This study is about an appraisal of the legal and institutional framework in Tanzania on how they protect the right to privacy in the cyber space. The study asses the laws which have a negative impact on the right to privacy in the cyber space.
The study involved library research so as to lay down the theoretical framework of the study. Field research was conducted in order to support the theoretical work by gathering relevant information from various respondents. Mainly, collection of data involved oral interviews and questionnaire. The study found out that the legal and institutional framework in Tanzania has not been well framed to cater for the right to privacy in the cyber space.
The researcher has concluded that there is a low number of cases on infringement of the right to privacy in cyber space. Tanzanian legal and Institutional framework have not been well framed for the protection of right to privacy in cyber space as failure to comply with international standards and lastly, Police and other law enforcers have been given excessive power during surveillance which affect the right to privacy.
Furthermore, it has been recommended that the rise of awareness to the people on the right to privacy, also enactment of comprehensive legislation (law), establishment of specialized institution which protects the right to privacy in the cyber space and lastly limitation of police power during surveillance.
Table of Contents
Acknowledgement
Dedication
List of Statutes
List of Abbreviations
Table of Cases
Abstract
Table of Contents
CHAPTER ONE
INTRODUCTION AND BACKGROUND OF THE PROBLEM
1.1 Background of the problem
1.2 Statement of the Problem
1.3 Research Hypothesis
1.4 Research Objectives
1.4.1 General Objective
1.4.2 Specific Objectives
1.5 Literature Review
1.6 Scope of the Study
1.7 Significance of the Study
1.8 Limitation of the Study
1.9 Research Methodology
1.9.1 Research design
1.9.2 Study Area
1.9.3. Sample Population
1.9.3 Sample size
1.9.4 Sampling method
1.9.5 Data collection methods
1.9.5.1 Library Research
1.9.5.2Field Research
1.9.5.2.1 Interview
1.9.5.2.2 Questionnaire
1.10 Data Presentation and Analysis
1.11 Chapterization
CHAPTER TWO
CONCEPTUAL FRAMEWORK ON PROTECTION OF RIGHT TO PRIVACY
2.0. Introduction
2.1 The General Concept of Privacy
2.2 Types of Privacy
2.3 Importance of Privacy
2.4 The concept of Information and Communication Technology
2.5 The Concept of Cyber Space
2.6 Relationship between Privacy and Cyber Space
2.7 Consequences of Privacy Invasion
2.8 Conclusion
CHAPTER THREE
INTERNATIONAL LEGAL AND INSTITUTIONAL FRAMEWORK IN PROTECTION OF RIGHT TO PRIVACY TANZANIA
3.0 Introduction
3.1 Legal Framework at International level
3.1.1 Right to Privacy under Universal Declaration of Human Rights
3.1.2 Guarantee of Right to Privacy in the Cyber Space Under the International Covenant on Civil and Political Rights
3.2.1 The Human Rights Committee
3.3 Regional Legal Framework
3.3.1 The Protection of Privacy Under the African Union (Malabo Convention)
3.4 Sub Regional Legal Framework
3.4.1 Privacy Protection Under the Economic Community of West African States (ECOWAS)
3.4.2 Right to Privacy Under the East African Community (EAC) for Cyber Law. .
3.5 Conclusion
CHAPTER FOUR
NATIONAL LEGAL AND INSTITUTIONAL FRAMEWORK IN PROTECTION OF RIGHT TO PRIVACY
4.0 Introduction
4.1 Legal Framework
4.1.1 The Guarantee of Right to Privacy in the Cyber Space Under the Constitution of the United Republic of Tanzania of 1977
4.1.2 National Information and Communications Technology Policy.
4.1.3 Privacy and Confidentiality of the Customers Under Tanzania Communications Regulation Authority Act
4.1.4 Prohibition of Illegal Access and Illegal Interference under the Cybercrimes Act
4.1.6 Protection of Consumer Information under the Electronic and Postal Communication (Consumer protection) Regulations
4.1.7 Prohibition of Disclosure of User’s Information under the Electronic and Postal Communications (Online Content) Regulations
4.2 Laws which Posse Potential Risk to Privacy Infringement in the Cyber Space ..
4.2.1 Threat of Police Power to the Protection of Privacy in the Cyber Space Under the Cybercrimes Act
4.2.2 Interception and Disclosure of Information Under the Electronic and Postal Communications Act
4.2.3 Impact of Law Enforcement Agents to the Right to Privacy in the Cyberspace under the Media Service Act
4.2.4 Interception of Communication and Threat of Right to Privacy in the Cyber space under the Prevention of Terrorism Act
4.2.5 Effect of Police Power in Search under the Police Force and Auxiliary Services Act
4.2.6 Impact of Surveillance to Right to Privacy under Tanzania Intelligence and Security Service Act
4.2.7 Impact of Mandatory SIM card Registration to the Protection of Right to Privacy in the Cyber Space under the Electronic and Postal Communications (Sim Card Registration) Regulations of 2020
4.3 Tanzanian Institutional Framework in Protection of Right to Privacy
4.3.1 Power and Function of Tanzania Communications Regulatory Authority in Protection of Right to Privacy
4.3.2 The Information and Communication Technologies. (ICT) Commission in Protection of Right to Privacy
4.3.3 The Police
4.3.3 Protection of Right to Privacy in the Cyber Space by the Court During Adjudication of Privacy Cases
4.4 Conclusion
CHAPTER FIVE
AN APPRAISAL OF TANZANIAN LEGAL AND INSTITUTIONAL FRAMEWORK GORVERNING PROTECTION OF RIGHT TO PRIVACY IN CYBER SPACE
5.0 Introduction
5.1 The Analysis of Guarantee by Legal and Institutional Framework in Protection of Right to Privacy in the Cyber Space
5.2 The Assessment of Effectiveness of Tanzanian legal and Institutional Framework in Protection of Right to Privacy in Cyber Space
5.2.1 The Comprehensive Legislation that Established for the Purpose of Protection of Right to Privacy
5.2.2 Compliance of Tanzanian laws with International, Regional and Sub regional Standards
5.2.3 Analysis of effectiveness of Bodies which are Protecting of Privacy
5.2.4 Assessment of Police Power and other law enforcers during Surveillance and Interception of Communications in Relation to the Protection of Right to Privacy ..
