, Question 1
The Protection of Personal Information Act 4 of 2013 (POPIA) establishes a comprehensive
legal framework regulating the processing of personal information in South Africa. A
particularly important aspect of the Act concerns the protection of children’s personal
information. Because children are regarded as vulnerable data subjects who may not fully
appreciate the implications of the disclosure and use of their personal information, POPIA
imposes stricter limitations on the processing of information relating to minors. In terms of
section 34 of the Act, the processing of personal information relating to a child is generally
prohibited unless specific legal conditions are satisfied. The default position under the Act is
therefore that personal information relating to a child may only be processed with the
consent of a competent person, such as a parent or legal guardian. However, the legislation
recognises that there are certain circumstances in which the processing of a child’s
information may be justified even in the absence of such consent.
One of the principal exceptions arises where the processing of the child’s personal
information is necessary for the establishment, exercise or defence of a legal right or
obligation. In legal proceedings or disputes involving children, it may be necessary for
courts, legal representatives or regulatory bodies to process information relating to the child
in order to properly adjudicate the matter. Preventing the processing of such information
could potentially obstruct the administration of justice or undermine the protection of legal
rights. Consequently, POPIA allows responsible parties to process children’s personal
information where such processing is reasonably required to facilitate legal proceedings or
to comply with legal obligations imposed by law (Protection of Personal Information Act 4 of
2013 s 35).
Another significant exception occurs where the processing of personal information is
required to comply with an obligation imposed by legislation. Various institutions within
society, including schools, hospitals and governmental departments, are legally required to
collect and maintain records relating to children for administrative and regulatory purposes.
Educational institutions, for example, must maintain records concerning learner registration,
academic performance and disciplinary matters. Similarly, healthcare providers must record
medical information relating to minors in order to ensure appropriate treatment and
continuity of care. In such circumstances, the processing of the information is authorised
The Protection of Personal Information Act 4 of 2013 (POPIA) establishes a comprehensive
legal framework regulating the processing of personal information in South Africa. A
particularly important aspect of the Act concerns the protection of children’s personal
information. Because children are regarded as vulnerable data subjects who may not fully
appreciate the implications of the disclosure and use of their personal information, POPIA
imposes stricter limitations on the processing of information relating to minors. In terms of
section 34 of the Act, the processing of personal information relating to a child is generally
prohibited unless specific legal conditions are satisfied. The default position under the Act is
therefore that personal information relating to a child may only be processed with the
consent of a competent person, such as a parent or legal guardian. However, the legislation
recognises that there are certain circumstances in which the processing of a child’s
information may be justified even in the absence of such consent.
One of the principal exceptions arises where the processing of the child’s personal
information is necessary for the establishment, exercise or defence of a legal right or
obligation. In legal proceedings or disputes involving children, it may be necessary for
courts, legal representatives or regulatory bodies to process information relating to the child
in order to properly adjudicate the matter. Preventing the processing of such information
could potentially obstruct the administration of justice or undermine the protection of legal
rights. Consequently, POPIA allows responsible parties to process children’s personal
information where such processing is reasonably required to facilitate legal proceedings or
to comply with legal obligations imposed by law (Protection of Personal Information Act 4 of
2013 s 35).
Another significant exception occurs where the processing of personal information is
required to comply with an obligation imposed by legislation. Various institutions within
society, including schools, hospitals and governmental departments, are legally required to
collect and maintain records relating to children for administrative and regulatory purposes.
Educational institutions, for example, must maintain records concerning learner registration,
academic performance and disciplinary matters. Similarly, healthcare providers must record
medical information relating to minors in order to ensure appropriate treatment and
continuity of care. In such circumstances, the processing of the information is authorised