Categories: Technology

South Africa’s information regulator orders WhatsApp to revise privacy practices

The Information Regulator has identified that the Electoral Commission of South Africa (IEC) lacks adequate access control measures to protect the confidentiality of personal data in its possession.

As a result, enforcement notices have been issued against the IEC, WhatsApp LLC, Blouberg Municipality, and Lancet Laboratories following an investigation into possible breaches of the Protection of Personal Information Act (Popia).

According to Chairperson Pansy Tlakula, the regulator began an investigation into the IEC after a security breach occurred before the May national and provincial elections. During this breach, the candidate nomination lists of political parties, including the ANC and MK Party, were leaked and circulated on social media.

“We initiated an assessment of their security systems on the safeguarding of personal information that they processed, and we found they did not have adequate access control measures to protect the confidentiality of personal information in their possession,” Tlakula explained. Additionally, the IEC’s notification under section 22 of Popia was found to be insufficient in informing affected individuals.

Lancet Laboratories also came under scrutiny for multiple security breaches. The regulator found that the company failed to meet Popia’s notification requirements, particularly regarding informing affected data subjects in a timely manner.

WhatsApp was similarly flagged after a preliminary assessment revealed that the platform implements different privacy policies and terms of service for European users compared to users outside Europe, including in South Africa. The regulator noted that European users enjoy better privacy safeguards despite Popia and the General Data Protection Regulation (GDPR) offering comparable protections.

As part of the enforcement notice, WhatsApp has been instructed to update its privacy policy, conduct a personal information impact assessment, and comply with the Promotion of Access to Information Act (PAIA). Tlakula emphasized that WhatsApp’s argument that PAIA does not apply to it due to its extraterritorial nature was rejected.

Tshepo Boikanyo, the regulator’s executive for Popia, highlighted that failure to comply with an enforcement notice could lead to an infringement notice. This could result in penalties of imprisonment or fines up to R10 million. “If the responsible party does not comply with those directives after the period has expired, we may issue an infringement notice and can impose a fine,” said Boikanyo.

Additionally, the Information Regulator is investigating complaints against social media giants X (formerly Twitter), Meta, and Google regarding their handling of South Africa’s recent elections. The complaints revolve around access to records related to the classification of elections and global policy applications to South Africa.

The regulator is also addressing public concerns over spam calls resulting from direct marketing practices, having issued a guidance note on how businesses should comply with Popia when processing personal information. Tlakula noted that some companies have misinterpreted Popia’s requirements for electronic communication, believing they do not apply to telephone marketing. She made it clear that the regulator does not agree with this interpretation.

Josephine Mumbua

Recent Posts

Airtel Uganda and K2 Telecom forge ahead with renewed partnership

Airtel Uganda and K2 Telecom have solidified their long-standing relationship by renewing their transformative partnership.…

2 days ago

Airtel Rwanda’s Voice Over 4G service surpasses one million subscribers

Airtel Rwanda’s groundbreaking Voice Over 4G (VoLTE) service has achieved a significant milestone, attracting over…

2 days ago

Nigeria’s Bureau of Statistics suffers cyberattack

Nigeria’s National Bureau of Statistics (NBS) has fallen victim to a cyberattack, disrupting operations and…

2 days ago

ChatGPT now accessible via WhatsApp and phone calls

OpenAI has expanded the reach of its widely popular AI chatbot, ChatGPT, by launching it…

2 days ago

Open AI unveils ChatGPT Pro

OpenAI has launched ChatGPT Pro, a $200/month subscription plan designed to cater to professionals in…

2 days ago

KIXP and iXAfrica partner to boost East Africa’s digital connectivity with new Point of Presence

Kenya Internet Exchange Point (KIXP) has inaugurated a new Point of Presence (PoP) at iXAfrica…

3 days ago