5.2.5 Analysis of Mandatory SIM card Registration in Relation to the Right to Privacy in the Cyber Space
5.3 Examination of Necessity of Having Mechanism that Protect Privacy Cyber Space
5.6 Conclusion
CHAPTER SIX
SUMMARY OF THE MAJOR FINDINGS, CONCLUSION AND
RECOMMENDATION
6.0 Summary of the Major Findings
6.1 Conclusion
6.2 Recommendations
Reference
Appendices
Acknowledgement
Firstly, I wish to thank my GOD for giving me good health and strength when Ipassed through discouraging situations and supported me to walk straight in abending world.
There are so many people who have, in one way or another helped and encouragedme in the accomplishment of my work, I would also like to thank those who supported me morally &financially. My beloved Parents, Mr. and Mrs. Ramadhani Shabani, Sisters (Nusura Ramadhani and Zakia Ramadhani)
Particular words of gratitude must go to my supervisor Mwajuama Kadilu. Shesupervised and guided me in the way of real classroom situation. she uses her valuable time and busy schedules to work on this paper until its completion.
Also, my field supervisor, Hon G.V Dudu (Senior Resident magistrate Courts at Rukwa region hereby appreciate his supervision and encouragement throughout the field.
Also, I appreciate the response from magistrates, state attorneys, TCRA officers and other respondents who used to provide assistance in data collection.
Lastly, a lot of thanks should also go to my fellow LL.B students for their support in one way or another as it will be impossible to mention them all, I wish to acknowledge sincerely that despite the fact that I have received all such contributions, morally and materially, I retain the right to criticisms, constructive comments and strength arising out of this report. I am entirely responsible for whatever that may arise from this report.
Dedication
This report is dedicated to my family (beloved parents, brothers and sisters) for theirlove, care and support in building a good foundation of my education and life in general up to this level
List of Statutes
International and Regional Instruments
The International Covenant on Civil and Political Rights, 1966
Universal Declaration of Human Rights, 1948
The African Charter on Human and People’s Rights.
The African Union Convention on Cyber Security and Personal Data Protection, 2014.
The Personal Data Protection for the Economic Community of West African States (ECOWAS), 2010.
The Data Protection Model Law for Southern African Development Community (SADC), 2012
The East African Community (EAC) for Cyber Law, 2008.
Principal Legislation
The Constitution of the United Republic of Tanzania [ Cap 2 R.E 2002]
National Information and Communications Technology Policy 2016
The Cybercrimes Act, Act No 4 of 2015
The Electronic and Postal Communications Act of 2010
Tanzania Intelligence and Security Act[Cap 406 R.E 2002]
The Prevention of Terrorism Act[Cap 19 of 2002]
The Media Service Act, Act No 12 of 2016
The Tanzania Communications and Regulatory Authority Act, No. 12 of 2003
The Police Force and Auxiliary Services Act [Cap 322 R.E 2002]
The Criminal Procedure Act [CAP 20 R.E 2002]
Subsidiary Legislation
Electronic and PostalCommunications (Consumer Protection) G.N No 427Of 2011
The Electronic and Postal Communications (Online Content) G.N No. 61, 2018
The Electronic and Postal Communications (SIM Card Registration) Regulations of G.N No 112, 2020
List of Abbreviations
Abbildung in dieser Leseprobe nicht enthalten
Table of Cases
Forsythe v. DPP & Ag of Jamaica. (1997) 34 JLR 512
Human Rights Network for Journalists Uganda Limited & Legal Brains Trust (LBT) v. Uganda Communications Commission (UCC) & Attorney General. Misc. App. No. 81 of 2013
Olmstead v. U S. 277 US 438 (1928)
R. v Whiteley. (1991) 93 Cr App Rep 25
Steve Jackson Games, Inc. v United States Secret Service. 816 F. Supp. 432 (W.D.Tex. 1993), aff’d, 36 F.3d 457 (5th Cir. 1994).
Tanzania Cotton Marketing Board v. Cogecot Cotton company SA. 1997 TLR 165
Vodacom Tanzania Limited & Zanzibar Telecom Company Limited v. Tanzania Communications Regulatory Authority (TCRA) Consolidated Tribunal Appeal No. 2 and 4 of2011
Kharak Singh V State of UP ( AIR 1963 SC 1295)
Abstract
This study is about an appraisal of theLegal and institutional framework in Tanzania on how they protect right to privacy in the cyber space. The study asses the laws which are negative impact the right to privacy in the cyber space The study involved library research so as to lay down the theoretical framework of the study. Field research was conducted in order to support the theoretical work by gathering relevant information from various respondents. Mainly, collection of data involved oral interviews and questionnaire The study found out that Legal and institutional framework in Tanzania has not well framed to cater for right to privacy in the cyber space
Researcher has concluded that there is low number of cases on infringement of right to privacy in cyber space, Tanzanian legal and Institutional framework have not well framed for protection of right to privacy in cyber spaceas failure to comply with international standards and lastly,Police and other law enforcers have been given excessive power during surveillance which affect right to privacy.
