https://zimbabwe.misa.org Cybersecurity and Cybercrime Laws in the SADC Region weight of electronic messages in a court of law. Part IV of the Act deals with liability of online intermediaries and content editors and protection of online users. It sets out parameters for freedom of expression and its limits within the broad area of online political communication. It prohibits child pornography; incitement on racial hatred, xenophobia or violence; unlawful disabling a computer system, spamming, illegal trade and commerce, offensive communication, attempting, aiding and abetting crime and justification for crimes against humanity. According to the law, “a person who violates any provision of this Act, whose penalty has not been provided, commits an offence and shall, upon conviction, be liable to a fine of K5,000,000 and up to seven years imprisonment.” This section also seeks to promote human dignity and pluralism in the expression of thoughts and opinions; protect public order and national security; facilitate technical restriction to conditional access to online communication; and enhance compliance with the requirements of any other written law. It also prohibits the production and circulation of misleading advertisements. It also outlaws unsolicited communications. It says, “a person shall not send unsolicited electronic communication to a consumer without obtaining the prior consent of the consumer”. in a way incompatible with those purposes; (c) adequate, relevant and not excessive in relation to the purposes for which they are collected and processed. (e) every reasonable step shall be taken to ensure that data which is inaccurate or incomplete, having regard to the purposes for which they were collected or for which they are further processed, is erased or rectified; and (f) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data was collected or for which it is further processed”. According to the Act, “a person who provides encr y ption ser vices shal l declare to the Authority 7 the technical characteristics of the encryption means as well as the source code of the software used”. It also gives the Malawi Communications Regulatory Authority (MACRA) the power to appoint cyber inspectors. Part VII deals with data protection and privacy. It allows for the “processing of data fairly and legally; (b) collected for specified, explicit and legitimate purposes and not further processed Like in Botswana, section 87(4) of the Act punishes any person who “interferes with data in a way which causes such data to be modified, destroyed or otherwise rendered ineffective.” The person must act “intentionally and without authority to do so”. The Act has two offences relating to system interference. Section 87(8) (b) seeks to punish any person who “introduces or spreads a software code that damages a computer, computer system or network.” This code includes viruses, worms, Trojan horses, logic bombs, bots, root kits and back doors. Section 93 punishes “any person who willfully or maliciously renders a computer system incapable of providing normal services to its legitimate users.” In practice, this criminalisation is not limited to an interference caused by the inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data as required under the Budapest Convention. Namibia Like Malawi, Namibia first introduced a two-inone law under the title Electronic Transactions and Cybercrime Bill in 2017. The Bill received widespread criticism from various stakeholders, which forced the Ministry of Information, 7The Malawi Communications Regulatory Authority as established under section 3 of the Communications Act. 25