This policy by Facebook-owned messaging app, WhatsApp, did not sit well with South Africa’s Information Regulator.
The IR concluded that disabling WhatsApp for users who do not accept the new policy, is unacceptable.
According to IR, South Africa’s privacy law requires a company to get consent from the owner of the data before the company can process the data.
Advocate Pansy Tlakula, chairman of South Africa’s IR said:
“It is our view that the processing of cellphone numbers as accessed on the user’s contact list for a purpose other than the one for which the number was specifically intended at collection, with the aim of linking the information jointly with the information processed by other responsible parties (such as Facebook companies) does not require consent from the data subject, but prior authorisation from the IR,” the IR said.
Furthermore, the regulatory body established that without obtaining prior authorisation from the IR, in terms with section 57 of the Protection of Personal Information Act (POPIA), WhatsApp cannot process any contact information of its users for any purpose other than the one for which the number was specifically intended at collection.
The regulator also raised its concerns about why citizens of the European Union would receive higher privacy protection than people in South Africa.
The IR’s chairman, Tiakula said they are concerned about the different privacy standards, especially as South Africa’s legislation is quite similar to that of the EU.
“It was based on that model deliberately, as it provides a significantly better model for the protection of personal information than that in other jurisdictions,” she said.
The regulatory body, however, said to Facebook South Africa that it is willing to have a round-table discussion about the issue at hand.