Horizontality; Implementation; Privacy: discussion

Meeting report

JOINT AD HOC COMMITTEE ON THE OPEN DEMOCRACY BILL
3 November 1999
HORIZONTALITY, IMPLEMENTATION, PRIVACY: DISCUSSION

Relevant documents
Open Democracy Bill [B67-98]
Expanded Summary of Submissions

SUMMARY
Morning session
The majority of the discussion on horizontality revolved around whether or not there should be a separate bill or not. So far as implementation, serious consideration was given to adopting a phased-in approach.

Afternoon session
Discussion on implementation continued but no firm conclusions were reached on the method of implementation.

The committee discussed Part 4: Personal Information held by Private and Governmental Bodies and looked at the relevant submissions. There was a lively debate around SACOB’s submission on permitting access to a common database among companies of the "same group".

MINUTES
Morning session
Horizontality
The Chair summarized what was discussed late yesterday afternoon. He said that in looking at Part 4 [Access to, Correction of and control over personal information held by private and governmental bodies] they also had to look at Section 14 of the Constitution (privacy). In Part 4, clauses 52, 54, 56, 60, 61, and 62 all deal with governmental bodies. Clauses 48, and 57-59 deal with both governmental and private bodies. Finally, clauses 49, 50, 51, 53, and 55 deal with private bodies. It is important to note that ONLY Clause 50 deals with access to information in private bodies. The question was whether or not the Committee should try and address some privacy issues in this Bill which is absent of privacy legislation, or if they should just avoid the privacy issue and wait for subsequent legislation on privacy.

Mr Smith (IFP) wanted clarification on what was being said in Clause 48.

The Chair said that Part 4 is not linked to the rest of the Bill. The information parts of the Bill deal with access to government information. ONLY Clause 50 of Part 4 deals with access to private and personal information in private bodies. To answer Mr Smith's question, Clause 48(a) has no bearing on Clause 50. The rest of Part 4 deals with things unrelated to access to information. All other privacy issues are not dealt with in this Bill. He said that Part 4 was drafted even before Section 32 of the Constitution was drafted, which means that Clause 50 is really not helpful in giving effect to the right to access of information.

Ms Chohan (ANC) wanted them to have a debate about how to deal with privacy here in this section of the Bill.

The Chair said that they could start there. Mr Durr had brought in this argument yesterday: do we want to go for an Open Democracy Bill or a Freedom of Information Bill? The difficulty is in distinguishing between private information, meaning personal information of an individual, and information held by a private body. The privacy issue is linked to private information, and it is important for the Committee to decide what kind of access to give that type of information if any access at all.

Ms Chohan (ANC) said that they needed to deal with Section 32(1)(b) at some point.

Mr Lever (DP) was worried that if they passed the Bill without any guidelines on privacy, then the volume of litigation would be immense. They really need to establish a framework for the courts to follow.

The Chair said that all access issues of private information need to be dealt with, but they need to decide between the access of such information and the privacy of it. For now, the only place the Bill really addresses private information is in the exemption, which is not enough. Again, Part 4 is NOT talking about access. You need to look at Clause 29 (exemption) for access of private information. Clause 50 is the only section of Part 4 that deals with access to information. The rest of Part 4 deals with other parts of personal information not related to accessing that personal information. Even if you pass the Bill without Clause 50, you would be passing a fragmented Bill.

Mr Lever (DP) said to the Chair that he cannot ask them to look at this part of the Bill in isolation of all of the other parts. He wanted to know if the committee should ask the President not to promulgate the Bill until after privacy legislation was passed?

The Chair said that the Bill had to be in a form by 4 February 2000 that could be promulgated at that time. He understood that the Bill would not be promulgated on that date, but they need to meet the deadline. He admitted that it was time for them to get a privacy bill, but it could take a long time for them to get one drafted and passed by Parliament. He did not want to make the promulgation of the Bill contingent on a privacy bill.

Ms Smuts (DP) brought up an issue from an article in this mornings Business Day. The article was entitled "Centralising IT will save millions." The subject of the article pointed out some of the problems that the Committee is going to have in trying to classify a body as being public or private. It also pointed out the problem that the Committee is going to have with information that is public, but is now being held by a private body. The article was saying that the SA Police Service (SAPS) has a computer centre which was merged with two state-owned computer services to form the State Information Technology Agency (SITA). How will information be accessed and protected?

The Chair said that it is going to happen that private structures have to create partnerships with the government, because the government just does not have the funds to operate on a high scale. The type of situation that is being discussed in the article is called 'out-sourcing." If a body falls under the definition of private sphere and it has governmental/public information, then the notion that access to that information is going to be more narrow is WRONG. The structure cannot work like that. If they find this to be true, then the committee is going to have to create a separate category under governmental bodies dealing with this type of relationship. It must be that public information is accessible in the same way no matter if it is held in the public or private sphere.

