The President’s Right to Privacy vs powers of Chapter 9 Institutions

Following the announcement by the Public Protector to release a report stemming from her investigation into a donation by Bosasa to the 2017 presidential campaign of President Cyril Ramaphosa (alisa “C17”), the president approached the courts for an interdict prohibiting the public release of the report.

Certain prominent business persons were allegedly amongst the donors mentioned in the report who contributed an extraordinary but disputed amount of “billions of Rands” towards C17 ahead of the ANC’s National Elective Conference of 2017.

Certain bank statements in the Public Protector’s report also contained confidential information belonging to third parties. She cited leaked emails containing details on the President’s campaign for leadership, CR 17 which is widely circulated and trending on social and other media, as the source of her information. The leaked emails purport to show that the President consulted with his campaign managers about which backers to approach for funding and how much was donated to his campaign, despite his claims, on oath to the contrary.

The court matters between the President’s legal team and the Office of the Public Protector relating to the proposed release of this report raised burning questions relating to privacy and the power of Chapter 9 institutions.

In July 2021, the Constitutional Court finally confirmed dismissal of Public Protector Busisiwe Mkhwebane’s bid to uphold her report on the Bosasa donation to the CR17 ANC election campaign. The reasons for their judgment included criticism against the actions of the Public Prosecutor relating to changing the Executive Ethics Code of Conduct, not having authority to investigate certain issues and making findings without supporting evidence.

What is the mandate of the Public Protector?

The Public Protector has the most general mandate of all the Chapter 9 Institutions. Included is the task to police requirements of the Executive Members’ Ethics Act, the Executive Ethics Code of Conduct (hereafter “the Code”) and operate in terms of the Public Protector Act.

The Public Protector’s reports are open to the public unless exceptional circumstances require that they be kept confidential and dealt with as prescribed by law.

“Exceptional circumstances” would exist if the publication of the report concerned is likely to endanger the security of the citizens of the Republic.

The Code says that financial interests must be recorded in a register that contains a confidential part and a public part. Certain financial interests are to be recorded in the confidential part of a register. No one who has access to entries to the confidential part of the register may disclose particulars of any entry in that part, except when a court or the Public Protector so orders.

The Code also requires the declaration of the source and description of direct financial sponsorship or assistance from non-party sources and the value of same.

Treasury Regulations require members of the Cabinet, to disclose financial interests when assuming office, acquired after assumption of office including gifts and other benefits of a material nature. It can be argued that donations to a party-political leadership contest are not personal but part of the normal functions of a party. This would mean that private donations fall under the Public Protector’s statutory remit of dealing with matters of “public affairs” and “public money”.

What is the President’s right to privacy?

The President is the first citizen of the country because he is the head of the Executive and the head of our armed forces. All executive actions are taken in his name, all treaties are carried out by his name and all diplomatic relations are maintained by his name.

The protection of privacy raises in every individual the pressing expectation that their rights will not to be violated and the person’s right to privacy not interfered with.

As first citizen, he embodies a civil and representative role while he enacts his executive duties in official capacity. Despite his high standing, the President is also afforded the right to privacy in the same manner as an ordinary citizen.

When handling personal information, the Public Protector is required to keep the information received during her investigation confidential as outlined in Section 7 of the Public Protector Act. In this way the privacy of the subjects of her investigation should remain protected. Non-disclosure agreements should routinely be required by the Public Protector to sign prior to release of information that may require confidential treatment.

The Protection of Personal Information Act (POPIA) involves three parties (natural or juristic persons) i.e. –

  • The Data Subject: the person to whom the information relates. (In casu, the President)
  • The Responsible (Accountable) Party: the person who determines to process. I.e. corporates, governments, state agencies. Called controllers in other jurisdictions. (In casu, the Banks.)
  • The Operator: a person who processes personal information on behalf of the responsible party. For example, a technology company. Called processors in other jurisdictions. (In casu, Service Providers/the Banks.)

Following the above,  it is arguable that the President is not excluded from protection under POPIA. In terms of POPIA, personal information is defined to include information relating to an identifiable, living, natural person and where applicable, a juristic person.

The dissemination of the financial information of the President and private donors to the public falls within the definition of ‘processing’ in terms of the POPIA. Accordingly, any sharing of information by the Public Protector would be regulated and the party receiving the information must comply with the safeguards built into POPIA. This is to ensure that no third-party data subject’s rights are infringed.

The recipient of such personal information would similarly be required to show that it complies with the provisions of POPIA. If information already appears on the public record, it will not be wrong to obtain or process it.

Any leak of personal information must be reported to the Information Regulator and the data subject in a way that allows data subjects to protect themselves against potential negative consequences. This means that the Information Regulator (a Chapter 9 Institution in terms of POPIA) could then be approached to take certain actions which may ultimately result in a fine, imprisonment and/or civil liability for the breaching party.

It is important to note the difference between leaking and whistleblowing, as where the leaker is an anonymous source who discloses sensitive information without approval. Whistle-blowers on the other hand release information that show wrongdoing designed to withdraw authority from both the source and the information. The motivation for disclosures made by a whistle-blower must in all instances be the fact their disclosures were made to serve the public interest rather than fuel political gossip.

Although whistle-blowers are legally protected when they speak out in the public interest, whistle-blower confidentiality does not generally override the data subject’s right to privacy.

It is an offence to knowingly transmit false information. Someone who deliberately exposes false information does not qualify as a whistle-blower and might also be guilty of defamation, crimen injuria or fraud.

In addition to the above, the following rights are entrenched in our legislation to protect privacy:

  • The right to erase

Individuals are entitled to request that their personal information be erased. These include the grounds that the usage of the personal data is no longer relevant for the purpose for which it was initially collected or process.

  • The right to object

Individuals have the right to object to the processing of their personal information if such information has been processed with the consent of the individual and they wish to withdraw such consent.

  • The right to access

Individuals have the right to be informed whenever an organisation processes their information, to receive a copy of such information, to be informed of the sources of this information.

In terms of the Promotion of Access to Information Act (PROATIA), a request for access to personal information can be refused on one of the grounds set out in the Act. Protection of third-party confidential information are included. Interesting to note is that PROATIA does not apply to an individual member of Parliament or of a provincial legislature in that capacity. The President, however, is not a member of Parliament, he is a member of the Cabinet.

The information protection principles intended to regulate privacy in South Africa are encapsulated in POPIA as conditions for the lawful processing of personal information.

The EU General Data Protection Regulation (GDPR) sets an added yardstick by which to measure their own privacy laws and South African companies adopt as an international standard maintaining the trust of the international community.

Privacy is also protected in terms of both our common law and the Constitution. The recognition and protection of the right to privacy as a fundamental human right in the Constitution provides an indication of its importance.

Due to the public role of members of the Executive, the provisions of their Code of Conduct override laws of more general application. A clash of magnificent proportions seems to be looming regarding the nature of campaign payments, the duty to declare its receipt and the obligation to protect such information from public disclosure.

This blog is written by, and is the personal opinion of, Adv Reneé Caprari, a Referral Advocate in private practice, with extensive experience in corporate, forensic and legal issues relating to civil, commercial and criminal matters. Connect with her on email:


Leave a Reply