South African regulator calls out WhatsApp for data policy breaches
This isn't WhatsApp's first rodeo regarding privacy policy with an African country.
Reports show that big tech companies have consistently shown a pattern of giving Africa the short end of the stick when it comes to data privacy. If you're in the EU, you get detailed privacy policies and real protections. But in many African countries? Not so much. South Africa is finally calling out that double standard, and this time, it’s putting WhatsApp on blast.
The country’s Information Regulator just made public an enforcement notice it actually served to WhatsApp back in September 2024. The messaging platform was given a 60-day deadline to resolve the identified issues and provide evidence of the fixes, or risk a penalty of up to R10 million (around $530,000), imprisonment, or both.
It alleges that WhatsApp’s privacy policy for South African users doesn't comply with the Protection of Personal Information Act (POPIA), the country's equivalent of the EU’s General Data Protection Regulation (GDPR). More importantly, the policy provided to South Africans is far less detailed than what WhatsApp offers to its European users, despite both regions having similar data protection laws.
Moreover, the regulator found that WhatsApp failed to clearly explain how personal data is used and shared, as well as why it collects certain types of data. The fact that WhatsApp shares collected data with Meta (its parent company) and third parties for reasons that don’t line up with the original purpose of collection makes the matter even worse.
Apart from improper data collection, the regulator also noted that the messaging platform hasn’t provided tangible proof that it has proper systems in place to protect people’s information. That's not all. According to the regulator, WhatsApp forces users to agree to specific terms without providing them with an actual choice, which goes against POPIA policies.
Kelechi Edeh
However, this isn't Meta's first rodeo regarding privacy policy with an African country. In July 2024, Nigeria’s Federal Competition and Consumer Protection Commission (FCCPC) fined the company $220 million, accusing it of violating Nigerian data protection laws through “exploitative and non-compliant” privacy practices.
Similar to South Africa's situation, the FCCPC pointed out that the same practices were not applied in Meta’s European operations, suggesting that African users are being treated as second-class when it comes to privacy rights.
With over 23 million WhatsApp users in South Africa alone and tens of millions more across the continent, this is no minor issue. These platforms are deeply embedded in daily life, and the standards they apply, or fail to apply, have real consequences.
