Cybersecurity and Cybercrime Laws in the SADC Region https://zimbabwe.misa.org These provisions violate the right to privacy and freedom of expression. conveniently used the guise of investigating cybercrime to prosecute citizens that express anti-government sentiment online (Hove, 2019). The Cybersecurity and Data Protection Bill’s main objective is to increase cybersecurity in order to build confidence and trust in the secure use of information and communication technologies by data controllers, their representatives and data subjects. It stipulates this as follows: Since 2016, Zambia has witnessed infringements on internet freedom. Several individuals have been arraigned before the courts on charges of defamation against the president (Freedom House, 2019). Government officials have periodically issued chilling threats against social media “abuse.” In this regard, fake news, cyber-bullying, and other computer-based “crimes” have been identified as threats to national security. The government has proposed the “China way” and Ethiopia as models for dealing with the internet, threatening to ban Facebook, Google, and other social media sites to curb their abuse. In May 2019, Zambia’s regulatory authority announced new rules requiring WhatsApp group administrators to register their WhatsApp groups and create a code of ethics, or risk arrest. If enforced, the rules could lead to proactive censorship and increased self-censorship (Freedom House, 2019). These regulations have been seen as part of the broader agenda by the government to control online speech. Zimbabwe Since 2013, the country has been working on the cybersecurity and cybercrimes legislation. The bill has had many false starts along the way. It has been given various names including the initial Computer Crimes and Cybersecurity Bill and now the Cyber Security and Data Protection Bill. Although the Bill claims that it pays particular attention to the Constitution of Zimbabwe, international standards, and comparable statutes from other jurisdictions, it is important to note that it borrows extensively from the SADC Model Law. It also leans heavily towards the Tanzanian Cybercrime Act. Like the Tanzanian government, the Zimbabweans government has 32 The purpose of this Bill is to consolidate cyber related offences and provide for data protection with due regard to the Declaration of Rights under the Constitution and the public and national interest, to establish a Cyber Security Centre and a Data Protection Authority, to provide for their functions, provide for investigation and collection of evidence of cybercrime and unauthorised data collection and breaches, and to provide for admissibility of electronic evidence for such offences. It will create a technology driven business environment and encourage technological development and the lawful use of technology. The gazetted Bill has converged two related issues of cybersecurity and data protection into one piece of legislation. There are concerns that the Bill will be used to push a narrow agenda focusing on protection of ‘national interests’ and the prevention of ‘social media abuse’ at the expense of digital security and protection of the privacy of internet users in Zimbabwe (MISA, 2020). For instance, Section 5 and 7 of the Bill seek to designate the Postal and Telecommunications Regulatory Authority of Zimbabwe (established in terms 30 of the Postal and Telecommunications Act [Chapter 12:05]) (POTRAZ), as the Cybersecurity Centre and Data Protection Authority, respectively. This means that POTRAZ will become a converged regulatory body: the regulator of the telecommunications industry, the cybersecurity centre and the data