https://zimbabwe.misa.org Cybersecurity and Cybercrime Laws in the SADC Region Constitution, the absence of substantive personal data and privacy protections in the proposed law ignited substantial constitutional questions. Civic groups such as the Namibia Action Coalition Namibia Trust and IPPR have called for the inclusion of user notification provisions in the revised Bill. Under chapter 5 dealing with accreditation of security services or products, the Bill attempted to introduce a rather onerous and intrusive registration regime, appears throughout to enable state agents to establish and open “backdoors” in encryption technologies. This is despite scholarly evidence suggesting that anonymity-granting technologies and end-toend encryption provide the security and privacy necessary for exercising fundamental human rights online and for individuals, businesses and governments to engage activities that support economic growth and social progress. Cybersecurity Bill. On 9 December 2016, the country gazetted the Bill modeled along the SADC Model Law. It seeks to “create offences and impose penalties which have a bearing on cybercrime; to criminalise the distribution of data messages which is harmful and to provide for interim protection orders; to further regulate jurisdiction in respect of cybercrimes; to further regulate the powers to investigate cybercrimes; to further regulate aspects relating to mutual assistance in respect of the investigation of cybercrime; to provide for the establishment of a 24/7 Point of Contact; to further provide for the proof of certain facts by affidavit; to impose obligations on electronic communications service providers and financial institutions to assist in the investigation of cybercrimes and to report cybercrimes; to provide for the establishment of structures to promote cybersecurity and capacity building; to regulate the identification and declarat ion of crit ical i nformat ion infrastructures and measures to protect critical information infrastructures; to provide that the Executive may enter into agreements with foreign States to promote cybersecurity; to delete and amend provisions of certain laws; and to provide for matters connected therewith.” Despite the initial enthusiasm that accompanied the introduction of the Bill in the House of Assembly, four years have passed without its passage into law. The Act punishes the following cybercrimes: unlawful securing of access, unlawful acquiring of data, unlawful acts in respect of software or hardware tool, unlawful interference with data or computer program, unlawful interference with computer data storage medium or computer system, unlawful acquisition, possession, provision, receipt or use of password, access codes or similar data or devices, cyber fraud, cyber forgery and uttering, cyber extortion, aggravated offences and attempting, conspiring, aiding, abetting, Issues like lack of transparency and access to information and excessive and unaccountable ministerial power have also been highlighted as sticking points. The draft law does not explicitly encourage access to information. Although Chapter 6, which addresses the liability of service providers for processing data, the Bill has limited transparency-inducing measures, and does not in any way compel government authorities, law enforcement or private companies to account for their actions openly. This is incompatible with the AU Convention on Cyber Security and Personal Data Protection. The Bill invests discretionary decision-making and appointing power in the minister. It does not include oversight or accountability measures with regard to ministerial conduct. South Africa South Africa has also not escaped the bandwagon of coming up with the Cybercrimes and 27