Furthermore, it hasrecommended that Rise of awareness to the people on the right to privacy, also enactment of comprehensive legislation (law), establishment of specialized institution which protect right to privacy in the cyber spaceand lastlyLimitation of police power during surveillance.
CHAPTER ONE
INTRODUCTION AND BACKGROUND OF THE PROBLEM
1.1 Background of the problem
Privacy is the right of the individual to be protected against intrusion into his personal life or affairs, or those of his family, by direct physical means or by publication of information.1 Privacy enable us to create boundaries and protect ourselves from unwarranted interference in our lives, allowing us to negotiate who we are and how we want to interact with the world around us, also privacy protect us from arbitrary and unjustified use of power by state, companies and other person.2
The growth of internet in the country lead to increase of violation of privacy and there are several ways in which the privacy of the individual can be violated in cyber space. If a person is victimized of privacy infringement over internet, it involves various complex issues to be settled which are what amounts to violation? Who is liable for the same? and, that shall be the remedy offered?
Privacy benchmarks at an international level are found in the international human rights treaties. The Universal Declaration of Human Rights of 1948 where under Article 123 that ‘no one should be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks on his honor or reputation. Everyone has the right of being protected by the law against such interferences or attacks’. This provision is reproduced in Article 17 in the International Covenant on Civil and Political Rights.4 Other international human rights instruments that specifically recognize privacy as a right include Article 14 of the United Nations Convention on Migrant Workers 1990. However, these instrument stipulates the right to privacy but did not provide any model or framework on how this right can be protected and other related procedures.
The earliest formal international instruments which lays down the frameworks for data privacy protection are the Organization for Economic Cooperation and Development’s Guidelines Governing the Protection of Privacy 1980 (i.e. the OECD Privacy Guidelines) and the Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data 1981 of the Council of Europe. The rules within these two documents form the core of the data protection laws of many countries. The key privacy principles incorporated in these instruments require that personal data must be obtained fairly and lawfully, used only for the original specified purpose, adequate, relevant and not excessive to purpose, accurate and up to date but also destroyed after its purpose is completed. However, they also require establishment of a supervisory authority to enforce the data protection principles.
In 1990s two new important privacy policies were adopted whereby the first was the United Nations Guidelines for the Regulation of Computerized Personal Data Files of 1990 and the Directive 95/46/EC of the European Parliament and of the Council of 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Furthermore, the Data Protection Directive sets a benchmark for national law which harmonizes law throughout the European Union
At the regional level, the African Union (AU) adopted on 27 June 2014 the AU Convention on Cybersecurity and Personal Data Protection 2014(MALABO CONVENTION). This Convention covers three main issues named; electronic transactions, personal data protection and cybercrimes. The part that covers data protection and privacy i.e. Chapter II (Articles 8-23) ofthe CyberSecurity Convention is similar to the EU Directive 95/46/EC. However, this Convention has not yet come into force since the convention requires 15 minimal ratification so as to become into force however there is only 5 member who ratified.5
In Tanzania the inclusion Bill of Rights of 1984, on 5th Amendment of Constitution which include the Article 16 the Constitution of United Republic of Tanzania.6 Which provides for right to privacy 16 (1) Every person is entitled to respect and protection of his person, the privacy of his own person, his family and of his matrimonial life, and respect and protection of his residence and private communications.”
(2) For the purpose of preserving the person’s right in accordance with this Article, the state authority shall lay down legal procedures regarding the circumstances, manner and extent to which the right to privacy, security of his person, his property and residence may be encroached upon without prejudice to the provisions of this Article.”
The importance of the subject of privacy and data protection has gained unprecedented attention in recent years, requiring better and more elaborate rules of protection. Individuals are sometimes exposed to possible abuse and even to harmful consequences as a result of the developments in information and communication technology (ICT) and the role it plays in the collection of personal information, and the tendency of companies and business enterprises to collect and use personal information in making business decisions.7
Despite the constitution and international convention guarantee right to privacy in Tanzania, but no wonder there is no any piece of legislation passed for comprehensive data privacy protection, while on the other hand, other countries have their own legislation such as Rwanda where it enacted a data protection legislation, The Information and communication Technology of 2016, also Uganda enacted The data protection and Privacy Act of 2019, and Kenya the Data protection Bill in 2018.8
Lack of comprehensive legislature on protecting right to privacy in Tanzania has become the great obstacle in the protection of right to privacy where some laws have emerged to legitimize the violation of privacy in the cyber space which are; Security Service Act of 1996.9 which established the Tanzania Intelligence and Security Service (TISS) Section 14 gives the TISS power to collect and analyze, retain information and intelligence respecting activities that may on reasonable grounds be suspected of constituting a threat to the security
In 2010 the Electronic and Postal Communications Act.10 under Section 89 which calls for all subscriber information and maintains a database of subscriber information. The service providers are required by Section 91 to submit all subscriber information to the TCRA once a month, and section 121 provides that “It shall be lawful under this Act for an officer, employee or agent of any network facilities provider, network service provider, application service provider or content service provider whose facilities or services are used in communications, to intercept, disclose, or use those communications in the normal course of his employment...”
