SA’s privacy watchdog accuses WhatsApp of double standards

Read time 4min 20sec
Comments (0)
Advocate Pansy Tlakula, chairperson of the Information Regulator.
Advocate Pansy Tlakula, chairperson of the Information Regulator.

The Information Regulator (IR) says it is consulting attorneys after not reaching an agreement with Facebook South Africa, regarding revising its WhatsApp privacy policy to be in line with local data protection laws.

WhatsApp sparked a public outcry across the globe when it updated its privacy policy in January.

The new policy allows the Facebook-owned messaging app to share certain data with Facebook – an option that users previously had a chance to opt out of.

In March, the IR wrote a letter to Facebook South Africa, outlining concerns about the social media giant’s privacy policy as it relates to SA.

In the letter, the IR said it had prohibited Facebook from sharing any contact information it collects from WhatsApp users without its authorisation.

The privacy watchdog had also expressed concern that for users who live in the European Union (EU) region, WhatsApp provides the services under different terms of service and privacy policy than in the rest of the world – due to the region’s stringent data protection law, the General Data Protection Regulation.

After receiving no response from Facebook South Africa, the IR has vowed to take further action.

“The IR has, after correspondence, written to WhatsApp and requested it to revise the privacy policy in SA to the standard used in the EU. The regulator has received no agreement from WhatsApp. Under the circumstances, the regulator is briefing attorneys to prepare an opinion on the way forward in terms of litigation,” says a statement.

According to the watchdog, the Protection of Personal Information Act (POPIA) has a privacy regime which is very similar to the EU regime, and, therefore, it believes WhatsApp should adopt the EU policy in SA and other countries that have similar regimes.

The regulator remains of the view that despite WhatsApp operating in different legal and regulatory environments, there are effectively two privacy policies for WhatsApp users.

Given Facebook’s status as one of the world’s largest companies, the regulator says it should work together with other organisations in order to hold Facebook accountable.

“We are very concerned about these different standards that apply to us; our legislation is very similar to that of the EU,” says advocate Pansy Tlakula, chairperson of the IR.

“We are obligated as the regulator to ensure the protection of personal information of all South African citizens and monitor compliance of the POPIA by responsible parties. We therefore will take this matter further and seek legal opinions and advocate for collaborated efforts.”

Disconnecting from WhatsApp

Users were initially given a deadline of 8 February 2021 to accept the updated terms of service in order to continue using WhatsApp; however, the implementation date of the new privacy policy has been extended to tomorrow – 15 May.

Millions of unhappy WhatsApp users across the globe have been boycotting the messenger app since the new policy announcement, with messaging service Telegram adding 25 million users between 10 and 13 January, while Signal was downloaded by 17.8 million users in the same period.

In its latest communication,WhatsApp confirmed that while no one will initially have their accounts deleted or lose functionality of WhatsApp after the deadline date, eventually calls and messages will be turned off for users who do not agree to its new privacy policy.

“You won’t be able to access your chat list, but you can still answer incoming phone and video calls. After a few weeks of limited functionality, you won’t be able to receive incoming calls or notifications and WhatsApp will stop sending messages and calls to your phone,” says the social media network in its blog post.

For users who would like to delete their account on Android, iPhone, or KaiOS, WhatsApp has reminded them their account cannot be reversed, as it removes the user from all of their WhatsApp groups and deletes their WhatsApp backups.

Earlier this month, the IR engaged with the forum for privacy and data protection, the Global Privacy Assembly, of which it is a member, to obtain the view or position of the organisation on the compliance of the revised policy with generally acceptable data protection principles and whether it intends to engage WhatsApp on this matter.

Furthermore, the Reseau Africain Des Autorite De Protection Des Donness Personelles (RAPDP), an African network of data protection authorities, of which SA is also a member, engaged with Facebook in April 2021 on the matter.

“The network has made strong recommendations to WhatsApp requesting them to bring the WhatsApp privacy policy in line with Africa data protection laws. RAPDP emphasised that the privacy policy should be applicable to Africa in line with those applicable to other regions, particularly the European region,” says the IR.

Login with
10 hours ago
Be the first to comment
See also