With the Protection of Personal Information Act (Popia) coming into effect on tomorrow, these company websites are at risk of facing fines of up to R10 million for each breach. At the same time, their executives could be jailed for ten years, Rogerwilco's research shows. Photo: stock
With the Protection of Personal Information Act (Popia) coming into effect on tomorrow, these company websites are at risk of facing fines of up to R10 million for each breach. At the same time, their executives could be jailed for ten years, Rogerwilco's research shows. Photo: stock

75% of SA’s top websites risk R10m fines for Popi non-compliance - Rogerwilco

By Supplied Time of article published Jun 30, 2020

Share this article:

JOHANNESBURG - Research by digitally-led marketing agency, Rogerwilco, indicates that only 25 percent of South Africa’s most popular websites have pop-ups that explicitly ask visitors for consent to collect data about their browsing activity. 

With the Protection of Personal Information Act (Popia) coming into effect on tomorrow, these company websites are at risk of facing fines of up to R10 million for each breach. 

At the same time, their executives could be jailed for ten years.

While 90 percent  of the sites do have a cookie policy, this is often hidden away, either in a notice in the website’s footer or buried elsewhere. The company websites investigated that don’t have an automated pop-up include Unisa, Takealot, World Sports Betting, Price Check, Vodacom, Private Property, Autotrader, Computicket, Zando, Clicks, Mweb, Fly Safair, Pick n Pay, Tsogo Sun Hotels, Department of Employment and Labour and SA Revenue Service, amongst others.

According to Rogerwilco chief executive, Charlie Stewart, “Popi requires that organisations take reasonably practicable steps to ensure that consumers know which of their personal information is being collected and for what purpose.”

While there is confusion as to whether or not South African websites need to ask visitors for their content to track them, Popi is largely based on the EU’s GDPR privacy bill, which requires people to ‘opt-in’ if tracking is applied.

“The penalties for non-compliance with Popi are significant, but fortunately, a 12-month grace period will apply during which organisations can get their house in order,” said  Stewart.

He said, “The most shocking outcome from this research is that two years on from Cambridge Analytica, a scandal that changed the world, brands continue to play fast and loose with consumers’ data.

The debate must move beyond paying lip service to the legal compliance requirements and into a space where companies recognise that they need to restore consumer trust. Policies are not there to make the life of the marketers harder, but the experience of the customers better.”

What are Cookies?

Cookies are text files that are stored on your device each time you visit a website. They store information about your activity which companies use to improve your interactions with websites. For example, if you log onto a website that uses cookies and you revisit it later, the cookies ensure that the website ‘remembers’ your information such as login and password, format settings, and website sections/pages/items viewed. This data is also sold to advertisers, which is why ads relating to a product that you previously searched for appear on other sites you visit.  

About the Research

Rogerwilco conducted the research on Friday, June 26. Analysts visited each of the websites listed on Moz’s list of the country’s most popular local sites (this listing stripped out international websites visited by South Africans such as Google and Facebook). Sites were accessed in incognito mode to ensure cookie consents provided during previous visits would not apply.


BUSINESS REPORT 

Share this article: