WhatsApp said it previously encountered a great deal of misinformation about this update and it continued to work hard to clear up any confusion.
“We’ve spent the last several weeks reviewing feedback from users and we spent time (virtually) with people from many countries,” WhatsApp said.
“This was a great opportunity for us to hear about people’s concerns and learn what we could have done better.”
The company stressed that WhatsApp and Facebook cannot read or listen to personal conversations as they are end-to-end encrypted.
This announcement did not sit well with South Africa’s Information Regulator, which said disabling functionality of users which do not accept the new policy is unacceptable.
South Africa’s privacy law requires a company to get consent from the owner of the data – i.e. users – before they further process this data.
“The consent in terms of our law is specific – it is a voluntary expression of will on what you are consenting to,” Advocate Pansy Tlakula, chair of the Information Regulator of SA, said.
“It is our view that the processing of cellphone numbers as accessed on the user’s contact list for a purpose other than the one for which the number was specifically intended at collection, with the aim of linking the information jointly with the information processed by other responsible parties (such as Facebook companies) does not require consent from the data subject, but prior authorisation from the IR,” it said.
Accordingly, WhatsApp cannot without obtaining prior authorisation from the IR in terms of section 57 of Protection of Personal Information Act (POPIA), process any contact information of its users for a purpose other than the one for which the number was specifically intended at collection.
Facebook can therefore not use WhatsApp users’ information and link it with information processed by other Facebook companies without approval from the IR.
The regulator has also raised a central concern that citizens of the European Union will receive significantly higher privacy protection than people in South Africa.
Tlakula said they are concerned about these different standards that apply to South Africa as our legislation is very similar to that of the EU.
“It was based on that model deliberately, as it provides a significantly better model for the protection of personal information than that in other jurisdictions,” she said.
She also raised concerns that there is different treatment of users in Europe and those outside of Europe.
“We do not understand why Facebook has adopted this differentiation between Europe and Africa.”