The Portfolio Committee on Justice and Constitutional Development continued with deliberations on the Protection of Personal Information Bill [B9-2009]. Under clause 26 a Member of the Committee expressed concern that where a person was convicted of a crime and it was a public matter, it was not clear how one could prohibit the processing of that information under clause 26(b). It was said that the concept of criminal behaviour was very broad and in light of this the existence of clause 26(b) was questionable. The main concern of the Committee was how a data subject would be protected
where there was an allegation made against them and they were cleared of any wrongdoing after the information had already been processed. A possible resolution to the problem was offered by another Member of the Committee which was that person who had brushes with the law had the right to be forgotten, it was pointed out that this would be in line with the provisions of the Constitution. It was pointed out that that the European Union was moving towards retaining criminal convictions as criminal behaviour was too wide. The Committee decided that it would give more thought to the three proposed options in clause 26.
In clause 32 the state law advisers proposed the following wording: Any public body including the Department of Social Development or designated child protection organisation managing the case of a child or a child youth care centre if such processing is necessary for the performance of their legal duties”. The Committee said that the provision should rather include “any public body or”, the Department of Social Development should be left out altogether. A member of the Committee expressed concern with clause 35 as well as the definition of ‘child’ in the Bill. It was proposed that clause 34 and 35 should be merged as they were of the same subject matter. It was agreed by the Committee that clause 34 should rather be made subject to clause 35.
Under clause 40 a Member of the Committee pointed out that the issue of appointments of public servants to the Regulator had not been resolved by the Technical Committee. The Member suggested that the appointment mechanism should be based on eligibility or it had to be made clear that there should be a requirement for a person from the civil service to resign upon appointment to the Regulator. Some Members of the Committee found Clause 40 (1)(d)(ii) to be confusing, there were several suggestions on what the appropriate wording should be. It was proposed that clause 40 (1)(d)(ii) it should either provide that there would be two part time and two full time members or that there should be four members with at least two being full time. The Committee decided that it should be made clear in clause 40 that the appointments of members of the Regulator should be via the National Assembly with the President confirming the decision.
At the start of the afternoon session, a representative from National Treasury presented the proposals to amend some clauses of this Bill to meet the concerns of the Financial Services Board. Only some had been discussed with the Department of Justice drafters. National Treasury (NT) requested, in respect of clause 11(1)(e), that “duty” should be replaced by “function”, and asked that a reference to “ statutory authority vested in a public body or in a third party to whom the data is disclosed” should be added. NT proposed that the same phrase, for the same reasons, was to be added also to clauses 12(2)(d), 15(3)(c) and 18(4)(c). It was asked that clause 59(2) be amended by addition of “or non compliance with a law”, to allow regulators to share information in relation to actions that were not actually “offences”, but where non-compliance may have important implications for effective implementation of the financial services legislation. In relation to clauses 37(1)(b) and 37(2)(c), there was a concern that disclosure may not include the interests of the public in general, and the amendments proposed referred to the general public interest. NT did not approve of the option included for clause 62(1)(d), and said that the reference to “a binding agreement” was problematic, and did not take account of the instances where only a Memorandum of Understanding (MOU) was in place. The same concern was raised for clause 77(1)(a), which also referred to “binding agreement”. NT stressed that MOUs were often used by regulatory authorities, and South Africa may not be able to fulfil its obligations under the International Organisation of Securities Commissions and International Association of Insurance Supervisors MOUs if only legally enforceable agreements were named. The Committee expressed some concerns that these proposals were brought only at this late stage, despite the fact that the provisions had been included in the Bill from the start. They enquired as to the process for amendment of the Financial Services legislation, and were assured that the final draft would be placed before this Committee before tabling in Parliament. The IFP Member was not happy with the further exemptions proposed, and questioned the reasoning behind the extension also to MOUs. ANC members were also of the view that the extension to third parties may be too wide, and both the ANC and DA questioned what type of information may be transferred, and between what parties. The Chairperson was not convinced that there was adequate reason given to amend clause 62(1)(d). The suggestion was made by an observer that it might be more appropriate for financial bodies to approach the Information Regulator for individual and specific exemptions, rather than granting a blanket exemption under the Bill, and pointed out that, in relation to clause 37, the Financial Services Board already should be taking a broad public interest into account. The Chairperson asked how many states, that were subject to the EU Directives, belonged to the bodies mentioned by NT. The concerns and further comments would be further considered by the Committee.
Members briefly discussed appointments of staff, including the principles behind secondment, whether time limits should be specified in relation to secondment, and whether appointments of an acting CEO should be made by the Regulator or present CEO, and the drafters agreed to amplify clauses 46 and 47. One alternative might be to insert a provision that the Regulator to establish policies around the management of its own affairs or administration.
The Chairperson opened the meeting and said that the Committee would pick up where it left off from the previous day’s meeting.
Mr Mark Heyink, Director at Information Governance Consulting (IGC) said that following from yesterday’s meeting; there were a number of states in the United States that had legislation dealing with privacy. The Federal Trade Commission (FTC) which dealt with the protection of consumer privacy had published a document in the area of rapid change where they stated that there was a need for Congress to consider and pass a Bill in this regard. Since the publication President Obama had put a Bill forward, this reflected a global movement to have uniform privacy laws internationally.
