The Information Regulator (InfoReg) in South Africa has directed WhatsApp to update its privacy policy to comply with POPIA, following findings that WhatsApp’s privacy safeguards for users outside Europe, including South Africans, are inferior to those in the EU.
- WhatsApp’s privacy policy was found lacking in demonstrating compliance with POPIA, particularly concerning the processing of personal information and data sharing practices which differ significantly from those offered under GDPR in Europe.
- WhatsApp has been instructed to conduct a personal information impact assessment and comply with PAIA for maintaining documentation of data processing, dismissing WhatsApp’s claim of extraterritorial non-applicability of PAIA.
- InfoReg highlighted the increasing number of security compromise incidents, indicating potential inadequacies in data protection measures across various sectors, including public and private bodies.
- The enforcement notice reflects broader regulatory efforts to ensure data privacy rights in South Africa, aligning with global standards but tailored to local legislation like POPIA.
- InfoReg is engaging with stakeholders on issues like direct marketing under POPIA, indicating ongoing efforts to refine regulatory guidance in response to public concerns and industry feedback.