Article written by Hanro Gerber (SEESA)
The past couple of weeks, most people were overwhelmed with messages from friends and colleagues to delete WhatsApp or to install a different rival application like Telegram or Signal.
The concern sparked from a change to WhatsApp’s privacy policy to which users must agree in order to use the application. The update in the policy was set to take place in February 2021 has been delayed to May 2021 due to the widespread confusion and misinformation.
WhatsApp indicated the reason being that it wants its consumers to understand the policy and terms of service prior to agreeing. On their website, WhatsApp explains all the details and changes in the easy-to-understand language of both their privacy policy and terms of service.
The question that arises is if a company can have a blank-slate approach and implement whatever privacy policy they deem to be most beneficial for their business purposes?
In a media statement dated 13 January 2021, the information regulator stated that the regulator contacted Facebook South Africa and that they will analyse if the terms of service and privacy policies are complying with the Protection of Personal Information Act (POPIA). The regulator’s swift response is reassuring and indicative of the fact that POPIA will indeed affect the way that businesses use and process personal information.
The famous saying that “If you do not pay for the product, you are the product” might be true to a certain extent. Still, social media companies, and any other company for that matter, that processes personal information must be compliant with POPIA.
Compliance is a requirement, and a company should appoint an information officer to ensure POPIA compliance of the business. The information officer should, amongst others, ensure that the business adheres to the eight conditions of lawful processing of personal information:
- Accountability;
- Processing limitation;
- Purpose specification;
- Further processing limitation;
- Information quality;
- Openness;
- Security safeguards;
- Data subject participation.
The process of being compliant takes time and effort depending on the scale of any business. With all sections of POPIA coming fully into force as of 1 July 2021, time is running out as it gives companies a hard deadline to ensure compliance. If your company is not yet compliant, it would be best to act sooner rather than later.
For any concerns or questions relating to POPIA and the compliance thereof, please contact your nearest SEESA office.
About the Author:
Hanro Gerber is a Legal Advisor at the SEESA Consumer Protection & POPI and Labour departments. He is an admitted attorney and has joined SEESA in October 2013 where he is currently working at our George Branch.
References:
The Protection of Personal Information Act 4 of 2013
www.justice.gov.za/inforreg
www.whatsapp.com
www.businesstech.co.za