Extent of POPIA conflict
Any data that a company processes can only be done with prior consent of the user or data subject. Any data that is processed must be data that was intended to be processed by the users when they commenced usage of the app. WhatsApp is required to obtain prior authorisation from South Africa's Information Regulator, in terms of section 57 of POPIA if it intends to process any unique identifiers of data subjects (i.e. WhatsApp users and their personal information) or a purpose other than the purpose for which the unique identifier was specifically intended at collection and more so, with the intention of linking the information together with information processed by other responsible parties (i.e. Facebook).
Even though WhatsApp has assured users that the processing of data will be specific to WhatsApp Business, it must be noted that this is still in non-compliance with POPIA. Information from businesses is also protected, as they fall within the scope and definition of personal information in terms of POPIA.
WhatsApp is now squarely within the crosshairs of the Information Regulator and time will tell whether the Information Regulator enforces POPIA on WhatsApp come 1 July 2021 or whether WhatsApp will take steps to address these apparent non-compliance issues with POPIA.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.