two proposed legislative steps have far-reaching impact on the ability of civil society to perform its duties within the borders of Zimbabwe. In essence, the laws seek to criminalise civil society’s work at a magnitude never witnessed before in the history of Zimbabwe as a solitary state. Political context and key events During the year under review (2021) and two years before the 10th anniversary of Zimbabwe’s otherwise highly commended 2013 Constitution and its progressive Bill of Rights, on 3 December 2021, Zimbabwe enacted the Data Protection Act which has aspects relating to cybersecurity and cybercrimes. The object of this Act is “to increase data protection in order to build confidence and trust in the secure use of information and communication technologies by data controllers, their representatives and data subjects”. This law also amended provisions of the following three pieces of legislation: • Criminal Law (Codification and Reform Act) • The Criminal Procedure and Evidence Act • The Interception of Communications Act The law has progressive provisions relating to specifications on the rights of data subjects, notification of security breach together with the responsibilities that have been placed on data controllers for purposes of promoting data protection and privacy. The other provision is on cyber-bullying and harassment. Such provisions are progressive as far as women’s rights online are concerned. Several women, particularly female journalists and female politicians in Zimbabwe, have been victims of cyber-bullying and harassment which has greatly affected the exercise of digital rights by women. If implemented properly, this provision will be critical in ensuring that individuals respect the rights of others to also freely express themselves and access information online. 5