The information regulator issued a new guidance note on the processing of personal information of a voter by political parties and independent candidates as well as highlighting how to combat misinformation and disinformation in terms of the provisions of the Protection of Personal Information Act 4 of 2013 (POPIA) ahead of the national elections on 29 May 2024.

The guidance note is now an updated version of the previously published guidance note on 28 January 2019 (prior to the commencement of POPIA). The guidance note has included all clarifications made by the information regulator in its many media statements where elections, data breaches, misinformation and disinformation is concerned.

Objectives of the guidance note

Free, fair and trustworthy elections are more important than ever.

The objectives of the guidance note is to provide a scope and applicability of POPIA to political parties and independent candidates and the measures that need to be taken to comply with the provisions of POPIA, whilst ensuring the free flow of accurate and reliable information to achieve free and fair elections.

What does the guidance note cover?

The guidance note reiterates that political parties and independent candidates are ‘responsible parties’ and provides greater detail to the limitations and applicability of the lawful conditions for processing information of voters when campaigning and during the elections. The information regulator also makes mention of clarifying issues relating to request for donations, use of unsolicited communication and policy issues that political parties and independent candidates need to be aware of during the elections.

The eight lawful conditions for processing personal information of data subjects

The guidance note makes reference to the following eight conditions a political party or independent candidate must adhere to when accessing and processing personal information:

  1. Accountability
  2. Process limitation
  3. Purpose specification
  4.  Further processing limitation
  5. Information quality
  6. Openness
  7. Security safeguards
  8. Data subject participation

These conditions apply to all responsible parties accessing and processing the personal information of data subjects and must be strictly adhered to. Failure to do so may result in hefty fines or enforcement notices.

Are there any exceptions for political parties?

The guidance note makes reference to sections 26 and 31 of POPIA. The guidance note says that these sections prohibit the processing of special personal information which include political persuasion of voters. The exception to the rule is that political parties may process the political persuasion of a voter for the purpose of political party-specific reasons, such as the engagement of recruitment of members or campaigning ahead of an election. The information regulator explains that whilst political parties must still comply with the eight conditions stated above, a political party may not bombard voters with messages without first obtaining a voter’s consent.  This statement is up for debate.

Direct marketing and donations

The guidance note explains that campaigning or canvassing of votes by political parties does not fall within the scope of promoting or offering goods and services in the ordinary course of business. We agree with this view. The guidance note explains that political parties can only contact you for donations after you have given them your consent. They are also not allowed to take your personal information from websites such as the eHome Affairs portal. These two statements are also up for debate.

The information regulator bears the onus on political parties and independent candidates to prove that consent was given to them by prospective donors. The guidance note does, however, emphasise the importance of keeping up to date processing of records or databases of donors and voters that have withdrawn or refused their consent.

Misinformation and disinformation

The guidance note explains that misinformation is false or misleading information spread unintentionally and disinformation is false or misleading information spread intentionally to deceive.

The information regulator has now employed political parties and independent candidates to develop policies, strategies and action plans to reduce and respond to misinformation and disinformation practices in electoral campaigns and during elections. This involves prompt investigations, taking disciplinary action and issuing statements of commitment against data harvesting, deep fakes and AI-generated content in their election campaigns.

Our insight

The twenty-page document has provided many clarifications but has kept silent on the practical application of the scope and limitations of the provisions of POPIA to political parties and independent candidates. The information regulator has emphasised that the guidance note is advisory in nature and does not constitute legal advice but has placed obligations such as policy implementation and misinformation and disinformation to be legislative by nature. This implies that the information regulator may amend its regulations to provide that spreading information may violate POPIA or collaborate with the electoral commission in creating a code of conduct to address misinformation and disinformation.

Actions you can take

  • Ensure you process data lawfully whilst campaigning by joining a Michalsons programme.
  • Find answers to your questions by asking Michalsons for a legal opinion of a specific election-related question.
  • Gain more insight about the information regulator’s published guidelines and notes by reading our posts.
  • Find out more by reading the guidance note itself and the media statement published by the information regulator on 14 May 2024.