Unsolicited text messages to Zimbabwe voters raise data privacy concerns
Short Message Services (SMSs) sent to registered voters in Zimbabwe lately urging them to throw their support behind incumbent President Emerson Mnangagwa have raised questions over the safety of the data held by the Zimbabwe Electoral Commission (ZEC).
The development has sparked curiosity from groups including the Media Council of Southern Africa (MISA), a non-governmental organization working to protect individual and media rights and freedoms.
MISA has since petitioned the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) over the issue. POTRAZ has oversight over data protection issues.
According to Tabani Moyo, national director for MISA Zimbabwe, the unsolicited messages sent to voters contain their names and the specific polling stations where they will be expected to vote during the upcoming general elections in the country billed for either July or August.
As local newspaper New Zimbabwe reports, Moyo mentioned in his letter to POTRAZ Director Gift Machengete that the SMSs are a possible breach of the Cyber and Data Protection Act which governs the use of biographical and biometric data.
The Act provides that access to a subject’s personal data by a third party is subject to the written consent of the data subject.
MISA is thus asking POTRAZ to determine whether those sending unsolicited SMSs to voters had access to their personal data using lawful means.
The ruling ZANU-PF (Zimbabwe African National Union – Patriotic Front) party on which ticket Mnangagwa will seek re-election, and the ZEC is reportedly claiming innocence over the situation despite a barrage of accusations aimed at the two institutions, notes New Zimbabwe. So too have major telecoms network in the country.
It is not immediately clear what database was accessed by political operatives to obtain voter’s names, locations and phone numbers.
ZEC reiterates mandate to protect personal data
Meanwhile, it what appears to be a defense of the ZEC, its chairperson Priscilla Makanyara Chigumba said it is the responsibility of the institution to protect and ensure the safety of all personal data in the voter registration database, which includes fingerprint biometrics.
In another report by New Zimbabwe, Chigumba admitted that while it behooves the election agency to allow access to the voter’s register by members of the public upon request, it is also conscious about how and what manner of data is released to third parties.
Chigumba was speaking in front of a joint committee recently while responding to questions on the availability of the voter’s roll.
She declined commenting further, saying the ZEC has a matter pending in court over the voter’s roll. However, she reiterated the fact that the ZEC has no reason for withholding the voter’s register from the public, and also mentioned the need to have the data protection Act aligned with the electoral Act.
Biometric voter registration continues, meanwhile, until two days after a hypothetical election call.
Increased awareness about data privacy necessary
In a data-related development, Wellington Makamure, the southern African regional boss of internet services provider Liquid Intelligent Technologies says the Zimbabwe Cyber and Data Protection is a welcomed move especially for a country that is in the full swing of digital transformation.
In an interview with Business Chronicle, he opines however that having a personal data protection legislation is not enough to plug all the existing gaps.
To him, the legislation must be accompanied by intense information and awareness campaigns and other proactive steps at different levels.
“The conversation about data privacy and security at a personal level is becoming more pronounced as we can see from incidences of personal/private data leakages,” remarked Makamure.
“There is a need for increased awareness at every level about data privacy and security. It’s no longer the time to be ignorant,” he says, adding that all those engaging in activities online must be cognizant of this fact and take the necessary steps to protect their data.
The recent alarm raised by MISA over voter data privacy in Zimbabwe follows a similar concern raised by digital activists in February in the wake of the Nigerian elections.
The activists questioned the safety of the personal data of the 94 million Nigerians who registered ahead of the general elections.
This comes as there were complaints by some registered voters that they received unsolicited messages containing their personal details, urging them to vote for the ruling All Progressives Congress, whose candidate was eventually declared winner of the presidential poll.