Home 9 Digital rights 9 Policy Brief: Addressing The Gaps In The Data Protection, Privacy And Surveillance Legislation (Now Available!)

Policy Brief: Addressing The Gaps In The Data Protection, Privacy And Surveillance Legislation (Now Available!)

Print

26 Jul, 2024

The main relevant pieces of legislation regarding surveillance are the Interception of Communications Act [Chapter 11:20] and the Postal and Telecommunications Act. The supposed principal purpose of these pieces of legislation is to give effect to various fundamental rights and freedoms enshrined in the Constitution of Zimbabwe Amendment (No.20) Act, 2023, 4 including the right to privacy, freedom of expression, and access to information.

Executive Summary

Zimbabwe has various pieces of legislation that affect data protection, privacy, and surveillance. The relevant pieces of legislation regarding data protection and privacy include, but are not limited to, the Cyber and Data Protection Act [Chapter 12:07] and the Postal and Telecommunications Act [Chapter 12:05].

The main relevant pieces of legislation regarding surveillance are the Interception of Communications Act [Chapter 11:20] and the Postal and Telecommunications Act. The supposed principal purpose of these pieces of legislation is to give effect to various fundamental rights and freedoms enshrined in the Constitution of Zimbabwe Amendment (No.20) Act, 2023, 4 including the right to privacy, freedom of expression, and access to information.

The adequacy of the pieces mentioned above of legislation in giving full effect to the relevant constitutional rights can be assessed by reference to the best international standards. The international standards are captured and set out in various instruments, including the Southern African Development Community (SADC) Model Law on Data Protection, the African Union (AU) Convention on Cyber Security and Personal Data Protection (Malabo Convention), Declaration of Principles on Freedom of Expression and Access to Information in Africa 2019, the International Principles on the Application of Huma Rights to Communications Surveillance and the European Union (EU) General Data Protection Regulations (GDPR).

In that regard, it is imperative to point out that the Cyber and Data Protection Act, the main legislation dealing with data protection and privacy in Zimbabwe, is mainly modelled on the EU GDPR, as it borrows the bulk of its provisions. Accordingly, it is appropriate to use the EU GDPR as the main benchmark for assessing the adequacy of the provisions of the Cyber and Data Protection Act concerning data protection and privacy.

This policy brief posits that there are various yawning gaps in our data protection, privacy and surveillance legislation. The gaps include but are not limited to, the absence of independent data protection and cyber monitoring authorities, the limited scope of data subject rights, an inadequate framework for cross-border data transfers, a draconian surveillance regime and a lack of effective remedies against data and privacy breaches.

Accordingly, this policy brief recommends a litany of measures to plug and bridge the gaps to achieve a legal framework that fully reflects the underlying constitutional rights.

About MISA

The Media Institute of Southern Africa (MISA) was founded in 1992. Its work focuses on promoting, and advocating for, the unhindered enjoyment of freedom of expression, access to information and a free, independent, diverse and pluralistic media.

Share this

Related news

MISA Zimbabwe analysis and position on new data regulations

MISA Zimbabwe analysis and position on new data regulations

The Cyber and Data Protection Act [Chapter 12:07] was gazetted on December 3rd , 2021, and came into force on the same day. In essence, the data protection law mandates that all businesses operating in Zimbabwe (and outside) adhere to data protection and privacy...

Zimbabwe should stay the course in reducing media freedom violations

Zimbabwe should stay the course in reducing media freedom violations

This year’s International Day to End Impunity for Crimes Against Journalists (IDEI), commemorated annually on 2 November, offers Zimbabwe the opportunity to reflect on how best it can improve its international press freedom rankings. The commemorations are being held...

MISA Communiqué on the All Africa Judges and Jurists Summit

MISA Communiqué on the All Africa Judges and Jurists Summit

The All Africa Judges and Jurists Summit convened in Nairobi, Kenya, from 17 - 18 September 2024, ended with a call to affirm judicial independence and address challenges to judicial independence and the rule of law in Africa. The Summit expressed deep concern over...

2024 Conference Resolutions on AI Regulation in the Age of Information Disorders

2024 Conference Resolutions on AI Regulation in the Age of Information Disorders

25 October 2024, Monomotapa Hotel, Harare On 25 October 2024 MISA Zimbabwe convened a Conference on AI (Artificial Intelligence) in the Age of Information Disorders during which delegates debated and deliberated on the importance of AI regulation and policy reforms in...

News

Bottom-up approach imperative for AI development in Africa

Bottom-up approach imperative for AI development in Africa

Collaborations key to realisation of UN Plan of Action on safety of journalists

Collaborations key to realisation of UN Plan of Action on safety of journalists

Standing together in the fight against breast cancer

Standing together in the fight against breast cancer

Reflections on the Spaces of Solidarity (SoS) Conference Agenda

Reflections on the Spaces of Solidarity (SoS) Conference Agenda

MISA Regional Chairperson`s opening remarks at the 2024 Spaces of Solidarity

MISA Regional Chairperson`s opening remarks at the 2024 Spaces of Solidarity



/ MISA on Twitter

[fts_twitter twitter_name=MISAZimbabwe tweets_count=2 cover_photo=yes stats_bar=no show_retweets=no show_replies=no]