&

DATA PROTECTION BILL, 2013

Philip Filikunjombe, Advocate

LLM Information Technology &Telecoms Law, PGD Law

The development, evolution and growth of inform.

and comm. technologies (ICTs) have given rise to a
number of concerns in the society we live today.
Such concerns include cybercrimes, issues of
electronic commerce and cases involving information
security.
Information security :
Is concerned with collection, processing and
utilization of information which once processed
becomes data.
One of the categories of data that is touchy here is
personal data and the protection of the same, a
concept commonly referred to as data protection.

This paper is a summary of the concept of

data protection, the need for laws on data
protection, and the status of data protection
laws in other jurisdictions, including the
status of data protection legal framework for
East and Southern Africa. The paper finally
gives a synopsis of the proposed Data
Protection Bill, 2013.


a)
b)

c)
d)

This presentation is a summary of:

the concept of data protection;
the need for data protection legislation;
the status of data protection laws in other
jurisdictions; and
a overview of the Draft Data Protection Bill,
2013.

Data Protection as a concept is linked

the legal control over access to and use of data
stored in computers, computer systems and
networks.
data protection therefore is concerned with
controls how personal information is used by
individuals, organisations, or the government.
But as referred here: Concern is much on
Personal data, than that of organizations or the
government. Why? It is because mechanisms are
set already for the protection of data in such
institutions.

The Right to Privacy

Universal Declaration of Human Rights
African Charter on Human and Peoples
Rights
The URT Constitution, 1977 Art.16

WHY NOW?

a)
b)
c)
d)

Personal privacy has been there since the

evolution of man, but why much concerns
over protection of personal privacy in recent
years?
Digitization of personal data (and the move
from knowledge to information)
Proliferation of digitized data
Nature of digitized data and the impact of
uncontrolled data
Increasing rates of invasion of personal
privacy

Change in the objectives

e.g The Utamus blogs saga, in 2008
The Rwandan Genocide
2. Data in wrong hands
e.g The Nazi versus Jews holocaust, 193345
1.

a)
b)
c)
d)
e)
f)

g)
h)

fairly and lawfully

specifically for the stated purposes
that is adequate, relevant and not excessive
accurate
kept for no longer than is necessary
handled according to peoples data
protection rights, consent
kept safe and secure
not transferred outside one country without
adequate protection

1. The European Community

The EC Directive,95/46/EC on data
Protection
2. Australia
The Federal Privacy Act 1988
The Federal Privacy Act 1988 is the overall
law but each States and Territories (except
for Western Australia and South Australia)
have their own data protection legislation.

3. South Africa
The Protection of Personal Information Bill
(Bill) was passed by the National Assembly on
20 August 2013
4. India
There is no specific legislation on privacy
and data protection, but the Information
Technology Act, 2000 contains specific
provisions intended to protect electronic
data.

5. Canada
Four private sector privacy statutes
(Canadian Privacy Statutes):
a) Personal Information Protection and Electronic
Documents Act;
b) Personal Information Protection Act;
c) Personal Information Protection Act; and
d) Protection of Personal Information in the Private
Sector Act

Status of data Protection initiatives):

1. The African Convention on Cyber Security,
2012
2. EA Cyber Law Framework Phase II; and
Phase II requires member states to foster
development legislations on e-commerce and
data protection legislation
3. SADC Data Protection Model Law

Objective
A Bill for an Act to:a) promote the protection of personal information
processed by public and private bodies;

b) introduce data protection principles so as to

establish minimum requirements for the
processing of personal information; and
c) to provide for matters connected therewith
compliance with International principles and that
of EA and SADC.

PART I: Preliminaries
Short title, commencement, and definitions
Part II: Collection, Use, Disclosure and
Retention of Personal Data
The data protection principles and exceptions
there to (Schedule II)

Part III: Office Of Data Protection Commissioner

Part IV: Register of Data Controllers and
Information Bureaus
Part V: Investigation of Complaints

Part VI: Miscellaneous

Part VII: Transborder Data Flow
Schedule I: Rights Of Data Subjects

Schedule II: Exceptions To Data Processing

Principles

Protection of persona privacy draws much concern

today than ever due to:
the increasing proliferation of personal data due to
processing of information which takes place as a
result of the dependency of peoples life on new
technologies.
As such it is necessary that rules are laid down to
govern such processing of information to ensure that
data subjects are not jeopardised.
A lot has been done in other jurisdictions on the
subject matter, as already highlighted. And drawing
forces from the model laws and frameworks drawn
for SADC and EAC states it is necessary that Tanzania
comes up with the data Protection Act, 2013.

Philip Filikunjombe, Advocate

LLM Information Technology &Telecoms Law, PGD Law

Resource Person