Huge crackdown on spam calls and messages in South Africa
Spam messages and calls are a major irritation for many South Africans, but the Information Regulator is stepping up its efforts against non-complaint direct marketers.
On 27 February 2024, the Information Regulator announced that it issued its first enforcement notice to FT Rams Consulting (the company) due to a direct marketing complaint.
The complainant argued that it received countless spam messages despite multiple requests to opt out of receiving such communication.
The Information Regulator said that the company had contravened section 69 of the Protection of Personal Information Act of 2008 (POPIA) and issued the company with an enforcement notice.
The enforcement notice said that the company must immediately stop sending direct marketing messages to the data subject, as well as:
- Procure consent from data subjects to receive direct marketing communications by way of a consent form prescribed by the Information Regulator.
- Only procure consent from data subjects who had not previously already withheld consent.
- Compile and maintain a database of all data subjects who had previously withheld or did not consent to receiving unsolicited direct marketing messages, and submit the database to the Information Regulator.
The company was given 90 days to comply, and failure to do so would constitute an offence that carries a minimum sentence of 10 years’ imprisonment, a fine of R10 million, or both a fine and imprisonment.
Broader context
Tayyibah Suliman and Zachary Kokosioulis from Cliffe Dekker Hofmeyr said that the statement shows that the Information Regulator will no longer tolerate non-compliance with POPIA requirements in terms of direct marketing.
Section 69 of POPIA gives two distinct processes for companies that engage in direct marketing.
Direct marketing is allowed for existing customers if an organisation acquires the customer’s contact details in the context of a sale and promotes similar products or services. However, there must still be a process for opting out.
For non-customers, direct marketers can only contact a subject once to request consent to opt in for any unsolicited direct marketing.
“The Information Regulator’s reference to fines and imprisonment in relation to section 69 is indicative that flagrant breaches of POPIA by direct marketers will no longer be accepted without consequence,” the experts said.
“This shift will require organisations to re-examine policies and procedures on direct marketing and ensure that client relationship databases are more strictly managed.”
“It is important to note that the intention is not to prohibit direct marketing but instead ensure that it is managed proactively and responsibly. The Information Regulator has committed to providing more guidance on this in due course.”
Although it is unlikely that this will eliminate the influx of spam calls, consumers now have greater power to hold direct marketers accountable.
Read: Private businesses cough up millions to help government fix South Africa