- South Africa’s Information Regulator on Wednesday postponed, at the last minute, the coming into force of some of its powers under Popia.
- Section 58(2) of the Protection of Personal Information Act will now only come into force on 1 February 2022, instead of on 1 July.
- That part of the law halts some forms of processing of personal information until the regulator is happy with it.
- For more stories go to www.BusinessInsider.co.za.
* This article has been updated below.
South Africa’s Information Regulator (IR) on Wednesday called a last-minute halt to the activation of one of its powers under the Protection of Personal Information Act (Popia) – a power it had seemed intent on using against Facebook.
In a gazetted notice, IR chair Pansy Tlakula declared that section 58(2) of Popia would only “become applicable” on 1 February 2022, six months later than the 1 July date she had previously proclaimed, on 1 April
That clause prohibits anyone dealing with “unique identifiers” – such as cellphone numbers – from proceeding with some types of information processing until they are given the go-ahead by the regulator.
See also | SA’s info regulator is activating long dormant powers – ahead of a possible Facebook fight
That ban would have applied to processing “for purposes other than the one for which the identifier was specifically intended at collection”, as well as “with the aim of linking the information together with information” held by other parties.
In March the regulator cited such powers as a reason it believed South Africans were legally protected against Facebook linking WhatsApp phone numbers with other data collected by its siblings Facebook and Instagram.
See also | Facebook can’t force SA WhatsApp users to sign over cellphone numbers, Info Regulator says
That is, at least in part, because Facebook treats South Africans differently to citizens of the European Union, where Europeans “receive significantly higher privacy protection than people in South Africa, and Africa”, according to the IR.
The Information Regulator has postponed other provisions under the long-dormant Popia too, where it could not set up systems in time to meet deadlines on its end.
* This article was updated after publication to replace references to “Paia”, a different piece of legislation, to the correct acronym “Popia”, for the Protection of Personal Information Act.
(Compiled by Phillip de Wet)