https://zimbabwe.misa.org this order is communicated. Section 37 of the Bill reiterates RICA’s prohibition on disclosure. Section 38(3) (b) (i)-(iv) deals with obligations of communication service providers. This section requires service providers to store information of clients but makes no differentiation for different categories of information. The vagueness of the requirement unduly limits the constitutional right to privacy. Key informants have proposed that blanket provisions on disclosure and information sharing should also be reviewed. This is very important in light of section 14 of the Constitution, which protects the right to privacy. This includes the right not to have the privacy of one’s communications infringed. Key informants in this study raised concern about certain provisions which are overbroad and vague. Other provisions provide too much power to state security agencies. Concerns have been raised about particular provisions, which are framed in ways that suggest that they want to regulate harmful expression but can easily be used to limit freedom of expression. The Bill has provisions inhibiting the production and circulation of misleading and false news and information. A closer reading of the Bill suggests that the State would like to assume the position of the final arbiter what is deemed as truth or non-truth. This can easily be abused to limit freedom of expression and digital activism. Respondents advocated for the establishment of a civilian body, which can ensure the powers granted to state security in the Bill are not abused. Equally problematic is the part of the bill, which addresses the issue of information sharing. The provision requires the Minister of Justice to make regulations on data sharing. It is not clear how the information will be stored. In the proposed Bill, there is no provision made for the destruction of intercepted data after a certain period. Cybersecurity and Cybercrime Laws in the SADC Region Tanzania Tanzania gazetted its Cybercrime Act in May 2015. On close reading, it is clear that the legislation borrows from the SADC Model Law. Consequently, it has transplanted all the privacyinfringing provisions of the SADC Model Law into its national legislation. Ever since it was passed, the Act has been (ab)used by the government to arrest citizens that used online media to express criticism of President Magufuli. In this regard, the Cybercrime Act is perceived more as a tool to oppress the freedom of expression and the closely related right to privacy. Similar to the SADC Model Law, the Cybercrime Act grants the police force and State security agencies excessive powers when investigating alleged cybercrimes. It’s couched in broad and vague language, which can easily be abused to criminalise online communications. An example is section 4 of the Act, which defines the offence of illegal access as follows, “…person shall not intentionally and unlawfully access or cause a computer system to be accessed.” A person commits the offence by either accessing a computer system, or causing a computer system to be accessed by another person. Here, the term “access” is defined in section 2 of the Act as meaning “entry to, instruct, communicate with, store data in, retrieve data from, or otherwise make use of any of the resources of the computer system or network or data storage medium”. Section 6 of the Act criminalises the interception of data or communication by technical means or by any other means (i) a non-public transmission to, from or within a computer system; (ii) a non-public electromagnetic emission from a computer system; (iii) a non-public computer system that is connected to another computer system. The interception must be “intentionally and unlawfully”. The Act defines “interception” 29