Google, Meta and X probed for breaches to SA’s Promotion of Access to Information Act [VIDEO]

The Information Regulator (IR) said there are limitations to force big tech companies like Google, Meta and X to comply with the Promotion of Access to Information Act (PAIA).

The South African regulator on Wednesday held a press briefing to share the progress and developments of its work since the beginning of this financial year.

The briefing covered matters relating to PAIA, high-level cases including the issuing of an Enforcement Notice against the State Security Agency, and investigations into big tech and social media companies including Meta, Google and TikTok, among others.

Watch Pansy Tlkula speaking about big tech companies and their compliance

The Information Regulator (IR) said there are limitations to force big tech companies to comply with the Promotion of Access to Information Act (PAIA). #InformationRegulator #BigTech #SouthAfrica @TheCitizen_News pic.twitter.com/YZxZVYUVIe

— 𝙵𝚊𝚒𝚣𝚎𝚕 𝙿𝚊𝚝𝚎𝚕 ⚡️ (@FaizelPatel143) September 11, 2024

Big tech investigations

Chairperson of the Regulator, Pansy Tlakula said it is currently investigating complaints made against social media companies including X (formerly known as Twitter), Meta, and Google.

“The complainant has requested access to the records relating to the classification of elections, risk assessments concerning South Africa’s electoral integrity, and the application of global policies to local contexts within these three entities.

“The entities’ refusal of access to the records is based on the general presumption that PAIA does not apply extraterritorially to these private bodies despite them conducting business in South Africa. The Regulator accepted the complaints, and all three complaints are currently under investigation,” Tlakula said.

ALSO READ: Sanef takes on big tech: Demands compensation for South African media content

WhatsApp

Tlakuka also gave an update on the violation of the Protection of Personal Information Act (POPIA) by WhatsApp LLC.

She said WhatsApp LLC is a “very long-standing matter with numerous complexities.”

“WhatsApp adopts different terms of service and privacy policies for users in the European Region compared to Users outside Europe, including South African Users. The privacy safeguards for users in the European Region appeared to be better than those for users in South Africa, even though the General Data Protection Regulations (GDPR) and POPIA have similar standards and protections.

Limited actions

Tlakula said the regulator deemed it appropriate to conduct a compliance assessment in terms of section 89 of POPIA, given the insufficiency of WhatsApp’s Privacy Policy in demonstrating compliance with the provisions of POPIA.

“The regulator has issued an Enforcement Notice in which it directed WhatsApp LLC to comply with all conditions for lawful processing by updating their privacy policy, to conduct a personal information impact assessment, and to comply with the provisions of PAIA in so far as it relates to its obligation to maintain the documentation of all processing operations it is responsible for.

“In this regard, the regulator dismissed WhatsApp’s argument that PAIA does not apply to it as a social network which is extraterritorial,” Tlkula said.

Tlkula added that there are currently limited actions the regulator can take to force big tech companies to comply.

ALSO READ: Danger of sharing customers’ data without permission