The Chairperson thanked Mr Heyink for the valuable information and informed Members that the Committee had ended the previous day’s discussions on clause 26.
Mr Henk Du Preez, State Law Adviser from the Department of Justice & Constitutional Development (DoJ&CD), said that the clause prohibited the processing of special personal information and provided a definition for special personal information. The general rule with regards to the processing of special personal information was that there was a prohibition on this however in clause 27 there was a general exemption. If a responsible party did not qualify in terms of the exemption under clause 27 then that party would have to consider the specific clauses that dealt with the processing of special personal information and determine whether they were exempt under those provisions. It was important to note that even if a data processor qualified for the processing of special personal information they still had to ensure that they complied with the general provisions for processing information. If a data processor still did not qualify then they could rely on clause 27(2) which allowed for the Regulator to be approached for permission.
Ms M Smuts (DA) said that she was concerned that where there was already a conviction under clause 26(b) and it was a public matter, it was not clear how one could prohibit the processing of that information. The Committee should keep note of clause 33 and determine whether it did not address my concern. Expungement of records was a whole different category that also had to be considered.
Mr J Jeffery (ANC) questioned whether it was necessary to have clause 26(b), the concept of criminal behaviour was so broad. Criminal convictions were factual whereas criminal behaviour was indeterminable. What was the international precedent on this, why should there be restriction on this?
Ms D Schäfer (DA) said that in her reading of the clause a journalist would be prohibited from reporting that somebody had done something relating to an offence for which they were charged in court.
Ms Smuts reminded Ms Schäfer that there was a journalism exemption for journalists who subscribed to a code of conduct.
Ms Ananda Louw, Researcher from the South African Law Reform Commission (SALRC) said that this clause came from Article 8(5) of the European Union (EU) directive as well as Section 2(g) and (h) of the United Kingdom (UK) Act. The information referred to in the clause was quite sensitive for the person concerned hence its inclusion.
Mr Jeffery said that it was interesting that the EU Directives were going for a provision that was tighter as opposed to wider.
Ms Louw said that in the EU, the specific areas that were seen as sensitive could be different in another country.
Ms C Philane-Majake (ANC) said that her worry was that criminal behaviour was based on allegations whereas criminal convictions were based on fact. What happened where there was an allegation made against a subject and they were cleared of any wrongdoing but the information had been processed already, how was the data subject protected?
Ms Smuts asked the Committee to consider expungements because it was entirely wrong to prohibit processing. There was a section in the Promotion of National Unity and Reconciliation Act (PRNUR) that would be relevant insofar as expungements were concerned. The Criminal Procedure Act (CPA) expungements were also not really that different. The suggestion for considering expungements was not going to affect the work of journalists or prohibit the processing of information.
The Chairperson asked where convictions were recorded.
Mr Du Preez replied that this was done by the South African Police Services (SAPS).
Dr M Oriani-Ambrosini (IFP) said that this was about the right to be forgotten. In the South African (SA) Constitution there was the principle of rehabilitative justice. A criminal record was already not publicly available in this country. Once a criminal’s debt to society had been paid it was important to not to have that specific personal information publicly available. The Bill’s provisions on criminal behaviour as opposed to criminal convictions were acceptable.
The Chairperson said that certain criminal records were in the public domain already and cited the Sexual Offences Register as an example.
Dr Oriani-Ambrosini said that the scope of application of the Bill had to be linked to commercial activities and exclude journalistic activity which would be in the public interest.
Ms Schäfer asked at what point information that related to convictions could be processed? There might be good reason for information relating to an arrest record to not be reported as there was risk that they might be abused however criminal convictions were fact and already existed in the public domain. Section 33 should cover anybody who legitimately tried to retrieve information contained in the Sexual Offences Register.
Mr Jeffery said that the EU was moving towards retaining criminal convictions, criminal behaviour was too wide. The criminal records held by SAPS were currently available to prospective employers. There were three proposed options in the Bill and for the sake of moving forward the Committee should choose the appropriate one. Personally, he felt that criminal records were already in the public domain and SAPS had an accessible register. All the other types of information had to be gleaned and were not factual such as sexual orientation, religious or political affiliations.
Dr Oriani-Ambrosini said for example there would be times where a person could plead guilty and
settle with say the South African Revenue Services (SARS) and thus have a consensual criminal record or they could be arrested for drunk driving but not convicted. This could impact a person’s life, the question before the Committee was: should such information be collated and made available to whoever wanted it?
Adv L Adams (COPE) proposed the deletion of the clause. Suppose that a case was not reported in the newspapers and it was ongoing, since journalists were excluded it meant that a private citizen could not post something about the person involved in the case on Facebook or on a blog. Trade union membership, political persuasion and biometric information were not part of personal information and perhaps this should be included.
Mr Du Preez said that if an agency that was responsible for criminal records was approached for bulk clearance certificates, there would still be a requirement for the consent of all individuals concerned to be obtained.
