white_paper_on_data_protection_in_india_171127_final_v2
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
South Africa<br />
The POPI Act provides very detailed prescripti<strong>on</strong>s as to what <strong>in</strong>formati<strong>on</strong> must <strong>in</strong>cluded <strong>in</strong><br />
the notice at the time of collecti<strong>on</strong> of pers<strong>on</strong>al <strong>data</strong> from the <strong>in</strong>dividual. It mandates that the<br />
<strong>data</strong> c<strong>on</strong>troller must take all steps which are reas<strong>on</strong>ably practicable to ensure that all<br />
necessary <strong>in</strong>formati<strong>on</strong> is provided to the <strong>in</strong>dividual, <strong>in</strong>clud<strong>in</strong>g the type of <strong>in</strong>formati<strong>on</strong> be<strong>in</strong>g<br />
collected, the purpose for which <strong>in</strong>formati<strong>on</strong> is be<strong>in</strong>g collected, to whom the <strong>in</strong>formati<strong>on</strong> will<br />
be disclosed, and so <strong>on</strong>. 461<br />
Canada<br />
PIPEDA provides that purposes for which pers<strong>on</strong>al <strong>in</strong>formati<strong>on</strong> is collected must be<br />
identified by the collect<strong>in</strong>g organisati<strong>on</strong> at or before the time the <strong>in</strong>formati<strong>on</strong> is collected. It<br />
goes <strong>on</strong> to say that the identified purposes should be specified either orally or <strong>in</strong> writ<strong>in</strong>g, at<br />
the time that the <strong>in</strong>formati<strong>on</strong> is collected. 462 The Privacy Commissi<strong>on</strong>er has issued certa<strong>in</strong><br />
guidel<strong>in</strong>es for <strong>on</strong>l<strong>in</strong>e c<strong>on</strong>sent, which require that organisati<strong>on</strong>s must be fully transparent about<br />
their privacy practices and disclose what <strong>in</strong>formati<strong>on</strong> they are collect<strong>in</strong>g, what it will be used<br />
for and with whom it will be shared. 463 The guidel<strong>in</strong>es attempt to address difficulties relat<strong>in</strong>g<br />
to notice readability, comprehensi<strong>on</strong> and access, by provid<strong>in</strong>g that it must c<strong>on</strong>ta<strong>in</strong> clear<br />
explanati<strong>on</strong>s, language at an appropriate reader level, <strong>in</strong>form<strong>in</strong>g users <strong>in</strong> advance if an<br />
organisati<strong>on</strong> <strong>in</strong>tends to change its <strong>data</strong> use, etc.<br />
Australia<br />
The APPs, which form part of the Privacy Act suggest that all entities must have a ―clearly<br />
expressed and up to date‖ privacy policy regard<strong>in</strong>g how pers<strong>on</strong>al <strong>in</strong>formati<strong>on</strong> is managed by<br />
the entity. The policy should also specify what types of <strong>in</strong>formati<strong>on</strong> the entity collects and<br />
holds, the purposes for which it is collected, and how this <strong>in</strong>formati<strong>on</strong> will be used and<br />
disclosed. The privacy policy must also be available free of charge and <strong>in</strong> whatever form as<br />
may be c<strong>on</strong>sidered appropriate. 464 Further, the APPs also require that any entity, which<br />
collects pers<strong>on</strong>al <strong>in</strong>formati<strong>on</strong> about an <strong>in</strong>dividual, must take reas<strong>on</strong>able steps to notify the<br />
<strong>in</strong>formati<strong>on</strong> about the <strong>in</strong>formati<strong>on</strong> collected as so<strong>on</strong> as possible, and to ensure that the<br />
<strong>in</strong>dividual is aware that such <strong>in</strong>formati<strong>on</strong> is be<strong>in</strong>g collected. 465<br />
United States<br />
The privacy laws <strong>in</strong> the US are sector-specific. Several of these laws mandate the form and<br />
substance of what <strong>in</strong>formati<strong>on</strong> a privacy notice must c<strong>on</strong>ta<strong>in</strong>. For <strong>in</strong>stance, <strong>in</strong> order to ensure<br />
easy accessibility of the notice, laws such as California Onl<strong>in</strong>e Privacy Protecti<strong>on</strong> Act, 2003<br />
461 Secti<strong>on</strong> 18, POPI Act.<br />
462 Pr<strong>in</strong>ciple 2, Paragraph 4.2.3, PIPEDA.<br />
463 Office of the Privacy Commissi<strong>on</strong>er of Canada, ‗Guidel<strong>in</strong>es for Onl<strong>in</strong>e C<strong>on</strong>sent‘(May 2014), available at:<br />
https://www.priv.gc.ca/en/privacy-topics/collect<strong>in</strong>g-pers<strong>on</strong>al-<strong>in</strong>formati<strong>on</strong>/c<strong>on</strong>sent/gl_oc_201405/, (last accessed<br />
23 October 2017).<br />
464 Paragraphs 1.3, 1.4 and 1.5, APP 1, Privacy Act.<br />
465 Paragraph 5.1 and 5.2, APP 5, Privacy Act.<br />
96