For this interview series, we spoke with privacy experts who looked beyond the obvious, expected, and attention-grabbing privacy issues, to the mundane issues that average people face—but may not recognize. South African privacy expert Nerushka Bowan shows us that privacy is truly an everyday issue, from haphazard use of common social applications; to hard copies of documents left unsecured on desks; to selfies inadvertently showing important documents. Read on for an eye-opening interview about common privacy matters.
What is your role and how is it related to privacy law?
I am a technology and privacy lawyer. I focus on training on the new South African data protection legislation, the Protection of Personal Information Act, 2013 (POPIA), which finally becomes fully enforceable on July 1, 2021. I also help clients navigate complex privacy law questions arising from the Act, as well as providing comparisons with other global data protection legislation, such as the GDPR.
What prompted your interest in privacy law?
Privacy law was a fairly new area of specialization and it was exciting to be one of the first in South Africa to venture down this path. I was lucky to work in a global law firm, Norton Rose Fulbright, and spent some time during 2014 learning from global data protection specialists in the UK and Australia. Privacy law, just like tech law, is ever-changing and you must continuously upskill yourself on the latest developments. Nothing is ever straightforward—and the challenge of this area of specialization definitely prompted my interest.
What are some red flags in privacy policies of consumer apps?
Everyone knows that we all download applications without ever reading the detailed T&Cs that come with it (if you do—you are one of the few!). However, transparency is a key requirement of most comprehensive data protection laws. Most of the information that the app provider is required to share with you is buried deep in these terms. The app providers feel like they have complied with their transparency and notification obligations, as all of this information is accessible to the user (if they have the time and interest to take a deep dive into the terms). In practice, however, it can be argued that the end user has no idea what they are agreeing to when they tick the box. Can this box-ticking exercise amount to notifying the end user of various pieces of information, or does it amount to specific, informed consent by the user?
This resulted in various data protection regulators further interrogating the Whatsapp policy changes, as many data protection laws in various jurisdictions have been based on EU data protection laws (the GDPR and the previous EU Directive) and share many of the same principles and protections. The South African Information Regulator is also currently investigating the Whatsapp policy and has briefed lawyers to assist. Facebook was also requested to appear before the South African Parliament on May 25, 2021 but did not do so.
People think a lot about privacy related to email, but they don’t think about it related to documents. What are other surprising areas where privacy might be a concern?
In the digital world that we live in, people are very concerned about cyber criminals and being hacked, and sometimes forget that privacy and data security considerations apply equally to physical information and documents. This could include a data breach by leaving documents lying on a table where unauthorized parties could view them, keeping client files in your car boot parked on the street (instead of returning them to a secure storage in your office), or taking a selfie at your desk with client documents lying in the background (I have seen fellow lawyers do this multiple times on social media—with the powerful zoom features that phones have, you are able to read some of the writing on the documents).
What should lawyers know about the new privacy laws from the past few years? Do they apply to law firms? If so, how?
Lawyers have always been subject to client confidentiality. However, data protection legislation adds a new element to the mix, and the impact shouldn’t be underestimated. In addition to protecting personal data, law firms may also be requested to share personal data on receipt of a data subject access request. Each of these requests will have to be dealt with carefully to ensure that legal professional privilege and client confidentiality is not infringed, while also ensuring that the data subject is able to enforce their data privacy access rights.
About Nerushka Bowan
Nerushka Bowan is the Director for Technology and Innovation at Norton Rose Fulbright South Africa Inc. She is an emerging technology and privacy law specialist, legal innovator, and international speaker based in South Africa. She has a background as a technology and privacy lawyer for an international law firm in Johannesburg, and she has work experience in London and Melbourne. Her clients include regulators, banks, law firms, technology companies, conference producers, and training academies.
Nerushka is the founder of the L.I.T.T. Institute (Law. Innovation. Technology. Tomorrow.), aimed at catalyzing change in the legal industry and creating lawyers of the future. She is the co-founder & Chairperson of VoLT (Voices of Law & Tech), which will amplify the voices behind legal innovations. She was selected as an #InspiringFifty winner in 2020 (Inspiring Fifty is an initiative aimed at showcasing successful women in STEM). During 2020, Nerushka was selected as one of six judges globally for the IAPP Annual Innovation Awards. She was also a co-chair of the Johannesburg IAPP KnowledgeNet chapter from 2016 to 2019 (the International Association of Privacy Professionals is the largest association of privacy professionals in the world).
About the Privacy and Security Interview Series
This interview is part of a collection of interviews about privacy and data security. By producing this series, we hope to prompt legal professionals to think about the privacy concerns that arise in everyday tasks like word processing and selection of document creation software.
WordRake is clear and concise editing software designed for people who work with confidential information. The software improves writing by simplifying and clarifying text, cutting legalese, and recommending plain English replacements. WordRake runs in Microsoft Word and Outlook, and its suggestions appear in the familiar track-changes style. Try WordRake for free for 7 days.