lOMoAR cPSD| 24668432

LCR4805 EXAM
SEMESTER 1 2023
(MAY/JUNE)
QUESTIONS WITH DETAILED ANSWERS

[School]
[Course title]
 lOMoAR cPSD| 24668432

Student number 53181956

May/June 2023 LCR4805

Selected Private and Criminal Law Principles of the Internet

QUESTION 1

During the recruitment of new staff, an employer checks the profiles of the candidates on
various social networks and includes information from these networks in the screening
process. The employer has not informed the candidates about this.

1.1 Does the Protection of Personal Information Act 4 of 2013 allow an employer to include
the information of candidates found on social networks when screening candidates?
Discuss.
The Protection of Personal Information Act (POPIA) came into effect on 1 July
2020. The Act gives effect to the right to privacy as enshrined in the Constitution
of South Africa, as an essential component of human dignity, freedom, and
security. The main purpose of the Act is to regulate the processing of personal
information by public and private entities. According to the Act, personal
information is defined as any information that identifies a living person or makes
him/her identifiable, such as a name, address, or identification number.

The Act's provisions require employers to protect personal information, both

before and after the employment relationship. This protection covers the storage,
processing, and disposal of data. Section 4 of the POPIA states that personal
information may only be processed if certain conditions are met. These include
informed consent, compliance with a legal obligation, and legitimate interests
pursued by a responsible party.

The use of social media profiles for recruitment purposes raises several questions
about an individual's right to privacy and the protection of their personal
information. In terms of POPIA, processing personal information necessitates
adherence to the act's principles and conditions. In this regard, it is essential for
an employer to obtain informed consent from candidates before processing their
personal information.
 lOMoAR cPSD| 24668432

Informed consent involves an employer obtaining permission from a candidate or

data subject before obtaining, retaining, or using their personal information.
Consent must be obtained legally and voluntarily, and the candidate or data
subject should be made aware of the purpose of the processing, the nature of the
information that will be processed, and any third parties that will have access to it.
This means that an employer should obtain consent from all candidates before
checking their social media profiles.

Furthermore, POPIA obligates responsible parties to provide information on the

purpose of the processing of personal information. This includes providing
reasonable information about the source of the information, the category of
personal information processed, the purpose of the processing, and the recipients
or categories of recipients who received or will receive the personal information.

If an employer is using personal information obtained from social media in the

hiring process without informing the candidate, the employer would be in violation
of POPIA. Therefore, employers need to be transparent and honest about the
information they obtain about candidates through social media networks. The
recruitment process should be fair, transparent, and based on merit and skills,
rather than solely on information obtained through social media.

In conclusion, the use of social media profiles as part of the recruitment process
is becoming more prevalent. However, employers need to be mindful of the legal
implications of using social media profiles in the hiring process. POPIA provides
clear guidelines for the processing of personal information by responsible parties,
including employers. Employers should obtain informed consent and be
transparent when processing personal information obtained from social media
networks. Finally, the recruitment process should be fair, transparent, and based
on merit and skills.

Processing is defined widely as meaning any operation or activity or any set of

operations,

whether or not by automatic means, concerning personal information, including

the collection, use, dissemination by means of transmission, distribution or
making available in any other form.
 lOMoAR cPSD| 24668432

The screening of candidate’s information on social networks does amount to

processing.
The Act defines personal information as information relating to an identifiable,
living, natural person and, where it is applicable, an identifiable, existing juristic
person. The Act goes on to list eight different types of information which are
included in this definition. The list is not intended to limit the definition. The list
includes sensitive information, such as information relating to a person’s race,
gender, sex, sexual orientation, religion, and medical history, but also mundane,
yet nevertheless personal, information such as the person’s name. It specifically
includes the name of the person if it appears with other personal information
relating to the person or if the disclosure of the name itself would reveal
information about the person. In this instance, the pictures and the names of the
persons was published. It also revealed that the person attended a specific event.
The employer may process personal information only if at least one of six
grounds of justification in terms of section 11 of the Act is present:

• the data subject consents to the processing

• processing is necessary to carry out actions for the conclusion or
performance of a
• contract to which the data subject is party
• processing complies with an obligation imposed by law on the responsible
party
• processing protects a legitimate interest of the data subject
• processing is necessary for the proper performance of a public law duty by
a public body
• processing is necessary for pursuing the legitimate interests of the
responsible party or of a third party to whom the information is supplied. In
this case, the employer must ask for the consent of the candidate’s before
she screens their personal information on social networks.

