You may have noticed the annoying pop-up message like the one below that are mostly the bottom of websites where you are asked to accept the cookies or ignore it.
Well, from July 1st this year all South African web sites will have to have it installed. This is because the POPI Act (Protection of Personal Information Act) will come in effect on the 1st of July 2021. See the explanation below.(1)
pages which will have to be installed so that all the basis are covered regarding the requirements of the POPI act.This service is either free or with a 50% discount for customers with a service agreement with Optimum Solutions. Discount depends on your service agreement package.
Please contact me if you need more information regarding this deal.
082 829 6428
What is a Cookie?
A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to “remember” your actions or preferences over time.
Most Internet browsers support cookies; however, users can set their browsers to decline certain types of cookies or specific cookies. Further, users can delete cookies at any time.
Does POPIA apply to cookies in South Africa?
The answer is yes, although the POPIA does not explicitly mention cookies, but POPIA does apply.
- A cookie can contain personal information
- The definition of electronic communication means “any text, voice, sound or image message sent over an electronic communications network which is stored in the network or in the recipient’s terminal equipment until it is collected by the recipient” (which can include cookies).
- The definition of personal information includes an online identifier (which can include cookie identifiers).
- The definition of a unique identifier “means any identifier that is assigned to a data subject and is used by a responsible party for the purposes of the operations of that responsible party and that uniquely identifies that data subject in relation to that responsible party” (which can include cookie identifiers).
- If personal information (including by using cookies) is collected, the responsible party must take reasonably practicable steps to ensure that the data subject is aware of many things (section 18).
- One of the duties of the Information Regulator is to monitor the use of unique identifiers and make recommendations to Parliament on the need to take legislative, administrative, or other action (section 40(1)(b)(vii)).
- The regulator must consider any developing general international guidelines relevant to the better protection of individual privacy (section 44(1)(d)).
- The “responsible party must obtain prior authorisation from the Regulator … prior to any processing if that responsible party plans to process any unique identifiers of data subjects:
- for a purpose other than the one for which the identifier was specifically intended at collection; and
- with the aim of linking the information together with information processed by other responsible parties” (section 57).
- Direct marketing by means of unsolicited electronic communications to prospects requires consent (section 69).
(1) Credit to Michalsons – read full article on their website.