South African Weather Service Act, 2001
R 385
Protection of Personal Information Act, 2013 (Act No. 4 of 2013)Chapter 8 : Rights of Data Subjects regarding Direct Marketing by means of Unsolicited Electronic Communications, Directories and Automated Decision Making71. Automated decision making |
| (1) | Subject to subsection (2), a data subject may not be subject to a decision which results in legal consequences for him, her or it, or which affects him, her or it to a substantial degree, which is based solely on the basis of the automated processing of personal information intended to provide a profile of such person including his or her performance at work, or his, her or its credit worthiness, reliability, location, health, personal preferences or conduct. |
| (2) | The provisions of subsection (1) do not apply if the decision— |
| (a) | has been taken in connection with the conclusion or execution of a contract, and— |
| (i) | the request of the data subject in terms of the contract has been met; or |
| (ii) | appropriate measures have been taken to protect the data subject’s legitimate interests; or |
| (b) | is governed by a law or code of conduct in which appropriate measures are specified for protecting the legitimate interests of data subjects. |
| (3) | The appropriate measures, referred to in subsection (2)(a)(ii), must— |
| (a) | provide an opportunity for a data subject to make representations about a decision referred to in subsection (1); and |
| (b) | require a responsible party to provide a data subject with sufficient information about the underlying logic of the automated processing of the information relating to him or her to enable him or her to make representations in terms of paragraph (a). |