1.2 Does “the use of information” found in a candidate’s inbox on a social network amount to
the interception of communication, as defined in the Regulation of Interception of
Communications and Provision of Communication-related Information Act 70 of 2002?

Interception communication means intercepting the contents of any

communication through the use of any means, including an interception device,
so as to make some or all of the contents of a communication available to a
 lOMoAR cPSD| 24668432

person other than the sender or recipient or intended recipient of that

communication, and includes the monitoring of any such communication by
means of a monitoring device; viewing, examination or inspection of the contents
of any indirect communication and diversion of any indirect communication from
its intended destination to any destination. Therefore, the use of information found
in a candidate’s inbox on social networks amounts to interception as defined in
the RICA Act.

Indirect communication means the transfer of information, including a message or

any part of a message. Whether in the form of speech, music or other sounds;
data; text; visual images, whether animated or not; signals; or radio frequency
spectrum.

Therefore, information found in a candidate’s inbox on social networks amounts to

indirect communication.

QUESTION 2

One evening while driving home after work, Serurubele was involved in a road-rage incident.
The driver of a truck didn’t like how Serurubele was driving. He forced Serurubele’s car to
stop, got out of his truck and smashed in the windscreen of Serurubele’s vehicle with a metal
pipe. He pulled Serurubele out of his vehicle, shouted at him, waved his arms in the air,
climbed back into his truck and drove off. It turned out that another motorist on the scene,
Paul, who was right behind Serurubele’s vehicle, had a camera installed on the dash of his
car, which automatically records everything in the view of the camera through the
windscreen of the vehicle. This road rage incident was also captured by Paul’s dash camera.
The truck driver was later arrested and has to face criminal charges.

Serurubele approaches you as his attorney. Advise him as to whether this video recording
captured on Paul’s dash camera can be used as evidence in a court of law?

As an attorney, it is important to understand the admissibility of evidence in a court of

law. In the case of Serurubele, who was involved in a road rage incident, the presence
of a dash camera recording the incident raises questions regarding its admissibility
as evidence. The first step in determining the admissibility of the dash camera
footage is to establish whether it is relevant and reliable.
 lOMoAR cPSD| 24668432

The relevance of the footage Is easy to establish as it captures the entire incident,
including the actions of the truck driver. The footage shows the truck driver stopping
Serurubele’s car, smashing in the windscreen with a metal pipe, pulling Serurubele
out of his vehicle, shouting at him, waving his arms in the air, climbing back into his
truck, and driving off. The footage is therefore relevant in establishing what happened
during the incident and identifying the person responsible.

The reliability of the footage Is also crucial in determining whether it can be used as
evidence. The footage must be authentic, accurate, and unaltered to be considered
reliable. In this case, the fact that the footage was captured by a dash camera
installed on Paul’s car makes it likely to be authentic, given that dash camera are
designed to be tamper-proof and automatic. The footage also appears to be accurate,
with clear images and audio of the incident. However, it is important to assess
whether there is any possibility of tampering, editing, or alteration of the footage,
which could taint its reliability.

Assuming that the footage is both relevant and reliable, the next step is to consider
whether it is admissible in a court of law. In South Africa, evidence is generally
admissible if it is probative, that is, it has a tendency to prove or disprove a fact or
issue in the case. The Evidence Act also requires that the evidence be legally
obtained and not obtained in a manner that infringes a right or privilege.

In this case, the dash camera footage appears to have been obtained legally, as it was
recorded by a dash camera installed on Paul’s car, without infringing any rights or
privileges. The footage is also probative, as it captures the entire incident, including
the actions of the truck driver, which could form the basis of criminal charges against
him. The footage can therefore be admissible in court, subject to any objections or
challenges to its authenticity, accuracy, or reliability.