Dr Francis Cronje, Adjudicator for the Wireless Application Service Provider’s Association (WASPA) and Internet Service Provider’s Association of South Africa (ISPA) said that the Committee should not lose track of the purpose for which the information was being used. The EU was moving towards developing technology for removing records whether one googled it or not.
Ms Louw drew the Committee’s attention to clause 27(b) and said that the context of the clause was in line with the freedom of expression provision of the Constitution. Therefore any person acting in accordance with this provision would be doing so in accordance with the Section 16 of the Constitution.
Mr Jeffery disagreed with Ms Louw and said that the word ‘necessary’ served as a qualifier, so a person, before posting something on Facebook would have to feel that it was necessary to do so. Journalists were covered by the code and thus excluded; the problem was bloggers and private individuals. The concern with the EU Regulations was that they were too wide.
Dr Oriani-Ambrosini asked for more clarity on arrest records.
Mr Jeffery said that the Committee was going round in circles, there were three options on the table and the matter should be resolved now.
Ms Louw said that she did not want to belabour the point however freedom of expression also included the right to receive information and impart ideas.
Mr Jeffery said that he did not agree with this, what Ms Louw was saying was going to negate the whole thing if a person processed information relating to a person’s religious beliefs and then claimed that they were exercising their freedom of expression.
The Chairperson asked if processing included writing letters to the media and writing columns.
Ms Smuts said that this was the origin of her difficulty with the clause, the creation of artistic material and literature was not the processing of information as defined. Being a journalist was not processing as defined either. The intention for a law like this was to regulate computerised information stored in data banks.
Dr Oriani-Ambrosini said that the hard fact was that what Ms Smuts referred to was covered; processing information meant that there was a connection. Personal information included everything. The Committee had to carefully consider the exclusions as well as the scope of application of the Bill.
Ms Philane-Maajake said that the Committee should give more thought on the three options.
The Chairperson agreed.
Mr Du Preez said that there was a proposal which he would like to bring to the Committee’s attention. The word ‘important’ should be included before the words “public interest”.
Dr Oriani-Ambrosini said that nobody could judge as to what the public interests ought to be.
Mr Jeffery said that he thought that the clause was fine as it was.
Mr Du Preez said he took the point.
Mr Du Preez referred to clause 32(1)(d) and said that the state law advisers would like to propose different wording so as to align the terms used in the provision with the Children’s Act. The wording would be “Any public body including the Department of Social Development (DSD) or designated child protection organisation managing the case of a child or a child youth care centre if such processing is necessary for the performance of their legal duties”.
Mr Jeffery asked if the qualification of ‘public body’ was necessary given that DSD was a public body in any case. The question would be are the other types of organisations mentioned in the proposal public bodies, it would be ideal if they were covered as well. Should it not be “any public body or” and then the rest should be added with DSD left out altogether.
Mr Du Preez said that DSD could be excluded however the Children’s Act provided for designated organisations to go through an official designation process. If these organisations were formally designated, they would then qualify under ‘public body’ in terms of the definition.
Mr Jeffery suggested that the drafters should look at this further with public body stated upfront and then whatever else that might not be covered.
Mr Du Preez said that this clause was a general repetition of what was already in clause 27 except that there was a proposal for a new paragraph 9(e) which should be included which would be similar to clause 27(1)(e) to the extent that the information would have been deliberately made public by the data subject.
Ms Schäfer said that she had concerns with the clause as well as the definition of ‘child’. A child could have an abortion at twelve years old yet could not give consent for the processing of their personal information in this Bill?
Mr Du Preez said that this was exactly the concern that the drafters had. The definition in the Bill said that a child was not a person who was competent to transact without the assistance of a competent person. This was done on purpose because it would have been impossible to try and provide for all the age limits specified in all the different pieces of legislation. The definition of ‘child’ in the Bill was saying that if one had competency for the transaction itself then they also had competency for their personal information being processed. If a responsible party was not able to comply with clause 35 then they could apply to the Regulator. The Regulator may authorise the processing if it was in the public interest or if adequate safeguards were provided. The Regulator may also impose conditions for the processing. There should be an omission of the word ‘express’ in clause 35(1)(d)(ii) as well as clause 27(d)(ii) for the sake of clarity.
Adv P Holomisa (ANC) said that the headings for clause 34 and 35 should be the same as they were on the same subject matter. Could the two clause not be combined.
Mr Jeffery suggested that the two clauses should not be combined but Adv Holomisa’s suggestions must be taken into account so that clause 34 was subject to clause 35.
Adv Holomisa agreed.
Ms Smuts said that the issue of appointments of public servants to the Regulator was not resolved by the Technical Committee. The appointment mechanism should be based on eligibility. It has been the ANC’s position that public servants and Members of Parliament (MP’s) were eligible if they resign from their current posts. It has to be made clear that there should be a requirement for a person to resign upon appointment.
Mr Du Preez referred the Committee to clause 40(1)(g) and said that there was no need to have a proviso as requested by Ms Smuts as the provision was clear; a person may not be a member of the Regulator if they were a public official.
Mr Jeffry also thought that the clause was clear; the wording was taken from other legislation as well.
