Data protection authorities around the world can issue or approve Codes of Conduct under applicable data protection law. Monitoring bodies or associations often draft them and then submit them to the authority to be issued. To facilitate this process authorities often publish guidelines on codes of conduct so that they can be drafted in accordance with them. It would be useful if the guidelines issued by authorities around the world were consistent to the extent that they can.
EU Guidelines on Codes of Conduct and Monitoring Bodies
They include a checklist for submission in Appendix 3 of the Guideline which will be particularly useful for associations or bodies who would like to draft a code.
A competent supervisory authority has to approve the final version of a Code of Conduct. Appendix 2 assists in choosing the right supervisory authority for a transnational code. The submitting body should put some thought into this decision, as the chosen supervisory authority will be the single point of contact during the whole approval process. The chosen supervisory authority informs other concerned supervisory authorities and those can submit comments on the code.
In addition, a monitoring body has to be identified and approved to monitor the code. The Guidelines specify the requirements for such a monitoring body in detail.
Guidelines of the Information Regulator
The Information Regulator in South Africa may issue Guidelines on drafting Codes of Conduct under the Protection of Personal Information Act, 2013 (POPIA). The regulator is currently in the process of drafting the guidelines and is consulting with anyone who has an interest in the guidelines. You can give input and make comments in writing before 17 January 2020 (close of business at 16h00). The Information Regulator held an in-person consultation with interested parties on 6 November 2019 at the Midrand Conference Centre.
According to section 65 of POPIA, “the Regulator may provide written guidelines:
- to assist bodies to develop codes of conduct or to apply approved codes of conduct;
- relating to making and dealing with complaints under approved codes of conduct; and
- about matters the Regulator may consider in deciding whether to approve a code of conduct or a variation or revocation of an approved code of conduct.”
“Before providing guidelines for the purposes of subsection (1)(b), the Regulator must give everyone the Regulator considers has a real and substantial legitimate interest in the matters covered by the proposed guidelines an opportunity to comment on them. The Regulator must publish guidelines provided under subsection (1) in the Gazette.”
What do the Guidelines on drafting Codes of Conduct cover?
- Introduction: Legislative Framework
- Issuing of Codes by the Regulator
- Code Governance
- Complaints Handling Procedure
- Reviewing, Varying and Revocation of Approved Code
Actions you can take
- Consider what impact the draft guidelines will have on your organisation by downloading the Guidelines on drafting Codes of Conduct Draft for consultation AMENDED.
- Submit input or comments on the draft guidelines by emailing them to Varsha Sewlal before 17 January 2020 or asking Michalsons to do it for you.
- Find out how these guidelines or a code of conduct will impact your specific circumstances by getting our advice.