Cyber Law at Tanzania
Tanzania has significantly strengthened its cyber law framework in recent years, primarily in response to the increasing prevalence of cybercrimes and the global emphasis on data protection. The legal landscape is characterized by a blend of dedicated cybercrime legislation, broader electronic communications laws, and a new, comprehensive data protection act.
Here's a detailed overview of Cyber Law in Tanzania:
1. Key Legislative Instruments:
The Cybercrimes Act, 2015: This is the foundational law addressing cybercrime in Tanzania. It criminalizes a wide range of offenses related to computer systems and Information Communication Technologies (ICTs). Key aspects include:
Defined Offenses: It defines and penalizes various cyber offenses, such as:
Illegal access to computer systems (hacking).
Illegal interception of data.
Illegal data interference.
Data espionage.
Illegal system interference.
Computer-related forgery and fraud.
Child pornography and other obscene content.
Identity theft.
Publication of false information (a controversial provision that has raised concerns about freedom of expression).
Racist and xenophobic material/insult.
Cyberbullying.
Violation of intellectual property rights.
Offenses related to critical information infrastructure.
Jurisdiction: The Act asserts broad jurisdiction, covering offenses committed within Tanzania, involving Tanzanian nationals, or against computer systems or devices located in Tanzania, even if initiated from outside the country.
Investigation and Evidence: It provides powers for law enforcement to conduct searches and seizures of devices and data, preserve and disclose data, and use forensic tools to collect electronic evidence.
Service Provider Liability: It addresses the liability of service providers, generally stating they are not liable for user-generated content if they remove or disable access to illegal information upon notification or awareness.
Criticism: The Act has faced significant criticism from civil society organizations and opposition parties who argue that some provisions, particularly those related to "publication of false information," are vague and have been used to stifle freedom of expression and target political opponents.
The Electronic and Postal Communications Act (EPOCA), 2010 (and its subsequent Regulations): While not exclusively a cyber law, EPOCA is crucial as it governs electronic and postal communications, establishing the regulatory framework for the telecommunications sector. It includes provisions related to:
Licensing and Regulation: Regulates electronic communications service providers.
Content Regulation: Contains provisions for the regulation of online content, including regulations on digital and broadcasting networks, online content, and SIM card registration. Amendments to these regulations, such as the Electronic and Postal Communications (Online Content) Regulations, 2020 (and its 2022 amendments), have often been criticized for imposing strict licensing requirements and content restrictions on online platforms and bloggers.
Privacy of Communications: Addresses the privacy of communications but also provides for lawful interception by authorized bodies under specific circumstances.
The Personal Data Protection Act, No. 11 of 2022 (PDPA): This is a landmark piece of legislation that came into force on May 1, 2023 (with the PDPA Regulations following in July 2023). It provides a comprehensive framework for the protection of personal data in Tanzania, aligning with global data protection trends (like GDPR). Key features include:
Principles of Data Processing: Establishes core principles for the collection, processing, use, disclosure, and storage of personal data, including lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, and security.
Data Subject Rights: Grants individuals significant rights over their personal data, such as the right to information, access, objection, rectification, and the right not to be subject to solely automated decision-making.
Personal Data Protection Commission (PDPC): Establishes an independent commission responsible for overseeing the implementation and enforcement of the Act. The PDPC registers data collectors and processors, investigates complaints, and can impose penalties for non-compliance.
Registration Requirements: Mandates that data collectors and processors operating in Tanzania (and in some cases, those outside Tanzania processing data of individuals in Tanzania) must register with the PDPC.
Cross-Border Data Transfers: Imposes restrictions on the transfer of personal data outside Tanzania, requiring adequate levels of protection in the recipient jurisdiction or other safeguards.
Penalties: Specifies significant fines and/or imprisonment for violations, with higher penalties for corporate bodies.
2. Regulatory Bodies and Initiatives:
Tanzania Communications Regulatory Authority (TCRA): The primary regulator for electronic communications and postal services, responsible for implementing EPOCA and its regulations.
Personal Data Protection Commission (PDPC): The newly established independent body responsible for enforcing the PDPA and ensuring data privacy rights.
National Cybersecurity Framework: Tanzania is in the process of developing and strengthening its national cybersecurity strategy and institutional mechanisms to coordinate efforts against cyber threats.
3. Challenges and Future Directions:
Balancing Security and Rights: A persistent challenge is striking the right balance between national security and combating cybercrime on one hand, and protecting fundamental rights such as freedom of expression, privacy, and access to information on the other. The Cybercrimes Act, 2015, in particular, has been a focal point of these discussions.
Enforcement Capacity: Effective enforcement of these laws requires significant investment in training, resources, and technical expertise for law enforcement agencies, the judiciary, and regulatory bodies like the PDPC.
Public Awareness: Raising public awareness about cyber threats, digital rights, and legal obligations is crucial for fostering a secure digital environment.
Digital Economy Growth: As Tanzania embraces digital transformation and the digital economy, the cyber legal framework will need to continuously adapt to new technologies, business models, and evolving cyber threats.
Harmonization with Regional Standards: Tanzania's cyber laws, particularly in data protection and cybercrime, show an increasing alignment with regional and international standards (e.g., ECOWAS directives, AU Malabo Convention, and even principles akin to GDPR). Continuous efforts in this area can enhance cross-border cooperation.
In summary, Tanzania has a developing cyber law landscape with key legislation in place to address cybercrimes and data protection. While the Personal Data Protection Act marks a significant step forward in safeguarding privacy, the implementation and impact of these laws, particularly concerning human rights and freedom of expression, remain areas of ongoing scrutiny and development.
RELATED Blog
0 comments