Zimbabwe’s Cybersecurity and Data Protection Bill aims to protect privacy and guard against child sexual abuse depicted online. But it could also seriously hamper a free press.

There is much to celebrate within Zimbabwe’s new Cybersecurity and Data Protection Bill, 2019, now awaiting the President’s consent. The proposed Bill, which is expected to come into force after the President’s approval, aims to consolidate cyber-related offences and provide data protection law for its citizens.

For ordinary citizens, specifically children, it will seek to prosecute people who produce, distribute, procure or produce child pornography. This is a welcome move to address a growing problem for women and children here and follows global standards. The Bill will also criminalise cyberbullying and online harassment. 

On paper, the Bill seems to tick all the right boxes, but there are some other clauses within it which raise concerns, particularly for journalists.

For instance, clause 164C (scroll down to page 31) seeks to outlaw the spread of false information. It states: “Any person who unlawfully and intentionally by means of a computer or information system makes available, broadcasts or distributes data to any other person concerning an identified or identifiable person knowing it to be false with intent to cause psychological or economic harm shall be guilty of an offence and liable to a fine not exceeding level 10 or to imprisonment for a period not exceeding five years or to both such fine and such imprisonment.” Under the proposed Bill therefore, the government seeks to criminalise what it classifies as “false information”. The danger is that this could be used to silence those who use online platforms to expose corruption - often within government institutions - a key purpose of journalism.

Instead of rewarding whistleblowers, as is the norm in other parts of the world, they will be penalised, by being put at risk of retribution from perpetrators

The government has defended the proposed bill. “The bill is our legislative response to setting the right legal framework upon which all cybersecurity superstructures are to be built,” Dr Jenfan Muswere, the Minister of Information, Communications Technology Postal and Courier Services, said in December 2020.

However, this has done little to allay the fears of journalists. Clause 164C is ambiguous; it does not clarify what is constituted as “false information” nor who defines it. Because of this, members of the media are very concerned that the law could be applied highly selectively, and be used to censor journalists and curtail their freedom of expression.

What if it is the government which misinforms the public, as it did when the Herald, a state-controlled publication, pronounced that Zambia’s President Hichilema “followed President Mnangagwa to his hotel where they held a 30-minute closed door bilateral meeting…”? The Zambian president, however, set the record straight when he tweeted that he had held a meeting with a number of heads of state, not just the leader of Zimbabwe.

In cases like this, how is the law going to be applied, by whom and who will be accountable? In such cases, will the law be applied evenly or it is going to be applied selectively, depending on which side one belongs to? Indeed, how does one apply punitive action to “the government”. 

Silencing whistleblowers

Clause 164C may work to silence whistleblowers, who often rely on social media to reveal corruption. Last year, investigative journalist Mduduzi Mathuthu blew the whistle on corruption involving COVID-19 funds. He reported online that a company, Drax International, had invoiced the government $28 for individual 55disposable masks whose wholesale price was less than $4 from reputable local suppliers.

Another whistleblowing journalist, Hopewell Chin’ono, was arrested last year for allegedly inciting public violence after he also exposed COVID-19 corruption via social media. As it stands, the new Bill could further protect corrupt people including politicians by gagging the press to prevent vital information about corruption from reaching the public. 

Furthermore, Clause 31 of the new Bill could put journalists in acute danger. This clause seeks to regulate “the scope and purpose of the whistleblowing”. Clause 31(3) adds: “The person who is implicated shall be informed as soon as possible of the existence of the report and about the facts which he or she is accused of in order to exercise the rights established in this Act.”

Again, instead of rewarding whistleblowers, as is the norm in other parts of the world, they will be penalised, by being put at risk of retribution from perpetrators. In short, whistleblowing becomes highly dangerous and something people will have to undertake at their own personal risk. 

Centralising surveillance?

Clause 5 of the Bill also seeks to establish a Cyber Security Centre, which will coordinate cyber security and establish a national contact point available around the clock as one of its core functions. 

The well-documented use of Pegasus spyware in African countries, Zimbabwe included, is another cause for concern among media practitioners. Why? The Israeli-made software has been used clandestinely before, to harass or intimidate journalists, and if the Bill sails through, snooping on phones and emails could become the norm, especially for journalists, who are among the most-targeted professions when it comes to online surveillance and monitoring. 

The Bill only serves the interests of the few, politically connected elites at the expense of the majority, and thoroughly undermines freedom of expression in Zimbabwe

If this surveillance has happened elsewhere in Africa, as it has done in Botswana, for example, is it really likely that Zimbabwe would be the exception? 

As the country inches towards the crucial 2023 general elections, journalists may find themselves subject to additional censorship. After all, Zimbabwe already has high rates of human rights violations, according to a 2019 Human Rights Watch report.

The Media Institute of Southern Africa (MISA) Zimbabwe, on behalf of media practitioners, has appealed to the president not to sign into law the bill, saying it still requires further scrutiny. 

“A law that addresses issues relating to cyber security, data protection and data privacy, affects every citizen, hence the need for a multi-stakeholder approach in its framing,” MISA Chairperson Golden Maunganidze wrote to the president earlier this month.  “In light of the amendments that were affected, there is a need for an extensive review of the Bill with further input from the general public as well.”

Until there is a citizens' consensus, the Bill’s present status only serves the interests of the few, politically connected elites at the expense of the majority, and thoroughly undermines freedom of expression in Zimbabwe.   

Derick Matsengarwodzi is a freelance journalist and author based in Harare

The views expressed in this article are the author’s own and do not necessarily reflect Al Jazeera Journalism Review’s editorial stance