Categories: Technology

South Africa’s information regulator orders WhatsApp to revise privacy practices

The Information Regulator has identified that the Electoral Commission of South Africa (IEC) lacks adequate access control measures to protect the confidentiality of personal data in its possession.

As a result, enforcement notices have been issued against the IEC, WhatsApp LLC, Blouberg Municipality, and Lancet Laboratories following an investigation into possible breaches of the Protection of Personal Information Act (Popia).

According to Chairperson Pansy Tlakula, the regulator began an investigation into the IEC after a security breach occurred before the May national and provincial elections. During this breach, the candidate nomination lists of political parties, including the ANC and MK Party, were leaked and circulated on social media.

“We initiated an assessment of their security systems on the safeguarding of personal information that they processed, and we found they did not have adequate access control measures to protect the confidentiality of personal information in their possession,” Tlakula explained. Additionally, the IEC’s notification under section 22 of Popia was found to be insufficient in informing affected individuals.

Lancet Laboratories also came under scrutiny for multiple security breaches. The regulator found that the company failed to meet Popia’s notification requirements, particularly regarding informing affected data subjects in a timely manner.

WhatsApp was similarly flagged after a preliminary assessment revealed that the platform implements different privacy policies and terms of service for European users compared to users outside Europe, including in South Africa. The regulator noted that European users enjoy better privacy safeguards despite Popia and the General Data Protection Regulation (GDPR) offering comparable protections.

As part of the enforcement notice, WhatsApp has been instructed to update its privacy policy, conduct a personal information impact assessment, and comply with the Promotion of Access to Information Act (PAIA). Tlakula emphasized that WhatsApp’s argument that PAIA does not apply to it due to its extraterritorial nature was rejected.

Tshepo Boikanyo, the regulator’s executive for Popia, highlighted that failure to comply with an enforcement notice could lead to an infringement notice. This could result in penalties of imprisonment or fines up to R10 million. “If the responsible party does not comply with those directives after the period has expired, we may issue an infringement notice and can impose a fine,” said Boikanyo.

Additionally, the Information Regulator is investigating complaints against social media giants X (formerly Twitter), Meta, and Google regarding their handling of South Africa’s recent elections. The complaints revolve around access to records related to the classification of elections and global policy applications to South Africa.

The regulator is also addressing public concerns over spam calls resulting from direct marketing practices, having issued a guidance note on how businesses should comply with Popia when processing personal information. Tlakula noted that some companies have misinterpreted Popia’s requirements for electronic communication, believing they do not apply to telephone marketing. She made it clear that the regulator does not agree with this interpretation.

Josephine Mumbua

Recent Posts

Microsoft launches windows resiliency initiative to bolster security and avoid future outages

 In the wake of a massive security update failure that disrupted an estimated 8.5 million…

1 hour ago

Bolt launches Mobility Alphabet campaign to promote literacy on World Children’s Day

Bolt marked World Children’s Day with the launch of its Mobility Alphabet Campaign, a creative…

6 hours ago

Orange Egypt showcases 5G, AI, and smart city innovations at Cairo ICT’24

Orange Egypt highlighted its cutting-edge solutions for digital transformation at the 28th Cairo ICT’24 exhibition,…

6 hours ago

Gebeya joins Microsoft’s ISV Success and Azure Startup Programs

Gebeya Inc., a pan-African talent cloud technology firm based in Ethiopia, has announced its inclusion…

7 hours ago

Yellow Card secures key crypto license in South Africa

Yellow Card, a leading pan-African stablecoin platform, has achieved a major milestone by securing a…

22 hours ago

Airtel and UNICEF bring digital education to one million African children

A transformative partnership between Airtel Africa Plc and the United Nations Children’s Fund (UNICEF) has…

23 hours ago