FB pixel

Court orders changes to Tanzania’s data protection law

Amendments to sections which undermine privacy, consent required
Categories Biometrics News  |  ID for All  |  In Depth
Court orders changes to Tanzania’s data protection law
 

The High Court of Tanzania has ruled that some provisions of the country’s Personal Data Protection Act (PDPA) 2022 be amended to provide more clarity so as to prevent a situation of legal uncertainty in the future and to guarantee full consent for personal data collection.

The ruling was handed down on May 8 by the High Court in Dar es Salaam in a case brought before it by human rights advocate Tito Magoti against the Attorney General of the United Republic of Tanzania.

Magoti had filed a petition challenging the constitutionality of thirteen Sections of the Act, saying they contravene certain provisions of the country’s constitution of 1977 and its subsequent amendments, and that they be immediately expunged from the law in the spirit of protecting the fundamental human rights of citizens.

While the court determined that some provisions of the Act challenged by the petitioner were indeed constitutional, it adjudged that others were not, and called for their revision.

In its judgement, the three-member panel of judges found issues with Sections 22(3) and 23(3)(c)(e) of the Act which were deemed vague and likely to create legal problems or infringe on the rights to data privacy and consent.

“Looking at Section 22(3) of the PDPA, it is our view that the ‘unlawful means’ for collecting and processing personal data ought to be enlisted in the Act because of the offence created even if the regulated fields are multifarious and change with technology changes,” a section of the ruling reads.

“Clarity is thus lacking in the impugned provision. It ought to have stated what unlawful means are, and where are they to be found either in the Act itself or in the regulations. It is hard to tell if the listing of unlawful means has been left to the minister to formulate. We therefore hold the impugned provision to be wide and vague.”

On the Section that provides for exceptions to a data subject’s consent in the collection and processing of their data, the court found some of the petitioner’s challenge pertinent. It ruled that Section 23(3)(c)(e) of the Act “is ambiguous, unclear and without prescribed procedures.”

The ruling orders that the amendments be done within a year from the date of the judgement “with a view to providing certainty as to what acts or omissions shall be regarded as unlawful.”

“Failure to do so, these provisions will be struck out of the statute book. This is geared towards upholding fundamental rights and freedoms as enshrined under the Articles of the CURT [Constitution of the United Republic of Tanzania].”

Petitioner welcomes ruling with mixed feelings

Contacted by Biometric Update for comments after the ruling, the petitioner, Toti Magoti, said it is a welcome development, although just part of their challenge was granted by the court.

“The ruling is welcome with mixed feelings because we partly managed to convince the court and two provisions were found unconstitutional,” Magoti said in a voice message.

“They relate to collection of personal data in an unlawful means – a provision which was not clearly defined and it was going to be susceptible to abuse. The other one has to do with consent in terms of data collection. The circumstances warranting data collection without consent from the data subject were not clearly defined and the court agreed with us.”

To Magoti, the ruling is a success in many ways. “One, it raises awareness across multiple audiences about this newly enacted legislation in Tanzania which ties with contemporary technological advancements that necessitate the protection of personal data and information.”

“It also looks into the role of the state as a regulator and facilitator, but also the role of individuals in making sure that they protect their personal data, and also adhere to the standards of data protection.”

He adds that the ruling is also a call to corporations like mobile telecommunications companies and banking institutions which handle personal data that “they are supposed to make sure they do not deal with them [data] in a manner that violates privacy rights, among other rights.”

Tanzania’s President, early in April, inaugurated the Personal Data Protection Commission as the country prepares to roll out a digital ID program.

Related Posts

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Emerging biometrics markets draw a crowd

Biometrics startups and giant multinationals collide as each tries to navigate emerging markets in the most-read stories of the week…

 

Laxton to supply hundreds of biometric kits to Honduras under $1.9M UNDP contract

The United Nations Development Programme has selected Laxton to provide hundreds of Biometric Citizen Registration (BCR) kits for Honduras. The…

 

Leadership change at IBIA follows layoffs at Thales

A major leadership change has been kicked off at Thales Digital Identity & Security and the International Biometrics and Identity…

 

Reusable ID for AML acquired by global fintech as compliance costs rise

Global fintech platform iCapital has entered a definitive agreement to acquire U.S.-based Parallel Markets, which provides reusable identity tools for…

 

Services Australia to run Trust Exchange pilot with largest Australian bank

A pilot with Commonwealth Bank will test the Australian government’s digital identity exchange scheme, Trust Exchange (TEx), using digital medical…

 

COPPA changes specify children’s biometrics and government IDs for protection

The Federal Trade Commission (FTC) Thursday issued notice that it finalized substantial changes to the Children’s Online Privacy Protection Act…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

DIGITAL ID for ALL NEWS

Featured Company

ID for ALL FEATURE REPORTS

BIOMETRICS WHITE PAPERS

BIOMETRICS EVENTS

EXPLAINING BIOMETRICS