- South Africa’s Information Regulator has issued an enforcement notice to Meta’s social platform, WhatsApp. This formal directive requires the messaging app to comply with data protection laws.
- The notice follows the regulator’s preliminary report, which found that WhatsApp applies different terms of service and privacy policies for European users compared to those outside Europe, including South African users.
InfoReg Chairperson Pansy Tlakula, highlighted that “the privacy safeguards for users in the European region appeared to be better than those for users in South Africa, even though the General Data Protection Regulations (GDPR) and POPIA offer similar standards and protections.”
The chairperson mentioned this in a media briefing on matters being investigated about the Protection of Personal Information Act (POPIA) and the Promotion of Access to Information Act (PAIA).
The regulator decided to conduct a compliance assessment highlighting the insufficiency of WhatsApp’s privacy policy in demonstrating compliance with the provisions of POPIA.
Issuing the enforcement notice, the regulator directed WhatsApp to comply with all conditions for lawful data processing by updating its privacy policy, conducting a personal information impact assessment, and adhering to the provisions of PAIA.
The regulator also dismissed WhatsApp’s argument that PAIA does not apply to it as a social network because it is extraterritorial.
When the Information Regulator failed to agree with Facebook South Africa on revising WhatsApp's privacy policy to comply with local data protection laws in 2021, it raised concerns and even consulted solicitors. The policy allows WhatsApp to share certain data with Facebook, an option that users previously had the opportunity to opt out of. Meanwhile, the regulator prohibited Facebook from sharing any contact information it collects from WhatsApp users without its authorisation.
Moreover, in the general election probe initially involving Meta Platforms, now including Google and X, Tlakula confirmed that all three companies refused to comply with requests for information, arguing that PAIA does not apply to them despite their operations in South Africa. While Meta and X have yet to agree, Google has reportedly agreed to meet with the regulator to address the issues.
South Africa is not the only African country in conflict with Meta over data privacy concerns. In July 2024, Nigeria’s Federal Competition and Consumer Protection Commission (FCCPC) imposed a $220 million fine on Meta, claiming the company violated Nigerian data protection laws through exploitative and non-compliant privacy practices. The FCCPC found that these practices were not used in Meta’s European operations, suggesting discriminatory treatment of Nigerian users.
However, WhatsApp disagreed with the FCCPC’s claims and appealed, presenting 22 arguments for review, including citing the absence of a physical presence in Nigeria as a reason for not requiring an audit.
Give it a try, you can unsubscribe anytime. Privacy Policy.