Mr Nel (ANC) raised a point that when the government contracts out information to the private sector (as could be the case suggested by the Business Day article), what does the information become? Is it still public information or does it become private information? You cannot just say that the information becomes that of the private sphere.

The Chair said that the way that we define access in the Bill is determined by whether you are a governmental or private body. The point raised from the article shows that they need to be clear with these definitions - taking all such issues into consideration.

Mr Nel (ANC) pointed out that if you want a defence document, you cannot nd get it from SITA or some other private body.

Ms Smuts (DP) wanted to know what was being done with the data they were referring to in the article.

The Chair was not concerned with that, but was concerned with the cost. Once you out-source public information to a private body, which is really what we are discussing here, then can that private body then increase the cost to get access to that information? If they could increase the cost, then essentially they are minimizing access, which defeats the purpose of the Bill. The Committee needs to follow up on further costs associated with out-sourcing information, what category that out-sourced information will fall into, and follow-up on the article that Ms Smuts raised.

Mr Smith (IFP) brought the Committee back to the topic they were on originally, which was whether or not they should have a separate privacy bill. He pointed out that if they wanted a separate privacy Bill, then it could take years for one to be passed. This Bill should deal with access, and reserve in the schedule for privacy issues. Not dealing with privacy issues at all would severely impact the effectiveness of the legislation.

The Chair said that someone has to investigate and verify a request to change information in a data bank so it not just a matter of asking someone to change the information in a data bank. If it was as easy as making a phone call then there would be all kinds of corruption in things as simple as name changing or changing the date on a birth certificate. The Bill needs to spell out who does the verifying and they need to create a process.

Ms Smuts (DP) said that all of those concerns are already being dealt with by a process that is already in place.

The Chair questioned whether or not that process actually worked. He said the current process is corrupt and access is difficult, and that is what they have to change. His problem with trying to pass legislation dealing with privacy is that this Bill would only address one small part of the right to privacy - that part dealing with access to information. He does not want to pass something that has not been thought through. Right now they have this piecemeal approach to the issue of privacy, and that bothers him because the issue of privacy is so much bigger than what is being addressed here.

Mr Lever (DP) said that they need to distinguish between internal and external methods of dealing with corruption. No legislation will be able to prevent all corruption from taking place.

The Chair said that there is no current system of law in the world that deals with this issue of horizonality with regards to the right of access to information. They need to develop a system of checks and balances. They need to look at the current Bill. Right now the definition of private body only applies to data banks, and they need to look at the body of information being legislated. This is now narrow. The result of these two things put together is almost nothing in the scheme of the right to privacy. This is actually going to turn out very limited which we do ont want. We want something much broader than that. For example, blacklists. For now, you are left on a blacklist even after you are paid up. Your record is open for access, but the information is wrong, and this is harmful to you in that it damages your credit status.

Mr Masutha (ANC) said that they need to look at this Bill in relation to the Administrative Justice Bill.

The Chair agreed that they especially need to look at the exemptions of the Administrative Justice Bill to see how they fit in with this Bill

Mr Smith (IFP) raised his transition approach again. While we are waiting for the privacy legislation, at least deal with the privacy issues that relate to the right to access to information

The chair said that was a possibility. He then asked for guidance on how to proceed with the meeting. Do they want to go through all of the submissions on this point or do they want to keep open the discussion on whether or not they should have a separate bill.

Ms Chohan-Khota (ANC) asked why they would go through all of the submissions when the majority of the Committee members find certain parts of Part 4 incorrect?

Mr Smith (IFP) said it did not matter to him how they proceed so far as the discussion on horizontality.

Ms Chohan (ANC) suggested that they create an enabling provision saying that correction should be dealt with in the regulations. She thinks that opening all of Part 4 for discussion would be a waste of time.

Mr Lever (DP) said that there must be some form of regulations on the contents of Part 4. He suggested that the Chair should let them talk about what to do over lunch, and then they could make the decision that afternoon.

The Chair agreed to postpone further discussion on this point until after lunch. He did not want people in the Committee to feel that they have been bulldozed out of their time to discuss this issue. If they do discuss all of the submissions, then they are going to have to fly through them, because they have so much more to cover.

Implementation
The Chair provided a summary of the different issues that the Committee would have to discuss on this issue. He pointed out that Mr M Mangena (AZAPO) was knowledgeable on local government issues and he could provide input regarding implementation of this Bill at that level of government. The Chair aknowledged that local government was going through restructuring and he believed that they would not be ready to implement the Bill right away. Some issues relating to implementation came out of the talks they had when they went to Australia.