In conclusion, as Serurubele’s attorney, I would advise him that the dash camera
footage captured by Paul’s car is likely to be admissible in court, given that it is both
relevant and reliable. However, any objections or challenges to the footage’s
admissibility should be assessed carefully to ensure that it meets the legal
requirements for admissible evidence. The footage could be instrumental in securing
a conviction against the truck driver for his actions, and its admissibility could be
crucial in the case. It is therefore important to handle the footage with the utmost care
and professionalism to ensure that justice is served and the rights of all parties are
protected.
 lOMoAR cPSD| 24668432

For exam pack with questions and answers, quality notes, assignments and
exam help:

email: musyokah11@gmail.com

WhatsApp: +254792947610

QUESTION 3

3.2 We live in an “information age” and the question which often arises is whether
information can be stolen or not. Refer to the common law definition of “theft” and critically
discuss whether the law in South Africa has adapted to keep up with technological
advancements. Your discussion should refer to the positions in other jurisdictions and
include case law, legislation and academic commentary where applicable.

What is theft?

Theft is the unlawful, intentional appropriation of movable, corporeal property which

• belongs to, and is in the possession of, another

• belongs to another but is in the perpetrator's own possession, or
• belongs to the perpetrator but is in another's possession and such other
person has a right to possess it which legally prevails against the
perpetrator's own right of possession provided that the intention to
appropriate the property includes an intention permanently to deprive the
person entitled to the possession of the property, of such property.

What are the elements of theft?

• Wrongful Taking – The property was taken without consent and was
unlawful
• Carrying Away – The property need was moved from where the owner had
placed it or intended it to be placed
 lOMoAR cPSD| 24668432

• Property of Another – The property must belong to someone other than the
thief
• Intent to Deprive Permanently – The thief intends that the owner does not
own the property ever again.

3 Has this definition or the law surrounding it changed to deal with the new
technological advances brought about by the information age?

Theft is commonly defined as the unlawful and intentional appropriation of

another’s movable, corporeal property where the perpetrator has the intention
to permanently deprive the owner of his / her property (S v Visagie 1991 (1) SA
177 (A) at 1811. Theft refers to the appropriation of corporeal property, which
stems from the Roman Law principle of contestation, which requires physical
handling of the property, however, information and data are incorporeal
property, which exists in knowledge, experience, and ideas and in S v Graham
1975 (3) SA 569 (A) at 576 the court referred to the views of Sir John Wessels,
that: “if the Roman-Dutch law is to survive, it must adapt itself to changing
circumstances, whilst retaining its essential features”.

Intellectual property is best described as an incorporeal object that stems from

experiences, knowledge, and ideas that are brought into being through the
mental activity of individuals, however once created and captured becomes
separate from the creator and has independent existence (Fredericks E et al
Study Guide for Law of Negotiable Instruments, Intellectual Property and
Competition (MRL4801) 207) capable of being observed by others and is
protected to some degree by the law of intellectual property (Van Der Merwe
2008 PER 10-13). The common law definition of theft refers to objects being
stolen as tangible things. Computer-related offenses were not provided for in
common law due to the fact that it relates to intangible things. The legality
principle (nullum crimen sine lege which means “no crime without a preceding
law”) might provide sufficient grounds for a specific objection against the
expansion of the subject matter of theft in criminal law. The philosophical
basis for this rule is that, if the law is not clear on a certain point, it is unfair to
expect citizens to adjust their behaviors on that point.
 lOMoAR cPSD| 24668432

This poses a question whether an accused who is charged with a malicious

injury can be convicted if the property consists of bits and bytes on a
computer hard drive and the injury consists of rearranging those particles. In
the case S v Howard (Unreported case no 41/258/02 Johannesburg regional
magistrates’ court (see 2005 TSAR 603) : The accused rearranged Edgars
Group computerized bits and bytes to such an extent that the system
countrywide was unable to be used and Edgars lost millions of Rands in sales.
Due to the accused overwritten a basic file the computer required to function.
The court held that the accused could be found guilty of malicious injury to
property and sentenced to five years imprisonment. Property which is
damaged need no longer have a physical existence.