Also the enactment of the Cybercrime Act in 2015 where sections 31, 32, 33, 34, 35 and 37 of the Cyber Crimes Act.11 gives power to police officers to search and seize computer systems, data and information without court order thus can infringe right to privacy as provided for under the Constitution of United Republic of Tanzania. Furthermore, under section 7(3) of the Media Service Act12 which impose an obligations of media houses, that a media house should not “undermine the national security of United Republic; or lawful investigations being conducted by a law enforcement agent where these laws open discretionary power to the law enforcers on violating right to privacy because of the lack of comprehensive legislation which limits the police officers in accessing data from the individual which is contrary to the protection of the right to privacy.13
In 2020 The Electronic and Postal Communications (Sim Card Registration) Regulation.14 was passed whereby under regulation 4 imposes an obligation to any person who owns, controls or intends to use a detachable SIM Card, as mandatory SIM card registration facilitates the establishment of extensive databases of user information, eradicating the potential for anonymity of communications, enabling location tracking, and simplifying communications surveillance and interception due to lack of a provisions as to how the database is managed, maintained and its security protected to guarantee individuals’ rights to privacy and data protection particularly given the lack of a data protection framework established in Tanzania.15 Also this regulation requires that the manner of registration of SIM card to be effectively by NIDA ID where this situation creates close relationship between TCRA, NIDA, Telecom Operators (service providers) and Agency of service provides who facilitates registration of SIM card as this connection creates complication in determination of liability if there is violation of privacy of individual. Hence it is mandatory for comprehensive legislature to be present which defines the position of violation of privacy of each.
On justifying this problem there are some events which evidences the violation of right to privacy in the cyber space which are
Jamii Forum case On December 15, 2016, the police searched both the premises of Jamii Media and Mr. Maxence Melo's home without any warrant where impact the right to privacy.16 Also, emails released by WikiLeaks on 8 July 2015 from the Italian surveillance malware vendor Hacking Team, reveal an exchange between representative from the Tanzanian President’s Office and Hacking team. An email from the government representative expressed interest in visiting Hacking Team’s office in view of purchasing its Galileo surveillance system.17 which has the ability of this surveillance technology to bypass encryption, take control of a user’s device, and to monitor all activities conducted on the device, poses significant threats to the right to privacy.18
1.2 Statement of the Problem
In Tanzania, The Constitution.19 guarantee the right of privacy in the cyberspace under Article 16 which provides that “(1) Every person is entitled to respect and protection of his person, and private communications.”
Furthermore Tanzania has ratified the International Covenant on Civil and Political Rights (‘ICCPR’), under Article 17(1) and Article 12 of The Universal Declaration of Human rights.20 Which provides the same that “no one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honor and reputation”.
Despite the constitution and international convention guarantee right to privacy in Tanzania, but no wonder there is no any piece of legislation passed for comprehensive data privacy protection, while on the other hand, other countries have their own legislation such as Rwanda whereby it enacted a data protection legislation, The Information and communication Technology of 2016, also Uganda enacted the data protection and Privacy Act of 2019, and Kenya the Data protection Bill in 2018.21
Furthermore, due to the lack of the lack of comprehensive legislature for protection of right to privacy in cyber space led to expanding space for some laws to infringe privacy to the individuals, such as the Cybercrimes Act.22 Where under section 32 of the Cyber Crimes Act.23 give powers to police officers to search and seize computer systems, data and information without court order thus can infringe right to privacy as provided for under the Constitution of United Republic of Tanzania. Also under section 7(3) of the Media Service Act24 which impose an obligations of media houses, that a media house should not “undermine the national security of United Republic; or lawful investigations being conducted by a law enforcement agent where these laws open discretionary power to the law enforcers on violating right to privacy.
Moreover, in communication surveillance where laws such as Prevention of Terrorism Act.25 And Tanzania Intelligence and Security Service Act of 1996, these laws allow legal interference of private communication of individuals but may negatively impact the right to privacy because of lack of comprehensive legislation for limit and monitor the communication interceptions
Also the power given to TCRA officers by Electronic and Postal Communications Act.26 under section 121allow an officer, employee or agent of any network facilities provider, network service provider, application service provider or content service provider whose facilities or services are used in communications, to intercept, disclose, or use those communications in the normal course of his employment.27 furthermore, The Electronic and Postal Communications(Sim Card Registration) Regulations of 2020.28 under regulation 4 impose an obligation of mandatory SIM Card registration, which facilitates the establishment of extensive databases of user information, eradicating the potential for anonymity of communications, enabling location tracking, and simplifying communications surveillance and interception due to lack of a provisions of laws on how the database is managed, maintained and its security protected to guarantee individuals’ rights to privacy and data protection particularly given the lack of a data protection framework established in Tanzania.29 Also it becomes difficulty in determine the liability due to violation of privacy and protection of data if any, during the process of SIM card registration since the process involves Service providers, NIDA, TCRA and agency of service providers. Therefore, this problem need to be cured and gaps to be filled so as to enhance the protection of privacy in the cyber space.
1.3 Research Hypothesis
i. How does the legal and institution framework in Tanzania guarantee right to privacy in cyber space?
ii. Do the Tanzanian laws governing and Institutional practice sufficiently protect right to privacy in the cyber space and complies with the international standard?
iii. Is there any necessity of having mechanism that protect privacy cyber space?
iv. How laws in Tanzania may promotes and protect the right to privacy in cyber space?
