15 Jul The continental context behind the development of Zimbabwe’s ICT laws
There has been renewed interest in Zimbabwe in regard to its draft Computer Crime and Cybercrime Bill, which has been criticised for its provisions that violate fundamental rights such as the right to privacy, the right to freedom of speech and the right to access information. Kuda Hove, Legal and Information Ocer at Veritas Zimbabwe, discusses the international initiatives and model laws which acted as catalyst for the development of the Bill as well as providing an analysis of the Bill’s key provisions.
The Harmonization of the ICT Policies in Sub-Sahara Africa project
The International Telecommunication Union (‘ITU’) is the United Nations specialised agency for information and communication technologies. ITU works globally on nine key areas including internet policy and governance as well as cyber security. It was under its mandate on cyber security that ITU in collaboration with the European Union launched the Harmonization of the ICT Policies in Sub-Sahara Africa (‘HIPSSA’) project.
This project involved 43 African countries including Zimbabwe; it was launched in December 2008 at Addis Ababa, Ethiopia. It was meant to run until 2011; however, the project was extended to 20131.
The aim of the HIPSSA project was to create a harmonised regulatory environment that would stimulate economic and social development by encouraging investment in ICT infrastructure and services, furthermore countries participating in the project also received locally-relevant policy advice, training and related capacity building in ICT policy matters. The project not only benefited individual countries but also Regional Economic Communities such as the Economic Community of West African States and the Southern African Development Community (‘SADC’).
While HIPSSA focused on Sub-Saharan Africa, there was also the Harmonization of ICT Policies, Legislation and Regulatory Procedures in the Caribbean and the Capacity Building and ICT policies, Regulations and Legislative Frameworks for Pacific Islands Countries2. All three projects led to the drafting of regional model laws dealing with ICT-related issues. This led to the development
of the SADC model law on Computer Crime and Cybercrime and the SADC model law on Data Protection. SADC Member States were then encouraged to implement these model laws in their respective jurisdictions, thereby bringing about the regional harmonisation of cyber laws. This implementation process was also referred to as the National Transposition of SADC Model Laws.
SADC model cyber laws
The SADC model laws incorporated traces of the regional model laws from the other two ITU-EU collaborative eorts in the Caribbean and Pacific Islands. In 2013 ITU and SADC sent two missions
to Zimbabwe3 to help with Zimbabwe’s transposition of the SADC model cyber laws into Zimbabwean law. The first mission of delegates held meetings on 25 and 26 March 2013 in Harare, and the second mission held meetings between 15 and 18 July 2013. Both missions involved regional and international experts in the fields of data protection and cyber security coming to Zimbabwe to meet with the Ministry of Information, Communication, and Technology as well as with local data protection and cyber security stakeholders. The first set of stakeholder meetings held in March 2013 involved a presentation to familiarise Zimbabwean stakeholders with the contents of the SADC model law.
The second set of stakeholder meetings held in July 2013 involved overviews of the draft Zimbabwe Data Protection Bill and the draft Zimbabwe Electronic Transactions and e-Commerce Bill and lastly, the draft
Computer Crime and Cybercrime Bill4. It is this version of the draft Bill that is currently under discussion and has received criticism from various sections of Zimbabwean society for containing sections that violate fundamental rights such as the right to privacy, the right to freedom of speech and the right to access information.
In its 2013 form, the draft Bill has no legal effect in Zimbabwe; it is not legally binding in any way and at most serves as a reflection of how Government intends to regulate the sector. ITU exists to protect and support everyone’s fundamental right to communicate and as such, any legislation that arises from an ITU initiative must give life to that aim; unfortunately, the draft Bill restricts people’s right to communicate instead of protecting and promoting this essential right.
Criticism of the HIPSSA Project5
Poor drafting and inconsistencies in definitions of terms such as e-crime, cyber crime, and computer crime have adversely aected the number of countries that seem to have utilised these models when drafting their cyber crime legislation, largely in the Caribbean, Africa and Pacific Islands. Another criticism is that the model laws, drafted because of the ITU-EU collaborative projects, appear to have been prepared through input from workshop participants and not representatives or experts with ocial State party mandates.
According to a 2014 discussion paper sent to the Cybercrime Convention Committee6, a committee that represents the State Parties to the Budapest Convention on Cybercrime, the ITU-EU model laws: “appear to be sourced from
a draft prepared by ITU consultants who attempted to use the general framework and much of the language from the Commonwealth Model Law but with substantial modifications, additions and deviations from international best practice. In particular, introducing provisions that would raise human rights and freedom of speech concerns, enable content control, and regressive powers without safeguards which substantially impact industry, online providers and users […]”
Other regional initiatives
HIPSSA was not the first initiative to harmonise African ICT policies. In May 2008, the African Union (‘AU’) brought together African ministers responsible for ICT for a meeting in which they adopted a reference framework for the harmonisation of telecommunications/ ICT policies and regulations. This project gave impetus to earlier eorts by the AU to bring about harmonised ICT policies in Africa; the AU closely participated in the drafting of both SADC model laws dealing with ICT-related issues.
To lend support to the process of harmonisation of ICT policies, the AU adopted the Convention on Cyber- security and Personal Data Protection at Malabo, Equatorial Guinea on 27 June 2014. As of 14 August 2016, only eight of the 54 AU Member States had signed the Convention. Zimbabwe is currently not a signatory to this Convention.
In conclusion, the Zimbabwean draft Computer Crime and Cybercrime Bill is an example of a model law that embodies provisions that raise human rights and freedom of speech concerns and grants regressive powers to the State without the requisite safeguards to protect the ICT user.
Model laws are, in principle, a good way to encourage governments to draft laws that meet international best practice however, when localising regional and international model laws, caution is needed to ensure that fundamental rights are not infringed.