Media advocacy group, the Media Institute of Southern Africa (MISA) has launched a policy brief that seeks to reveal the gaps in Zimbabwe's data protection, privacy and surveillance.
The advocacy group indicated that the absence of an independent data protection and cyber monitoring authority, an inadequate framework for cross border data transfer and a draconian surveillance regime are some of the gaps it noted.
Speaking at the launch one of consultants engaged by MISA Innocent Madongwe highlighted that there is need for the country to address some of the gaps in the country's data protection, privacy and surveillance legislation.
"The Cyber and Data Protection Act should expressly indicate that it does not apply to processing of personal data by a natural person during a purely personal or household activity in accordance with international best standards," he said.
Mandongwe further highlighted that there is need for the establishment of a truly independent National Data Protection Authority.
"The fact that POTRAZ is subject to the executive's control in various material respects detracts from its independence as the National Data Protection Authority envisaged by international standards. Further the fact that POTRAZ is also the Cyber Security Centre and the postal and telecommunications sector regulator means it is stretched thin thus affecting its ability to effectively fulfil the functions reposed in the National Data Authority," he added.
The MISA Zimbabwe policy brief further raised recommendations on the broadening of the scope of sensitive data in the Act, enhancement of the rights of data subjects and tightening of the obligations of data controllers regarding data security breach among others.
Media and civil rights groups have always highlighted that there are gaps in Zimbabwe's data protection and surveillance laws that need to be aligned with international best practices.