‘Cyber, Data Protection Act inevitable’
As Zimbabwe rapidly adopted technology across sectors, the recently introduced Cyber and Data Protection Act, was inevitable as it is to regulate the use of technology in businesses, industry experts say.
Digitalisation, in line with global trends, has resulted in an increase in cybercrimes.
Cases of data breach, which is defined as a breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed have been on the increase, not only in Zimbabwe but globally.
“This came into place due to the advent of the digital era, where business is being done using technology,” said Liquid Intelligent regional head of legal and regulatory Central Africa region Vimbayi Nyikadzino in an interview.
“There was a need to regulate the use of technology in business and give individuals protection to their basic human rights to privacy. It is also important for organisations in the sense that it gives them mechanisms governing how they collect data and the reasons for collecting it in lawful ways, while for individuals it ensures protection of the data they give out to organisations,” she said.
The Act recognises the right to privacy as a fundamental human right, thus data subjects have the right to be informed, access, object, correct, and delete their personal information. In line with this, written consent is required for processing sensitive data, and consent can be withdrawn at any time.
Processing without consent is only allowed in certain circumstances, and any limitation on privacy must be reasonable and justifiable in a democratic society.
Additionally, the Act requires data controllers to ensure that personal data is collected and processed in a transparent and lawful manner. This means that data subjects should be informed about the collection and processing of their personal data and the purposes for which it will be used.
World over, issues of data protection are a hot topic resulting in authorities getting tough on companies that breach private personal data.
For instance, the European Union (EU) supervisory authorities have continued to apply and enforce the General Data Protection Regulation (GDPR) vigorously, imposing record-setting fines up to €405 million and with a total amount of approximately €2,92 billion in fines to companies found wanting.
Big companies such Meta, Facebook’s parent company have been in trouble several times for violating privacy requirements with cases ranging from using users’ data to expose them to unsolicited adverts on its platforms like Facebook and Instagram.
The tech giant also came under fire last month for failing to protect the privacy of children using its Messenger Kids, in addition to misrepresenting the access it provided to app developers to private user data, prompting the authorities in the US to step in.
According to Ms Nyikadzino, companies that collect personal data should seek consent from users whenever they need to use that data for something else other than the original intention. Failure to do so is in breach of Zimbabwean laws, under the Act.
But there is still apathy among the public with regard to the law, prompting Liquid Intelligent to host an awareness event to unpack the piece of legislation.