Ms Philane-Majaake referred to clause 40 (1)(d)(ii) said that it was a bit confusing, should it not be specified that there would be two part time and two full time members.
Mr Du Preez said that the intention was to have discretion for the appointment of at least two full time members however they could be more than two as well. The appointment of members had to be fluid in order to accommodate any resource requirements.
Ms Schäfer said that the provision should specify that there should be four members with at least two being full time.
Adv Holomisa suggested that clause 40(1)(d)(ii) should include the word ‘may’ after ‘members’.
Ms Schäfer said that this covered her suggestion which was four members, two of which should be full time.
Mr J Sibanyoni (ANC) said that the ‘and’ in clause 40(1)(d)(i) meant that it was a plus.
Ms Louw suggested that the discretion of deciding whether a member should be part time or not should be left to the President otherwise who would decide?
The Chairperson said that the National Assembly (NA) would decide.
Ms Smuts said that the decision should not be left to the President, the last time the NA tried to fill the positions of Commissioners for the South African Human Rights Commission (SAHRC) President Mbeki simply did not make the appointments.
The Chairperson referred to clause 40(2)(a) and said the President would decide on recommendation from the NA.
Adv Holomisa suggested that when the candidates were being interviewed they should indicate whether they would be available on a full or part time basis. The recommendation to the President would also have indications of the availability of the candidates; the President would then decide whether members would be full or part time.
Ms Schäfer said that recommendations could not be made on the basis of people’s availability; the fact that the Committee was not decided on this meant that the provision was not clear and it had to be tightened up. Recommendations had to be made on the basis of the needs of the Regulators.
The Chairperson indicated to the drafters that it should be made clear in the provision that the President would effectively rubber stamp the decision of the NA.
Mr Jeffery asked where clause 41(2)(c) came from.
Mr Du Preez said that he could not recall but he would look at it.
Ms Philane-Majaake said that the DoJ&CD should be responsible for setting the remuneration of members of the Regulator.
Ms Smuts said that new bodies that were being created by statutes including Chapter 9 Institutions should be included in the new regime that was being set up for purposes of determining re-numeration.
Mr Jeffery said that in the original Bill remuneration was set by the Minister of Justice together with the Minister of Finance, this was the standard format. Perhaps the Committee should revert to the original formulation.
Ms Adams said that her understanding was that the Regulator was not the same as the Chapter 9 Institutions, why were the members of the Regulator not considered as civil servants?
Ms Smuts said that there were bodies which were constitutionally independent however when one created statutorily bodies some still had to maintain a certain degree of independence. The appointment and removal mechanism of Chapter 9 Institutions has been used for statutorily created bodies. Independence from the executive was a necessity for some statutory bodies and this also meant that members of such bodies would not be drawn from the civil service.
Ms Philane-Majaake said that it would be critical to carefully consider the remuneration package of staff members starting from the Chief Executive Officer (CEO).
Dr Oriani-Ambrosini said that one of the other reasons why members of the Regulator should not be drawn from the civil service was that they would have to be extra-ordinarily smart.
Ms Smuts agreed and said that if enough money to hire technically astute persons was not given to the Regulator then how would the Regulator be smart enough to know what information processors were getting up to. There was a real problem in this country with security networks and people’s information being misused. Technically skilled personnel came at a high cost.
Mr Jeffery referred to clause 46(7) provided for what Ms Smuts was talking about. The provisions in the clause were important and addressed Member’s concerns.
The Chairperson said that the Committee would stop here for now and continue after lunch.
This was the end of the morning session
At the start of the afternoon session, the Chairperson indicated that National Treasury, following discussions with the drafters from the Department of Justice and Constitutional Development, had prepared a list of the amendments that the Financial Services Board (FSB) had suggested might address that body’s concerns. He asked whether Members would wish to hear a presentation on those amendments now.
Mr du Preez noted that he had not had a chance to study that document and could not give comment at this stage.
Members briefly noted their concern that it was only at this late stage of deliberations on the Bill that the proposals were being made. The clauses on which the FSB were now expressing concern had been in the Bill from the start so they were not new concepts. The FSB made a submission at the public hearings, and a further one to the Technical Committee in October 2011. However, it was noted that the FSB’s initial request for a full exemption was no longer being pursued. Members, despite these concerns, suggested that the National Treasury representative should be allowed to take the Committee through the proposed amendment.
Ms Jeannine Bednor-Giyose, Director: Financial Sector Regulation and Legislation, National Treasury, expressed appreciation for the opportunity to engage on the Bill. There were a number of provisions that had been discussed with Mr du Preez and Ms Louw, and the preliminary indication was that some may be able to find support from this Committee. She stressed that the FSB had raised the concerns because it may be, from time to time, required to process personal information.
She noted that the proposals (see attached document) were set out in two parts. The proposals listed as A1 to A5 had already been raised in discussion with the Department of Justice and Constitutional Development (the Department) drafters.
