Social media giant Facebook cannot share any contact information it collects from WhatsApp users in South Africa with its other business without obtaining authorisation from the country’s Information Regulator (IR), the watchdog has ruled.
The IR takes the view it is the one who needs to authorise the practice, not the data subject.
In a 3 March ruling, it wrote: “WhatsApp cannot without obtaining prior authorisation from the IR … process any contact information of its users for a purpose, other than the one for which the number was specifically intended at collection, with the aim of linking that information jointly with information processed by other Facebook companies.”
The messaging platform had previously announced that from 8 February users would need to agree to some of their data being shared with Facebook if they wish to continue using the service.
This included account registration information (including phone numbers), transaction data, service-related information, information on how users interact with others when using the platform’s services, mobile device information and IP addresses.
However, WhatsApp later moved the date by which people need to accept the terms and conditions to 15 May. It was later announced that the change would not be mandatory for European Union (EU) customers.
IR also raised the issue of European Union residents receiving “significantly higher” privacy protection from Facebook than South Africans.
It said: “The privacy and security of your personal messages and calls do not change. They are protected by end-to-end encryption, and WhatsApp and Facebook cannot read or listen to them. We will never weaken this security and we label each chat so you know our commitment.”
PrivSec Global, a live streaming event, takes place on 23-25 March featuring more than 200 speakers and 64 sessions on privacy, data protection and cyber-security.