Data Protection Act comes into effect

THE Personal Data Protection Act in Tanzania that was passed by the Parliament in November 2022 has come into effect from May 1st this year, the government has said.

The Minister for Information, Communication and Information Technology, Nape Nnauye said in the public information that was issued in the government gazette on April 28th this year.

“This notice indicated that, 1st May of 2023 has been picked as the official start of the use of the Personal Data Protection Act in the country,” read part of the information that was signed by Mr Nape.

In November last year, the Parliament passed the Personal Data Protection Bill 2022 whereas legislators jointly shed light on the advantages of the expected law upon being assented by President Samia Suluhu Hassan.

When tabling the Bill for the second reading in the Parliament, Minister Nape argued that the Bill, once enacted into law, was meant to attract more investors, especially in the Information and Communications Technology (ICT) sector.

“After the new Act being signed by the President, we will witness the flood of investors here,” Mr Nape stated, adding: “In today’s world, investors do not go to invest in countries where there is no law on personal data protection. No doubt that having this law, we will attract more investors particularly into the ICT sector.”

He assured the legislators that the government will take into account their suggestions during the making of regulations.

With regard to sources of revenues for financing activities of the proposed commission, the minister said one of the sources would be the ministry’s budget.

“We will also add more sources when formulating the regulations. I assure you that we will formulate good regulations that are in line with the envisaged law,” he assured.

The Bill sought for enactment of the Personal Data Protection Act 2022.

It proposed that there shall be established a Commission for the Protection of Personal Data.

The commission was proposed to be given the authority to issue administrative fines, when it is satisfied with the evidence depending on the level of violation committed.

The document also suggested the need to have procedures for collection, use, and storage of personal data.

It further suggested a requirement to appoint a Personal Data Protection Officer and Data Collectors shall be registered and a license to be valid for a period of five (5) years.

On its part, the Parliamentary Committee on Infrastructure Development noted that it evaluated the Bill and established that it had public interest.

The Committee Chairperson Mr Selemani Kakoso said the Bill had taken into account the protection of personal data.

Mr Kakoso argued that personal data protection assures citizens of control of their personal information and dignity.

“Lack of protection of personal information can lead to effects on individuals and the public at large,” he said.

He said the committee went through various publications on the general perception of personal data protection and established that the issue must be legally-binding in order to protect human dignity in the country.

The committee had resolved that it was necessary to put in place conditions for collecting and processing personal data in the public offices.

Looking at experiences from regional bodies, the Southern African Development Community (SADC) also requires its members to have systems in place a law for personal data protection, storage and processing.

The East African Community (EAC) also has the guideline directing its member states to have laws on personal data protection.

For EAC member states, for instance, Kenya and Uganda already have the law on personal data protection.

Related Articles

Back to top button