Is your ISP monitoring your online activity?

The Internet Service Providers’ Association (Ispa) has moved to reassure South African internet users that their members don’t monitor their clients’ online behaviour — except in very specific circumstances.

“There is a common perception that ISPs monitor subscribers’ online activities and collect personal information, which they may hand over to third parties including the South African Police Service. This is not, however, an accurate reflection of how ISPs in South Africa operate,” Ispa said in a statement on Friday.

ISPs, “like everyone else”, are bound by the provisions of the Protection of Personal Information Act. “They are required to ensure that any collection and processing of personal information is lawfully done in accordance with Popia’s provisions,” it said.

“Secondly, under the Cybercrimes Act and other legislation, ISPs are not required to actively monitor the data they transmit or store, or to actively seek facts or circumstances indicating an unlawful activity.

“In other words, ISPs are not required by law to police their networks and services. Furthermore, under interception and monitoring legislation, ISPs are prohibited from monitoring and intercepting subscriber communications in the absence of a lawful justification.”

Ispa said a third consideration is that the interaction between ISPs and law enforcement agencies is heavily regulated and the association’s members receive training and support to ensure subscribers’ personal information is not released to law enforcement (other than where a lawful request has been made).

“Importantly, ISPs are required by law to collect and store customer information – for example, through the Rica customer registration process – and to make this available to law enforcement agencies where lawfully requested to do so.

‘Not done’

“This is very different from collecting and storing customer communications, which is not done: ISPs are generally not, in practice, required to assist law enforcement agencies with monitoring and intercepting client communications.”

Recent amendments to the Domestic Violence Act require ISPs to take down online material forming part of the domestic violence and to provide information about alleged perpetrators. Similarly, ISPs are obliged to provide information to the courts about people alleged to be guilty of harassment or defaulting on maintenance payments, Ispa said.

Read: Fibre operators make switching ISPs difficult: Ispa

“One area of concern for Ispa is overlapping reporting requirements where some criminal conduct is required to be reported to both the police and the Film and Publication Board. This is being addressed with the department of justice and the FPB.”  — © 2023 NewsCentral Media

Get breaking news alerts from TechCentral on WhatsApp