TANZANIA HUMAN RIGHTS DEFENDERS COALITION

(THRDC)

ADVICE ON THE SITUATION OF PRIVACY AND COMMUNICATION SECURITY IN TANZANIA

  • Introduction

Security and privacy of communications is one of the most frequently violated rights in the country and elsewhere in the world. There is a serious problem of surveilled and illegal interception of people’s private communications in Tanzania. Sometimes judicial procedures are not followed especially when information is required for legally defined requirements. The major victims of this problem are politicians, former leaders, government officials, the media, human rights defenders, as well as individuals. It should be noted that this problem is not new, thus our argument is focused on condemning this behaviour of interfering with and disseminating private communications and issuing recommendations on what should be done to overcome this problem.

Recently there have been reports of Tanzanians’ personal communications being surveilled and disseminated. Among the victims are senior government officials and political party leaders. The leaked telecommunications have been interpreted differently by various people. Many people believe the communications are real for no one has come forward to deny or object the leaked communications.  Also, there is no institution or service provider that has come forward to rebuke in-case the communications were not genuine.

It is worth noting that private communications are protected by the Constitution under the right to privacy. We are fully aware that there are jurisdictions that, by law, have the power to order personal information to be legally surveilled or intercepted for specific purposes, and not for public dissemination. However, this has not been regarded leading to the circulation of personal information on various social networks contrary to the law and the country’s Constitution.

There are also people who have been mimicking other people’s voices in communication and disseminating them but no measures are taken against them. The issue of interfering with people’s telecommunications in the country is very obvious. Even some leaders have been heard admitting openly that they interfere with other leaders and government officials’ communications.

This issue, has not only provoked social strife, but has also fuelled resentment and convinced the public that our institutions entrusted with the protection of our information and service providers do not fulfill their duties as required. The issue of leakage of personal information exists all over the world. Many countries have experienced this issue for quite some time now.

Unlike in other countries, in Tanzania, personal information is not only interfered with and surveilled, but also publicly disclosed causing distress and pain to the public, relatives, acquaintances of the victims, as well as raising concerns regarding the use of telecommunications in the country.

 

2.0 The Right to Privacy and Interception of Private Communications

The right to privacy is one of the fundamental rights that ensure human dignity is protected, so the law must protect this right. Therefore, any activity that infringes the right to privacy may be legally valid only if it is necessary to achieve a legitimate purpose consistent with the set objectives.

Limitations to the Right to privacy have been provided under Article 29(5) of the Constitution that provides that:

‘In order that all persons may benefit from the rights and freedoms guaranteed by this Constitution, every person has the duty to so conduct himself and his affairs in the manner that does not infringe upon the rights and freedoms of others or the public interest.’

Article 30 of the Constitution also states that the principles set out in this Constitution, shall not be exercised by a person in a manner that causes interference with or curtailment of the rights and freedoms of other persons or of public interest. Thus, the only thing that may prevent a person from enjoying the right to privacy is that which interferes with or restricts the rights and freedoms of others or the public interest, if it does not interfere with the rights and freedoms of others and public interest, then it should not be restricted.

The right to communicate anonymously, encryption and the right to be free from unwarranted monitoring and surveillance are all part of the right to communicate. These rights as earlier on stated are well protected under the International Covenant on Civil and Political Rights, the Universal Declaration of Human Rights, the American Convention on Human Rights and the European Convention for the Protection of Human Rights and Fundamental Freedoms. However, in Tanzania, the right not to be surveilled or not be subjected to conspiracy monitoring, is not considered to be part of the right to communicate or as a strategy to protect one’s personal information and dignity.

The issue of interception and monitoring of telecommunications users has also been confirmed by the Vodafone / Vodacom Network. Vodacom Network is the first Telecommunications Company in the world to disclose how different governments in the world interfere with the communication of its people. This information on 29 countries is available in Vodacom’s Law Enforcement Disclosure Report. The report states that many countries seek communications information of users sometimes without legal permits, while others monitor and listen to the conversations of users of their services, track their whereabouts and order copies of text messages correspondence.

