Addressing The Gaps In The Data Protection, Privacy And Surveillance Legislation 1. Executive Summary Zimbabwe has various pieces of legislation that affect data protection, privacy, and surveillance.1 The relevant pieces of legislation regarding data protection and privacy include, but are not limited to, the Cyber and Data Protection Act [Chapter 12:07] and the Postal and Telecommunications Act [Chapter 12:05]. The main relevant pieces of legislation regarding surveillance are the Interception of Communications Act [Chapter 11:20] and the Postal and Telecommunications Act. The supposed principal purpose of these pieces of legislation is to give effect to various fundamental rights and freedoms enshrined in the Constitution of Zimbabwe Amendment (No.20) Act, 2013, including the right to privacy, freedom of expression, and access to information2. 1. See also, Section 21 of the Freedom of Information Act [Chapter 10:33]; s 15 of the Postal and Telecommunications (Internet Services) Regulations (Statutory Instrument 262 of 2001); the Postal and Telecommunications (Subscriber Registration) Regulations (Statutory Instrument 95 of 2014); the Banking Amendment Act No.12 of 2015; Section 48 of the Consumer Protection Act [Chapter 14:44]; National Registration Act [Chapter 10:17]; Census and Statistics Act [Chapter 10:05]; National Social Security Authority Act [Chapter17:04]; Courts and Adjudicating Authorities (Publicity Restriction) Act [Chapter 7:04]. 2. See Sections 57, 61 and 62 of the Constitution. 4 www.misa.org