The first request was that clause 11(1)(e) be amended. Firstly, the word “duty” should be replaced by “function”. Secondly, it was proposed that the phrase “or in the exercise of statutory authority vested in a public body or in a third party to whom the data is disclosed” should be added. She noted that this would reflect the mandate and function of regulatory bodies and the range of their work, which might require those bodies, or third parties, to share personal information. She explained that FSB felt that the powers did need also to be extended to “third parties”. A similar principle underpinned the request to amend clauses 12(2)(d), 15(3)(c) and 18(4)(c), in all of which it was proposed that a new subparagraph be added with the words “in the exercise of statutory authority vested in a public body or in a third party to whom the data is disclosed”. All related to the sharing of information as mandated to the bodies mentioned.
Ms Bednor-Giyose noted also a request to amend clause 59(2), to add in the words “or non compliance with a law”. She pointed out that, as presently worded, the clause made reference only to processing of personal information to detect “offences”. In certain instances a financial body or regulator may need to share information in relation to actions that were not actually “offences”, but where non-compliance may have important implications for effective implementation of the financial services legislation. The addition of these words would ensure that the authority could act legitimately in order to ensure appropriate implementation.
Ms Bednor-Giyose then moved on to amendments proposed that had not yet been discussed with the Department’s drafters. There was a concern, in relation to clause 37(1)(b), that disclosure as specified at the moment may not include the interests of the public in general, and the financial regulators should, in her view, be able to consider impacts upon the public in general. There should be greater reference to members of the public to give more effective protection to Regulators who needed to take action and process information in a general public interest. A similar concern underlay the proposal for clause 37(2)(c). She highlighted the proposed changes (see attached document).
Clause 62(1)(d), in the present Seventh Working Draft Bill, contained an option. The FSB had expressed concerns that there was sometimes a need to transfer information to certain Regulators in other jurisdictions, particularly in Africa, where appropriate legislation might not be in place. The reference to “a binding agreement” was problematic. There might be instances in which only a Memorandum of Understanding (MOU) was in place, but not adequate protection laws or binding agreements. The same concerns related to clause 77(1)(a), which also referred to “binding agreement”. For these reasons the FSB and National Treasury felt that there should be allowance made for MOUs to be regarded as acceptable. She expanded that MOUs were often used by regulatory authorities, and South Africa, through the representation of the FSB, had signed the International Organisation of Securities Commissions' (IOSCO) MOU, as well as one with the International Association of Insurance Supervisors (IAIS). In order to become a full signatory of the IOSCO, South Africa had to ensure that it had the right enabling legislation to allow exchange of public and non-public information. At the time that South Africa became a member of IOSCO, there were no blocking provisions in its domestic legislation. However, this Bill, through the currently worded provision, changed the situation. She stressed that the MOU contained adequate protection in respect of use of the information and keeping it confidential. However, that MOU was not necessary “legally enforceable” and there was a concern that if the Bill in its current form was passed, making reference to binding agreements only, South Africa’s membership of the IOSCO could be terminated. South Africa would also not be compliant with the international cooperation standards and recommendations set by G20 countries and the Financial Stability Board. South Africa would face serious reputational harm, particularly in relation to other African regulatory authorities, if the FSB was precluded from sharing information under the terms of MOUs.
The Chairperson asked if it was proposed that section 28 of the FSB Act was to be amended, how far that process was, and how it would affect the proposed powers of the Regulator under this Bill. He noted the difficulties when parallel processes that could each have an effect on legislation were being carried out in more than one portfolio committee.
Ms Bednor-Giyose replied that a public participation process had been held, and drafting was ongoing, although the legislation was still to be tabled. The drafters of the Financial Services amendment legislation (the FS Bill) were taking the provisions of this Bill into account, and had noted this Committee’s concerns in relation to the impact on the Information Regulator. Every attempt would be made by the drafters of the FS Bill to ensure that the fears were allayed. The amended FS Bill would be placed before the Committee for comment prior to that legislation being tabled, and she hoped that what was finally drafted would prove acceptable to this Committee.
Dr Oriani-Ambrosini said that in relation to the first three amendments, it was assumed that the processing of personal information was a problem. However, he was not comfortable with the extension that National Treasury was proposing. There was a duty, and what was being proposed would amount to a blanket exemption on all government activities. The greatest threat to the type of interest that this Bill sought to protect came from government, not the private sector. Clause 59(2) also concerned exceptions, in relation to breaches of the law. The expansion that National Treasury proposed was akin to changing the meaning from “must” to “may”, and he was very concerned about the notion of non-compliance with the law. Either the law was breached, or it was not, and to extend the regulatory function to any branch of government would be too large a jump. He had not had time to consider all the proposals, but both B3 and B4 related to MOUs. He pointed out that, in terms of both international and domestic law, MOUs may or may not be binding agreements; whether they were depended on the specific terms contained in that MOU, and not on its caption. A reference to a “binding agreement” would cover MOUs that were binding. If the notion of extending this to “non-binding” information was introduced, this would imply a notion of transferring information where there was no actual legal duty.
