Asymmetry in South Africa's Regulation of Customer Data Protection: Unequal Treatment between Mobile Network Operators (MNOs) and Over-the-Top (OTT) Service Providers
DOI:
https://doi.org/10.23962/10539/27536Keywords:
data protection, South Africa, regulatory asymmetry, mobile network operators (MNOs), over-the-top (OTT) service providers, Regulation of Interception of Communications and Provision of Communication-Related Information Act (RICA), Protection of Personal Information Act (POPI Act), digital economy, competition, personal information, privacy, consumer protection, compliance, enforcement, regulatory uncertaintyAbstract
This article examines the asymmetry that currently exists in South Africa in the regulatory treatment of customer data usage by mobile network operators (MNOs) and over-the-top (OTT) service providers. MNOs and OTTs must receive customer "consent", in terms of the Protection of Personal Information Act (POPI Act) and its Regulations, before sharing the customer's "personal information" with a third party. But MNOs have an additional requirement to meet, in terms of the Regulation of Interception of Communications and Provision of Communication-Related Information Act (RICA), which is not applicable to OTTs: a requirement whereby a customer must provide "written authorisation" to an MNO before the MNO can share "communication-related information which relates to the customer concerned" with a third party. In this article, I examine and analyse provisions of the POPI Act, POPI Act Regulations, RICA, other relevant legislation, court decisions, records of a Parliamentary hearing, the standard terms and conditions and privacy policies of two South African MNOs (Vodacom and MTN), and two international OTT service providers (Google and Facebook). Based on the analysis, I argue that the unequal regulatory treatment between the MNOs and OTTs, if allowed to persist, threatens to undermine the growth of key elements of South Africa’s digital economy.
References
South African Acts and Regulations
Consumer Protection Act 68 of 2008.
Electronic Communications and Transactions (ECT) Act 25 of 2002. Electronic Communications Act (ECA) 36 of 2005.
Protection of Personal Information Act (POPI Act) 4 of 2013.
Regulation of Interception of Communications and Provision of Communication Related Information Act (RICA) 70 of 2002.
Regulation of Interception of Communications and Provision of Communication Related Information Amendment Act (RICA Amendment Act) 48 of 2008.
Information Regulator: Protection of Personal Information Act, 2013 (Act No. 4 of 2013): Regulations Relating to the Protection of Personal Information, 2018. Government Gazette, No. 42110, No. R. 1383, 14 December.
Other Sources
Binns, R., Lyngs, U., Van Kleek, M., Zhao, J., Libert, T., & Shadbolt, N. (2018). Third party tracking in the mobile ecosystem. In WebSci ’18: 10th ACM Conference on Web Science, May 27–30, Amsterdam. New York: ACM. https://doi.org/10.1145/3201064.3201089
Body of European Regulators for Electronic Communications (BEREC). (2016). Report on OTT services. Retrieved from https://berec.europa.eu/eng/document_register/subject_matter/berec/reports/5751-berec-report-on-ott-services
Dance G. J. X., Confessore N., & LaForgia, M. (2018, June 3). Facebook gave device makers deep access to data on users and friends. New York Times. Retrieved from https://www.nytimes.com/interactive/2018/06/03/technology/facebook-device-partners-users-friends-data.html
European Union (EU). (2016). General Data Protection Regulation (GDPR) 2016/679 (implementation date: 25 May 2018).
Feasey, R. (2015). Confusion, denial and anger: The response of the telecommunications industry to the challenge of the Internet. Telecommunications Policy, 39(6), 444–449. https://doi.org/10.1016/j.telpol.2014.08.007
Facebook. (n.d.). Terms of service. Retrieved from https://www.facebook.com/legal/terms/update
Ganuza, J. J., & Viecens, M. F. (2014). Over-the-top (OTT) content: Implications and best response strategies of traditional telecom operators. Evidence from Latin America. Digital Policy, Regulation and Governance, 16(5), 59–69. https://doi.org/10.1108/info-05-2014-0022
Google. (n.d.). Google privacy policy. Retrieved from https://policies.google.com/privacy
Hern, A. (2018, April 19). Facebook moves 1.5bn users out of reach of new European privacy law. The Guardian. Retrieved from https://www.theguardian.com/technology/2018/apr/19/facebook-moves-15bn-users-out-of-reach-of-new-european-privacy-law
Jayakar, K., & Park, E.-A. (2014). Emerging frameworks for regulation of over-the-top services on mobile networks: An international comparison. Paper presented to TPRC Conference, 31 March. https://dx.doi.org/10.2139/ssrn.2418792
Krämer, J., & Wohlfarth, M. (2018). Market power, regulatory convergence, and the role of data in digital markets. Telecommunications Policy, 42(2), 154–171. https://doi.org/10.1016/j.telpol.2017.10.004
Mayer, J., Mutchler, P., & Mitchell, J. C (2016). Evaluating the privacy properties of telephone metadata. Proceedings of the National Academy of Sciences of the United States of America, 113(20), 5536–5541. https://doi.org/10.1073/pnas.1508081113
Microsoft. (n.d.). Microsoft Azure. Retrieved from https://azure.microsoft.com/en-us/services/app-service/
MTN (n.d.). Terms and conditions. Retrieved from https://www.mtn.co.za/Pages/Termsandconditions.aspx?pageID=26
Peitz,M.,& Valletti,T.(2015).Reassessing competition concerns in electronic communications markets. Telecommunications Policy, 39(10), 896–912. https://doi.org/10.1016/j.telpol.2015.07.012
Parliamentary Monitoring Group (PMG). (2016) Over-the-Top (OTT) policy and regulatory options Meeting Summary. 26 January. Cape Town: Portfolio Committee on Telecommunications and Postal Services, Parliament of South Africa. Retrieved from https://pmg.org.za/committee-meeting/21942/
PricewaterhouseCoopers (PwC).(2017). Governing structures and delegation – A comparison between King IV TM and King III. Retrieved from https://www.pwc.co.za/en/assets/pdf/king-iv-comparison.pdf
Privacy Commissioner v Telstra Corporation Limited [2017] FCAFC 4
Shanapinda, S. (2016a). Retention and disclosure of location information and location identifiers. Australian Journal of Telecommunications and the Digital Economy, 4(4), 251–279. https://doi.org/10.18080/ajtde.v4n4.68
Shanapinda, S. (2016b). The types of telecommunications device identification and location approximation metadata: Under Australia’s warrantless mandatory metadata retention and disclosure laws. Communications Law Bulletin, 35(3), 17–19.
