At the core of South Africa's data privacy landscape is the Protection of Personal Information Act (POPIA), Act No. 4 of 2013, which fully came into effect in July 2021. POPIA regulates how personal information, including phone numbers, is collected, processed, stored, and shared. Key aspects include:
Consent: POPIA mandates prior, express, and informed consent for the processing of personal information, especially for direct marketing. This means businesses generally cannot use phone numbers for unsolicited calls or messages without explicit permission. Recent amendments (April 2025) reinforce that "opt-out" does not constitute consent; a positive action is required.
Purpose Specification and Minimality: Personal information must be collected for specific, explicitly defined, and legitimate purposes, and only the minimum necessary data should be collected.
Data Subject Rights: Individuals have significant rights under POPIA, including the right to access their information, request corrections, object to processing (especially for direct marketing), and guatemala phone number library request deletion.
Information Regulator: This independent body is responsible for enforcing POPIA, investigating complaints, and has the power to issue significant fines (up to R10 million) or even imprisonment for serious breaches.
South Africa's major mobile operators like Vodacom, MTN, Cell C, and Telkom are bound by POPIA and their own privacy policies. They do not publicly release comprehensive directories of individual phone numbers.