South Africa’s Information Regulator has issued an enforcement notice to WhatsApp, compelling the company to comply with local data protection laws.
This decision follows findings that WhatsApp applies different privacy policies for South African and European users, offering better protections in Europe.
The regulator pointed out that both the GDPR (General Data Protection Regulation) in Europe and South Africa’s POPIA (Protection of Personal Information Act) provide similar protections, yet WhatsApp’s privacy standards fall short in South Africa.
WhatsApp has been instructed to revise its privacy policy, conduct a data impact assessment, and comply with the Promotion of Access to Information Act (PAIA).
WhatsApp’s argument that PAIA does not apply to it was rejected by the regulator.
The notice stems from WhatsApp’s controversial policy of sharing user data with Facebook, part of a broader concern over privacy compliance.
Other tech giants like Meta, X, and Google are also under scrutiny in South Africa for their data practices.
In a related case, Nigeria fined Meta $220 million in July 2024 for privacy violations, accusing the company of offering discriminatory treatment to Nigerian users compared to Europeans.
 WhatsApp has disputed the fine and is appealing the decision.
