There’s never a shortage of drama in Zimbabwe and the latest involves the Minister of ICT, Tatenda Mavetera. She said something that affects the all-important WhatsApp and tempers flared across the country.
This is an excerpt of the quote the got the country’s blood boiling:
The time is ticking for organisations that collect first party data, as you are required by law to have a data protection licence and the license fees range from $50 to $2500…
…Even churches who collect personal data ought to have such a licence and appoint a DPO. Whatsapp group admins are not spared too, if your groups are meant for business, you should as well obtain a licence. Failure to comply attracts penalties.
As you would imagine, Zimbabweans did not like this one bit and there was plenty of commentary on it. The Minister then came back with some clarification:
False claim of USD 2500 penalties for WhatsApp Group Administrators
I would like distance myself from the malicious fake news of intentions by government to licence or penalise WhatsApp Groups or Administrators of any social media platform/s USD 2500.
This claim is not applicable especially to players who do not collect and process Personally Identifiable Information (PII) for commercial or business use.
Personally identifiable information (PII) is any type of data that can be used to identify someone, from their name and address to their phone number, passport information and I.d number.
The public is encouraged to disregard this notice with the uttermost discontent it deserves as it is inconsistent with our legal provisions as espoused in Statutory Instrument (SI) 155 of the 2024 Cyber and Data Protection (Licencing of Data controllers and Appointment of Data Protection Officers) Regulations.
On my LinkedIn post I never expressed any intentions to licence or penalise WhatsApp groups or Administrators of any social media platform/s which do not collect and process (Personally Identifiable Information (PII) for commercial or business use…
Where are you getting $2500?
Let’s be fair on this. I will assume that there were people who misunderstood the original post and assumed it meant there would be $2500 fines for using WhatsApp groups without a data protection licence.
The original post and a reading of the relevant Statutory Instrument said data protection licence fees ranged from $50-2500. We went through how much you should expect to pay for your bussiness-focused WhatsApp group here.
That’s not to say the penalty for not having the licence is $2500. It’s clear that this is where the confusion came from. The $2500 is the licence fee for data controllers that collect data for over 500,000 people.
No WhatsApp group is that big. Instead, most WhatsApp groups (for business use) will pay $50 for a group of less than 1000 people.
However, this doesn’t mean there won’t be penalties. In fact, Individuals or entities that process personal information without a data controller licence may face a fine up to level 11 or imprisonment for up to seven years, or both.
Chapter 3(3) of the Statutory Instrument 155 of 2024 says:
Any person who processes personal information in terms of this section without a data controller licence within the stipulated time frames shall be guilty of an offence and liable to a fine not exceeding level 11 or to imprisonment for a period not exceeding seven years or to both such fine and such imprisonment.
It’s just $1000 and 7 years in jail
A level 11 fine is up to $1000. So, we’re talking possibly being fined $1000 and spending 7 years in jail for running a 50-member WhatsApp group.
Yes, that includes WhatsApp group admins for groups of over 50 people. That’s because phone numbers are considered personal information. The Minister rightly says Personally Identifiable Information includes phone numbers and that’s why WhatsApp groups will be affected.
So, when the Minister says she is distancing herself from the statement that people are being charged $2500, she can honestly say that.
However, she should have gone on to explain that it’s just $1000 and 7 years imprisonment. I don’t see how that’s any better than the $2500 fine she is distancing herself from.
The Minister says she never expressed any intentions to licence or penalise WhatsApp groups or Administrators of any social media platform/s which do not collect and process (Personally Identifiable Information (PII) for commercial or business use.
However, the law she is standing on says they can or rather should be penalised. I don’t think you will be able to protest in court that the Minister said she never expressed intentions to licence or penalise you.
If the law applies, you will have no recourse, regardless of what the Minister says. The law is clear, WhatsApp admins should be punished. So rather than distance herself from obvious mistakes in the commentary, she should grapple with the meat of the SI in question.
It’s ridiculous and she should say that and maybe help get the ball rolling on getting the law amended.
Anyway, that’s what I think of the whole fiasco. Do chime in if you have thoughts on this.
What’s your take? Cancel reply