ID scanner warning for estates, gated communities and office parks in South Africa

Many estates, gated communities, and office parks infringe on South Africans’ privacy rights by collecting too much personal information from drivers.

This is according to Information Regulator chair Advocate Pansy Tlakula, who spoke to 702 regarding the application of the Protection of Personal Information Act (Popia).

“When you go into gated communities and office parks, what happens is they scan your licence disc, which contains a lot of personal information,” said Tlakula.

“They scan your driver’s license, and some even take your photo.”

However, she points out that Popia is very clear in that only minimal personal information can be collected in line with a specific purpose.

In the case of a gated community, Tlakula said that only the driver’s name, registration number, and car colour are needed for security purposes.

Anything more than this is overprocessing, according to Tlakula.

She also raises concerns about why access points to these private properties require all this additional personal information and how they keep it safe.

“How are they protecting it? Where does it end up? That disc has your name, home address, and ID number linked to it,” said Tlakula.

She argued that even if something were to happen that would require the data collected, such as car theft, they would still need to report to the police.

There was nothing that they could independently do that would require the data.

Because of this overprocessing of personal data, Tlakula said that the Information regulator will begin implementing regulations for how the security sector may collect personal data.

“I think after the direct marketing sector, the sector we are setting our eyes on is the surveillance sector,” Tlakula said.

“We have preliminarily taken the view that after consulting with the sector, we should issue a code of conduct for them.”

The Information Regulator has also pointed out that many companies — including those that conduct direct marketing — still fail to abide by Popia.

Advocate Lebogang Stroom-Nzama said that POPIA is very straightforward and does not prevent telemarketers from conducting their business.

“POPIA is very clear in what is classified as electronic communication — telephone calls, SMSs, fax, and automated communications,” Stroom said.

She said the Act states that direct marketers are only allowed to contact an individual once, during which the marketer should ask for consent to contact them again.

If consent is not provided, marketers may not contact the individual again, which Stroom said companies fail to do.

“The problem is that company A will call you on a particular number, and they will stop when they are told to stop communications,” Stroom continued.

“However, the next time the same marketers make contact, they will use a different number to bombard you with marketing.”

Stroom said this is wrong and against the objectives of POPIA.

To mitigate this, the Information Regulator encouraged people to report businesses contravening the Act.

This can be done by completing and submitting a form on its website.

The regulator has noticed that formal complaints haven’t significantly increased despite many South Africans complaining about spam calls.

According to Tshepo Boikanyo, the executive overseeing POPIA at the regulator, this was because many South Africans believe they will be compensated for reporting offenders.

They often abandon their complaints when they realise this isn’t the case.

“When these complaints come to us, we investigate them, and sometime during the course of the investigation, we pick up that data subjects do not have the appetite to continue with these,” Boikanyo says.

“They will then say to us that they thought they would get compensated through the process. Our provisions do not allow for data subjects to get compensation.”