Zimbabwe’s Minister of Information and Communication Technology, Postal and Courier Services (ICTPCS), Tatenda Mavetera, has announced that administrators of WhatsApp groups used for business will be required to apply for a licence.
The new regulation has sparked public outrage.
The requirement is part of Statutory Instrument 155 of 2024: Cyber and Data Protection (Licensing of Data Controllers and Appointment of Data Protection Officers) Regulations, 2024, which mandates that WhatsApp group administrators must register and secure a licence to operate.
The application for a licence is submitted to the Data Protection Authority, which, under this law, is the Postal and Telecommunications Regulatory Authority of Zimbabwe (PORTRAZ).
The regulation also requires each licensed WhatsApp group to appoint a data protection officer (DPO) trained and certified by PORTRAZ, responsible for ensuring compliance with data protection laws.
Licence fees are based on the group’s nature and the number of people whose data is collected by the administrator, ranging from $50 (approximately R878) to $2,500 (about R43,000) per year. “The time is ticking for organisations that collect first-party data, as you are required by law to have a data protection licence, with fees ranging from $50 to $2,500,” Mavetera posted on LinkedIn.
The licence is valid for 12 months and must be renewed annually.
Under the regulation, a phone number is defined as “personal information,” and since WhatsApp group members have access to one another’s phone numbers, the government classifies WhatsApp administrators as “data controllers.”
The law applies to any organisation with groups of 50 or more people that collect identifiable data, such as phone numbers, and is not limited to formal businesses. “Even churches that collect personal data must hold a licence and appoint a DPO. WhatsApp group admins are not exempt; if your group is for business, you must obtain a licence,” Mavetera added.
According to local media, groups created for personal, family, or household purposes, as well as those for law enforcement, journalism, historical, or archival purposes, are exempt from licensing requirements.
The regulation was gazetted on 13 September and is already in effect, giving WhatsApp groups processing people’s data until 13 March 2025 to comply. Penalties will apply for non-compliance, though it remains unclear how the law will be enforced, according to Mavetera.
IOL