The digital landscape is constantly evolving, and as more emerging technologies gain traction, more and more opportunities become available to businesses that need to be utilized otherwise they risk falling behind – especially now that we are living in a vastly different “New Normal”. It is now harder for businesses to only rely on word of mouth or the use of bulk emailing to keep their clients informed and must utilize all digital platforms in order to thrive.
Though having a website is necessary, it is now no longer enough as more than 50% of time spent on the internet is spent on smartphone apps as opposed to desktops. Even mobile sites struggle to compete with apps, with apps accounting for 90% of the time spent on smart-phones and they have up to a 3x higher user retention rate when compared to mobile sites.
Here is a list of some of the benefits apps can bring:
Both native apps and progressive web apps (PWAs) have direct access to the smartphone’s functionality, such as push notifications. They are also completely optimized for mobile use which makes them faster and more responsive than websites, giving users an unrivaled experience when using an app
Apps are an extremely powerful communication tool. Push notifications can be sent instantly and directly to each of your users’ phones, giving you a direct channel to your users whenever you want to inform them of important news or a new product that you are releasing
Apps can be accessed without the use of internet due to them either being installed or cached on your smartphone. This gives users 24/7 access to important information, making your business accessible even after hours
An app is also an incredible brand differentiator as it sends a positive and professional message to clients when they download your app – putting you ahead of competitors who do not yet have their own app
When looking through your 2021 business strategy, ensure that you leave some space for introducing a mobile presence as it will only be beneficial for your business. Should you have any queries in formulating your business strategy for 2021, please do not hesitate to contact our offices.
Budget Speech provisionally set for the 24th of February 2021
Tito Mboweni’s big day looms next month, with little progress on the medium-term budget policy speech. The biggest issue relates to the freeze on government wages to which there has been no resolution yet. Let’s hope that we get finality in the upcoming budget.
The big uncertainty is around the projected R5 billion tax increases with much speculation around the introduction of a wealth tax. Most commentators have discounted a VAT or personal income tax increase and, feel that a once off wealth tax could go a long way to “plugging the holes”. The biggest issue would be the implementation and collection which could be a painstakingly slow process. Time is not on our side!
The economic recovery plan agreed in partnership between government, business, labour and civil society targets short-term measures to boost energy production, infrastructure investment and public employment, alongside crucial structural reforms that will raise long-term growth. Operation Vulindlela, a joint initiative of the Presidency and the National Treasury, was tasked with speeding up implementation of priority reforms. It will be interesting to receive feedback on this project in the February budget.
We will keep you updated with the announcements made in the February budget speech.
POPIA Topic 2
Codes of Conduct:
Specific Codes of Conduct may be developed in order to clarify how the 8 conditions for the lawful processing of personal information are to be applied within a particular sector.
These codes may be developed either by the IR itself, or by the stakeholder/s within that particular sector, who would then make an application to the IR to issue and approve the codes.
These sectors include specific industries, professions, vocations or specific bodies or class of bodies.
These sectors will then be governed by these codes in terms of the lawful processing of personal information of Data Subjects within their sphere of operation.
The IR may also issue Codes of Conduct in relation to specific types of information to be processed.
To recap, the IR may either issue a code for a particular sector on its own initiative (after first consulting with affected stakeholders), or it may issue and approve them after receiving an application from affected stakeholders (as long as the IR believes that such applicants are sufficiently representative of the industry, profession, vocation or class of bodies applying for the Codes of Conduct).
The process that then takes place is that a notice will be placed in the Government Gazette by the IR that the issuing of a Code of Conduct is being considered. This notice must set out the details of the particular code being considered and that a draft of the proposed code can be obtained from the IR by any interested party. There is then a period of time for the public (affected parties) to make submissions in writing relating to that code, these submissions must be considered by the IR. As long as the code remains in force, copies of it are available on the IR’s website and at the IR’s offices. The IR must keep a register of all the approved Codes of Conduct.
The IR may also provide written guidelines to assist bodies to develop their own Codes of Conduct, and also on how to apply them.
