Abstract

In European Union (‘EU’) law, the entrenched right to data protection is an  independent fundamental right. EU case law has gradually disconnected the right  to data protection from the right to a private life. South Africa’s first exclusive  data protection legislation, the Protection of Personal Information Act 4 of 2013  (‘POPIA’), is redolent of EU data protection legislation. However, the stated purpose  of the POPIA is to give effect to the right to privacy. This article examines whether  the laws of data protection can be wholly encapsulated within s 14 of the Constitution.  To this end, this article considers two main conceptions of privacy in our law.  The first is Neethling’s informational privacy and the reasonable expectation of privacy.  The second is Rautenbach’s theory of informational control over personal matters in  relation to other rights. On either approach, I argue that the substantive provisions  of the POPIA are irreducible to privacy protection alone. Ultimately, framing  the POPIA exclusively within the domain of privacy will either (i) unduly restrict  legislative interpretation; or (ii) the true meaning of privacy will be diluted, leading to  legal uncertainty. To avoid this, I suggest distinguishing between the value of privacy  in the POPIA and the actual loss of privacy.