Reality check time re spam in all it's forms:
At this stage POPIA is about as useless as a rock on the south side of the pacific to fight abuse. Until POPIA is fully implemented, it offers us no protection.
We also have the ECT Act of 2002, section 45. In a nutshell, it does what the CPA does in terms of the opt-out to an extent, but has more legs where the spammer has no relationship with you.
This section:
- allows you to ask the spammer to opt you out
- puts the onus on the spammer to supply you with the identifying particulars of where they obtained your data if you request it
- prevents them from contacting you again
The highlighted provision means they have to keep records. Most spammers don't divulge the source, or can't not having kept records. Typically a open non-best practices double opt in system is used for deniability claiming "but you opted in. We will never spam", then do. Example: Red Chilli Deals, Gingergreen, Hippo etc etc
The CPA does however have the benefit of regulating the relationship you have with a supplier. You can opt out of marketing messages. Not that it matters much to the likes of Vodacom, Cell C, MTN and Telkom (incidentally these have made the WASPA Code of Conduct mandatory for all their downstream WASPS - hypocrisy. I guess they don't like competition), Esquire, DialDirect, Petzrush etc.
That said, WASPA does a good job. I've walked the process and saw a lying Spanish WASP fined after they manufactured data trying to prove their innocence.
However if you receive SMS spam via a Vodacom, Cell C, MTN and Telkom number and it's not a WASP, you are deprived of your rights under the ECT ACT of 2002, Section 45 as you can't find out where the spammer obtained your personal data as you may not know who the spammer is, as these providers will not release this data allowing you to enforce your rights.
As for the DMASA - red flag!
At least three parties who contacted me, did so directly because I had used the DMASA Do Not Contact database. Then claimed processing errors. I complained to the DMASA on these occasions, but still waiting for a response. As such I see them as a risk to privacy and self serving. I know some have argued that the DMASA works, but I can only state facts. One such instance was by their one founding member.
This is why we need POPIA with an enforcement body yesterday, willing to show teeth, not simply mediating forever more. It occurs to me our national deficit can be supplemented by fines for transgressions (Nigeria being a case in point)
Sign up with Google
Given that the security of the database is in someone else's hands. Who knows what (will) happens in the background... I will pin my hopes on POPI and trust it will be effective and enforceable.
