decision on the basis to move with speed to enforcement and the cost factors.12 Eswatini adopted a similar approach in its 2022 DP law approving the Eswatini Communications Commission (ECC) to be the DPA. Section 5 of the EDPA designates the ECC established under the Eswatini Communications Commission Act (ECCA) as the DPA with the powers to enforce “administer this Act and protect the respective rights of information privacy provided for under this Act or any other law”. This provision while clear, raises concerns on the administering of other laws on privacy, and this could be for instance the administration of the freedom of information law (if such exists), or a consumer protection law, or banking law if there rights of information privacy. The ECC is supposed to be independent and not under the direction of anyone, as provided under section 3(2) of the ECCA, which states that. Except as otherwise provided in this Act or any other written law, the Commission shall be independent in the performance of the functions of the Commission and shall not be subject to the direction or control of any person or authority . The ECC is actually appointed by the Minister responsible for telecommunications in terms of in terms of section 6 of The Public Enterprises (Control and Monitoring) Act 1989. The same commission is responsible for regulating and coordinating matters of cybersecurity and enforcing security standards for critical infrastructure under the section 52 of the Computer crime and Cybercrime Act of 2022 as well as being the secretariat of the National Cybersecurity Advisory council, established under section 53 of the Computer crime and Cybercrime Act of 2022. It must be pointed out that Zimbabwe takes a similar approach as have done a few other countries, namely Rwanda, Chad, and Ivory Coast. However, there are concerns with this institutional approach. First, while communication authorities are perceived to operate independently and without directions from anyone, some of the enabling statutes such as Postal and Telecommunications Act of Zimbabwe inserts clauses that deliberately reduce the independence or autonomy of the DPA. The Zimbabwe CDPA section 6(2) provides that the Authority (DPA-POTRAZ) shall no, in the lawful exercise of its functions under this Act (CDPA) be subject to direction or control of any person or authority, however in the same section, 6(1)(d) on functions of the Authority must submit to any court an administrative act inconsistent with CDPA in consultation with the minister responsible for information, publicity and broadcasting services. In consultation with is not interpreted in the Constitution, though there is definition of 'after consultation' whose consultation outcome is not binding, and therefore not obliged to follow.13 Interview with POTRAZ official suggesting that a separate DPA would have been costly and delayed, hence POTRAZ assumed this role, and might in future lead to the formation of separate and independent entity. Section of the Constitution of Zimbabwe. PAGE