1.4 Research Objectives
1.4.1 General Objective
The Main objective of the research was to examine the lacuna that exists in laws in Tanzania which protects the right to privacy in cyber space, also to show the necessity of having laws that protect the right to privacy and lastly, to suggest the proper laws that will effective protect the right to privacy in cyber space
1.4.2 Specific Objectives
i. To examine how does the legal and institution framework in Tanzania guarantee right to privacy in cyber space.
ii. To analyze whether the laws governing the and Institutional practice sufficiently protect right to privacy in the cyber space and meet the international standards?
iii. To elaborate the necessity and essence of having mechanism that protect the right to privacy in cyber space
iv. To suggest the mechanism that will promotes and protect the right to privacy in cyber space
1.5 Literature Review
Ubena, J.30 In his Article of A forgotten right in Tanzania he provides that the lack of privacy legislation in Tanzania makes privacy infringement by ICT vendors possible, at the same time making communication interception likely. It is also clear that police may use that lacuna to intercept communication under shelter of criminal investigations. And even communication service providers Telecom operators may divulge the customers or customer’s personal information without being held liable for consumer’s privacy information. Admittedly, the EPOC A of 2010 and the Tanzania communication Regulatory Authority Act (TCRA) of 2003, are considered to safeguard confidentiality in the communication services sector. But the absence of legislation to cater for privacy protection such right become illusive.
Kakungulu-Mayambala, R.31 The author explain the situation in Uganda before the enactment of the Data protection and Privacy Act of 2019 where the situation was Mutatis Mutandis with the current situation in Tanzania, as explain the essence of having mechanism that protect right to privacy in cyber space that, Under Article 27 of Constitution.32guarantee the right to privacy. Although the Constitution provides for the right to privacy in Uganda, the right is still in the nascent stages of evolution with scanty jurisprudence in Uganda. Both the Government of Uganda and some private entities continue to flagrantly violate this right through their commissions/omissions, policies, and other laws while the citizens remain ignorant of such violations or choose to take no action against the violators.33 And such limitation is due to lack of specific privacy or data protection legislation to give effect or to operationalize the constitutional provision
Among of laws that were passed but limit the right to privacy in cyber space are the Regulation of Interception of Communications [RICA] Act of 2010 and in 2011, the Regulation of Interception of Communications Regulations, where under Section30 31 32 33 9(2) of the RICA requires all telecommunication service providers to ensure that existing subscribers register their SIM cards within a period of six months from the commencement of the Act. Also the Uganda Communications commission (UCC) established by the Uganda Communication Commission Act of 2013 which was threatened to switch off or to direct all service providers to switch off the users of unregistered SIM cards on 31st/08/2013 but in a case of Human Rights Network for Journalists Uganda Limited & Legal Brains Trust (LBT) v. Uganda Communications Commission (UCC) & Attorney General.34 the applicants sought for an injunction to restrain thedefendants from effecting their [defendant’s] threat of switching off unregistered SIM card users. The applicants also complained about the fact that the telephone service providers may use the information [data] collected from subscribers for purposeother than those for which the registration was conducted [security and identification of subscribers], However, the High Court declined to grant an injunction against the defendants. In so doing, and in a strange turn of events, the High Court missed out on the opportunity to clarify on Uganda’s law in respect of rights to privacy.
However, the government of Uganda has now introduced a comprehensive law to deal with this subject the Data Protection and Privacy Bill of 2015 which is referred to as the “DPP” Bill which approved by Cabinet and introduction to Parliament in 2019 as the law protect the right to privacy which is stipulated under Uganda constitution.
This situation was relevant with the violation of privacy in the cyber space in Tanzania where due to lack of privacy legislature some laws such as Prevention of Terrorism Act.35 And Tanzania Intelligence and Security Service Act of 1996, these laws allow legal interference of private communication of individuals but may negatively impact the right to privacy because of lack of comprehensive legislation for limit the communication interference. Also, The Electronic and Postal Communications Act (CAP. 306) (Sim Card Registration) Regulations of 2020.36 Which impose an obligation for mandatory for SIM Card registration, which34 35 36 facilitates the establishment of extensive databases of user information, eradicating the potential for anonymity of communications, enabling location tracking, and simplifying communications surveillance and interception due to lack of a provisions of laws on how the database is managed, maintained and its security protected to guarantee individuals’ rights to privacy and data protection particularly given the lack of a data protection framework established in Tanzania.