In the case S v Van den Berg 1991 (1) SACR 104 (T) the accused made a
fraudulent misrepresentation by means of a computer terminal. The court held
that the electronic misrepresentation was as unlawful as any other form and
the conviction for fraud was upheld. As a result, the question arises whether
common law would be further expanded by the courts. For this reason, it
becomes essential that legislation be passed to combat cyber-crime. In 2002
the

Electronic Communications and Transactions Act was promulgated.

Essentially chapter XIII of the ECT Act introduced specific crimes but failed to
deal with new cybercrimes instead it focuses merely on data protection. New
crimes like phishing, spam and gaining access to a website without
permission have started to devolve in the new technology era. The fortunate
part of legislation such as Regulation of Interception of Communications and
Provision of Communication–related Information Act and the Electronic
Communications Act provides for more comparison protection in terms of data
protection.

Opinion of Legal commentators Van der Merwe presented two possible

solutions for the theft of intangible where computers are involved: 1) To
expand law of things to include incorporeal among things that may be
possessed and owned and therefore also stolen. 2) To extend the category of
things to be stolen in criminal law to include personal rights and immaterial
property rights.

Loubser acknowledges the concept of sache (‘’Thing” in English, saak in

 lOMoAR cPSD| 24668432

Afrikaans and res inLatin.) used to limited to corporeal rights but are careful to
expand the concept of ownership in corporeal matters to other incorporeal
rights and prefers not to use the term ownership at all with the other categories
of subjective rights, such as personal rights. Eborsohn follows the second
possible solution for criminal law to extend category of things that may be
stolen. He argues that personal rights and immaterial property rights could be
covered by judicial expansion of the traditional concept of theft. He further
argues that the modern theft is flexible enough to include the appropriation of
personal rights, the electronic transfer of credit between banking accounts, the
copying of incorporeal property and even passwords and confidential credit-
card information.

What is the position in other jurisdictions in terms of cybercrime?

The United Kingdom - In the case Cox v Riley (1986) 83 Cr App R56 the
accused Cox deliberately sabotage a power saw operated by a printed circuit
containing a number of computer programs by erasing a number of these
programs causing the saw to be unusable until it was programmed. By focus
on the hardware instead of the programs the court managed to convict Cox of
a contravention of section 1(1) of the criminal Damage Act of 1971. The UK
also has a powerful Data Protection Act which might be extended in the future
to include custodial sentences for offenders. Further to this the UK s new
Fraud ‟ Act makes it an offence to fail to disclose information in the form of a
proper data protection notice.

In Germany the legislation the German Criminal Code was amended to provide
for different forms of modern crime for instance the distribution of
pornography. It further criminalises data espionage and also target computer
fraud specifically. The United States in the mid 1980 the US Congress; thus
binding all States, passed two important statues to combat computer related
crimes in which federal interest are part of. The Counterfeit Access Device and
Computer Fraud and Abuse Act 18 USC 1030 (1984) (the CFA Act) and the
Electronic Communications Privacy Act (the ECP Act) (Spy Act only protects
vendors and their DRM www.infoworld.com/archives (accessed 24 April
2007))The latter Act was enacted to include digital transmission of electronic
data to broaden the government’s power to tap into private communications. In
2004 the US Congress introduced the Securely Protect Yourself against Cyber
Trespass Bill (the SPY ACT) to protect consumers who download software that
 lOMoAR cPSD| 24668432

has the ability to collect and transmit information. However, this was criticized
for not focusing on consumers but on software vendors. Another bill entitled
Identity Theft

