The recently gazetted Cyber Security and Data Protection Bill has raised concerns – especially the plan for POTRAZ to house the National Cyber Security Centre. I raised concerns regarding the organisation and whether they will be able to carry out their mandate freely.
Media Institute of Souther Africa (MISA) Zimbabwe has also published an analysis of the bill. In MISA’s argument, POTRAZ should not assume or establish the National Cyber Security Centre since the role of POTRAZ is clearly outlined in Postal & Telecommunications acts.
MISA Zimbabwe therefore calls for the equal prioritisation and balancing of the functions of the Cybersecurity Centre and Data Protection Authority to ensure that significance is not placed only on cybersecurity while data protection, privacy and the interrelated fundamental rights are neglected. The conflation of these three institutions poses a dual crisis, with POTRAZ, on one hand, becoming the surveillance arm of the state while also having access to the large volumes of data collected by the Mobile Network Operators (MNOs) and Internet Service Providers (ISPs). This therefore compromises data protection and the right to privacy.MISA Zimbabwe
MISA also noted that the threat for surveillance was high given the existence of acts like the Official Secrets Act and Interception of Communications Act.
There is, therefore, need to ensure that all national security laws are reviewed in line with the human rights framework in the Constitution
Another criticism labelled at the Cyber Security and Data Protection Bill is in regards to data breaches. In the event of a data breach, the bill states that data controllers (a person, company, or other body that determines the purpose and means of personal data) shall “notify the authority without undue delay”. MISA has criticised the vague nature of that statement and believe that a specific timeline for notification would be better.
Finally, MISA also raised concerns regarding whether personnel in Zimbabwe’s judiciary system will be able to prosecute cybercrime offences and if some of the provisions made in the bill won’t be used to stifle freedom of expression.
You can read MISA Zimbabwe’s full-length analysis here. Hopefully, parliamentarians can raise some of these concern before the bill is passed into law so that it can either be i) amended if found inadequate in certain regards or ii) explanation is given for why certain aspects of the bill are proposed in the manner that they are.