Mr Jeffery was concerned about the first set of amendments. Whilst he did not have a problem with changing the word ”duty” to function”, this was a condition for processing information. He was worried about including “a third party” to whom the data was disclosed, which he thought was too wide. He thought that it was not correct for the FSB or other statutory bodies to be empowered to disclose information to third parties. He did not have a problem with the amendment proposed under A5. He thought that the proposal for clause 37 was very wide. In respect of clause 62(1)(d), he understood that an MOU was not a binding agreement, but set out broad principles of agreement, with contracts to be drafted later.
Mr Jeffery asked what sort of personal information that was transferred between countries caused concern to the FSB. This was not information under clause 6(b), that had been de-identified. He wondered what harm the proposal was intended to avoid. In relation to clause 62 and 77, he asked what the banks in the more developed economies had been doing to address the concerns that the FSB may have.
Ms Smuts agreed with Mr Jeffery that it was necessary to hear what type of personal information would be transferred. The FSB had conceded that MOUs were not legally enforceable. She wondered if the proposals arose from an excess of caution or whether the FSB was trying to add something on, in the first set of amendments. Clause 11 already contained exceptions in relation to obligations imposed by law. She asked if the intention was to go wider than that. She wondered how the exercise of a statutory body’s functions could be wider than a legal obligation, and whether it was intended that the third party would also be vested by authority by statute; if so, then she thought this was already captured.
The Chairperson referred to clause 62(1)(d),and said the responsible party must obtain prior authorisation before transferring special personal information, or the personal information of children, to a third party in a foreign country that did not provide an adequate level of protection for processing of personal information Without adequate reasons being provided for the amendments now proposed by the National Treasury, this Committee would be unwilling to remove that requirement and onus.
Mr Francis Cronje, Founder, franciscronje.com, said that one of the main reasons for clause 37 was to provide exclusions. He wondered whether it would not be more appropriate, rather than amending the sections, for financial bodies rather to approach the Information Regulator and ask that specific exclusions should be made applicable. If the amendment was accepted, other responsible parties would also be able to claim that they had MOUs, and, as pointed out, those were not binding, which may lead to the whole purpose of the binding agreements being lost. He questioned if it was necessary to interfere with the framework. He reiterated that in h his view, it would be more appropriately dealt with by a separate application to the Regulator. He knew that the FSB had MOUs to do international transfers, but to apply this principle to the Bill would also affect every other responsible party. In relation to the proposals for clause 37(1)(b), he thought that this was partially covered by the reference to looking at the public interest that was set out in clause 37(1)(a). The FSB also in any event had to look at the economic and financial interests of the country.
Ms Bednor-Giyose responded that the information to be exchanged would be personal information relating to individuals, and, particularly if those individuals were directors, the type of conduct that may impact on their fitness to hold office as directors. It might also include information about the institutions themselves, more generally. The sharing of information would take place between regulators only, not banks or private institutions in other countries. She did not want to over-emphasise information on criminal conduct, but noted that it would involve conduct of individuals in relation to financial sector legislation, or contraventions that would render them not appropriate to carry out functions as directors.
The proposals set out under A1 to A4 set out the principle that it must be recognised that the regulators were authorised and mandated to carry out functions in terms of their legislation, and must be able, as part of that function, to share information where this was permissible. The reference to “a third party” was not such a critical part of the proposal, but it was more important to ensure that regulators were able to carry out all functions. She said that she would be amenable to the Committee making proposals to adjust some of the proposed wording, as it saw fit.
In relation to the points on the MOUs, Ms Bednor-Giyose noted that the status of MOUs was frequently debated. The types of MOUs entered into in relation to IOSCO and International Association of Insurance Supervisors may not be enforceable in an international court, but did have substantial diplomatic and representational impact on states. If reference was made only to “binding agreements”, there was concern that those MOUs might not be included. Ultimately, states should be putting appropriate legislation in place, but in the meantime existing agreements should be covered. She indicated that the current wording of the Bill might have a negative impact on participation by South Africa in the future, if all agreements were not captured.
Ms Bednor-Giyose understood the concerns of the Chairperson In respect of the deletion of clause 62(1)(d), but suggested that perhaps the concerns about deletion could instead be addressed by including a reference to MOUs also in that clause. In answer to the suggestion from Mr Cronje, she said that it would be preferable to set out clearly what the regulators could do, rather than to allow a multiplicity of separate applications to the Regulator. Nothing could be anticipated in legislation, but at the same time undue reliance should not be placed on allowing applications for exemption, other than in circumstances not anticipated in advance, as this was not desirable for overall effective implementation of the legislation.
The Chairperson followed up on the example that Ms Bednor-Giyose had given about the type of information that would be sought. He had understood that this was handled by the Financial Intelligence Centre (FIC), and he wondered if the FSB had a relationship with that body.
Ms Bednor-Giyose said that the FSB was involved with the FIC in certain inspections and on-site visits, and assisted in ensuring compliance with the FIC Act.
Dr Oriani-Ambrosini said that these comments were fairly general. He pointed out that it was quite easy to ascertain whether an international agreement was binding or not. The Committee had been assured, more than once, that the legislation was vital, although everything appeared to be working satisfactorily at the moment, and South Africa did not have any difficulty transferring or receiving information although legislation was not in place. This raised the question of why the legislation was being proposed. In relation to the type of information that would be sought, he was concerned that if government or anyone else could collect information on suitability to hold office, and process it outside the current parameters of this Bill, and transfer it to countries abroad, this was potentially very damaging. He thought that no more exemptions should be given.
