Understanding the Cyber and Data Protection Act

Sifelani Tsiko

Fact Check Editor

THE arrest of journalist Blessed Mhlanga in February on charges of contravening a section of the Cyber and Data Protection Act that prohibits the “Transmission of a data message inciting violence or damage to property,” has generated ardent debate.

On social media there are a lot of opinions – right or wrong on what exactly constitutes violations of the act on social media.

In this report, we dissect crimes on social media or other means of communication that violate the Data Protection Act.

What is the Cyber and Data Protection Act?

In general, a Cyber and Data Protection Act aims to safeguard individuals’ fundamental right to privacy by limiting the ways their personal data can be used and ensuring they have control over it. In Zimbabwe, the Cyber and Data Protection Act consolidates several pieces of legislation that govern cyber security and data protection, according to Zimbabwe Government Gazette, Veritas and other legal experts. The main ones cover the Postal and Telecommunications Act, Official Secrecy Act, Criminal law (Codification and Reform) Act and the Interceptions of Communications Act.

When did it come into effect?

The Cyber and Data Protection Act (Chapter 12:07) came into effect on March 11, 2022, after it was gazetted by GN 492/2022. The Data Protection Authority in charge of the administration of this law is the Postal and Telecommunications Regulatory Authority of Zimbabwe (Potraz). The Act itself usually has the date 2021 in it.

This is because it was initially gazetted in December 2021 with the wrong title “Data Protection Act”. It had to be gazetted again in March 2022 with the corrected title “Cyber and Data Protection Act”. The contents of the act did not change.

Why was the Cyber and Data Protection Act enacted?

This Act was enacted largely to provide for data protection with due regard to the Declaration of Rights under the Constitution, and the public and national interest. It was meant to promote technological development and the lawful use of new and emerging technology. It seeks to prevent the unauthorised data collection and

breaches, and to provide for matters connected with or incidental to the foregoing.

Blessed Mhlanga and the Cyber and Data Protection Act

The Cyber and Data Protection Act is vast. It is littered with many landmines. In this particular case, Mhlanga broadcast press conferences earlier this year by Mr Blessed Geza, a politician and war veteran who called for President Mnangagwa to resign.

The press conferences were broadcast to AMH’s YouTube channel HStv. Views expressed in the press conferences were classified as violating Section 164 of the law. This law stipulates that it is an offense to use digital platforms to incite violence or property damage.

Which section of the Cyber and Data Protection Act could have been potentially violated?

Under the Act, section 164 prohibits transmission of data messages inciting violence or damage to property.

The section says any person who unlawfully by means of a computer or information system makes available, transmits, broadcasts or distributes a data message to any person, group of persons or to the public with intend to incite such persons to commit acts of violence against any person or persons or to cause damage to any property shall be guilty of an offence and liable to a fine not exceeding level 10 or to imprisonment for a period not exceeding five years or to both such fine and such imprisonment.

Furthermore, the Act prohibits cyber-bullying and harassment:

The Act states that a person is prohibited from unlawfully and intentionally by means of a computer or information system generates and sends any data message to another person, or posts on any material whatsoever on any electronic medium accessible by any person, with the intent to coerce, intimidate, harass, threaten, bully or cause substantial emotional distress, or to degrade, humiliate or demean the person of another or to encourage a person to harm himself or herself, shall be guilty of an offence.

What other offences are prohibited under the Data Protection Act?

1.Transmission of data messages inciting violence or damage to property is forbidden. It is illegal to send messages with the intent to incite people to commit acts of violence against any person or persons or to cause damage to any property.

2. Sending messages to another person threatening to harm them, or to harm their family and friends, or threatening to damage their property.

3. Cyber-bullying and harassment.

4. Transmission of false information that is meant to cause harm.

5.Transmission of intimate images without consent. For example, you cannot send someone’s nude pictures without that person’s consent. It is also not allowed to take someone’s intimate pictures without them agreeing to it.

6. Production and dissemination of racist and xenophobic material.

7. Child pornography and exposing children to pornography.

8. Sending spam messages is banned; it is illegal for a person to send unsolicited messages to many people under false pretences.

Warning:

“Very soon we will get to that stage where carrying or repeating stupid, disruptive messages will attract a lawful punishment. You cannot just circulate alarm and despondency and go scot – free! Before long!! We are watching social media very closely,” Deputy Chief Secretary in the Office of the President and Cabinet Mr George Charamba said on X on April 22, 2025.

Sources:

Zimbabwe Government Gazette

Veritas

What we should know about the Data Protection Act – Trust Maanda

A Quick-Start Guide to Zimbabwe’s Data Protection Regulations – Savannah Robinson

POTRAZ

Cyber and Data Protection Act (2021) – PDF

The Act itself usually has the date 2021 in it. This is because it was initially gazetted in December 2021 with the wrong title “Data Protection Act”. It had to be gazetted again in March 2022 with the corrected title “Cyber and Data Protection Act”.

155 of 2024 Cyber and Data Protection Licensing Regulations – PDF

Zimbabwe’s Statutory Instrument (SI) 155 of 2024 Cyber and Data Protection Licensing Regulations was promulgated into law on the 13th September 2024

Cyber and Data Protection Implementation Guidelines on Appointment, Roles, Responsibilities, Training and Certification of Data Protection Officers. (Published by POTRAZ)

MISA Cyber and Data Protection Act Guide – PDF

facebookShare on Facebook
TwitterPost on X
FollowFollow us
PinterestSave

Related Posts

Amendment Bill 3 lands in Parliament
Amendment Bill 3 lands in Parliament

Nyore Madzianike Senior Reporter JUSTICE, Legal and Parliamentary Affairs Minister Ziyambi Ziyambi is today expected to start the legislative process for Constitutional Amendment Bill No. 3 (CAB3) when he makes…

Continue reading
Zim exudes confidence ahead of UNSC vote
Zim exudes confidence ahead of UNSC vote

Zvamaida Murwira Senior Reporter ZIMBABWE has committed to working with all countries, guided by its doctrine of building bridges, if it secures a non-permanent seat in the United Nations Security…

Continue reading

Leave a Reply

Your email address will not be published. Required fields are marked *

×
×