WhatsApp sparked a public outcry in January with a proposed replace to its privateness coverage to allow it to share data with its mother or father firm Fb.
On account of the general public response to those proposed adjustments, WhatsApp later introduced that these updates could be delayed till later within the 12 months.
On 3 March 2021, South Africa’s Info Regulator (IR) stated that it has a variety of issues about how this revised coverage applies to South Africa.
It particularly raised issues across the processing of cellphone numbers as accessed on the consumer’s contact checklist ‘for a goal apart from the one for which the quantity was particularly meant at assortment’
In easy phrases, the IR’s view is that its consent is required for the implementation of the up to date privateness coverage, no matter whether or not customers of WhatsApp particularly conform to this, stated authorized specialists at Cliffe Dekker Hofmeyr.
The IR additionally expressed issues about variations within the method WhatsApp have taken in respect of customers in Europe and Africa, with European customers receiving ‘considerably greater privateness safety’ than individuals in Africa and South Africa – however that the South African laws is modelled on, and similar to, privateness laws within the EU.
“On 1 July 2020 the vast majority of the dormant sections of Safety of Private Info Act (POPIA) got here into pressure and, by way of the transitional preparations below part 114 of POPIA, accountable events are given till 1 July 2021 to make sure that all processing of private data complies with its provisions,” Cliffe Dekker Hofmeyr stated.
The agency particularly pointed to part 57 of POPIA which got here into impact and requires a accountable social gathering (i.e. WhatsApp) to acquire prior consent from the IR if it intends to course of any distinctive identifiers of knowledge topics (i.e. WhatsApp customers):
- For a goal apart from the aim for which the distinctive identifier was particularly meant at assortment; and
- With the intention of linking the data along with data processed by different accountable events (i.e. Fb).
Within the current context, ‘distinctive identifiers’ would probably embody cellphone numbers, usernames and e mail addresses. POPIA is a brand new piece of laws and, as such, our courts haven’t had a lot alternative to interpret its key phrases and provisions, stated Cliffe Dekker Hofmeyr.
“To additional complicate issues, an abundance of misinformation has been disseminated in regards to the proposed amendments to WhatsApp’s Privateness Coverage since they had been first printed in January 2021.”
In response to this, WhatsApp created a webpage to particularly tackle questions on its Privateness Coverage.
“Pertinently, WhatsApp makes it very clear that it doesn’t share its consumer’s contacts or contact lists with Fb which is seemingly in distinction with the principle difficulty raised by the IR in its assertion. The IR says that it is going to be having round-table discussions with Fb SA relating to the newly proposed Privateness Coverage.”
The agency famous that non-compliance with part 57 of POPIA is an offence and, below part 107(b) of POPIA, any particular person convicted of such an offence is liable to a advantageous or to imprisonment for a interval not exceeding 12 months, or to each a advantageous and imprisonment.
“Provided that WhatsApp -as a accountable social gathering who determines the aim of and means for processing its customers’ private data – is required to make sure compliance with POPIA by 1 July 2021, we’re prone to hear in regards to the end result of the IR’s issues and hopefully acquire better certainty on the matter, and the standing of the brand new Privateness Coverage, throughout the coming months.”
- Commentary by Cliffe Dekker Hofmeyr