In today’s digital age, balancing privacy and security with the power of data-driven technologies is a global challenge. Concerns about mass surveillance, data breaches, and AI-powered profiling are increasing. Zimbabwe, like many other countries, is grappling with these issues.
Ahead of the 2018 and 2023 elections, many mobile phone users in Zimbabwe received unsolicited text messages from Zanu PF, canvassing for votes. The source of users’ personal data, such as mobile numbers, remains unclear.
Last Friday, the Media Institute of Southern Africa (MISA) launched a policy brief in the capital. The brief highlighted significant gaps in the country’s data protection legislation and emphasized the need for stronger laws to safeguard citizens’ privacy in the digital age.
Helen Sithole, MISA’s legal and ICT policy officer, stated, “The significance of the launch is that we are bringing out the gaps within our data protection and privacy laws. As we forge ahead with AI, we need to safeguard our legislation and ensure it addresses the major gaps. The data laws should be stringent enough to protect people’s fundamental rights.”
Sithole added, “To start, we focus on data protection, then move on to privacy and surveillance because those are interlinked.”
Legal practitioner Innocent Mandongwe, who helped prepare the policy brief, pointed out critical issues in current legislation, including the Cyber and Data Protection Act and the Postal and Telecommunications Act. The Interception of Communications Act and the Postal and Telecommunications Act are the primary pieces of legislation regarding surveillance.
Mandongwe said, “The most important thing is to decouple cyber and data protection legislation. Currently, we have one piece of legislation covering both data protection and privacy on the one hand, and surveillance on the other. We need to separate the two and create two Acts of Parliament to address these issues holistically and comprehensively.”
He added, “Once we do that, we will have data protection and privacy legislation that enhances data subject rights, establishes a truly independent National Data Protection Authority, imposes additional obligations on data controllers regarding international data transfers, and mandates user-friendly privacy policies.”
Currently, the Postal and Telecommunications Regulatory Authority of Zimbabwe (Potraz) is designated as the national data authority. However, the policy brief highlights that Potraz’s dual role as the cybersecurity center and regulator of the postal and telecommunications sectors stretches its responsibilities. Additionally, Potraz is subject to the Minister of ICTs’ policy direction, further testing its independent role.
Mandongwe noted that having two separate acts will allow for cyber legislation that adequately addresses how communication surveillance should be conducted, including independent judicial oversight and provisions for the rights of individuals subjected to data surveillance.
The event attracted researchers, civic society organizations, legal practitioners, Potraz, the media, students, and Members of Parliament from the Media and ICT portfolio committees. According to Darlington Chigumbu, a member of the parliamentary Portfolio Committee on ICTs and Courier Services, the workshop “was very insightful and empowered us as Members of Parliament to understand what the Data Protection Act aims to achieve and identify areas needing improvement to ensure its effectiveness. This will help us focus our discussions on addressing the gaps.”
Chigumbu added, “I have also started working on a motion to present in Parliament with other members who attended the workshop to highlight the gaps in the Act so they can be addressed.”
Sithole emphasized the importance of maintaining momentum after the launch to ensure the recommendations made by participants and the policy brief are implemented. “It’s all part of our advocacy strategy to push for amendments to these laws. We want to include issues related to AI. But to adequately address AI issues, our data protection laws need to safeguard our data. This will feed into future AI regulation,” she said.
The discussion during the launch emphasized the crucial importance of having strong data protection laws in Zimbabwe. As technology evolves, the legal frameworks safeguarding individuals’ privacy and security must also adapt. MISA’s policy brief urges lawmakers and stakeholders to promptly address these shortcomings. Protecting personal data isn’t just a legal matter, but a fundamental human right that must be upheld in the digital age.
Source: Newsday