Magaila, A.B.37The author explain the challenges facing the right to privacy in digital environment as he say that The inclusion Bill of Rights of 1984, on 5th Amendment of Constitution which include the Article 16 the Constitution of United Republic of Tanzania.37 38 provides the guarantee of right privacy furthermore there is international standards which has settled for purpose of ensuring the guarantee the right to privacy which are the Universal Declaration of Human Rights39 and the International Covenant on Civil and Political Rights.40 He further explain that in Tanzania since the development of computers there is less protection of right to privacy Tanzania where there some laws which are protecting the privacy in cyber space but these laws are so limited such as Tanzania Communications Regulatory Authority Act Of 2003 (TCRAA), and The Electronic and Postal Communications Act of 2010 (EPOCA) and its regulations. Section 17 (1) of Tanzania Communications Regulatory Authority Act.41 provides that information may be disclosed If such information may assist the Authority in the performance of any of its functions, then no matter how important or confidential the information is to such a person, it must be provided to the Authority, That means information may be disclosed without consider any limitation of right to privacy because of lack of comprehensive legislation to limit the disclosure of confidential information for protection of right to privacy in cyber space.42
Tanzania Human Rights Defenders Coalition.43 This stakeholder report is submitted by the Tanzania Human Rights Defenders Coalition, the Collaboration on International ICT Policy in East and Southern Africa and Privacy International which was membership Organization in Tanzania, with over 115 members, both individual Human Rights Defenders and Human Rights Organizations membership working towards enhancing the security and protection of Human Rights Defenders (HRDs) in Tanzania as they explains on the challenges facing right to privacy where the constitution guarantee the right to privacy in the cyber space but some law limits the right such as the enactment of Electronic and Postal Communications Act (EPOCA) under Section 121 of the Act.43 44 which provides that “It shall be lawful under this Act for an officer, employee or agent of any network facilities provider, network service provider, application service provider or content service provider whose facilities or services are used in communications, to intercept, disclose, or use those communications in the normal course of his employment while engaged in any activity, also Section 31 of the 2002 Prevention of Terrorism Act.45 Which provides that ‘a police officer may for the purpose of obtaining evidence of the commission of an offence under this Act apply, ex parte, to the Court, for an interception of communications order.” Section 31 of Subsection 4 of this Act allows for the use of any communications intercepted, including from outside of the country, moreover Tanzania Intelligence and Security Service Act, which established the Tanzania Intelligence and Security Service (TISS) Section 14 gives the TISS power to collect, and analyze, retain ’’information and intelligence respecting activities that may on reasonable grounds be suspected of constituting a threat to the security of the United Republic or any part of it. Also the enactment of the CybercrimeAct46 where sections 31, 32, 33, 34, 35 and 37 of The Cyber Crimes Act.47 give powers to police officers to search and seize computer systems, data and information without court order thus can infringe right to privacy as provided for under the Constitution of United Republic of Tanzania , but the absence of comprehensive legislation to protect privacy to the individual which limits the police officers in accessing data from the individual is contrary to the protection of the right to privacy
Mandatory SIM card registration facilitates the establishment of extensive databases of user information, eradicating the potential for anonymity of communications, enabling location tracking, and simplifying communications surveillance and interception due to lack of a provisions as to how the database is managed, maintained and its security protected to guarantee individuals’ rights to privacy and data protection particularly given the lack of a data protection framework established in Tanzania.
Yoell, M.M in his book of Research on legislation in data privacy, security and the prevention of cybercrime.48 the author explain on laws from different jurisdiction have settled and cover different aspect in protect right to privacy in the cyber space such that,
In United Kingdom, The UK Data Protection Act 1998which provides principles for personal data must be processed as lawfully and fairly, Collection Limitation Principle, Purpose Specification Principle, Openness Principle and Security Safeguards Principlethis means that the personal data processed must be relevant, adequate and not excessive in relation to the purpose. Where these are basic element for bodies which store data and for law enforcers who access intercept the individual’s communication. Furthermore, the Regulation of Investigatory Powers Act 2000 (RIP A), which prohibits interception and recording of communications (including e-mail) without consent, except as authorized for national security and law enforcement purposes, or essential business purposes.
In USAthe Electronic Communications Privacy Act 1986 (ECPA) sets out the provisions for access, use, disclosure, interception and privacy protections of electronic communications. In effect, it prohibits unlawful access and certain disclosures of communication contents. Additionally, the law prevents government entities from requiring disclosure of electronic communications from a provider without proper procedure Section 2701 of the US Code in which the ECPA is incorporated lays down criminal penalties for those who intentionally access without authorization a facility through which an electronic communication service is provided or intentionally exceeds an authorization to access that facility, and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such a system. In Steve Jackson Games, Inc. v United States Secret Service.49 The case involved a seizure of electronic communications and the subsequent review, reading and deletion of files in electronic storage. The court held that the officers’ conduct with respect to private email failed to comply with the requirements of sections of the ECPA relating to the disclosure of the contents of stored electronic communications.50
Sinda, A. A &Kamuzora, F. In their article of Privacy And Data Protection In Tanzania.51The authors discuses about the gaps in Tanzanian laws concerning the protection of right to privacy in the cyber space, as they explain they explain that laws which protect right to privacy in the cyber space is well settled such that, Under the Cybercrimes Act, an offence of interception of a private communication is punishable by a fine of 10 million Tanzanian Shillings, or to imprisonment for a term of three years, while under the Investigation Regulations of 2017, the punishment for the same offence is a fine of 5 million Shillings, or imprisonment for one year. Under the Cybercrimes Act, an order of disclosure of information can be made by a police officer in charge of a police station, while under the Investigation Regulations of 2017, an order of disclosure of protected information must be made by the Inspector General of Police
Lloyd, I.J (2011 ).52 The author citing the case of R. v Whiteley.53 as taken as an illustrative where intruders obtain access to computer system from the home of an49 50 51 52 53 accused person, and this was resulted by the police in their control which was make available this was includes details at the time at which details was obtained to the computer system and the details of the activities undertaken in in respect of the system. In such case it however, it may be considered necessary to monitor the intercept communication during police suvarlliance, the Author proceed and say that The regulation of investigatory powers Act 2000 is the major United Kingdom statute setting out circumstances under which a range of communication data might legitimately be intercepted, this law attempt to bring United Kingdom laws into conformity with the requirement of the European convention of Human right, also the law establish the basic structure for insurance of warrants to authorize interception of communication where it considered by the secretary of the state. Karashani, B In his article of Tanzania Sim card policies rated low.54 55 he argue that SIM card registration threatens privacy, asserting that creating a database of citizens and their mobile numbers restricts private communications, increases the potential of them being tracked and monitored, enables governments to build in-depth profiles of their citizens, and risks private data falling into the wrong hands, this is because Tanzania does not have a comprehensive data protection law, although several rules and regulations addressing data regulation and data privacy exist but they are not adequate to effective protection of privacy.