With phased implementation, you have the Bill implemented on the national level first, and then once they have established a system, you phase it into the provincial level, and finally the local. The reasoning behind this approach is that it is assumed that the departments and such on the national level have good records. Most countries phase in the local government after a couple of years. With regard to other bodies:
Public enterprise: immediately phase in or wait?
Private bodies: immediately phase in or wait?
Courts: new tribunal? Training?
The regulations must be drafted before this Bill is ever promulgated.

They have the option of spelling all of this out in the legislation. There was another suggestion brought up in the talks with Australia, which was to create time periods for which to phase in the Bill within each of the levels of government. You can set an ideal time period of implementation in the Bill, but you actually phase into that time frame once the Bill is passed. You also have the option of phasing in certain sections of the Bill (e.g. phasing in whistle-blowers right away, but saving horizontality for later).

Mr Masutha (ANC) pointed out that there is a gap in Section 32 of the Constitution. What is going to happen to this right in between when it is passed and when it is actually promulgated. What are the courts going to do during that gap? How will the right apply to those bodies that have yet to be phased in? Do they still have to adhere to the content of the Bill?

The Chair admitted that Mr Masutha pointed out the real problem with the Constitution. The Committee has to look at that problem. He is not sure what "ready" means from Section 32. Does that mean that it has to be ready to be implemented or what?

Mr Durr (ACDP) said that Section 32 asked for "reasonable measures" and that the Committee was not far off the mark.

The Chair said that the gap is whether 32(1) stands on its own right while the Bill is being implemented or if the right just falls away after Feb. 4. He imagines that the courts will use the Bill as a model when deciding cases on this issue if cases come up, but in truth they do not have to look at the Bill at all for guidance or interpretation, and that is another concern. The courts are not bound to the Bill until it is promulgated (the courts have a free hand in making decision until the regulations are completed).

Mr Smith (IFP) said that the Committee had the power to phase in whomever they want in whatever time frame that they chose. Why not have on 4 February a promulgation of certain sections of the Bill for which you do not want to wait. The Chair took up this idea and suggested that perhaps they could state that the exemptions would be in place until the regulations were completed.

Mr Smith (IFP) said that depending on how the Committee decided to structure the information officer designations would directly impact on the speed of implementation.

The Chair agreed that creating a new position for the information officer and then train them would be an extensive operation. Even if you can pick someone already in the department, the training is still going to take some time.

Mr Swart (ACDP) wanted the Committee to bear in mind the Administrative Justice Bill, because a lot of the provisions in that Bill directly make reference to the ODB. How these two bills link up will directly impact on implementation. He also wanted them to look at the capacity and training of the SAHRC, and how that will fit into the implementation plan.

The Chair agreed with all of those points, and flagged them. He then opened the floor to Mr Mangena to share the point of view of local government.

Mr Mangena said that local government is in the process of restructuring and demarcation. There is still a grey area as to how local government is going to be organized and run. If the ODB is promulgated quickly, you will still need to give local government time to establish itself in the new structure. He suggested drafting a separate section for local government.

He referred the Committee to Mr Mangena's submission (OPD 80). The Chair then asked why Mr Mangena wanted a separate section on local government. He could not see why they would need a separate section for anything except possible implementation.

Ms Chohan-Khota (ANC) could understand Mr Mangena's arguments for implementing local government last, but she was of a different view. She said that the first step in restructuring is reorganization. This would be a perfect opportunity for them to implement this Bill. Her second point was that everyone seems to be of the opinion that the metros are more capable than the smaller councils in implementing this Bill. However, she thinks the opposite. The smaller ones are all housed in one building and they probably never kept any records in the past anyway. She did not see it as a burden to get them caught up in a new record-keeping system so they should be able to implement the Bill right away. Finally, she pointed out that local government is the delivery arm of government to the people. It is the level where people have the most access, and it is the kind of government structure that impacts on the ordinary South African citizen. It is imperative that implementation happen sooner rather than later at the local level. However, she did recognize that what she had said was probably not in line with Mr Mangena's views.

The Chair said that the problem of implementing on the local level first has to do more with having the resources and the capacity to train new people rather than the restructuring. We are not just talking about training an information officer, but also about developing a new system of documentation. He did agree with her point on metros. He pointed out that when you adopt a phased-in approach to implementation, that nothing stops you from making the right to know aspect of the Bill apply right away. Let the local government and all bodies for that matter make available what they can right away.