In regard to the journalistic profession, where there is no Code of Ethics governing a Responsible Party, the IR must have regard to the principles set out below, when considering the approval of a Code of Conduct for the processing of any personal information for exclusively journalistic purposes:
The special importance of the public interest in freedom of expression
Domestic and international standards balancing the free flow of information in recognition of the right of the public to be informed
Domestic and international standards balancing the public interest in the safeguarding of personal information of data subjects
The need to secure the integrity of personal information
Failure to comply with a Code of Conduct that has been approved and issued by the IR is deemed to be a breach of the conditions for the lawful processing of personal information and may be subject to the enforcement procedures set out in Chapter 10 of the Act – for example, a Data Subject will have the right to institute civil proceedings against a Responsible Party – regarding the alleged interference with the protection of his personal information.
Direct Marketing by means of unsolicited electronic communications:
In order for the processing of personal information of a Data Subject to be lawful when a Responsible Party undertakes Direct Marketing, the Data Subject must first:
Has given his express consent to the processing
The consent must be expressly given, through a clear, specific and affirmative act. The Data Subject may withdraw his or her consent at any time. A Responsible Party may approach a Data Subject in order to obtain his specific consent only for a specific processing purpose, provided that Data Subject has not previously withheld such consent. The Responsible Party can only do this once. It must be requested in the prescribed manner and form (although the Act does not set out what this should look like). Consent can be managed by:
Having an unsubscribe function, so that Data Subjects are able to withdraw their consent at any time (without being penalised)
Having a process in place to update consents regularly
Removing Data Subjects from contact lists when they unsubscribe
Must be an existing customer of the Responsible party
Only where the Responsible Party has:
obtained the contact details of the Data Subject in the context of the sale of a product or service,
for the purpose of Direct Marketing of the Responsible Party’s own similar products or services
if the Data Subject has been given a reasonable opportunity to object, free of charge, to the use of his electronic details at the time when the information was collected and on the occasion of each communication with the Data Subject for the purpose of marketing if the Data Subject has not initially refused such use
What should a Direct Marketing Communication look like in order to be lawful?
It must have the details of the identity of the sender or the person on whose behalf the communication was sent, as well as the contact details of any third party that the Responsible Party will share the information with.
It must have an address or other contact details to which the recipient may send a request that such communications cease.
A Data Subject has the right to:
Object to the processing of his personal information if it is for the purposes of Direct marketing
Other legislation relating to Electronic Marketing:
The Consumer Protection Act deals with the consumer’s right to restrict unwanted direct marketing, while the Electronic Communications and Transactions Act regulates unsolicited electronic communications.
The Consumer Protection Act 68 of 2008 protects consumers in regard to direct marketing. Section 32 states that a person who directly markets goods or services to a consumer and who concludes a transaction or agreement with the consumer, must inform the consumer of the right to rescind that agreement in terms of the cooling-off period of 5 business days from the date of the transaction, as set out in Section 16.
Electronic Communications and Transactions Act 25 of 2002
This Act applies to any form of communication by email, the internet, SMS’s etc. except possibly for voice communications between 2 people. Provision is made for consumer protection in Chapter VII of the Electronic Communications and Transactions Act here after referred to as ECTA – whereby suppliers of goods or services must provide consumers with a minimum set of information, including the price of the product or service, the name, contact details, a brief description of the business, and the right to withdraw from an electronic communication before its completion. The consumer is protected in that they are also afforded a cooling-off period (7 days) within which they may cancel certain types of transactions concluded electronically – without incurring a penalty. In addition, the ECTA specifically requires that each electronic message be accompanied by an option to cancel (opt-out) of a subscription to a mailing list.
Section 45 of the ECTA also provides some protection against SPAM communications. The sender of such unsolicited communications, who continues to send them, even although the consumer has advised that he does not welcome the communications, will be committing an offence.
The ECTA also regulates the electronic collection of personal information, although compliance with these provisions is voluntary. The provisions of the ECTA pertaining to the protection of personal information will, however, be repealed on 30 June 2021.
A Data Subject who is a subscriber* to a printed or electronic directory of subscribers available to the public or obtainable through directory enquiry services, in which his personal information is included, must be informed, free of charge and before the information is included in the directory about the purpose of the directory, and about any further uses to which the directory may possibly be put, based on search functions embedded in electronic versions of the directory. He must be given a reasonable opportunity to object, free of charge to the use of his personal information or to request withdrawal of such information if he did not initially refuse such use.
This will not apply to editions of directories that were produced in printed or off-line electronic form prior to the commencement of this section in the Act.
*For the purposes of this Section, subscriber means any person who is a party to a contract with the provider of publicly available electronic communications services, for the supply of such services.
What is automated decision making?
