Protection of Personal Information (POPIA) & the Right to Access to Information (PAIA)

Disclaimer & Website Terms of Use


Introduction to PAIA

The Promotion of Access to Information Act, 2000

Enforced by the Information Regulator

PAIA regulates the constitutional right to access information held by public and private institutions, and stipulates conditions for how citizens may request access to this information.

Everyone has the right of access to – (a) any information held by the state; and (b) any information that is held by another person and that is required for the exercise or protection of any rights.” (s32(1) of South Africa’s Constitution)

Access to information and protection of (personal) information are two sides of the same coin. The former encourages transparency, openness and the free flow of data. The latter attempts to restrict that flow. The former is a founding principle in democratic societies where citizens need to be able to inform themselves. The latter is a founding principle of liberal societies where individuals autonomously control which information about them may be shared and used. Both rights may clash, and therefore need to be balanced with one another …

While there are some administrative and procedural requirements in terms of POPIA and PAIA, it is important to remember that these are not central to what they are trying to accomplish. What is central is their requirement to manage information respectful of the interests of data subjects and informed citizens.

How is PAIA different from POPIA?

  1. 1 / The information PAIA promotes the access to, is not necessarily “personal information” as defined in POPIA – it can be any information.
  2. 2 / In terms of POPIA as well as PAIA, a request to access “information” needs to demonstrate that this access is required to exercise or protect another right. It may seem bizarre that s25 POPIA refers to this condition in s53(2)(d) – after all, the right to access information about oneself is a right in itself, and does not need further justifications.
  3. 3 / A POPIA as well as a PAIA request to access information may or must be refused for a number of reasons, including the protection of third parties or confidential information (ss62 – 69 PAIA). Again, this reference in s23(4) POPIA may seem counterintuitive – how could a third party’s rights trump my personal right to have access to my personal information held by an institution?