20 October 2021

Can “Doxing” Get You into Legal Trouble?

This blog is brought to you by the Legalese Guest Blogger Program, where we give young up-and-comer lawyers the opportunity to write for us and put their legal minds to work. If you would like to participate in the program, head over to our careers page. Each Guest Blogger works with one of our lawyers to ensure that the information set out in their blog post is correct. Everyone has to start somewhere, so the information provided may not be as comprehensive as you may be used to in a Legalese blog, and the writing presented to you may differ from our usual posts. If you have any questions, or you’d like something clarified, please don’t hesitate to contact info@legalese.co.za


Frequent users of the internet will have seen it: the ruthless online exposure of someone’s personal details as a consequence of their allegedly poor behaviour. Perhaps their offence was the use of a slur, a sexual assault allegation or instigating violence in protest of a certain high-profile arrest. Online vigilantes often take matters into their own hands by investigating and revealing the offender’s place of work, social media profile and even their address or phone number. This phenomenon is nothing new to the internet. However, the waters seem to be murky as to what laws apply and whether it is legal or not to publicly expose someone’s private information or opinion, whether for an alleged “good cause” or not.

Most online users are unaware that such exposure of someone’s personal information is unlawful because, usually, the information that is revealed is already in the public domain. However, depending on the type of information that has been exposed, and the means used to obtain that information, online vigilantes may find themselves in hot water.

So, what is “doxing”?

“Doxing” is the act of publishing private, identifying information of or about an individual typically with malicious intent. The term derives from the slang term “dropping dox” (documents, docs, dox… get it?) which was “an old-school revenge tactic that emerged from hacker culture in 1990s“. A popular example is that of Justine Sacco, whose racist tweet led to a worldwide witch-hunt that revealed the company she worked at, from which she was subsequently fired.

Another major example of doxing was the case of Peter Wagenaar, a Sea Point resident who came under fire for distributing food to the homeless during the National lockdown. Many members of the “Atlantic Seaboard Action Group” on Facebook were angered by his actions believing them to be unlawful and shared personal information of Wagenaar to the group. Group members shared Wagenaar’s full name and address, a photo of Wagenaar and his wife and a description of his car and car registration number. Wagenaar’s car was then set alight, and completely destroyed.

More recently in July, videos of looters during the riots in Gauteng and KZN circulated throughout social media. “This guy joined the looting Woolworths in Glenwood. Here’s the license plate. Anyone recognize him?” wrote one tweet.

These instances open an intriguing discussion as to what is the legality of doxing under current South African law.


What laws, if any, apply to doxing?

Doxing as an act does not fit under the umbrella of one specific law. There are several national statutes which may be applicable depending on the way the doxing took place and how the information was obtained.

Most important and overarchingly is the Cybercrimes Act of 2020. The Cybercrimes Act deals with all aspects in relation to cybercrime, including criminalising various online acts, providing for interim protection orders, and regulating jurisdiction in respect of cybercrimes and

the powers to investigate cybercrimes. Although it does not mention “doxing” specifically, the Cybercrimes Act makes it an offence to, amongst other things, send a data message which incites damage to property or violence, or which threatens persons with damage to property or violence, which is usually a very common result of the act of doxing.

We are all aware of POPI (the Protection of Personal Information Act, 2013), and how it seeks to protect our personal information. The question of whether POPI applies to an act of doxing, depends on whether the information exposed was publicly available or not, as well as whether the information shared constitutes “personal information” as defined in POPI.

Firstly, POPI is only applicable to information that is NOT publicly available, and if that information constitutes “personal information”. Therefore, if your social media accounts are set to public, any information made available on there is fair game for others to process and expose further. This is a major wakeup call that we all should be more careful with what we share on social media, especially when it comes to what we share about others.

That being said, the definition of “personal information” in POPI includes “the personal opinions, views or preferences of the person”, meaning that if you publicly expose someone’s private opinion about someone else, then you are in fact breaching POPI if you do not have a lawful ground to process (i.e. publicly share) that person’s private opinion. It may seem paradoxical to seemingly protect someone who has maybe said a heinous statement about someone else, but ultimately, that opinion was made privately and is their personal information and is therefore protected under POPI. As such, POPI makes it illegal to dox someone else if you are processing their opinion in a public setting without a lawful ground to do so (where their consent would be such a lawful ground to rely on).

If the doxing involved publishing information which was obtained illegally, by hacking or other similar means for example, RICA (Regulation of Interception of Communications and Provision of Communication-related Information Act, 2002) will be applicable. RICA is not only about forcing us to bring proof of residence to buy a SIM card. RICA regulates the interception and access to communications and information (think police wire taps and phone recordings). It is therefore an offence under RICA to dox if the information was accessed and published using illegal means of interception or sourcing.

If doxing involves harassment, this could be an offence under the Protection from Harassment Act, 2011. This act was enacted to help those facing harassment and provide them with an inexpensive legal remedy. The Act aims to provide a remedy in the form of a protection order which would prohibit any person from committing harassment. If the harasser breaches the protection order they commit an offence which is punishable with a fine or a period of imprisonment. Therefore, where someone is being harassed online by doxers and are fearing for their safety they may obtain a protection order against those doxers.

Good old fashioned criminal law is also applicable where doxing maybe goes a bit further than harassment and involves intimidation or threats. It is a criminal offence to intimidate someone by publishing words that have the effect, or that might reasonably be expected to have the effect, that the person will fear for their safety.

A claim for defamation of character under the common law is another consideration that possible “doxers” should have when posting information online. Where victims of doxing can prove all the elements for defamation and show that they have suffered loss due to the doxing they may succeed with the claim (providing the doxer has no defences available to them). Leaving would-be online vigilantes short on thousands of rands.

Finally, although not strictly in terms of an act of law, a person who is doxing could be in breach of the terms and conditions of the particular social media or other communication platform they are using to do the doxing. Breach of a social media platforms’ terms and conditions amounts to a breach of contract and the platform therefore has the right to seek appropriate contractual remedies against a breaching party.



If you’re the type of person who believes doxing is a valid consequence for actions you disagree with, you may want to think twice. Considering the breadth of laws that doxing triggers, it may be best to avoid impulsive reactions to online vendettas. Let sleeping information lie and leave the news to qualified journalists.

Written by: Veronica Mubangizi

Edited by: Lauren van der Byl

Have any questions? Drop us a message below and we’ll be in touch!