Samuelson, P.55in his article of, In his book of Privacy as Intellectual Property? provides that an individual's privacy may be invaded electronically in several ways: first, by the significant amount of personal information which is available in online databases; second, by the transactional information collected as the individual participates in online activities which specifically identifies the individual; and third, by the massive computerized databases which are maintained by governments and non governmental entities, that may be subject to security breaches "Online communications" are communications over telephone, cable networks, or wireless systems using computers.
1.6 Scope of the Study
This study revolves around the following laws The Constitution of United Republic of Tanzania, the Cyber Crimes Act, the Media Service Act, Prevention of Terrorism Act [Cap 19 RE 2002], Tanzania Intelligence and Security Service Act of 1996, Electronic and Postal Communications Act and Postal Communications Act (CAP. 306) (Sim Card Registration) Regulations of 2020. Also the study involves three institutions TCRA, NIDA and Telecom operators, on how they protect the right to privacy as provided under the constitution.
1.7 Significance of the Study
This study will help to explain on how different institutions and legal frame work guarantee the right to privacy in the cyber space, identify lacunas/gaps in our laws on the right to privacy in cyber space also to advise the competent authority on how to improve the existing Policy, Laws and Regulations in improving privacy in the cyber space furthermore this study will point out the necessity of having laws that protect the right to privacy in the country. Also this study will suggest different ways to be taken by institutions such as TCRA and telecom operators on protecting the right to privacy in cyber space before the enactment of comprehensive law which protect the right to privacy and even after the enactment of law if such law is silent in different aspect. Lastly, the study will help other researchers to identify areas that need further research and study to help develop the law of the country.
1.8 Limitation of the Study
Due to financial constraints make the limitation for success of this research, Since the study has been basically self-financed, it did not touch all sensitive areas. There are various aspects of the study that have been partially consulted because of funds and time limitations, where becomes difficult to collect data from all region in Tanzania as in this study researcher used Dodoma region as the case study, also in this study there is limitation of time where this study takes few months which lead to limitation of scope of the study and also limits sample of the study furthermore, this study will face inadequacy of response due to some of the respondents being with no knowledge on science of law. However, these limitations do not substantially affect the success of the targeted objectives of the study since the case study is the reflection of other parties in Tanzania
1.9 Research Methodology 1.9.1Research design
The plan of action that is set out in order for study to be conducted smoothly from the begin to the end and to ensure best result, the researcher used quantitative approach.Where the mode of gathering data used by the researcher in this study is through field study and documentary review. The documentary review, the researcher passes through a library or archival research reading sources which include books, journals, some official government documents, dissertations, thesis, law-reports, law reviews, journal and other readings.
Moreover, the researcher has use field study which has conducted in interview, questionnaire and focus group discussion with TCRA officers, telecom operators, layman, magistrates and other lawyers, on elaborating on some facts, events and opinions from their own experiences how right to privacy in cyber space protected in Tanzania
1.9.2 Study Area
Researcher has chosen the Tanzania Communications Regulatory Authority (TCRA)and Telecom operators as the case study for the research because are institution mandated to handle all information and communication of the people which comprise aspects of cyber space and the geographical area where all data collected within Dodoma region.
1.9.3. Sample Population
The targeted population to accomplish this study are judicial officers, mobile telecom operators, TCRA officers, Advocates and common people(common people)
1.9.3 Sample size
Targeted population is to select 40 judicial officers, mobile telecom operators, TCRA officers, Advocates and common people (common people) from Dodoma region who will give their legal suggestion on how to protect the right to privacy in cyber space.
1.9.4 Sampling method
The researcher used TCRA officers, judicial officers, and mobile telecom operators for the purpose of obtain data from the specialized officers in their fields who gives their views basing on their professional and daily experience which is basic essential of the study. The researcher employed simple random sampling when targeting ordinary people from the field area, because random sampling is effective sample because they can represent different group of people rather than selecting them based on one group of people from the society and it provides an equal chance for each individual to be selected.
1.9.5 Data collection methods
1.9.5.1 Library Research
The researcher undertook library research so as to lay the theoretical frame work and research was also conducted in order to access works of other researchers and identify the knowledge gap that this study sought to cover. These data were collected from different existing documents as secondary data was achieved by going through reading various publications on privacy of cyber space of Tanzania and other countries which may be suitable in the study, the researcher had spent some time in the faculty of law library to explore the available literature from theses and dissertations which are related to this study. As these impart knowledge to the researcher on what other researchers and scholars whom have done on the subject in question and what have not yet been done, their opinion on the matter where this method involves reading of journals, brochures, newspapers, text books, articles, research reports and electronic documents from the internet
[...]
1 Nwauche, E.S (2007) The right to Privacy in Nigeria: Centre for African Legal Studies Publishers P. 65
2 Makulilo, A.B(2016) African Data Privacy Laws: Bwemen. Springer International Publishing P 118
3 The Universal Declaration of HumanRights of 1948
4 international Covenant on Civil and Political Rights of 1966
5 https://au.int/en/treaties/african-union-convention-cyber-security-and-personal-data-protection Retrieved on March 29, 2020
6 Cap 2 of as amended time to time
7 Sinda,A.&Kamuzora, F (2018) Privacy And Data Protection In Tanzania: found in https://www.bowmanslaw.com/insights/intellectual-property/privacy-and-data-protection-in-tanzania
8 Kibuuka, P. (2019) Reforming Tanzania data privacy and protection regime: found in https://www.thecitizen.co.tz/oped/-Reforming-Tanzania-data-privacy-and-protection-regime
9 Security Service Act of 1996
10 [CAP. 306] of 2011
11 Ibid
12 Act no 12 of 2016
13 Misso, G. (2017) .Desetation on A Research Report submitted for the partial fulfilment of the requirement for award of the degree of Bachelor of Laws Degree (LL.B) of Mzumbe University.
