With vast quantities of data on almost every person now being collected in the modern world, as bank accounts, medical records, voter information among others, are kept in digital formats on data bases, Zimbabwe has modernised its laws on what can be collected, what permissions are needed, how data must be protected and the rights of people to see data entries pertaining to them.
The Data Protection Act, which deals both with what data
can be collected, transmitted or distributed has been passed by Parliament and
signed into law by President Mnangagwa.
It came into effect on Friday.
The Act concentrates on giving maximum protection of
privacy and both introduces new law over the collection and storage of data and
updates the criminal law by amending the Criminal Law (Codification and Reform)
Act so it can deal with the offences that take place in the modern digital and
online world.
The specific offences already largely exist in more general
forms. For example, it is an offence to incite violence regardless of the
medium used for the incitement and child pornography is banned in Zimbabwe
under child protection laws, but the new Act adds to this general protection
under other legislation by criminalising such activity in a specific digital environment.
The first half of the new Act, that which deals with the
gathering and protection of data, will largely affect those who gather and
store data as part of their duties, and they now fall under the Postal and
Telecommunications Authority of Zimbabwe (Portraz), which has been made the
Data Protection Authority.
Portraz has the job of setting up and enforcing the rules
for data collection, protection, storage and presentation. Generally permission
has to be obtained from the person whose personal information is going into a
database, although there are differences between less sensitive and more
sensitive information.
But there is also a list for most purposes of data that can
be collected for specific purposes that does not require permission, for reasons
of health, public well-being and the like. But the Act now demands that such
data is properly protected and kept private, that is out of the public domain.
In many cases, generalised and non-personalised data can be
made public. For example, in the health world anything that could identify in
any way a particular person or patient is totally private. But, as we now are
seeing, general statistical data can be issued so the owner of a public health
database can tell the world how many Covid-19 tests were done in any one day,
how many people tested positive, what variants they tested positive for, how
many died and the like. But they cannot identify the people who took tests or
tested positive.
Breaches of data security have to be reported promptly to Portraz.
This means that a bank that has been hacked, for example, would have to tell
the authorities immediately what happened and what data might be compromised
and then follow directions on how to minimise the damage and let those whose
information was accessed know.
This legislation is now becoming increasingly common around
the world in the global shift to digital records on the grounds that people are
entitled to protection of privacy and security of their more sensitive
information.
The other half of the Act will have more effect on ordinary
people as it deals with criminalising specific actions using data and digital
transmission.
This is where those who use the internet, for example, or
the camera on their phone, can run into trouble quite easily if they use these
improperly to hurt people. While the offences might already exist under other
laws in very general terms, the new Act makes them very specific.
And because they are additions to the codified criminal law
there are the usual specific maximum penalties, frequently a maximum term of 10
years in prison, a fine or both.
So people who hack into other people’s systems commit a
serious offence, as do those who transmit SPAM, although the sentences are
lower for that offence. And a fair amount of the first part of the additions to
the criminal law deals with these sort of offences.
The second half of the additions deals with the content of
what is transmitted or distributed, that is with what are commonly seen as
serious abuses of social media and the internet. These start with security sort
of issues, like inciting violence although as people already before the court
know that this offence is also covered under other law.
New specified digital crimes include transmission of
intimate images without consent, production and dissemination of racist and
xenophobic material, recording of private parts beneath clothing without
consent, child sexual abuse material, child pornography, sending threatening
data message, cyber-bullying and harassment and transmission of false data
message intending to cause harm.
Again it is becoming common around the world to bring these
specified digital offences into law. But things like child pornography, revenge
pornography, major invasions of privacy and publicising defamation are far
easier to do in a digital environment and so are included as specific digital
offences.
When the Act was still before Parliament, Information and
Communication Technologies, Post and Courier Services Minister Jenfan Muswere
said the new law was important because current legislation in the country was
limited in scope and application due to technological developments and
considering that cyber-crime was borderless.
The Act also gives the court’s jurisdiction over crimes
committed outside Zimbabwe if they involve Zimbabweans, permanent residents,
business persons operating in the country or computer or data systems with
links to or located in the country.
Ordinary people that talked to The Herald welcomed the
enactment of the new law, and tended to concentrate on the sections that have
caused the most individual harm, the misuse of social messaging.
Ms Priscilla Mvuri said the Act was a good development and
would reduce cases of forced relationship through blackmail.
“The Government has done good work, people who send
threatening messages should be punished because some people are blackmailing
others forcing them to do what they want, for example, to continue a
relationship in which one does not feel comfortable with,” she said.
Another Harare resident, Ms Diana Mtamzeli said the law
will protect people’s dignity and urged people to end their relationships
amicably if they decide to do so.
Mr Gabriel Muponda said this Act will protect victims of
blackmail.
“People who send information or data intended to cause harm
are a threat to one’s life, because by sharing that sensitive information they
aim to destroy one’s reputation,” he said.
Mr Peter Dimingo welcomed the regulations against the abuse
of the internet and social media saying it was long overdue as many people have
fallen victims after their private information was shared publicly. Herald
0 comments:
Post a Comment