malvernmugadzikwa
Emmanuel Kafe
WHATSAPP group administrators who do not collect members’ personal information for commercial purposes are not required to obtain a licence from the telecommunications regulator and will not face any penalties, the Government has said.
However, those who collect personal details — such as names, addresses and phone numbers — from more than 50 people in social media groups for commercial use are required to obtain a licence from data protection authorities under the Cyber and Data Protection Act.
The regulations are outlined in Statutory Instrument (SI) 155 of 2024, the Cyber and Data Protection (Licensing of Data Controllers and Appointment of Data Protection Officers) Regulations, which were gazetted in September.
The SI mandates that anyone processing personal data for commercial gain must apply for a licence from the Postal and Telecommunications Regulatory Authority of Zimbabwe (Potraz).
In an interview with The Sunday Mail, Information Communication Technology, Postal and Courier Services Minister Tatenda Mavetera said the Government has no plans to license or penalise social media group administrators who do not use personally identifiable information (PII) for business. PII includes data that can uniquely identify someone, such as names, addresses, phone numbers and passport details.
She dismissed rumours circulating on various platforms claiming the Government would impose a US$2 500 fine on WhatsApp group administrators who do not have a Potraz licence.
“Please note that the Government has no intention to license or penalise WhatsApp groups or administrators of any social media platforms which do not collect and process personally identifiable information for commercial or business use,” she said.
“The information circulating about US$2 500 for WhatsApp administrators and WhatsApp groups is incorrect and malicious and should be disregarded with the contempt it deserves.”
The confusion, Minister Mavetera noted, stemmed from misinformation about the SI. She said the regulations specifically target those collecting PII from groups of 50 to 500 000 data subjects for business, not ordinary WhatsApp group administrators.
“We are referring to persons that collect PII for more than 50 to 50 000 data subjects using WhatsApp groups or other social media groups, and the group owner is the one accountable if they collect personal information for commercial purposes, that is business.
“Such persons are expected to adhere to the dictates of the cyber and data protection regulations.”
Under the regulations gazetted on September 6, 2024, individuals or entities processing personal information for commercial use must obtain a licence from Potraz. Reads Section 3 of the regulations: “. . . any person who processes personal information with the intention to . . . obtain a commercial gain or other benefit from the processing of personal data shall apply for a licence in terms of these regulations.
“Any person who processes personal information in terms of this section without a data controller licence within the stipulated time frames shall be guilty of an offence and liable to a fine not exceeding level 11 or to imprisonment for a period not exceeding seven years or to both such fine and such imprisonment.”
However, Section 8(1) of the law exempts data controllers who handle personal data for personal, family, household, law enforcement, journalistic, historical or archival purposes from needing a data controller licence.
Online Reporter