Afternoon session
Implementation (continued)
Chairperson Mr J de Lange opened the meeting and called for continuation of the discussions on implementation of the legislation. Especially with regard to the submission made by Local Government that it should not be made subject to the provisions of the Bill until the Local Government elections have taken place in November 2000 and the proper demarcation of boundaries had been effected.

Mr Madlala (ANC) supported the view that the restructuring of local government would delay implementation at this level. Mr M Masutha (ANC) said that during the interim period, the way to protect your right to information is through litigation. Mr Landers (ANC) pointed out that people must be able to exercise their rights. Thus, while he was sympathetic with the difficulty of implementation in relation to the new local government structures being set up, he could not accept the situation that people could not exercise their rights to access information held by local authorities during their transition. The chairperson corrected Mr Landers and said that there would be no taking away of rights in the interim. The problem was that in the interim, the only way to exercise your right to this information would be through the courts.
Mr Smith (IFP) said that with the introduction of the ODB, big companies would be hit hard and the floodgates might be opened with demands for access to information. He felt that easily implementable parts of the bill should be isolated and implemented first. The chairperson felt that one would only know these areas once the Bill was in operation. He finalised the discussions on the matter by stating that how implementation will or will not be staggered depends on what the Committee approves.

Privacy
With regard to Clause 51 of Part Four, which dealt with the right to correct personal information held by private bodies, Ms D Smuts (DP) held the view that the right was important. She stated that it was not so much a right to privacy than it was a right to administrative justice. She said that an agreement had to be reached with regard to informed consent and consent to disclosure of such information. With regard to Clause 52, she said that in view of the way government was running databases with personal information at the moment, she wanted to see that citizens had the right to give consent for the use of their information for whatever purposes. Thus she was adamant that there had to be a right to correct information in the hands of the state.

The chairperson Mr J De Lange (ANC) could not understand where administrative justice fitted in. He felt that it was not relevant to the correction of information.

Ms F Chohan-Kotha (ANC) wondered whether Ms D Smuts (DP) was talking about the information upon which reasons are given for decisions, which she felt did not necessarily apply to the information being dealt with by the committee. She held the view that the correction of information being dealt with in Clause 51 concerned personal information in databases. She thus said the information Ms D Smuts was talking about went broader than just databases. She said that if one were speaking about other information upon which administrative action is based (which may be incorrect) then recourse would emanate from the reasons given.

The chairperson said that these clauses were only dealing with a little aspect of the right to privacy. He said that the act was not regulating how government had to operate, since he said there were numerous other laws dealing with this. He said that the purpose of the act was to create open government and to make sure that the decisions were not based on the wrong things, laying out the guidelines of how administrators had to operate. He said that the exemptions may or may not limit or exclude the citizens right to privacy but stressed that the act did include in it exemptions. He was adamant that a broader act was needed, exclusively on the right to privacy.

Mr P Smith (IFP) was quite concerned about data protection. He wanted to know whether for example chemical companies could simply be requested to give information, which they regarded as secret or privileged.

The Chairperson agreed that data protection was an area on its own and had to be dealt with separately in a different Bill. He was opposed to dealing with the problem in a piecemeal fashion, which he felt Ms D Smuts (DP) was supporting.

The Committee then proceeded to look at the submissions addressing these clauses:

Clause 51
There was consensus to ignore the Direct Marketing Association’s submission on clause 51(6).

Their point on clause 51(8) was that if one allowed records to be deleted, why should you keep copies? Ms Chohan Khotha (ANC) agreed, feeling that if information had been corrected there would be no need to keep records of the deleted information. Ms Smuts (DP) felt that it could be necessary to in fact keep such records to see on what basis the correction was made. In conclusion, the committee rejected this point of the Direct Marketing Association’s submission as well.

The Credit Bureau Association’s submission on clause 51 was thought by the chairperson to be a bad submission, but nevertheless it was allowed through to be voted on.

Clause 52
There were no submissions.

Clause 53
The Consumer Institute of South Africa submission was to the effect that because of technological advances, controlling the dissemination of personal information was difficult. Also, it suggested that Article 6 of the EU’s directives as well as the USA provisions of the Credit Reporting Act 1971 should be noted in relation to data protection. The chairperson was of the view that the obvious was being pointed out. He wanted someone to actually take the bull by the horns and formulate such legislation relating to data protection, with the necessary research being done.

The next submission by the Direct Marketing Association states that clause 53 does not reflect the same balance of interests with regard to the use of information as is the case with the disclosure of information in clauses 55(h) and 56(p). It was suggested that the wording of clause 55(h) be included as a clause 53(d). It was agreed to put this amendment in.

