Zimpapers Logo

Nobleman Runyanga Correspondent
The Cyber Security and Data Protection Bill, which was crafted in 2016 and has been perfected over the past four years, was gazetted on May 15, 2020, signalling its imminent enactment into law.

This positive development came amid a background of negative sentiments against the proposed law by the usual anti-Government elements and detractors who have chosen to concentrate narrowly on the perceived negative aspects of the law at the expense of the rest of the law.

The critics of the legislation have been so dogged and narrow-minded in their views of the law that a visitor from planet Mars would readily conclude that Zimbabwe is the first country to introduce such a law.

Most critics of the proposed law, such as the Zimbabwean chapter of the regional media organisation — the Media Institute of Southern Africa (MISA) — are concentrating on the perceived negative effect of the law such as the baseless claim that some sections of the law “have the capacity to curtail freedom of expression through instilling fear and creating self-censorship”.

The proponents of these arguments are overlooking a fundamental reality that in any society, no right is absolute and laws enacted to purportedly curtail such rights, in this case free speech, only serve among other things, as a punishment for “abuse” of the right.

Everyone will agree that there has been massive abuse of this, through propagation of malicious fake news, posing serious threats to our socio-political-economic and security environment and the status quo could not be allowed to go on unabated.

Lately, Zimbabwe has been plagued by the abuse of social media by people such as Thomas Mafumo, Shingi Munyeza and Talent Chiwenga who use it to incite youths into mindless protests.

The country has not been spared from citizens who use the social media to spread fake news. In Iran the social media is used to organise protests. Even developed countries such as the United Kingdom and the United States have their own share of social media abuse.

This is the reason why the UK-based international affairs think tank, Chatham House held a virtual conference on May 26, 2020, to discuss how to achieve responsible behaviour in the cyberspace.

The think tank noted that while advancements in cyberspace had supported innovations, they had “also become an area of intense international competition and rivalry — a reflection of its increasing economic and political importance and broader geopolitical tensions.”

This indicates that cyber security and laws governing it as well as the safe use of information communication technologies (ICTs) are now a global norm, contrary to critics’ views. What would be abnormal about the law is having none in place than the other way round.

Background

A bit of background on the matter would be in order. Zimbabwe’s efforts to put in place a cyber security and data protection law is not in isolation from precedent on the continent and the globe as a whole.

What MISA and ilk are missing about the law is that legislation is not put in place for narrow political objectives.

They are driven by national interests such as building confidence and trust in the secure use of ICTs and ensuring that personal data collected by various service providers such as mobile network operators does endanger their lives through misuse or criminal manipulation.

It is not just about Government critics’ freedom of expression.

For example, cybercrime costs to the global economy stood at US$500 billion annually and according to the Microsoft Digital Crimes Unit, nearly 400 million people fall victim to cyber and computer crime annually, the world over.

One of the major concerns when it comes to fighting cybercrimes across Africa is weak legislation and poor law enforcement.

According to a 2016 African Union Commission (AUC) report, 30 out of 54 African countries lacked specific legal provisions to fight cybercrime. Zimbabwe was sadly part of this negative statistic.

Sitting duck

The continent had therefore become a sitting duck for global and local cybercrime perpetrators. According to the former International Telecommunications Union (ITU) secretary general, Hamadoun Toure “cyber criminals see Africa as a safe haven to operate illegally and with impunity”. From an intellectual property point of view, according to the Washington-headquartered Business Software Alliance, “two countries with the world’s highest software piracy rates in 2017 were Libya and Zimbabwe”.  This negative statistic further buttresses the urgent case for the enactment of legislation to deal effectively with such issues.

As Zimbabwe moves to claim its place on the global community of nations following decades of the late former President Robert Mugabe’s go-to-hell diplomacy, Zimbabwe needs to rectify any negative global and continental negative statistics that it is part of.

The country cannot continue to operate in a cocoon in terms of tackling issues affecting the global economy such as cybercrime.

Zimbabwe’s right to being respected as a member of the global village comes with the serious responsibility to fully play its part in fighting threats afflicting the world such as cybercrime, terrorism and drug dealing.

The UK

Most critics of the proposed law are admirers of the western world and when they criticise Government, it is as if those countries which they glorify and seek to compare Zimbabwe with, are free-for-all paradises that operate without any laws, but, this is not the case.

The UK has a long list of legislation governing cyber conduct and safety as well as data protection.

The UK has the following laws in its statute books: the Computer Misuse Act of 1990, the Communications Act of 2003 and the Privacy and Electronic Communications (EC Directive) Regulations 2003. As recently as 2018, the Data Protection Act was added to list.

The law was enacted to give effect to the General Data Protection Regulation (GDPR) and the Network and Information Security Regulations of the European Economic Area, which the UK is part of.

According to the website, whitecase.com, “the GDPR and the 2018 Act require that businesses keep personal data secure and only permit third parties access to the personal data subject to sufficient guarantees regarding the security of the processing services,” which is pretty much the same as what Zimbabwe is seeking to achieve through the Cyber Security and Data Protection Bill.

Some of the critics have questioned the proposed designation of the Postal and Telecommunication Regulatory Authority of Zimbabwe (POTRAZ) as the Cyber Security Centre and the Data Protection Authority under the new law but the UK also has a similar body, the Information Commissioner’s Office (ICO).

According to its website (www.ico.org.uk), it is an “authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.”

In February this year the UK government announced its intention to grant more powers to the Office of Communications to protect people from harmful content such as violence, terrorism, cyber-bullying and child abuse. Hitherto the Office of Communications only regulated telecommunications and the mainstream media leaving the social media unattended.

The US

Even the United States, which these critics worship as the infallible paragon of virtue in every area of life, has its own equivalents of Zimbabwe’s Cyber Security and Data Protection Bill.

Given its federal nature, the country does not have a single federal law to regulate the use of the cyberspace and ensure the protection of consumers’ private details.

According to the website, www.itgovernanceusa.com , “several states have their own cybersecurity laws in addition to data breach notification laws. These areas are currently regulated by a patchwork of industry-specific federal laws and state legislation, with varying scope and jurisdiction.”

Urgency

Given the fact that Zimbabwe is lagging behind other countries in terms of cyber security and data protection, discourse on the matter should no longer be on whether or not to sign the bill into law but when.

Zimbabwe is slowly being embraced by its former sworn foes such as the European Union.

Only last month the US removed the pillars of Zimbabwe’s economic development, the Agricultural Development of Zimbabwe (Agribank) and the Infrastructure Development Bank of Zimbabwe (IDBZ) from its sanctions list.

These developments emphasise the pressing need for Parliament to move with speed to ensure that the Bill is signed into law as soon as yesterday so that the country does not miss out on opportunities to integrate into the global economic system and the benefits that come therewith because of lack of a very basic, but important law.