Cybersecurity and Cybercrime Laws in the SADC Region https://zimbabwe.misa.org officer8 . It is also important for the law to make it obligatory for every data controller to appoint a data protection officer. However, the question that therefore arises is who polices the data protection officer and ensures that they are independent and exercise due diligence? The Bill also amends the provisions in Sections 163-166 of the Criminal Law (Codification and Reform) Act, which speaks on offences relating to computer systems, computer data, data storage mediums, data codes and devices. The Bill has provisions for dealing with offenses related to hacking, unlawful interference and interception of data and computer systems. It should also be noted that the Internet has created a global village and such hacking or unlawful interferences can be perpetrated by persons outside Zimbabwe and thus outside the jurisdiction of our law enforcement authorities. In a context of polarized politics and retribution, such provisions can be used as political tools and mechanisms by the state to prevent the expression of dissenting opinions. In the end, such a provision can contribute immensely towards stifling citizen engagement and open debate, which are essential building blocks for electoral and constitutional democracy. There are, however, other provisions that have the potential to infringe on the exercise of media freedom, freedom of expression and access to information. For instance, section 164 states: “Any person who unlawfully by means of a computer or information system makes available, transmits, broadcasts or distributes a data message to any person, group of persons or to the public with intend to incite such persons to commit acts of violence against any person or persons or to cause damage to any property shall be guilty of an offence and liable to a fine not exceeding level ten or to imprisonment for a period not exceeding five years or to both such fine and such imprisonment.” Like insult laws, the above provision can easily be used to inhibit constructive criticism, which is important for promoting transparency and accountability especially from the government. Under section 164B, the Bill criminalises not only the production but also the communication of offensive messages from ‘any electronic medium accessible by any person’, which in essence also includes social media. This relates to cyber-bullying and harassment. Section 164C of the Bill deals with mis-and disinformation. It criminalises the use of a computer or information system to avail, broadcast, distribute data knowing it to be false and intending to cause psychological or economic harm to someone, also seems to be targeted against the spread of false information on social media. This raises a number of issues in terms of measuring the intentional production and circulation of false and misleading information in order to cause harm. It also assumes that the “arbiter of truth” can easily be identified. This clause ignores the fact that there are multiple truths and various regimes of truth and non-truth. Even more important it ignores the fact that on the internet and social media platforms it difficult to determine the origin and authenticity of a message. In such an environment, individuals are exposed to communication messages voluntarily or involuntarily. In a context, where a culture of citizen journalism and blogging has taken route, this provision can be abused to implicate thousands of ordinary citizens who would have ‘received’ and communicated such messages. Cognisant of the dangers that lurks in the woods, 8A data protection officer in terms of the Bill, refers to any individual appointed by the data controller and is charged with ensuring, in an independent manner, compliance with the obligations provided for in this Bill. 34