Tlakula said the Gauteng Department of health settled after they refused to give access to records relating to scheduled payments to suppliers.
The Information Regular has issued an enforcement notice against the State Security Agency (SSA) and launched investigations into tech and social media companies, Meta, Google and X( formerly known as Twitter).
The information watchdog held its media briefing on Wednesday to give an update on its work, and the cases they have dealt with, including the resolved ones and the ones being investigated.
These are cases related to non-compliance with the Promotion of Access to Information Act (PAIA) and the Protection of Personal Information Act (POPIA).
The right to access information
Advocate Pansy Tlakula, chairperson of the Information Regulator opened the media briefing by emphasising how the right to access information has significance in promoting transparency and good governance.
The information watchdog is an independent body established in terms of section 39 of the POPIA 4 of 2013. Its mandate is to monitor and enforce compliance by public and private bodies with the provisions of the PAIA, 2000 (act 2 of 2000), and the POPIA, 2013 (act 4 of 2013).
The issuing of an enforcement notice to SSA and the investigations into Meta, Google and TikTok are because of complaints lodged with the Information Regulator by organised structures and individual members of the public following PAIA requests to the public and private bodies for access to certain records held by them.
ALSO READ: Information Regulator probes leak of ANC and MK party candidate lists
She said they have placed social media X, Meta and tech giant Google under investigation.
The investigation into the three comes after a complaint was made to access the records relating to the classification of elections, risk assessments concerning South Africa’s electoral integrity, and the application of global policies to local contexts within these three entities.
“The entities’ refusal of access to the records is based on the general presumption that PAIA does not apply extraterritorially to these private bodies despite them conducting business in South Africa. The regulator accepted the complaints, and all three complaints are currently under investigation.”
ALSO READ: Information regulator slaps DoJ with R5m fine for contravening privacy act
SSA’s enforcement notice
Tlakula said they issued SSA with an enforcement notice on 2 August 2024. However, the regulator requested access to records on SSA’s expenditure for the 2015 to 2019 financial years for services rendered to it by the African News Agency.
The request was made in 2022 following a request made by an investigative journalist. “SSA did not respond to the request as required by law. The lack of response was interpreted as refusal in terms of PAIA. The SSA attended to the matter after the prescribed timeframe when it issued a refusal to grant access to the records.”
Failure to disclose records
Before an enforcement notice was issued, there was an investigation and consideration by the Enforcement Committee. The notice directed SSA to disclose the records requested by the investigative journalist.
“The Regulator found, amongst others, that SSA had failed to prove that the disclosure of the records could reasonably impede or result in a miscarriage of justice and reveal the identity of a confidential source of information in relation to an ongoing investigation on the matter related to the records being requested.”
She added that SSA also failed to prove that the disclosure of the requested record could reasonably cause prejudice to the security of the country. As a result of the enforcement notice, SSA has opted to take the decision of the Regulator on review in court.
ALSO READ: Health department responds to regulator’s demand over citizens’ Covid-19 data
Tlakula said the Gauteng Department of Health settled after they refused to give access to records relating to scheduled payments to suppliers. The regulator received a complaint from an investigative journalist in relation to allegations of fraud and corruption at Gauteng Hospitals.
It was alleged the articles written by the journalist in question had resulted in the assassination of the whistleblower, Babita Deokaran. “The complaint lodged with the regulator was against the decision of the head of the Gauteng Department of Health’s refusal to records.”
After receiving the complaint, the regulator invited the head of the Gauteng Department of Health for a settlement meeting, wherein they agreed to release the requested records.
What power does the regulator hold?
If there is non-compliance with issuing information that is requested, the regular can issue enforcement notice that will require organisations to take specific actions. The information watchdog can launch an investigation to look into the alleged violation.
The regulator can make a referral to other authorities, such as the police or the National Prosecuting Authority (NPA).
Who can lodge a compliant?
According to the regulator’s website, “Any person may submit a complaint to the regulator in the prescribed manner and form alleging interference with the protection of the personal information of a data subject. Should you feel that your personal information has been violated, a complaint to the regulator must be made in writing.”
“A requester or third party may only submit a complaint to the regulator after that requester or third party has exhausted the internal appeal procedure against a decision of the information officer of a public body or head of the private body.”
NOW READ: Caxton lays complaint against Google at Information Regulator