The Credit Bureau Association submission was left out on the advice of Advocate Van Schoor, the drafter.

Clause 54
There were no submissions.

Clause 55
The Banking Council of South Africa submission stated: "The presumption is that clause 55 g covers for example a loan contract where the withdrawal of consent can not override prior contractual obligations. Should this not be the case, then the capacity for consent to be withdrawn in terms of contractual obligations (relating to loans, surety agreements, guarantee agreements etc.) needs to be prescribed." The chairperson asked Ms Van Schoor about the comment. She was of the view that it had no validity. Nobody disagreed with this.

The submission from SACOB gave rise to much debate and fundamental disagreement. It said: " Exchange of information between companies of the same group is not allowed which will result in costly administrative difficulties for companies in retail credit operations. Access to a common database should be permitted."

Mr P Smith (IFP) felt very strongly that such access to a common database should be allowed. Ms Chohan-Khota (ANC) disagreed. She said that if a bank owned a retail store and a customer of both the bank and the retail store owed the store some money, the bank would have access to the store’s database, and on the basis of the outstanding debt, blacklist the customer in the bank’s files. She said that this could not be allowed.

Mr P Smith (IFP) said that the classic example was where various banks, forming part of one large financing house, shared the same database.
Ms F Chohan-Khota (ANC) was not convinced that "cross pollination" - as it were - could not occur. For example, she was concerned that the reference to companies of the "same group" did not in fact prevent the access of a bank to a database of, for example, a clothing company which could easily be shown to be "in the same group of companies" as the bank.

The chairperson said that if one company had "bad" information on a person, he was not too sure whether other companies in the same group or other private bodies should in fact be able to get this information as they pleased. He said that he was sorry to hear that sometimes privacy applied and other times it did not.

Mr K Durr (ACDP) stated that it was common to hear of take-overs such as where for example Shoprite owns O.K. Bazaars as well as Edgars and so on. He felt that such take-overs were common practice to try and produce economies of scale. These amalgamated companies would clearly have access to each other’s databases in order to have one credit control function for the group.

The chairperson had a serious problem with one company forming an opinion of a person’s credit-worthiness which became available to a number of other companies who then used this information as a basis for their conclusions as to the person’s credit-worthiness. He wanted to know whether this practice would be legally valid in the light of the unrestricted right to privacy in the Constitution – since no privacy laws had yet been passed. He said that there was no way he would allow a law to be passed which would allow companies to pass willy-nilly all kinds of information around.

Mr P Smith (IFP) said that the credit-worthiness of municipalities was traded information. He said that if a municipality was in trouble with paying its bills, it was the practice that this information would become public among all the lending institutions very quickly. He said that this was the accepted practice in public finance.

The Chairperson wanted to know whether this was the practice in countries with a bill of rights, with privacy in it as well as a limitations clause - that there was no problem with this type of information about the credit-worthiness of a person being happily distributed. He asked if this was an international practice in countries with those rights.

Mr K Durr (ACDP) said that he had traded in about twenty countries and could not think of any whose credit control procedures were not at least as tight as South Africa’s if tighter.

The chairperson stated that this was not what he had asked. He said that what was being suggested was that information which was gathered by one person, which could affect your life in many respects, could be happily transmitted to other companies. He wanted to know whether this was the practice internationally.

Mr K Durr (ACDP) said that in practice it would be very difficult to build a wall between companies and subsidiaries.

The chairperson remained opposed to making a law, which allows the taking of adverse privacy information on one person, and using it blankly. He agreed that where there was a voluntary consent by a person that such information may be used by another company, it was fine. He could not accept the making of a law, which allowed such information to be available at will to all and sundry.

Mr P Smith (IFP) said that if a chain of ten stores opened, and a customer of one store was a known crook, the other nine should have access to that information. Secondly he said that SACOB was not proposing the amendment because they want the practice allowed (for the sake of having it allowed) but because it had been expressly prohibited.

Mr Madlala (ANC) said that the way he understood the proposed amendment was that it was not referring to one company, but to companies in the same group as well as companies in retail credit operations, which he took to mean that if companies were part of SACOB they would be entitled to the information. He said that "group" was not defined – it does not in fact talk about subsidiaries thus it is open to wide interpretation. He said that it could be the same group in the retail or banking industries (which were extremely large) or any other group.

It was pretty clear that there was a fundamental split on this issue and the chairperson said that the submission should therefore be added and further discussion and voting would inevitably resolve the issue. He added that he was not happy to deal with such issues, which infringe people’s rights, on a piecemeal basis. He insisted once again that a proper law regulating this, had to be drafted whereby there would be more clarity on the right to privacy and other rights. The meeting was adjourned.