The proposed merging of the three cyber bills into one bill as recently announced by the responsible minister could result in the muddying and undermining of other fundamental rights enshrined in the Constitution.
The minister said following guidance from the Attorney General’s Office, the Cybersecurity and Cybercrimes Bill will now incorporate the draft Data Protection Bill and the Electronic Transactions and Electronic Commerce Bill.
Appearing before the Parliamentary Committee on Media, Information Communication Technology and Cyber Security on 8 February 2018, the minister justified the consolidation saying all three Bills work to prevent various forms of cybercrime. The decision might also have been inspired by the introduction of an omnibus Cybercrimes Bill in South Africa.
MISA Zimbabwe therefore disagrees with the justifications cited by the Minister of ICTs and Cyber Security, Supa Mandiwanzira, to merge the three cyber bills into one omnibus bill.
An omnibus law is a Bill or Act which caters for a number of diverse issues or topics. One such example is the Access to Information and Protection of Privacy Act (AIPPA). AIPPA seeks to regulate diverse topics such as Privacy, Access to Information and Media Regulation under one Act. In the end, AIPPA just briefly touches on each of the rights it seeks to regulate.
For example, only seven sections under AIPPA are dedicated to the protection of the right to privacy. This is simply inadequate and unacceptable.
Grouping fundamental rights such as the right to privacy, access to information with consumer rights and cyber security into one piece of legislation, has the potential of undermining the protection of those rights.
MISA-Zimbabwe believes that fundamental rights such as the right to privacy must be protected by a piece of legislation dedicated solely to the protection and promotion of that right. This is why there is need for a standalone Data Protection law in Zimbabwe.
This is the case in South Africa, where the introduction of an omnibus Cybercrimes Bill complemented that country’s Protection of Personal Information Act and the Electronic Communications and Transactions Act instead of absorbing or repealing them.
MISA-Zimbabwe therefore urges the Attorney-General’s Office and the Ministry of ICT and Cyber Security to reconsider doing away with the proposed standalone Data Protection Bill.
In saying this we are guided by the three Model Laws produced by SADC which cater for Data Protection, Cybersecurity, and Electronic Transactions, respectively. This was obviously well thought out to ensure each area is regulated by a dedicated in-depth piece of legislation.
Government’s decision to interpret the right to privacy, and consumers’ online rights from a cybersecurity perspective is a narrow approach that could result in restricting fundamental rights under the guise of promoting security.
This becomes of even greater concern given that the right to privacy is currently not properly provided for under AIPPA.
Privacy is a fundamental right which fosters the promotion, and protection of related rights such as the right to freedom of expression. Any laws or policies which negatively impact on the right to privacy have a negative impact on the right to freedom of expression in Zimbabwe.
It would therefore be sad for this important right to be inadequately protected under yet another omnibus law such as the proposed Cybersecurity and Cybercrimes Act at a time when there is unanimity on the inadequacies of AIPPA.