Committee agrees to adopt South African model in Data Protection Act

News

Committee agrees to adopt South African model in Data Protection Act

BY ALPHEA SAUNDERS
Senior staff reporter
saundersa@jamaicaobserver.com

Thursday, December 12, 2019

Print this page Email A Friend!


DATA controllers such as telecommunications companies and other entities and individuals who collect personal data will have to seek a customer's explicit consent to directly market products and services to them.

This will be the new dispensation for direct marketing if the provision which was agreed by the joint select committee (JSC) reviewing the Data Protection Act retained by Parliament when the recommendations are tabled.

The committee agreed to adopt the provision from the South African Protection of Personal Information (POPI) model upon the persistence of Senator Robert Morgan at yesterday's meeting of the committee.

Morgan has maintained over several meetings of the committee that telecommunications companies and other businesses that collect personal data should not continue to have a free hand to use people's data to electronically push their products and services, unsolicited.

He argued that some companies were abusing their dominance and prominence in the market to force consumers to give up their data and permission to use their data.

“I personally would prefer that there is an explicit statement that says you cannot send me information unless I give you the explicit authority to send me [that] information. What you find a lot of the times is that there is the commingling between purchasing a product and giving the authority to send information; all the permissions are commingled into one thing. All I'm saying is, is let me give you permission to send me that information,” he stated.

Initially, the Ministry of Science, Energy and Technology (MSET) was against including the proposal, recommended by the Jamaican Bar Association, for the law to force data controllers to have explicit consent in order to directly market products and services to them.

Members of the joint select committee have insisted that consumers and customers must be given the option to agree to these promotions in the first place, instead of being put in a position to decipher how to opt out.

At Wednesday's sitting, in discussion with MSET's technical team, led by Principal Director Kaydian Smith Newton, and Chief Technical Director Wahkeen Murray, the committee agreed to adopt the provision from the POPI scheme, which expressly speaks to direct marketing by means of unsolicited electronic communications.

As set out in POPI, the processing of personal information of a data subject for the purpose of direct marketing, by means of any form of electronic communication, including automatic calling machines, facsimile machines, short message services or e-mail, is prohibited unless the data subject has given consent to the processing or is a customer of the responsible party – subject to other provisions.

It further sets out a wide range of specific consensual circumstances under which personal data sharing for marketing purposes is allowed, and the responsibilities of the data controller.

In the local context, the provision would give consumers and customers the ability to opt in, as well as opt out of these marketing schemes.

In its current form, the Data Protection Act does not prevent telecommunications and other companies from pushing marketing information to customers without their explicit consent.

The adoption of the South African direct marketing regime, if agreed by Parliament, would delete the current section 11, and create a new clause 10.

Meanwhile, Chief Technical Director Murray pointed out that clause 25 of the Bill, which deals with purpose limitation, makes it clear that personal data shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with those purposes.

She said the aim is to make the process of consent purpose driven, and management of the data not left to the whim of the controller.

Murray emphasised that “The entire scheme will require data controllers to develop with their respective organisation's privacy policy and change the way they are now interacting with customers and consumers. They will have to be deliberate in presenting documents so that they can explicitly receive consent.”


Now you can read the Jamaica Observer ePaper anytime, anywhere. The Jamaica Observer ePaper is available to you at home or at work, and is the same edition as the printed copy available at http://bit.ly/epaperlive


ADVERTISEMENT




POST A COMMENT

HOUSE RULES

1. We welcome reader comments on the top stories of the day. Some comments may be republished on the website or in the newspaper � email addresses will not be published.

2. Please understand that comments are moderated and it is not always possible to publish all that have been submitted. We will, however, try to publish comments that are representative of all received.

3. We ask that comments are civil and free of libellous or hateful material. Also please stick to the topic under discussion.

4. Please do not write in block capitals since this makes your comment hard to read.

5. Please don't use the comments to advertise. However, our advertising department can be more than accommodating if emailed: advertising@jamaicaobserver.com.

6. If readers wish to report offensive comments, suggest a correction or share a story then please email: community@jamaicaobserver.com.

7. Lastly, read our Terms and Conditions and Privacy Policy



comments powered by Disqus
ADVERTISEMENT

Poll

ADVERTISEMENT
ADVERTISEMENT

Today's Cartoon

Click image to view full size editorial cartoon
ADVERTISEMENT