Ms Bednor-Giyose understood the point being made and said that when South Africa entered into agreements, it must be fully aware of its obligations and must recognise the importance of fulfilling them. It must, however, also be recognised that there were debates on the precise legal nature of certain types of agreements, and that although there may be clarity on the obligations of the parties, there was less certainty whether the whole agreement was “binding”. In order to reduce the scope of debate in relation to those agreements, it was proposed that reference be made also to MOUs. When South Africa became a signatory to international agreements, it was assumed that it would be able to appropriately share public and non-public information with other signatory bodies. She reiterated that some of those bodies with whom it must exchange information did not have the standard of legislation that would be deemed adequate. If non-binding agreements were not included, South Africa may not be able to implement its current obligations in terms of IOSCO and the IAIS. If the MOUs were specified, then there would not be difficulties in South Africa fulfilling its obligations.
The Chairperson said that on the previous day the Committee had discussed why the EU played such an important role. He asked how many EU states belonged to the two bodies mentioned. It was the EU who was demanding that this legislation be in this form. He was concerned that if the FSB's concerns were included, the Bill might fall foul of the EU Directives and not meet the EU’s adequacy test.
Ms Bednor-Giyose said that, as far as she was aware, EU states belonged to these bodies, but she would provide confirmation later. She agreed that the Directives' standards must be adequately provided for. Her proposal aimed to address both the FSBs concerns on IOSCO and IAIS, as well as meeting with the requirements around data protection.
Mr Heyink thought that the FSB would have been seized with the matter for some time, and therefore asked if the relationship between the Financial Services Authority and the UK privacy laws had been researched by the FSB. He had not come across any instances where similar exemptions or treatment were given in the UK, but wondered if any dispensations had been given by the Commissioner in that country.
Dr Oriani-Ambrosini said that a debate on the binding nature of agreements had implications on whether there were indeed obligations imposed under such agreements. Most MOUs were created to impose obligations on entities to do whatever they could, within their own statutory obligations, to help other parties. For instance, information for immigration purposes could be exchanged. If that type of discretion had to be expanded, it should only be in respect of something that was an international-law type of agreement, not a cooperation agreement. It was particularly important, in relation to financial information and conduct, to exercise caution.
Ms Schäfer said that it was not desirable to have personal information disclosed to another country that did not have the same safeguards. If there were sufficient safeguards, then bodies should persuade the Regulator of this, as suggested by Mr Cronje. She was not in favour of a blanket approval
Mr Cronje said that the Financial Services Authority, in the UK Data Protection Policy, made reference to the fact that it would not transfer personal information to another country that did not have adequate data protection legislation in place. He feared that if South Africa's data protection legislation was to be amended as suggested by National Treasury, it could give rise to problems.
The Chairperson said that all comments would be considered, and thanked Ms Bednor-Giyose for this input.
Ms Smuts said that the Committee should deal with the matter urgently and revert on the proposals as soon as possible.
Ms C Pilane-Majaka (ANC) agreed that further debate was necessary, as the Committee would need to determine what obligations may be affected.
Ms Bednor-Giyose was excused, and the Committee proceeded with further debate on the Bill.
Mr Holomisa sought clarity on the statement that Parliament would be responsible for determinations of the benefits and privileges of the Regulator. He asked where the budget would emanate and who was responsible for it.
The Chairperson noted that there was likely to be a re-think of that point.
Ms Smuts said that, earlier in the meeting, the point was made, under a broader discussion on independence, that Parliament would vote the money but the appropriation process would sit under the Ministry of Justice for the moment.
Mr Jeffery thought that consideration was to be given to reverting to the phrase “the Minister, in consultation with the Minister of Finance”.
Ms Smuts said that she had provided examples of documentation from the South African Human Rights Commission (SAHRC) that illustrated that members and staff must be independent. Clause 46 dealt with appointment or secondment. She was concerned with clause 46(1)(a), relating to officials seconded from the public service. She did not agree that the Chief Executive Officer (CEO) should be a seconded officer. Subclause (b) referred to other members who may be seconded. She felt that the only circumstances when this could be done was the option she had proposed earlier.
Mr du Preez said that this formulation was proposed for specific reasons, and agreed that the options should be kept open for secondment of personnel. It was never intended to “crowd” the Regulator with civil service staff, but this was something that had been used before, in relation to independent bodies. He quipped that he himself had been the first Secretary - for one day - of the SAHRC. It might be that no CEO had been appointed when the first meeting of the Regulator was called, yet it was necessary to ensure that administrative assistance was available. As soon as the five members were appointed, they would have to set up the office as quickly as possible and start working. All independent bodies had to have assistance from good administrators, from the start, particularly in relation to financial matters, bookkeeping and purchasing. The intention of this clause was to build in a mechanism to ensure that the Regulatory board could “hit the ground running”.
Ms Pilane-Majaka agreed that administrative support was crucial and was happy with that provision. However, she would like to see something more specific about the timing.
