The Southern African nation of Zimbabwe is fast-tracking a Cyber Bill that would essentially enforce a data protection law and ensure protection in its cyberspace.
The Bill titled the “Cybersecurity and Data Protection Bill 2019” was gazetted in March 2020. It aims to consolidate cyber-related offences and provide a data protection law for its citizens, the government, and corporate organisations.
The Cyber Bill amends the country’s criminal code for cybercrime.
If signed into law, it will provide for the investigation and collection of evidence for cybercrime and data breaches, resulting in the admissibility of electronic evidence in court.
To enforce this, it plans to establish a cybersecurity centre and a data protection authority.
In a nutshell, the Zimbabwean government wants to encourage the lawful use of technology and encourage a technology-driven business environment.
This Bill is especially important given that data breaches or abuse disregard several fundamental human rights and could lead to many unforeseen challenges if treated carelessly as this hacker explains. However, a provision to criminalise false information has generated some controversy in recent months.
Sensitive information has to be juggled and treated with care on all fronts. Governments have to protect the data of their citizens from abuse, as well as ensure sensitive data that can affect national security does not fall into the wrong hands.
This need spurred the popular and widely-acclaimed General Data Protection Regulation (GDPR) in Europe, with other countries around the world taking a leaf from its book.
As of 2019, 25 out of 54 African countries had passed one form of data protection law or the other, and a few others had already introduced a bill to that effect.
Among these laws are the Benin Digital Code and the Nigerian Data Protection Regulation which seem to have been heavily influenced by Europe’s GDPR especially in terms of its flexible approach among other features.
However, they still leave a lot to be desired.
Why the Cyber Bill is important
Zimbabwe’s ailing economy is still trying to recover from hyper inflation and devaluation, and it has recently battled with issues of mobile money fraud. The introduction of a data protection law then seems like a crucial piece of legislation.
Before its development, four different laws signed several years ago provided regulations for cyberspace activities. Such arrangements could lead to confusion and many interpretations as regards innovations.
These laws include:
- Postal and Telecommunications Act – the creation of POTRAZ – the regulatory body for telecommunications in Zimbabwe.
- Official Secrets Act – A law that prohibits the sharing of information about state buildings, people, and classified information which could be deemed to threaten state security.
- Interceptions of Communications Act – provides for the lawful interception and monitoring of certain communications in the course of their transmission through a mobile phone, post, or any other related service or system in Zimbabwe.
- Criminal Law (Codification and Reform) Act – offences related to computers and other electronic devices were stated here.
The Cyber Bill is therefore looking to harmonise all these in single legislation, as it provides important updates regarding data protection.
The Cyber Bill will be creating a cybersecurity centre that will advise the government on policies relating to cybercrime and cybersecurity. This centre will directly report to POTRAZ, the country’s telecom regulator.
POTRAZ will now be appointed as the country’s Data Protection Authority to regulate the processing of data and advise the Ministry of Information on policies.
The confusion with Zimbabwe’s Cyber Bill
The Cyber Bill looks like an innovative move until we get to the cybercrime section, where it states that those found guilty of spreading false information will be fined or jailed for five years.
While it contains commendable laws such as legislations against child pornography and exposing children to pornography, others raise some questions.
The terms used in the Bill are ambiguous, and its use of the word “computer” leaves us unsure of the full extent of its reach.
Some offences include “hacking, unlawful acquisition of data, unlawful interference with data or data storage medium, unlawful interference with a computer system, unlawful use of data or devices.”
A hacker, for example, could face up to ten years in jail, but it is not clear if the law takes the activities of penetration testers into account.
With regards to false information, the Bill dwells on familiar territory.
Offences linked to electronic communication and materials include ”transmission of data, messages inciting violence or damage to property, sending threatening data/message, cyberbullying and harassment, the transmission of false data/message intending to cause harm, spam, the transmission of intimate images without consent, production and dissemination of racist and xenophobic material, and identity-related offences.”
This section also outlines when and how computers and data storage systems may be seized and searched and where data traffic may be collected, recorded, or preserved.
Given that some of these rules can be open to interpretations, the Bill is being seen as a means to clamp down on free speech.
Ethiopia, Nigeria, South Africa, Benin Republic, and some other African countries are on a growing list of nations with instances of censorship.
Ethiopia has repeatedly faced Internet shutdowns, and the introduction of its Social Media Bill all but raised more suspicions on the clampdown on free speech and political dissent.
Zimbabwe’s peculiar situation
Interestingly, the major function of Zimbabwe’s Cyber Bill seems to be the introduction of a specific data processing law and harmonising existing laws. But the clampdown on free speech has always been one of its functions.
The country issued the Postal and Telecommunications Act of 2000, that allows the government to monitor email usage and requires ISPs to supply information to government officials upon request.
The Interception of Communications Bill of 2006 which allowed the creation of the “Monitoring and Interception of Communications Center to oversee, among other things, all telecommunications and postal services” also strengthened the activities of the previous law.
African governments will hardly win medals for the protection of human rights, and the introduction of these kinds of legislation gives sufficient ground for worry.
Fake news and misinformation are big issues today, but the questions remain: What is true and what is false? Who deserves to be the custodian of truth? Can we trust governments to be custodians of truth?
Perhaps, fewer ambiguities would help Africans trust their governments.
NEW EPISODE OUT! Built in Africa, a podcast by Techpoint Africa
NEW REPORT: Nigerian startups raised $28.35m in Q2 2020; only about 4.5% of that came from local investors. Find out more in the full report.