Q QUESTION Lord Woolf noted: …. There is a tension between the two articles which requires the court to hold the balance between the conflicting interests they are designed to protect. This is not an easy task, but it can be achieved by the courts if, when holding the balance, they attach proper weight to the important rights both articles are designed to protect. Each article is qualified expressly in a way which allows the interests under the other article to be taken into account 5. In short, the right to privacy which incorporates the right to the protection of personal data must be balanced against the other rights and in particular access to information, and freedom of expression. The right to access to information and freedom of expression are important constitutional rights for transparency and accountability. The protection of privacy is the basis of data protection. Access to personal data is not allowed unless certain conditions have been satisfied. With freedom of expression and access to information especially information held by the state, such information would be accessible unless other reasons prevent that access. There is a small but important difference; right to privacy starts from denial of access to protect individual privacy unless individual consent or some other reason exists; right to access and freedom of expression, starts from access and then moves to denial or preventing access if that is unwarranted or a material breach of privacy. 5 6 Do you think data protection must be viewed as a human right? If not, how else can it be viewed as and how can it be protected? IS THE ACT THE ONLY LAW? The Act does not state that it is the primary and only law on data protection in Zimbabwe, meaning that there might be some other relevant laws on data protection. Indeed, there are other laws that regulate collection and processing of specific types of data but might not provide better protection. For instance, the Postal and Telecommunications Act allows for collection of subscriber data information or personal call records; Banking Act records personal financial information; Interception of Communications Act authorises the collection or interception of communication information; the National Registration Act authorises the collection of personal identification information for issuance of national identity records such as birth certificates or passport. And this information is usually collected and stored in public databases. WHEN, AND WHERE IS THE DATA PROTECTION ACT APPLICABLE? The Act under Section 4 provides that the ‘Act shall be interpreted as being in addition to and not in conflict with the Protection of Personal Information Act’. There is no Protection [2002] 2 All ER 545 5. M I S A Z I M B A B W E • G U I D E T O T H E Z I M B A B W E A N C Y B E R A N D D A T A P R O T E C T I O N A C T - 2 0 2 2