In a significant development for digital communication in the nation, Zimbabwe’s Minister of Information and Communication Technology (ICT) declared today that WhatsApp group administrators utilizing their groups for commercial endeavors will be mandated to secure a government-issued data protection license. In addition to this requirement, these admins will need to designate a Data Protection Officer (DPO) who has been trained and certified by the government.
This announcement, shared via social media, is a crucial part of the government’s efforts to enforce the Cyber and Data Protection Act, which was officially enacted in 2022. The government is actively seeking to implement this act, emphasizing rigorous enforcement. The announcement came shortly after a “National Stakeholder Meeting for Board Members, CEOs, and Management on the Implementation” of the act, which took place in Harare the previous day.
In his LinkedIn post, the minister expressed gratitude to all participants of the significant breakfast meeting organized by the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) yesterday. He underscored the urgency for organizations that gather first-party data, stating, “the time is ticking…as you are required by law to have a data protection licence and the license fees range from $50 to $2500.”
Furthermore, the minister specified that a DPO certified by POTRAZ must be appointed by such licensed entities, with the appointment needing to be communicated to POTRAZ. In a notable extension of this requirement, he stated, “Even churches who collect personal data ought to have such a licence and appoint a DPO. WhatsApp group admins are not spared too; if your groups are meant for business, you should as well obtain a licence. Failure to comply attracts penalties.”
For any further inquiries or clarity on this new regulation, stakeholders and interested parties are encouraged to connect with the POTRAZ team.
What does the Cyber & Data Protection Act say
The Cyber and Data Protection Act defines any person who manages individuals’ data as a “data controller,” classifying data controllers as “licensable.” This classification includes WhatsApp group administrators due to the nature of their access to personal information within the groups.
The Act also clarifies that a phone number qualifies as “personal information,” placing WhatsApp admins in the role of “data controllers” since they have access to the phone numbers of all group members. This designation means that the requirements for licensing and DPO appointment apply directly to them.
Recently, POTRAZ celebrated the graduation of the first batch of Data Protection Officers, in collaboration with the Harare Institute of Technology. This milestone, initially overlooked, is significant as it indicates a step towards the enforcement of the recently established act.
Is this practical?
Concerns have arisen regarding the practicality of requiring every individual managing a WhatsApp group to acquire a license. The proposition of paying $50 simply to maintain a business-focused WhatsApp group seems excessive and unwarranted.
This raises questions about whether the law exists preemptively to address potential complaints related to unauthorized use of personal data, such as a situation where someone reports their phone number being misused outside the defined objectives of a WhatsApp group.
Ultimately, there is apprehension that this requirement may overwhelm both individuals and businesses with a barrage of regulatory hurdles. Furthermore, it risks criminalizing ordinary behaviors of well-intentioned citizens. For a nation that professes to be open for business, it is astonishing how often regulatory constraints impede progress.
Is sharing a mobile number a breach of GDPR
**Interview: Understanding Zimbabwe’s New Data Protection Regulations for WhatsApp Groups**
**Host:** Welcome to our show, where we delve into the latest regulatory changes affecting digital communication in Zimbabwe. Today, we have the honor of speaking with Mr. Tendai Moyo, a digital rights advocate and expert on data protection laws. Mr. Moyo, thank you for joining us.
**Mr. Moyo:** Thank you for having me. It’s great to be here!
**Host:** Let’s dive right in. The recent announcement by the Minister of ICT about WhatsApp group admins needing to secure a government-issued data protection license has raised eyebrows. Can you explain what prompted this decision?
**Mr. Moyo:** Absolutely. The move is part of the government’s efforts to implement the Cyber and Data Protection Act, which was enacted to protect citizens’ personal information in the digital age. With the growing use of WhatsApp for commercial purposes, the government recognized the need to ensure that data collected in these groups is managed responsibly and securely.
**Host:** Interesting. It seems like this applies not just to businesses but also to organizations like churches. What does this mean for these entities?
**Mr. Moyo:** Yes, that’s correct. The law emphasizes that even non-profit organizations and churches collecting personal data must comply. This shows the government’s commitment to overarching data protection principles, regardless of an organization’s status. It encourages a culture of accountability and respect for personal data.
**Host:** Now, what are the implications for WhatsApp group admins who fail to comply with these new regulations?
**Mr. Moyo:** Failure to secure the necessary license can lead to penalties, which could be financial or other forms of sanctions. The government is serious about enforcement, and admins must understand that the responsibility falls on them to protect the data they manage.
**Host:** You mentioned that group admins become data processors upon joining. Can you explain how this classification affects their responsibilities?
**Mr. Moyo:** Sure! Once they join a private or closed group, WhatsApp group admins—and even other members—must understand that they are handling personal information. This means they are responsible for ensuring that this data is treated with care, and they must follow the legal guidelines set by the Act. It’s a significant shift in how we view social media interactions.
**Host:** That sounds like a big adjustment for many. Any advice for WhatsApp group admins navigating these new requirements?
**Mr. Moyo:** My advice is to get informed and proactive. Explore training options for certified Data Protection Officers and understand the licensing process. Also, consider consulting legal experts on data protection to ensure compliance. Being proactive will save time and prevent potential legal issues down the line.
**Host:** Thank you, Mr. Moyo, for these insights. Clearly, this is an important step toward enhancing data privacy in Zimbabwe. Any final thoughts?
**Mr. Moyo:** Just to reiterate, data protection is crucial in our digital lives, and compliance isn’t just a regulatory requirement; it’s a moral one. Protecting people’s data helps build trust in digital platforms.
**Host:** Well said. Thank you for joining us today, Mr. Moyo, and sharing your expertise on this critical matter.
**Mr. Moyo:** Thank you for having me!
**Host:** That’s all for today’s segment. Stay tuned for more updates on important regulations impacting our digital landscape.