IT Expert Slams Zimbabwe’s New WhatsApp Group Licensing Policy
A local Information Technology (IT) expert has criticised Zimbabwe’s new policy requiring WhatsApp group administrators to obtain licenses and appoint data protection officers, describing it as misguided and overly broad.
The licensing scheme, introduced by the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ), was presented during a recent breakfast meeting hosted by the authority.
Under the new policy, WhatsApp group administrators will be required to pay fees ranging from US$50 to US$2,500, depending on the type of group they manage.
The government has justified the policy, stating that its primary goal is to enhance data security and privacy for all citizens.
However, critics argue that the policy could create unnecessary hurdles for group administrators and hinder free communication on the platform.
Information Communications Technology, Postal, and Courier Services Minister, Tatenda Mavetera, defended the initiative in a recent LinkedIn post, saying:
The time is ticking for organisations that collect first-party data, as you are required by law to have a data protection licence and the licence fees range from US$50 to US$2500.
Furthermore, a data protection officer (DPO) who is trained and certified by POTRAZ should be appointed by such a licensee and the appointment should be communicated to POTRAZ.
Even churches that collect personal data ought to have such a licensee and appoint a DPO. WhatsApp group admins are not spared too, if your groups are meant for business, you should as well get a licence. Failure to comply attracts penalties.
The policy is based on Zimbabwe’s Cyber and Data Protection Act, which defines personal data as any information that can directly or indirectly identify an individual.
Given that WhatsApp group administrators have access to members’ phone numbers, the government argues that these groups should fall under the scope of data protection regulations.
However, IT expert Christopher Musodza contends that the government’s approach is misguided and lacks clarity. Said Musodza (via CITE):
If we go by what she said, then it is very sad for Zimbabwe to treat WhatsApp group administrators, or WhatsApp group platforms and churches broadly like that.
You can’t put everyone in the same bracket. You can’t say a telecommunication provider that has all the data that they store.
And also talk in the same vein even the hospitals that have sensitive information like people’s health records and including churches in that category it would not make sense. So we need to have those regulations in place first.
Musodza argued that the definitions within the Cyber and Data Protection Act are too broad, which he believes creates significant ambiguity and poses practical challenges. He said:
The definitions in our Cyber and Data Protection Act are broad when it comes to data processors and data controllers.
The definition can indeed stretch to anyone who collects data. Be it for a workshop, data attendance register, be it a church, be it any organisation can fit into that definition.
I had hoped that POTRAZ as the data protection authority as a statutory designated data protection authority would set out guidelines or standards in terms of who fits into that category.
This is in terms of numbers, capacity or type of business. It is not practical for you to have a law that includes everyone.
In other countries or jurisdictions, they would have guidelines to say such and such organisation or such many records and so forth is required to have data protection officer and also required to be licenced by the data protection authority who is POTRAZ in our case.
More: Pindula News
Tags
106 Comments
1
1