Enforcement and Restitution Act of 2007, expands existing identity theft and
aggravated-identifytheft statutes to include recovery of the value of time lost
as a result of identity theft or even attempted identity theft. The Canadian
Criminal Code defines an object capable of being stolen as “anything whether
animate or inanimate” and in R v Stewart (1988) 1 SCR 963. the court had to
decide whether confidential information was capable of being stolen and held
that confidential information did not fall within the definition of“anything”,
since it could not be taken or converted in a manner that would deprive the
victim. Protection of information should not be granted by extending the
concept of property or the scope of theft, but rather by enacting relevant
legislation andinformation was therefore not considered property for the
purposes of criminal law. Technological advances allow for large volumes of
information to be saved on computers as electronic data and the
accompanying changes in the manner in which data is stored opened doors
for cyber criminals who operate in this incorporeal realm and are capable of
appropriating electronic data.The nature of electronic information makes it
capable of being stolen, by downloading or copying it, without any object
being physically taken proving the ‘theft’ and without the owner being deprived
of the use or possession thereof, even though the owner will be deprived of its
confidentiality. There is no doubt that taking the physical computer itself or its
components like the printer or screen is theft, however a copied or
downloaded version of an electronic document therefore does not meet the
requirements of property capable of being stolen (Snyman CR Criminal Law
3rd ed (1995) 445-478).

Cybercrime is set apart from other crimes in that a computer is used in the
commission of the crime and may include acts like hacking, damage to
intellectual property, unauthorised access to a database or copying of
confidential information and many of these crimes could not be prosecuted
due to a lack of relevant legislation (Herselman and Warren 2004 IISIT 253-266).
The only option was to prosecute these offences under the existing common
law or statutory legislation which was not computer-related acts, however the
Electronic Communications and Transactions Act 25 of 2002 (hereinafter ECT
 lOMoAR cPSD| 24668432

Act) was specifically drawn up to combat and prevent cybercrime and in terms
of the ECT Act “data” is defined as the “electronic representations of
information in any form”( s 1 of the ECT Act) and the purpose of the Act is
among other things to prevent abuse of information systems. Access in terms
of the ECT Act: ‘includes the actions of a person who, after taking note of any
data, becomes aware of the fact that he or she is not authorised to access that
data and still continues to access that data’.Section 86 (3) of the ECT Act: ‘(2)
A person who intentionally and without authority to do so, interferes with data
in a way which causes such data to be modified, destroyed or otherwise
rendered ineffective, is guilty of an offence. (3) A person who unlawfully
produces, sells, offers to sell, procures for use, designs, adapts for use,
distributes or possesses any device, including a computer program or a
component, which is designed primarily to overcome security measures for
the protection of data, or performs any of those acts with regard to a
password, access code or any other similar kind of data with the intent to
unlawfully utilize such item to contravene this section, is guilty of an
offence.’Any person, who gains unauthorized access to, intercepts, or
interferes with data; is guilty of an offence in terms of section 86 of the ECT
Act and the possibility therefore exists that a the perpetrator who has copied
or downloaded information without the necessary authorization may have
committed an offense in terms of this section.

For exam pack with questions and answers, quality notes, assignments and
exam help:

email: musyokah11@gmail.com

WhatsApp: +254792947610
 lOMoAR cPSD| 24668432

QUESTION 4

Mr Coetzee works for an advertising company, Litaba Ltd. In his spare time, he writes
articles for an online news website, Lesedi News. On this website he publishes an article
(which he wrote from his office computer) about a coastal wetland ecosystem that was
destroyed after an oil rig of the company, Oil-Tech, exploded at sea. He mentioned that the
explosion, resulted in a huge oil spill in the ocean that drifted to the shore. In the article Mr
Coetzee alleges that the explosion was due to the negligence of the company. He lists
several issues, including a lack of proper maintenance and security measures by the
company. The article named “M” as the managing director of Oil-Tech at the time. This
article is upsetting to many readers and in a short space of time the article accumulates 300
comments. Many of the comments are insulting. Some of them go over onto hate speech
and threaten M with violence. Almost two months after publication, M sends a request to
Lesedi News to remove the comments and demands payment of R1000 000.00 in damages
allegedly suffered by the company. Lesedi News removes the comments the same day it
receives the complaint.M consults you as the company’s attorney for legal advice. In your
answers to the following questions refer to case law, legislation and academic commentary
where applicable.

4.1 Can Oil-Tech institute a claim for defamation against Mr Coetzee?

Yes, Oil-Tech can potentially institute a claim for defamation against Robert, as he
made statements that could potentially damage the company's reputation. However,
in order for the claim to be successful, Oil-Tech would have to prove that the
statements were false, that they were made with the intention to harm the company's
reputation, and that they caused actual harm to the company's reputation.
Additionally, Robert may be able to argue that the statements were made in the public
interest and were therefore protected by freedom of expression.