14 government notice no. 112 of 2020
15 Tanzania Human Rights Defenders Coalition (2015) The Right to Privacy in the United Republic of Tanzania: Stakeholder Report Universal Periodic Review 25th Session Kakungulu-Mayambala R, (2009) Data Protection and National
16 International Federation for Human Rights and The Legal and Human Rights Centre, (2017) Tanzania: Freedom of expression Peril Joint Situation Note. found in https://www.humanrights.or.tz/assets/images/upload/files/Tanzania j ointpositionnote_LHRC_FIDH
17 Galileo is a remote control system which allows to take control of a target and to monitor them even if they are using encryption. Hacking Team sells it as a tool to “bypass encryption, collect relevant data out of any device, and keep monitoring your targets wherever they are, even outside your monitoring domain.” https://www.hackingteam.it/images/stories/galileo.pdf
18 Ibid
19 The constitution of United Republic of Tanzania Cap 2 of 1977 as amended time to time
20 The Universal Declaration of Human rights of 1948
21 Kibuuka, P. (2019) Reforming Tanzania data privacy and protection regime: found in https://www.thecitizen.co.tz/oped/-Reforming-Tanzania-data-privacy-and-protection-regime
22 Act no 4 of 2015
23 Ibid
24 Act no 12 of 2016
25 Cap 19 of 2002
26 [CAP. 306] of 2011
27 Tanzania Human Rights Defenders Coalition (2015) The Right to Privacy in the United Republic of T anzania: Stakeholder Report Universal Periodic Review 25th Session
28 government notice no. 112 of 2020
29 Karashani, B (2020) Tanzania Sim card policies rated low: available inhttps://www.theeastafrican.co.ke/business/Tanzania-sim-card-policies-rated-low/2560- 54227281fvf2hz/index.html
30 Ubena, J. Privacy: A Forgotten right in Tanzania.The Tanganyika Law Society Vol 1 (2012) No 2.
31 Kakungulu-Mayambala R, (2009) Data Protection and National Security: analyzing the Right to Privacy in Correspondence and Communication in Uganda, HURIPEC Working Paper No.25,.
32 Constitution of Uganda
33 Ibid P 5
34 Misc. App. No. 81 of 2013
35 Cap 19 of 2002
36 government notice no. 112 of 2020
37 Magaila, A.B (2015) The law privacy in Tanzania A Discussion on the challenges affecting privacy in digital environment available in https://www.researchgate.net/publication/282330490
38 Cap 2 of as amended time to time
39 Article 12 of the Universal Declaration of Human Rights
40 Article 17(1) of the International Covenant on Civil and Political Rights.
41 T anzania Communications Regulatory Authority Act of 2003
42 Magaila, A.B (2015) The law privacy in Tanzania A Discussion on the challenges affecting privacy in digital environment available in https://www.researchgate.net/publication/282330490 P 32
43 Tanzania Human Rights Defenders Coalition (2015) The Right to Privacy in the United Republic of T anzania: Stakeholder Report Universal Periodic Review 25th Session
44 Electronic and Postal Communications Act (EPOCA) of 2010
45 Cap 19 [RE 2002]
46 Act no 4 of 2015
47 Ibid
48 Yoell, M.M (2006) Research on legislation in data privacy, security and the prevention of cybercrime: Geneva. International Telecommunication Union Publishers. PP 77-81
49 816 F. Supp. 432 (W.D.Tex. 1993), aff’d, 36 F.3d 457 (5th Cir. 1994).
50 Yoell, M.M (2006) Research on legislation in data privacy, security and the prevention of cybercrime: Geneva. International Telecommunication Union Publishers. PP 81
51 Sinda,A. &Kamuzora, F (2018) Privacy And Data Protection In Tanzania: found in https://www.bowmanslaw.com/ insights/intellectual-property/privacy-and-data-protection-in-tanzania
52 Lloyd,I.J (2011) Information Technology law: 6th Ed. New York. Oxford University press. P 263.
53 (1991) 93 Cr App Rep 25
54 Karashani, B (2020) Tanzania Sim card policies rated low.54 available inhttps://www.theeastafrican.co.ke/business/Tanzania-sim-card-policies-rated-low/2560-5422728- 1fvf2hz/index. html.
55 Pamela Samuelson, Privacy as Intellectual Property?, 52 STAN. L. REV. 1125, 1169 (2000).
-
Upload your own papers! Earn money and win an iPhone X. -
Upload your own papers! Earn money and win an iPhone X. -
Upload your own papers! Earn money and win an iPhone X. -
Upload your own papers! Earn money and win an iPhone X. -
Upload your own papers! Earn money and win an iPhone X. -
Upload your own papers! Earn money and win an iPhone X. -
Upload your own papers! Earn money and win an iPhone X. -
Upload your own papers! Earn money and win an iPhone X. -
Upload your own papers! Earn money and win an iPhone X. -
Upload your own papers! Earn money and win an iPhone X. -
Upload your own papers! Earn money and win an iPhone X. -
Upload your own papers! Earn money and win an iPhone X. -
Upload your own papers! Earn money and win an iPhone X. -
Upload your own papers! Earn money and win an iPhone X. -
Upload your own papers! Earn money and win an iPhone X. -
Upload your own papers! Earn money and win an iPhone X. -
Upload your own papers! Earn money and win an iPhone X. -
Upload your own papers! Earn money and win an iPhone X.