WHAT IS DATA PROTECTION? In recent times due to the increase in use of technology, data protection has become extremely important. Data protection relates to the lawful use of information concerning or about people. This information is protected as it is recognised that individuals have a right to privacy, in that their information must not be shared, accessed or used without their approval or in the absence of other lawful grounds. The Constitution of Zimbabwe in Section 57, protects the right to privacy and provides that: Every person has the right to privacy, which includes the right not to have - (a) their home, premises or property entered without their permission; (b) their person, home, premises or property searched; (c) their possessions seized; (d) the privacy of their communications infringed; or (e) their health condition disclosed. Data protection is primarily concerned with information of a personal nature. Under the Constitution, privacy includes property and premises, and if a search is conducted unlawfully, it would be violating personal privacy, and if personal information is collected, then it will be violating informational privacy. The Constitution does not mention personal data or information, however the mention of ‘privacy of their communications’ or ‘health condition disclosed’ indicates protection of personal data. Other rights in the Constitution relevant for protection of data include the right to personal security, freedom of expression and of the media and also the right to administrative justice among others2. 2 3 4 Data protection intends to give and recognise that every person, including minors through their guardians, can control the use of their personal information, and determine their engagements with other societal actors, such as in conducting business, or work, visiting medical facilities, or internet use. Data protection is also necessary for the conducting of electronic commerce, trade or movement of goods and persons across borders and frontiers. IS DATA EQUAL TO INFORMATION? There are differences that have been given on this, for instance in the Act data is defined to mean ‘any representation of facts, concepts, information, whether in text, audio, video, images, machine-readable code or instructions’. While information in the Freedom of Information Act (FOIA) includes, but is not limited to ‘any original or copy of documentary material irrespective of its physical characteristics, such as records, correspondence, fact, opinion, advice, memorandum, data, statistics, book, drawing, plan, map, diagram, photograph, audio or visual record, and any other tangible or intangible material, regardless of the form or medium in which it is held’. The Act refers to personal information more than forty times, and only refers to personal data, once. This is not unusual as similar laws use personal information more than personal data. According to Professor Roos the difference between data and information is: “Data are unstructured facts or raw material that needs to be processed and organised to produce information while information is data which has been organised, structured and meaningful to the recipient” 3 This is why data without any value addition (structuring, analysing, merging) might have no value on its own. Section 51 on the right to dignity; s52 on right to personal security; s 61 and 62 on freedom of expression, freedom of the media; s 68 on the right to administrative justice; s69 on right to a fair hearing; s70 on the rights of accused persons; s81 on rights of children protection from sexual exploitation Roos A ‘Data Privacy Law’ in van der Merwe DP, Roos A, Pistorius T, Eiselen GTS, & Nel SS (ed) ‘Information and Communications Technology Law’ 2 ed (2016) 367-368. M I S A Z I M B A B W E • G U I D E T O T H E Z I M B A B W E A N C Y B E R A N D D A T A P R O T E C T I O N A C T - 2 0 2 2