Information Regulator looks into WhatsApp’s updated privacy policy

Read time 2min 10sec
Advocate Pansy Tlakula, chairperson of the Information Regulator
Advocate Pansy Tlakula, chairperson of the Information Regulator

In the wake of a public outcry concerning WhatsApp’s updated privacy policy, South Africa’s Information Regulator says it is assessing the instant messaging platform’s revised terms and conditions.

The popular messaging app’s updated privacy policy sparked public outcry as it allows WhatsApp to share certain user data with its parent company, Facebook.

Android and iOS users received an in-app notification about the Facebook-owned app’s new policy – an option that users previously had a chance to opt out of.

Starting from 8 February, users have been prompted in the app to accept the updated terms in order to continue using WhatsApp, which has about two billion active users globally and an estimated 20 million users in SA.

The Information Regulator reveals it met this week to discuss WhatsApp’s revised privacy policy.

According to the regulator, it has made contact with Facebook’s local office, which provided it with the WhatsApp privacy policy, which was revised on 4 January.

The engagements with Facebook SA are ongoing, notes the Regulator. 

“In terms of the revised policy, it appears that there are different terms of service and privacy policies for users in the European countries and in non-European countries.

“The regulator will be analysing whether the terms of service and the privacy policies indeed differ and whether the privacy policy applicable to users outside Europe, which include the South African users, are in compliance with the Protection of Personal Information Act (POPIA)."

It adds: “The regulator will engage with Facebook after the completion of the analysis,” indicating that it remains committed to ensuring the protection of personal information of South African citizens.

In line with its mandate, the regulator is empowered to monitor and enforce compliance by public and private bodies within the provisions of the POPIA.

The purpose of POPIA is to ensure all South African institutions conduct themselves in a responsible manner when collecting, processing, storing and sharing another entity's personal information by holding them accountable should they abuse or compromise personal information in any way.

Businesses that don't comply with POPIA, regardless of whether it’s intentional or accidental, can face severe penalties. The Act makes provision for fines of up to R10 million and a jail sentence of up to 10 years, depending on the seriousness of the breach.

See also