The Information Regulator (Regulator) has after correspondence, written to WhatsApp LLC and requested it to revise the privacy policy in South Africa to the standard used in the European Union (EU). The Regulator has received no agreement from WhatsApp.
Under the circumstances the Regulator is briefing attorneys to prepare an opinion on the way forward in terms of litigation.
It remains the Regulator’s assertion that the Protection of Personal Information Act (POPIA) has a privacy regime which is very similar to the EU regime, and therefore believes that WhatsApp should adopt the EU policy in South Africa, and other countries in the global south that have similar regimes.
The Regulator remains of the view that despite WhatsApp operating in different legal and regulatory environments, there are effectively two privacy policies for the users of WhatsApp. There are substantial differences between the policies for users living in Europe compared to the one for users living outside of Europe.
Given Facebook’s status as one of the world’s largest companies, the Regulator is of the view that it should work together with other organisations in order to hold Facebook accountable.
On 8 May 2021 the Regulator engaged the Global Privacy Assembly (GPA), of which it is a member, in order to obtain the view or position of the GPA on the compliance of the Revised Policy with generally acceptable data protection principles and whether it intends to engage WhatsApp on this matter.
Furthermore, the Reseau Africain Des Autorite De Protection Des Donness Personelles (RAPDP), an African Network of Data Protection Authorities, which South Africa is also a member to, engaged robustly with Facebook on 9 April 2021 on the matter.
The Network has made strong recommendations to WhatsApp requesting them to bring the WhatsApp privacy policy in line with Africa data protection laws. RAPDP emphasised that the privacy policy should be applicable to Africa in line with those applicable to other regions, particularly the European region.
The Regulator has also asked the Portfolio Committee on Justice and Correctional Services to request Facebook South Africa (SA) and WhatsApp LLC to appear in Parliament on this matter.
“We are obligated as the Regulator to ensure the protection of personal information of all South African citizens and monitor compliance of the POPIA by responsible parties.
We therefore will take this matter further and seek legal opinions and advocate for collaborated efforts,” said Chairperson of the Regulator, Advocate Pansy Tlakula.
