The much-debated Cybersecurity and Data Protection Bill sailed through the Senate on Wednesday this week according to a report by NewsDay. The legislation seeks to give Zimbabwe its first baseline where cybersecurity is concerned and is a subject we spoke of at length around this time last year.
It has been a while since this piece of legislation was talked about so here is a recap of what the Cybersecurity and Data Protection Bill aims to achieve.
What is the Cybersecurity and Data Protection Bill?
“The purpose of this Bill is to consolidate cyber related offences and provide for data protection with due regard to the Declaration of Rights under the Constitution and the public and national interest, to establish a Cyber Security Centre and a Data Protection Authority, to provide for their functions, provide for investigation and collection of evidence of cyber crime and unauthorised data collection and breaches, and to provide for admissibility of electronic evidence for such offences. It will create a technology driven business environment and encourage technological development and the lawful use of technology.”
Cyber Security and Data Protection Bill
The Bill outlines:
The establishment of the Cyber Security Center and the designation of the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) as that centre
POTRAZ’s designation as the Data Protection Centre
The data sets that will be collected and evaluated
The rules to how information will be processed
The rules and duties of those who will process and evaluate the data collected in the event of an investigation.
Duties of the individuals who will collect and process data
The subject of the data
The transborder flow of data if the assessment of the data needs a third party outside the country
General code of conduct
General provisions, these being the appeals process, offences and penalties, and regulations
Consequential amendments.
The reservations concerning this bill have not changed
POTRAZ becoming far too power
When we last talked about this bill there was one big problem with it and that was handing over even more power to the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ). As mentioned above in the objectives of the bill, POTRAZ would become both the Cybersecurity and the Data Protection Centre.
This is on top of POTRAZ regular duties of policing the country’s mobile network operators as well as Internet Access Providers (IAPs). This to me feels like far too much responsibility for one government agency and there should have been a separate body set up that would deal with these issues specifically. Those sentiments were echoed then and now by the Media Institute of Southern Africa (MISA) Zimbabwe.
“We were concerned about the issue of creating a monster institution, where POTRAZ (Postal and Telecommunications Regulatory Authority of Zimbabwe) became the horse of Potraz itself, data security centre, authority, there is a cyber security crime centre and so forth.”
Tabani Moyo, Media Institute of Southern Africa (MISA) Zimbabwe Director
The ease to which the government can get our data
When the Bill comes into effect (which it will at this stage), if there has been any suspicion that you have committed a crime the authorities can seize whatever information they want about you. Zimbabweans might need to be more measured when they make comments on social media because this could mean that anything could be interpreted as denigrating the State or hate speech.
Which really shouldn’t be the case because freedom of expression and speech are enshrined in the constitution and in international law. This more so will be a big problem for journalists and activists because now the authorities can dole out extensive penalities.
The Bill now awaits the President’s signature to make it law.-techzim