NATIONAL NEWS - It’s not your consent that Whatsapp needs to share your contact data with third parties, it’s the government’s.
Tech giant Facebook Inc subsidiary Whatsapp’s new terms of service, announced to great unhappiness from consumers earlier this year, were apparently not lawful in South Africa without the consent of the Information Regulator (IR), the body has just confirmed.
This follows the IR’s initial reaction to the announcement in January, stating it would investigate to find it if the policy violated any South African laws.
The company gave users until May 15 to properly review and accept the new terms, prompting a wave of users migrating to smaller competitors like Telegram and Signal. Those remaining from the commencement date would temporarily still be able to receive calls and notifications, but would not be able to read or send messages from the app.
In response to this finding, the IR has invited Facebook SA to have a ’round-table discussion’ regarding the issues raised to ‘ensure that there is full compliance’ by WhatsApp with the provisions of Protection Of Private Information Act (POPIA) and other pertinent international legal instruments. Whatsapp needs to get the IR’s permission to mine and sell personal data from South African users.
“It is the IR’s view that the processing of cellphone numbers as accessed on the user’s contact list for a purpose other than the one for which the number was specifically intended at collection, with the aim of linking the information jointly with the information processed by other responsible parties (such as Facebook companies) does not require consent from the data subject, but prior authorisation from the IR,” it said in a statement.
The IR has also written to Facebook SA explaining this and other concerns about the privacy policy of Facebook as it relates to South Africa. The IR also took offence to the fact that Facebook did not get away with these liberties in the European Union, but operated more freely in Africa.
The European Union imposes harsh data use restrictions for Facebook in the European Union under the General Data Protection Regulation (GDPR). Currently a number of high profile investigations into the activities of Google, Facebook and other American tech companies were before the Ireland’s Data Protection Commission (IDPC), which oversees their activities in the EU.
Neither the African Union, nor the South African government has an equivalent to the IDPC, leaving these companies beholden to far less stringent regulation in some African countries. But the IR claims its rules have been modelled against the EU legislation. The EU is protected from several of Facebook’s activities outside the region by the General Data Protection Regulation (GDPR).
Chairperson of the IR, Adv. Pansy Tlakula said the apparent double-standard resultant in this was concerning.
“We are very concerned about these different standards that apply to us; our legislation is very similar to that of the EU. It was based on that model deliberately, as it provides a significantly better model for the protection of personal information than that in other jurisdictions. We do not understand why Facebook has adopted this differentiation between Europe and Africa,” she said.
