INTRODUCTION

The Protection of Personal Information Act 4 of 2013 (“POPIA”) came fully into effect on 1 July 2021. Its primary purpose is to regulate the processing of personal information in a manner that gives effect to the constitutional right to privacy. POPIA plays an important role in protecting children in the digital environment, particularly as increasing numbers of children use social media platforms such as TikTok, Instagram, and Facebook.

As children’s online participation continues to grow, concerns regarding privacy, cyberbullying, online exploitation, and the misuse of personal information have become increasingly significant. POPIA was enacted to regulate how personal information is collected, used, stored, disclosed, and protected. The Act affords special protection to children, recognising that they are particularly vulnerable and may not fully appreciate the risks associated with sharing personal information online.

Through its requirements and safeguards, POPIA seeks to create a safer digital environment for children while holding organisations and online platforms accountable for the protection of personal information.

THE RESTRICTION ON THE PROCESSING OF CHILDREN’S PERSONAL INFORMATION.

Section 34 of POPIA generally prohibits the processing of the personal information of a child. However, section 35 provides certain exceptions, including circumstances where consent has been provided by a competent person, such as a parent or legal guardian, or where another lawful ground for processing applies.

In practical terms, this means that organisations and online platforms must carefully consider whether they are lawfully entitled to collect and process information relating to children, including names, photographs, contact details, location information, and other identifying data.

POPIA further requires that personal information be collected for a specific, explicitly defined, and lawful purpose and that it not be retained for longer than is necessary to achieve that purpose.

Social media companies and other organisations therefore have a responsibility to ensure that children’s personal information is not collected or used unfairly, unlawfully, or in a manner that could expose children to harm, exploitation, identity theft, or other risks.

DUTIES ON ORGANISATIONS DEALING WITH CHILDREN

The Act also promotes transparency and accountability. Responsible parties, being the persons or organisations that determine why and how personal information is processed, must take reasonable steps to ensure that data subjects are aware of the collection and use of their personal information.

They are also required to implement appropriate technical and organisational measures to safeguard personal information against loss, damage, unauthorised access, disclosure, or cyberattacks. These obligations are contained primarily in sections 18 and 19 of POPIA.

These protections are particularly important in the context of children, who may struggle to understand lengthy or complex privacy policies.

Where organisations fail to comply with the Act, they may face regulatory action by the Information Regulator, civil liability, administrative fines, or other legal consequences.

THE RIGHT TO PRIVACY

Although South Africa has not yet produced a substantial body of reported case law dealing specifically with POPIA and children’s use of social media, South African courts have consistently recognised the importance of the constitutional right to privacy. This protection is particularly significant in relation to children, whose best interests are regarded as paramount under section 28(2) of the Constitution of the Republic of South Africa. The constitutional principle that a child’s best interests are of paramount importance supports the objectives of POPIA and reinforces the need for heightened protection of children in digital spaces.

POPIA does not operate in isolation. It forms part of a broader legal framework that includes legislation such as the Children’s Act 38 of 2005 and the Cybercrimes Act 19 of 2020. While POPIA focuses primarily on the protection and lawful processing of personal information, these statutes address other forms of online harm, including cybercrime, harassment, exploitation, and the protection of children’s rights. Together, they contribute to a comprehensive framework aimed at safeguarding children both online and offline.

In conclusion, POPIA is an important piece of legislation that helps protect children on social media by regulating the processing of their personal information. The Act restricts the circumstances in which children’s information may be processed and imposes obligations on organisations to act lawfully, transparently, and responsibly. While challenges remain in ensuring effective online safety and enforcement, POPIA provides a strong legal foundation for protecting children’s privacy, dignity, and best interests in an increasingly digital world. As technology continues to evolve, these protections will remain essential in ensuring that children can participate in online spaces more safely and securely.