In March 2018, news broke of how British political consulting firm, Cambridge Analytica, used the personal information of close to 90 million Facebook users to target potential voters in the 2016 United States (U.S.) election as well as the Brexit vote. The reports raised ethical and privacy concerns, but also brought to light the extent in which personal user data can be used to the benefit of domestic and international actors in the political arena. For young, emerging democracies, it brings to light the potential dangers external influences might have on state sovereignty and integrity of electoral processes. This highlights the need for greater regulation of the cybersphere.
As South Africa punts the need to move with haste to the era of digitization and fully embrace the Fourth Industrial Revolution (4IR), increased effort needs to be aimed at promoting and protecting personal data of South African citizens, especially with the local government elections on the horizon. While the Protection of Personal Information Act, aimed at the protection of personal user information, was assented to in 2013, its full enforcement is still to come due to delays from the Information Regulator. Six years following the assenting of the law, the Regulator, appointed in 2016 to enforce the Act’s provisions, is still not fully operational. It goes without question that strengthening regulation of the cybersphere needs to move more urgently. Ignoring this exposes the country to the risk of undue external influence.
The work and influence of Cambridge Analytica and other consultancy and data analysis firms has not been limited to Western states alone. The British political consultancy firm, now defunct, has boasted of its close involvement in the 2013 and 2017 Kenyan elections, which included the spread of targeted misinformation on social media exploiting the country’s societal fears and divisions. Such companies are known for exploiting and, at times, creating societal tensions built on fears and not facts. These messages are usually designed to specifically target ‘people in the middle’- individuals with moderate views who can be persuaded through emotional appeals based on data easily obtained from their social media profiles. In South Africa, defunct London-based Public Relations firm Bell Pottinger admitted to running a campaign inciting racial tensions and divisions in the country, through the spread of misinformation on social media. The effects of their campaign are still felt today and will continue for the foreseeable future, especially with the current economic woes.
The global conversation around cybersphere regulation and data protection rights has been ongoing. The borderless nature of the space as well as the rapid dissemination of information renders it a challenge to regulate. While data analysis companies and even marketers view data mining as a win for the user experience through the creation of personally tailored information, the potential misuse of user data poses a great risk for democracy and the integrity of election processes.
In a technologically transforming and democratic society such as South Africa, the development and finalization of data protection legislation is urgent. Low data protection measures in a developing country such as South Africa create a breeding ground for unethical practices both by private companies and foreign governments. The enforcement of the Protection of Personal Information (PoPI) Act should be treated as urgent. As we seek to embrace the wonders of technology and digitization, we also need to implement measures to protect the country’s democracy against undue external influences.