AI Report on Southern Africa http://misa.org Data Privacy & Protection Law Zimbabwe gazetted its first data protection and cybersecurity legislation, the Cyber and Data Protection Act [Chapter 12:07] (No. 5 of 2021), on the 11th of March 2022. The Act does not specifically mention AI, but it governs data protection, data controllers, and data collection and processing. The preamble of the Act reads : An Act to provide for data protection with due regard to the Declaration of Rights under the Constitution and the public and national interest; to establish a Cyber Security Centre; a Data Protection Authority and to provide for their functions; to create a technology driven business environment and encourage technological development and the lawful use of technology; to amend sections 162 to 166 of the Criminal Code (Codification and Reform) Act [Chapter 9:23] to provide for investigation and collection of evidence of cybercrime and unauthorised data collection and breaches, and to provide for admissibility of electronic evidence for such offences and to provide for matters connected with or incidental to the foregoing. ENACTED by the Parliament and the President of Zimbabwe. The Cyber and Data Protection Act in Section 5 designates the Postal and Telecommunications Regulatory Authority (POTRAZ) as the Data Protection Authority. Human Rights The Zimbabwean government has signed the Universal Declaration of Human Rights. According to Freedom House, Zimbabwe has a score of 28/100 and is classified as an unfree country. In recent years, there have been reports of human rights abuses such as police brutality, arbitrary arrests and detention, and restrictions on media freedom. The government has also been criticised for its handling of elections and lack of transparency in the electoral process. The Bill of Rights in the Zimbabwean Constitution enshrines several fundamental rights, such as the rights to peaceful assembly, freedom of expression, and political participation. However, due to restrictive legislation, rights are not always respected and protected. The Interception of Communications Act (2007) regulates the interception, monitoring, blocking filtering of communications, including telephonic communications, postal telecommunications as well as Internet-based communications. The Act does not have any oversight mechanisms that prevent over-surveillance and extrajudicial surveillance. Under Section 9 of ICA, ISPs are required to install at their own expense the hardware and software required for the State to carry out surveillance. Using ICA, the State has installed cameras at public places like airports. Later in the report there is a section about face recognition and surveillance in Zimbabwe. Botswana Botswana is not yet covered by the CAIDP index; the study used data from the Oxford 17