By Luyando Muloshi, CTPD Legal Researcher
With the advancement in science and rights technology, the world has gradually transformed itself into a digital space with increasing use of the internet, mobile devices, social networking, and computing data. Zambia has been no stranger to this modern digital era and the cyber space has become an increasingly large part of our day to day lives. However, the digital world can be prone to abuse and harbour potentially dangerous consequences such as cyberbullying, harassment, hacking, scamming, espionage, and other illegal cyber activities. For this reason, countries have moved towards introducing laws that can help curb the potentially dangerous consequences of the modern digital era.
In 2021, Zambia introduced its first cyber law, the Cyber Security and Cyber Crimes Act, No.2 of 2021 (“the Act”). The aim of the law, amongst other things, is to provide for cyber security, to protect persons against cybercrime, promote child online protection, and to facilitate identification, declaration and protection of critical information infrastructure, the collection of and preservation of evidence of computer and network related crime as well as the admission in criminal matters of electronic evidence.
While the stated aims of the law are progressive and the law contains positive provisions that could potentially contribute to prevention of cybercrimes, enhance online access to criminal justice, and prevent online violence against children. However, there are several provisions that, if not addressed, could have a negative impact on the enjoyment of digital rights in Zambia.
The Centre for Trade Policy and Development (CTPD) notes that the Act in particular falls short on the protection of individual rights to privacy and freedom of expression online. This can be attributed largely in part to the manner in which the Act was enacted into law; it was a rushed process without any proper consultation with relevant stakeholders and appears to have been enacted with the view of protecting the interests of the then ruling party as the country approached the 2021 General Elections.
While there are several provisions of the Act that need to be addressed, for the purposes of this article we will look at the following few examples. Under sections 27 and 28 of the Act, the Central Monitoring and Co-ordinations Centre (CMCC) and law enforcement officers are authorized to intercept communication when there are reasonable grounds to believe that an offence has been committed, is likely to be committed or is being committed, and for the purpose of obtaining evidence of the commission of an offence after an interception order (valid for three months but subject to renewal for an unspecified period) has been obtained from the High Court.
However, our position as CTPD is that the failure to limit the period of validity of an interception order could subject individuals, especially government critics and political opponents, to continued surveillance.
Furthermore, we also think the failure under section 27 (3) of the Act to specify the department of the government responsible for the management, control, and operation of the CMCC could provide yet another avenue for abuse of process associated with the handling of personal data and state surveillance. These provisions with limited safeguards over interception of communication have the potential to violate privacy rights and are contrary to established principles of limitations to privacy under international law.
In addition, section 59 of the Act criminalizes amongst other things the production of any objects tending to corrupt morals. The lack of the definition of what constitutes “corrupt morals” under the Act leaves it open to wide interpretation and consequently a chilling effect on freedom of expression and speech potentially inhibiting artistic, journalistic, research and educational works on the basis of undefined obscenity and corruption of morals.
Therefore, while cyber security is critical in the highly evolving technological era, CTPD thinks that it is important that a rights-based approach is employed in the development of policies and laws to ensure that the adopted laws and policies do not wantonly limit individual rights and freedoms. The Cyber Security and Cyber Crimes Act, 2021 in its current state offers some solutions to emerging challenges in the digital space. However, it still has some negative impacts on the protection, promotion and enjoyment of digital rights and freedoms. There is need for the Government to revisit the Act and make the relevant necessary amendments to some of its problematic provisions.