Mzansi Now: Scanning, Scanning: South Africa’s Facial Recognition Policy - Another Form of Apartheid?

Widespread debate is spreading across South Africa that the implementation of facial recognition system is not only eroding the citizens’ privacy, it is also reinforcing the discriminatory practices of apartheid as black citizens are more likely to be the subject of surveillance than white citizens are. The use of facial recognition systems, especially on a national scale, is typically regulated strictly as it is antithetical to human rights, so the question is how is South Africa implementing it and how objective can the use of this system be? 

Safety First

According to the Protection of Personal Information Act (Popia or POPI Act), the consent of the data subject is fundamental to the usage of the subject’s facial biometrics and that personal information can only be processed for specific and legitimate reasons that have to be clearly defined. In Cape Town for example, the primary motivation for the use of CCTVs is to achieve a safer ‘smart city’, meaning a place where technology is used to automate surveillance, generating intelligence for companies and governments. More than 2,000 CCTVs had already been deployed across Cape Town, more than 1850 CCTVs across Johannesburg as of 2022,  and 960 across Gauteng as of 2026. It is said that the function of the CCTVs is to tackle the rising crime rate in South Africa as the newest facial recognition system is capable of identifying features of individuals and license plates – an airtight surveillance of the South African’s movements.

But What About Their Privacy?

In practice, the regulation surrounding the compliance of the POPI Act is loose and ambiguous, this means that the biometrics and movement of the South African citizens could be used for undeclared purposes.What’s worse, the merging of private entities and government initiatives has only induced concern over the invasion of citizens’ privacy. Vumacam, a South African private company, is the sole provider of CCTVs across South Africa and has unrestricted access to CCTV footage that is transmitted real time to Vumacam’s database. Other entities such as Fidelity, a private security company, are also allowed access to the footage without court order. The availability of money-bought access to CCTV footage across South Africa exposes a shadow pocket in which private entities operate within to deprive the South African population of their locational privacy. Croock, the CEO of Vumacam has repeatedly emphasised that it complies with the Europe’s General Data Protection Regulation (GDPR) which the POPI Act is modelled after and is taking extra measures to ensure the usage of CCTV footage is privacy-compliant, though Vumacam’s practices are still largely unregulated by the government.

Another Form of Apartheid?

In addition, a 2019 report by the National Institute of Standards and Technology examining facial recognition algorithms by 99 developers found that it is up to 100x more likely for the algorithms to misidentify a coloured individual than a white individual. Thus, it raises questions about the suitability of deploying a facial recognition system across South Africa before the system is sufficiently mature for a predominantly black South African population.

The use of facial recognition systems has also prompted allegations of reviving the trauma and practices of apartheid as reports have shown that CCTVs populate predominantly white areas where most of their high-paying customers are. The distribution of the