{"title":"个人信息保护法中雇主的法定替代责任","authors":"D. Millard, Eugene Gustav Bascerano","doi":"10.17159/1727-3781/2016/V19I0A555","DOIUrl":null,"url":null,"abstract":"A person whose privacy has been infringed through the unlawful, culpable processing of his or her personal information can sue the infringer’s employer based on vicarious liability or institute action based on the Protection of Personal Information Act 4 of 2013 (POPI). Section 99(1) of POPI provides a person (“data subject”), whose privacy has been infringed, with the right to institute a civil action against the responsible party. POPI defines the responsible party as the person who determines the purpose of and means for processing of personal information of data subjects. Although POPI does not equate a responsible party to an employer, the term “responsible party” is undoubtedly a synonym for “employer” in this context. By holding an employer accountable for its employees’ unlawful processing of a data subject’s personal information, POPI creates a form of statutory vicarious liability. Since the defences available to an employer at common law, and developed by case law, differs from the statutory defences available to an employer in terms of POPI, it is necessary to compare the impact this new statute has on employers. From a risk perspective, employers must be aware of the serious implications of POPI. The question that arises is whether the Act does not perhaps take matters too far. This article takes a critical look at the statutory defences available to an employer in vindication of a vicarious liability action brought by a data subject in terms of section 99(1) of POPI. It compares the defences found in section 99(2) of POPI and the common-law defences available to an employer fending off a delictual claim founded on the doctrine of vicarious liability. To support the argument that the statutory vicarious liability created by POPI is is too harsh, the defences contained in section 99(2) of POPI is further analogised with those available to an employer in terms of section 60(4) of the Employment Equity Act 55 of 1998 (EEA) and other comparable foreign data protection statutes.","PeriodicalId":357008,"journal":{"name":"Employment Law eJournal","volume":"43 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Employers' Statutory Vicarious Liability in Terms of the Protection of Personal Information Act\",\"authors\":\"D. Millard, Eugene Gustav Bascerano\",\"doi\":\"10.17159/1727-3781/2016/V19I0A555\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A person whose privacy has been infringed through the unlawful, culpable processing of his or her personal information can sue the infringer’s employer based on vicarious liability or institute action based on the Protection of Personal Information Act 4 of 2013 (POPI). Section 99(1) of POPI provides a person (“data subject”), whose privacy has been infringed, with the right to institute a civil action against the responsible party. POPI defines the responsible party as the person who determines the purpose of and means for processing of personal information of data subjects. Although POPI does not equate a responsible party to an employer, the term “responsible party” is undoubtedly a synonym for “employer” in this context. By holding an employer accountable for its employees’ unlawful processing of a data subject’s personal information, POPI creates a form of statutory vicarious liability. Since the defences available to an employer at common law, and developed by case law, differs from the statutory defences available to an employer in terms of POPI, it is necessary to compare the impact this new statute has on employers. From a risk perspective, employers must be aware of the serious implications of POPI. The question that arises is whether the Act does not perhaps take matters too far. This article takes a critical look at the statutory defences available to an employer in vindication of a vicarious liability action brought by a data subject in terms of section 99(1) of POPI. It compares the defences found in section 99(2) of POPI and the common-law defences available to an employer fending off a delictual claim founded on the doctrine of vicarious liability. To support the argument that the statutory vicarious liability created by POPI is is too harsh, the defences contained in section 99(2) of POPI is further analogised with those available to an employer in terms of section 60(4) of the Employment Equity Act 55 of 1998 (EEA) and other comparable foreign data protection statutes.\",\"PeriodicalId\":357008,\"journal\":{\"name\":\"Employment Law eJournal\",\"volume\":\"43 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-07-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Employment Law eJournal\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.17159/1727-3781/2016/V19I0A555\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Employment Law eJournal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.17159/1727-3781/2016/V19I0A555","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Employers' Statutory Vicarious Liability in Terms of the Protection of Personal Information Act
A person whose privacy has been infringed through the unlawful, culpable processing of his or her personal information can sue the infringer’s employer based on vicarious liability or institute action based on the Protection of Personal Information Act 4 of 2013 (POPI). Section 99(1) of POPI provides a person (“data subject”), whose privacy has been infringed, with the right to institute a civil action against the responsible party. POPI defines the responsible party as the person who determines the purpose of and means for processing of personal information of data subjects. Although POPI does not equate a responsible party to an employer, the term “responsible party” is undoubtedly a synonym for “employer” in this context. By holding an employer accountable for its employees’ unlawful processing of a data subject’s personal information, POPI creates a form of statutory vicarious liability. Since the defences available to an employer at common law, and developed by case law, differs from the statutory defences available to an employer in terms of POPI, it is necessary to compare the impact this new statute has on employers. From a risk perspective, employers must be aware of the serious implications of POPI. The question that arises is whether the Act does not perhaps take matters too far. This article takes a critical look at the statutory defences available to an employer in vindication of a vicarious liability action brought by a data subject in terms of section 99(1) of POPI. It compares the defences found in section 99(2) of POPI and the common-law defences available to an employer fending off a delictual claim founded on the doctrine of vicarious liability. To support the argument that the statutory vicarious liability created by POPI is is too harsh, the defences contained in section 99(2) of POPI is further analogised with those available to an employer in terms of section 60(4) of the Employment Equity Act 55 of 1998 (EEA) and other comparable foreign data protection statutes.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