Ms Schäfer wondered if it should not be specified that the appointment, if it was necessary, should be limited to a certain time, and the position filled permanently as soon as possible.
Mr du Preez agreed.
The Chairperson asked why it was assumed that the Regulator could not “grow” into the function, instead of setting up a huge bureaucracy from the outset. He noted that some bodies in other countries had grown from a very modest beginning.
Mr Holomisa said that the Public Finance Management Act (PFMA) specified that the Board of an entity would be the accounting authority, but also anticipated that a CEO, once appointed, would be an Accounting Officer. He thought that the Regulator would thus have to decide whether it needed a CEO immediately. If it did, then it might be necessary to have someone seconded from the public service, and it should be regarded as only a temporary secondment. He would be reluctant to close avenues that would allow the Regulator to set itself up properly, and suggested, although he was not entirely sure about the timing, that perhaps a year would be adequate. He reminded Members that the secondment would also negatively affect the department from which the secondment was made.
Dr Oriani-Ambrosini asked whether a person seconded could have the option to make application to be appointed as a permanent CEO.
Ms Schäfer suggested that the words “as soon as reasonably possible” be inserted, so that this was not an open-ended arrangement.
Mr du Preez asked if, under subclause (6A)(b), the secondment should be linked to the establishment of the Regulator's own administration.
Ms Pilane-Majaka suggested that secondment should not create any expectations in relation to time periods, or final appointment.
The Chairperson indicated that the Regulator would have to advertise.
Ms Smuts added that the secondment would be done by the Minister, although it would be at the request of the Regulator.
Mr Holomisa reiterated that there was a difficulty in that the Committee did not know what factors would influence the operations. The body had to be independent, but at the same time must be able to get expertise to allow it to run properly, which was the reason for secondment. He reiterated that perhaps one year be specified, with a proviso that this period could be extended, although not indefinitely.
The Chairperson liked an earlier proposal that this should be included in the transitional arrangements. He asked for clarity on clause 46(5).
Mr du Preez confirmed that the decision would be taken “after consultation”.
Mr du Preez outlined what the powers, duties and functions of the CEO would be. It was noted that the CEO was accountable to the Regulator.
Ms Smuts had a difficulty with the CEO appointing his or her own substitute. She felt the Regulator should appoint a stand-in CEO, whether for a short or long period. There was reference to this in both clause 47(b) and 46(2)(a), although clause 46(2)(c) referred to the Regulator making a longer appointment.
Mr Jeffery agreed that clauses 46(2) and 47(b) appeared to repeat the issue. He made the point that in practice, in the public service, whenever an official was not in office, his or her responsibilities must be assigned to another person. This contemplated two situations; one where the CEO had resigned or was ill, meaning that an Acting CEO had to be appointed for a length of time, and the other where the CEO was temporarily absent. The purpose of the second appointment was that the Regulator would not cease operations if the CEO was attending a conference for a week or so. It was desirable to have the CEO appoint a substitute in the latter instance, or delegate responsibilities for a short time. However, he agreed that for longer substitute appointments, the Regulator would need to appoint.
Ms Smuts took his point, but said she had never seen this written into legislation. She thought that it was only necessary to say that the Regulator would appoint a substitute, which would mean that it was not necessary to draw distinctions such as “longer” periods.
Mr du Preez noted that there was statutory authority for the short-term situation. In footnote 76, it was noted that there was a duplication, and that the content of clause 46(2) would probably need to be moved to clause 47. The Committee would need to consider if it was necessary to have a differentiation between temporary and longer appointments.
Ms Schäfer thought that it was unlikely that an organisation could not operate for a few days without a CEO. It was also possible for the Regulatory board to speak via teleconference.
Dr Oriani-Ambrosini thought that there was a danger of the Regulator politicking if that body had to make every temporary appointment. He thought that it was appropriate for the CEO to appoint a replacement, particularly since the CEO still bore ultimate responsibility. He cautioned, as an aside, that this Committee should be stern about allowing CEOs to undertake endless international travel and conference-attendance.
Ms Pilane-Majaka said that she was sure that internal rules would be drawn and agreed that the CEO should make short-term appointments. It might be appropriate for the Chief Financial Officer, for instance, to be appointed temporarily, depending on what needed to be done. If the Regulators' members could not be brought together, it was up to the CEO to run the office.
Ms Louw said that the original clause 46 referred to appointment of staff under the Public Service Act, but this had to be changed. The Regulator would have to implement policies to cover what was normally in the Public Service Act and Regulations.
Mr Holomisa wondered why it was necessary to include the appointment in the legislation at all. He believed that in practice absence of the CEO should not mean that the work would cease, as that person would always be contactable. He assumed, therefore, that the reference to “absence” meant absence for an extended period, in which case the Regulator should be able to appoint an acting CEO. Another senior official should always be able to take over the work of the CEO in other cases.
Mr du Preez suggested that a possible alternative would be to insert something in the General Powers provision, for the Regulator to establish policies around the management of its own affairs or administration.
The meeting was adjourned.
- We don't have attendance info for this committee meeting