Vodafone offers its services in over eight countries in Africa; People’s Republic of Congo, South Africa, Lesotho, Tanzania, Mozambique, Mozambique (as Vodacom), Kenya (as Safaricom), Egypt as well as Ghana. For example, in 2013 alone, the company received nearly 100,000 directives from African governments seeking various Vodafone/Vodacom customer information such as a particular individual’s phone number, address, location, Device location, conversation duration, and text messages. This Vodafone / Vodacom report mentions Tanzania as a leading country in requesting for people’s data compared to other countries in Africa. For example, during that year, Tanzania asked for such data around a thousand (1000) times, followed by the government of Congo which asked for data 496 times and Lesotho that asked for data 488 times.

If an internet user suspects that his or her online movements are being monitored, he or she will exercise caution with regard to statements made or sites visited. The same goes for telephone, fax or any other kind of private communications. Although it may be necessary to monitor or intercept communications in certain narrowly prescribed cases, for example for the prevention of serious crime, principles and regulations to access such data should be adhered to.

International courts have stressed that laws should be clear and effective in monitoring surveillance and surveillance of personal data. There should be an independent body which should be supervised and registered.

Many times Courts has been recommended to be the only entity with a mandate to allow personal information to be used or surveilled for evidence in preventing crimes such as fraud, money laundering, and corruption and other criminal offenses.

There is also a need to create a system of monitoring authorities that conduct surveillance even through the formation of parliamentary committees, for example appointing a monitoring commissioner. Other important issues concerning the system include the agreement on the number of such authorities, the registration of such authorities, how to submit their findings, how to determine whether individual information and communications have any national interest. These measures will greatly assist in protecting and respecting the right to communication in our country.

In understanding the need to acknowledge and promote the Right to Privacy, several countries have taken action in making appropriate measures of personal data protection. An example is Kenya, which has come up with a Personal Data Protection Bill in 2018 where section 5 of the Bill entails the right of an individual’s data protection. Section 5 of the Bill emphasizes on Article 31 their Constitution, which provides for the right to freedom of opinion and protection of personal data.

Also in Uganda, there is a Data Privacy Protection Act of 2019 which in section 10 the right to protection of personal data is enshrined.

 3.0 The Legal Framework

3.1 International Legal Instruments

The international legal framework is very clear on the right to freedom of expression and the right to privacy of personal information/data, communication and family. The only exception to these rights is where the law explicitly provides otherwise.

(a) International Covenant on Civil and Political Rights, 1966

Article 17 (1) provides that; ‘‘no one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation’’. Sub Article 2 further provides that; ‘‘everyone has the right to the protection of the law against such interference or attacks.”.

(b) The Universal Declaration of Human Rights, 1948

Article 12 provides that; ‘‘no one shall be subjected to arbitrary or unlawful interference with his privacy.

Article 19 of the Universal Declaration on Human Rights (UDHR), binding on all States as a matter of customary international law, guarantees the right to freedom of expression in the following terms:

Everyone has the right to freedom of opinion and expression; this right includes the right to hold opinions without interference and to seek, receive and impart information and ideas through any media regardless of frontiers.

This provision does more than simply  stating that every individual has the right to say what he or she wants. Article 19 of the Universal Declaration, and its twin Article 19 of the International Covenant on Civil and Political Rights (ICCPR), were carefully drafted to guarantee explicitly an unfettered right to hold opinions;  right to express and disseminate ‘any information or ideas’;  right to have access to media; and the  right to seek and receive information and ideas.

Not only does Article 19 prohibit States from interfering with the enjoyment of these rights, international law requires them to take such steps as are necessary to make freedom of expression a reality for everyone. This includes legislative or other regulatory steps, as well as ‘practical’ positive measures to protect the right to freedom of expression.

3.2 Regional Human Rights Instruments

(a) American Convention on Human Rights (Pact of San Jose).

Article 11 provides for the right to Privacy. Sub Article 1 provides that; ‘‘everyone has the right to have his honour respected and his dignity recognized.” Sub Article 2 provides that, “no one may be the object of arbitrary or abusive interference with his private life, his family, his home, or his correspondence, or of unlawful attacks on his honour or reputation.” Further, Sub Article 3 provides that, “everyone has the right to the protection of the law against such interference or attacks.”

(b) European Convention for the Protection of Human Rights and Fundamental Freedoms.

Article 8 (1) provides that ‘‘everyone has the right to respect for his private and family life, his home and his correspondence. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic wellbeing of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.”

(c) The European Convention on Human Rights, and the European Court of Human Rights.