Shanapinda, S. (2018). OTT wars in South Africa: The privacy and cybersecurity regulatory asymmetry and how it complicates advancing the digital economy fairly - a theoretical perspective. Presentation to the 4th Annual Competition and Economic Regulation (ACER) week Southern Africa conference in Johannesburg, 16-20 July. Retrieved from https://www.competition.org.za/acer-conference-papers
Spring Forest Trading 599 CC v Wilberry (Pty) Ltd t/a Ecowash and Another (725/13) [2014] ZASCA 178; 2015 (2) SA 118 (SCA) (21 November 2014). Retrieved from http://www.saflii.org/za/cases/ZASCA/2014/178.pdf
Stoller, K. (2018, June 6). The world’s largest tech companies 2018: Apple, Samsung take top spots again. Forbes. Retrieved from https://www.forbes.com/sites/kristinstoller/201nu898/06/06/worlds-largest-tech-companies-2018-global-2000/#6354683c4de6
Stork, C., Esselaar, S., & Chair, C., (2017). OTT - threat or opportunity for African MNOs?
Telecommunications Policy, 41(7–8), 600–616. https://doi.org/10.1016/j.telpol.2017.05.007
Sujata, J., Sohag, S., Tanu, D., Chintan, D., Shubham, P., & Sumit, G. (2015). Impact of over the top (OTT) services on telecom service providers. Indian Journal of Science and Technology, 8(S4), 145–160. https://doi.org/10.17485/ijst/2015/v8iS4/62238
Sutherland, E. (2017). Governance of cybersecurity – the case of South Africa. The African Journal of Information and Communication (AJIC), 20, 83–112. https://doi.org/10.23962/10539/23574
Telstra Corporation Limited and Privacy Commissioner [2015] AATA 991 (18 December 2015)
Vodacom. (2017a). Best technology. Retrieved from http://www.vodacom-reports.co.za/integrated-reports/ir-2017/best-technology.php
Vodacom. (2017b). Vodacom Group Limited integrated report for the year ended 31 March 2017. Retrieved from http://www.vodacom-reports.co.za/integrated-reports/ir-2017/pdf/full-integrated-hires.pdf
Vodacom. (2018a, April 18). Vodacom accelerates digital transformation with first-to-market launch of suite of Azure solutions. Press release. Retrieved from http://www.vodacom.com/news-article.php?articleID=4472
Vodacom. (2018b, May 10). Vodacom puts its partners in the driving seat of digital transformation. Press release. Retrieved from http://www.vodacom.com/news-article.php?articleID=4476
Vodacom (2018c). Senior specialist information security. Job advertisement. LinkedIn. Retrieved from https://www.linkedin.com/jobs/view/686527109
Vodacom (2018d). Senior insights manager. Job advertisement. LinkedIn.
Vodacom. (n.d.a). Privacy policy. Retrieved from http://www.vodacom.co.za/vodacom/terms/privacy-policy
Vodacom. (n.d.b). Vodacom app store terms and conditions. Retrieved from https://myvodacom.secure.vodacom.co.za/vodacom/terms/vodacom-app-store-terms-and-conditions
Vodacom. (n.d.c). Groups. Retrieved from https://www.vodacombusiness.co.za/cs/groups/public/documents/document/azure-brochure.pdf
Downloads
Published
Issue
Section
License
Copyright (c) 2019 https://creativecommons.org/licenses/by/4.0
This work is licensed under a Creative Commons Attribution 4.0 International License.
How to Cite
- Abstract 296
- pdf 146
.png){kind=spacer}