For exam pack with questions and answers, quality notes, assignments and
exam help:

email: musyokah11@gmail.com

WhatsApp: +254792947610
 lOMoAR cPSD| 24668432

4.2 Can Mr Coetzee’s employer, Litaba Ltd, be held vicariously liable for Mr Coetzee’s
conduct, since Mr Coetzee wrote the alleged defamatory article on his office computer?

According to the principles of vicarious liability, an employer can be held liable for a
delict committed by its employee if it is proved that.

• the employee is in fact liable for the delict.

• an employer-employee relationship existed at the time that the delict was
committed.
• the delict was committed by the employee ‘‘in the course and scope of his or
her employment’’. Whether an employer will be held liable for email messages
sent by its employees will depend on all the facts and the surrounding
circumstances. An examination of several issues will have to be undertaken
such as the nature and content of the e-mail messages, the employee’s
position in the company, his or her title and job description (possibly also
experience), and the form of business (whether it is a company, close
corporation, etc). The most important point would be to determine whether the
offending act was committed in pursuance of the execution of the employer’s
business or whether the employee can be said to have engaged in a ‘‘frolic of
his own’’. It is unlikely that Lourdes Ltd would be held vicariously liable for
Robert's conduct in this scenario. While Robert wrote the article on his office
computer, it was not within the scope of his employment with Lourdes Ltd to

write articles for Daily News. Additionally, it is unlikely that Lourdes Ltd would
have approved or condoned the statements made in the article.

4.3 Discuss the liability of the internet service providers for the defamation and hate speech

messages on their websites and servers.

In terms of section 701 , the term service provider means ‘‘any person providing
information system services’’. In terms of section 1, information-system services
include the following: the provision of connections, the operation of facilities for
information systems, the provision of access to information systems, the
transmission or routing of data messages between or among points specified by a
user and the processing and storage of data, at the individual request of the recipient
of the service. Chapter 11 of this Act basically provides for the limitation of liability of
 lOMoAR cPSD| 24668432

ISPs for the transmitting, routing, temporarily storing, caching and hosting of
unlawful material and providing links to unlawful material in certain prescribed
circumstances. In terms of section 72, the limitation of liability will apply to an ISP
only if the ISP is a member of the industry representative body and it has adopted and
implemented the official code of conduct of such a representative body. In other
words, ISPs who do not fall into this category will not be able to rely on the protection
of this Act and will have to resort to the common law for defences. In terms of section
71, the Minister will recognise such an industry representative body only if the
Minister is satisfied that;

• its members are subject to a code of conduct.

• membership is subject to adequate criteria.
• the code of conduct requires continued adherence to adequate standards of
conduct.
• the representative body is capable of monitoring and enforcing its code of
conduct adequately.

Section 73 provides that an ISP acting as a mere conduit will be exempt from liability
if certain requirements are fulfilled. In terms of section 73(1), ISPs who store,
transmit, route, or provide access to data through such activity will be exempt from
liability if the ISP.

• does not initiate the transmission.

• does not select the addressee.
• performs the functions in an automatic, technical manner without selection of
the data; and
• does not modify the data contained in the transmission.

In terms of section 73(2), the acts of transmission, routing and provision of access
mentioned in this section must be performed for the sole purpose of transmitting
information. Internet service providers (ISPs) generally cannot be held liable for
defamatory or hate speech messages posted by users on their websites and servers,
thanks to the principle of intermediary liability. This means that ISPs are not seen as
the publisher of the content posted by users, and are therefore not liable for any
defamatory or illegal content posted on their platforms. However, ISPs can potentially
be held liable if they actively participate in the creation or dissemination of
defamatory or illegal content. Additionally, ISPs may be required to remove
 lOMoAR cPSD| 24668432

defamatory or illegal content from their platforms if they receive a valid notice of
infringement.

For exam pack with questions and answers, quality notes, assignments and
exam help:

email: musyokah11@gmail.com

WhatsApp: +254792947610