A Data Subject has the right:
Not to be subject to a decision which is based solely on the basis of automated processing of his personal information intended to provide a profile of such person, including his performance at work, or his credit worthiness, reliability, location, health, personal preferences or conduct
The above does not apply however, where the decision is taken in connection with the conclusion of a contract and the request of the Data Subject in terms of the contract has been met or appropriate measures have been taken to protect the interests of the Data Subject. It will also not apply where the decision is governed by a law or Code of Conduct.
Trans-Border Information Flows:
In the context of Section 14 of the Constitution, which encompasses the right to privacy, balanced against principle of free flow of information within South Africa and across international borders, Section 72 of the Act deals with the transfer of personal information about a Data Subject to a third party who is in a foreign country.
This can only be done lawfully by a Responsible Party, if the requirements of Section 72 are met. These requirements are as follows:
The third party is subject to a law, binding corporate rules or a binding agreement which provides an adequate level of protection that:
upholds principles that are substantially similar to the conditions of lawful processing in SA
includes similar provisions re the transfer of such information from the recipient to a third party in another foreign country
the Data Subject consents to the transfer
the transfer is necessary for the performance of a contract between the Data Subject and the Responsible Party
Interest of the Data Subject
the transfer is necessary for the performance of a contract concluded in the interest of the Data Subject between the Responsible Party and a third party
the transfer is for the benefit of the Data Subject, and
it is not reasonably practicable to obtain the consent of the Data Subject to that transfer, and
if it were reasonably practicable to obtain such consent, the Data Subject would be likely to give it
In a nutshell, in order to lawfully transfer personal information outside South Africa to a foreign country, you will need to check that it will be protected in that foreign country.
The Digital World and Information Governance:
Social media and online communication particularly in the context of the Covid-19 pandemic, has accelerated the adoption of the digital world in our everyday lives. This provides that the protection of data in the digital world has become of increasing importance.
Access to information is the new way of being part the digital age, however, with this comes an increase in data breaches, phishing scams and cyber-crime. POPIA provides that a Responsible Party appoint an Information Officer, who is responsible for compliance with POPIA within the organisation, in order to ensure that their Data Subjects’ personal information is stored and shared safely, and to prevent data breaches.
Information Governance, however, doesn’t just relate to the personal information of Data Subjects. It relates to an organisation’s intellectual property, financial information, policies and procedures, emails, employees and suppliers. It involves records management, information security, risk management, compliance management, and IT governance.
In order to keep this information secure against the risk of loss, unlawful access, interference, modification, unauthorised destruction and disclosure, the Responsible Party will need to review and assess its policies and procedures relating to Information Governance and Cybersecurity within the organisation. In addition, there is a duty to provide Data Subjects, and the IR with notification should there be any data breaches.
Cybersecurity incorporates network security, cloud security, identity and access management and intrusion detection systems.
Disclaimer *in this topic, words importing the masculine in reference to a Data Subject shall include a reference to the feminine and to a juristic person.
What data will be shared?
The different data that WhatsApp would be sharing is known as metadata and would include information such as your current location, your contacts list, how long you talk for, what device you are using, your unique device identifier and as well as any purchases you make on WhatsApp. With this updated policy, WhatsApp will still not have access to the content within private messages as this is still protected by end-to-end encryption which completely secures messages between users that cannot be accessed by any third parties, including WhatsApp.
Must I accept this update?
All WhatsApp users that want to continue using WhatsApp must accept this update by the 15th of May or they will be unable to continue using WhatsApp. The change from their initial deadline of the 8 th of February is as a result of the backlash WhatsApp received, so that they could give users more time to better understand the update. WhatsApp users that do not use Facebook or Instagram will also be required to accept the update, even though their data will not be used, it will still be collected.
Alternatives to WhatsApp
If this policy update has you feeling concerned over your privacy, there are a few other alternatives to WhatsApp that have since jumped in popularity since WhatsApp announced their update. Telegram, being one of the options, by default does not have end-to-end encryption on their chats, making it less secure than WhatsApp, but if you select the “Secret Chat” option end-to-end encryption will be applied to your designated chat. Signal is another option which automatically applies end-to-end encryption on all chats, like WhatsApp, but does not share any of its data with other third-party apps – making it ideal for privacy advocates.
We hope this article has helped clear up any confusion that you may have had over the latest WhatsApp update, as well as aided you in making the correct decision over how you would like to manage your privacy.