the consent of a competent person.
The Regulator may authorise a responsible party to process the personal information of children if the processing is in the public interest and appropriate safeguards have been put in place to protect the personal information of the child.
One of the consequences of this may be on the access to social media by children. Providers of social media generally require children to be over a minimum age before they can use social media, which requirement relies on the child self disclosing their age. However, children under 18 do use social media, and providers need to comply with the heightened requirements around the processing of personal data. If a complaint to the regulator were lodged in relation to a breach of information privacy by a service provider, then the Act allows for penalties to follow.
However the creation of a regulatory authority may improve the accessibility of state information for the implementation of children’s rights.