https://zimbabwe.misa.org Cybersecurity and Cybercrime Laws in the SADC Region Table 2: Summary of the 13 Necessary and Proportionate Principles Legality: Limits on the right to privacy must be set out clearly and precisely in laws, and should be regularly reviewed to make sure privacy protections keep up with rapid technological changes. Legitimate Aim: Communications surveillance should only be permitted in pursuit of the most important state objectives. Necessity: The State has the obligation to prove that its communications surveillance activities are necessary to achieving a legitimate objective. Adequacy: A communications surveillance mechanism must be effective in achieving its legitimate objective. Proportionality: Communications surveillance should be regarded as a highly intrusive act that interferes with the rights to privacy and freedom of opinion and expression, threatening the foundations of a democratic society. Proportionate communications surveillance will typically require prior authorization from a competent judicial authority. Competent Judicial Authority: Determinations related to communications surveillance must be made by a competent judicial authority that is impartial and independent. Due Process: Due process requires that any interference with human rights is governed by lawful procedures which are publicly available and applied consistently in a fair and public hearing. User Notification: Individuals should be notified of a decision authorizing surveillance of their communications. Except when a competent judicial authority finds that notice will harm an investigation, individuals should be provided an opportunity to challenge such surveillance before it occurs. Transparency: The government has an obligation to make enough information publicly available so that the general public can understand the scope and nature of its surveillance activities. The government should not generally prevent service providers from publishing details on the scope and nature of their own surveillance-related dealings with State. Public Oversight: States should establish independent oversight mechanisms to ensure transparency and accountability of communications surveillance. Oversight mechanisms should have the authority to access all potentially relevant information about State actions. Integrity of Communications and Systems: Service providers or hardware or software vendors should not be compelled to build surveillance capabilities or backdoors into their systems or to collect or retain particular information purely for State surveillance purposes. Safeguards for International Cooperation: On occasion, states may seek assistance from foreign service providers to conduct surveillance. This must be governed by clear and public agreements that ensure the most privacy-protective standard applicable is relied upon in each instance. 7