Article 8 provides that; “an interference within the meaning of Article 8, especially where such information concerns a person’s distant past or where it contains personal data revealing political opinion and, as such falls among the special categories of sensitive data attracting a heightened level of protection.”

The protection of personal data is of fundamental importance to a person’s enjoyment of his or her right to respect for private and family life as guaranteed by Article 8 of the Convention. Thus the use and release of information relating to an individual’s private life, which is stored in a secret register, comes within the scope of Article 8.

The domestic law must afford appropriate safeguards to prevent any such use of personal data as may be inconsistent with the guarantees of this Article. The domestic law should ensure that such data are relevant and is efficiently protected from misuse and abuse.

When it comes to the protection of personal data, the fact that information is already in the public domain will not necessarily remove its protection under Article 8.

(d) Special Rapporteur of the United Nations Human Rights Office of the High Commissioner on the Right to Privacy, 2015

Human Rights Council Resolution 28/16 mandates the Special Rapporteur:

  • To gather relevant information, including on international and national frameworks, national practices and experience, to study trends, developments and challenges in relation to the right to privacy and to make recommendations to ensure its promotion and protection, including in connection with the challenges arising from new technologies;
  • To identify possible obstacles to the promotion and protection of the right to privacy, to identify, exchange and promote principles and best practices at the national, regional and international levels, and to submit proposals and recommendations to the Human Rights Council in that regard, including with a view to particular challenges arising in the digital age;
  • To raise awareness concerning the importance of promoting and protecting the right to privacy, including with a view to particular challenges arising in the digital age, as well as concerning the importance of providing individuals whose right to privacy has been violated with access to effective remedy, consistent with international human rights obligations.

3.3 Domestic Legislations

Despite the Constitution protecting the right to privacy and freedom of expression, there are other laws applied to interfere with communication privacy and freedom of expression. Some of these laws have been enacted in the name of regulating the use of ICT and National security. Various studies show that these laws are sometimes used by the Police Force and security agencies or politicians to interfere with people’s communications. For example the Cyber Crimes Act, 2015, gives wide mandate to the police to interfere with the users of social media telecommunications.

For example, a survey conducted by CIPESA (An Organization that monitors justice and the Use of Networks in Africa) four years ago, shows that Police and security forces lead in intercepting telecommunications and social network correspondence at 47%, followed by Mobile and Internet service providers at 28% and politicians in power at 25%. For example, in 2014, a Vodafone report issued per legal requirements shows that there were 1000 directives from the government claiming various information and data of internet and mobile phones users. Jamii Forums has also been forced several times to report users of this social network leading to over eight charges against the Jamii Forums Director filed by the Police.

(a) The Constitution of the United Republic of Tanzania

Article 16 of the Constitution provides that every person is entitled to respect and protection of his/her privacy. The state authority shall lay down legal procedures regarding the circumstances, manner and extent to which the right to privacy is encroached without prejudice to the provisions of this Article.

Further, the Constitution provides for the right to privacy that, “every person is entitled to respect and protection of his own privacy, his family, and his matrimonial life respect and protection of his residence and private communication”.

In addition, Article 18(c) of the Constitution further guarantees the freedom to communicate and protection from interference that, “every person has the freedom to communicate and protection from interference from his communication.

Article 30 of the Constitution further provides that “,the principles of which are set out in this Constitution, shall not be exercised by a person in a manner that causes interference with or curtailment of the rights and freedoms of other persons or of the public interest”. Therefore, the only thing that can prevent enjoyment of the right to privacy should be if it interferes with the rights and freedoms of other people or public interests, which means if it does not interfere then it should not be restricted.

Also Art 30(3) of the Constitution of The United Republic of Tanzania provides that:

‘Any person claiming that any provision in this Part of this Chapter or in any law concerning his right or duty owed to him has been, is being or is likely to be violated by any person anywhere in the United Republic, may institute proceedings for redress in the High Court person whose right have been violated can seek redress from High Court.’

Therefore, anyone claiming violation of the Right to Privacy can seek redress from the High Court.

(b) The Electronic and Postal Communications Act, 2010

It imposes the duty of confidentiality of information on network services licensees or operators, agents and customers. It also prohibits disclosure of information without authorization (Section 98 & 99 respectively). Under its 2018 Regulations, there is a requirement that a licensee should protect consumer information against improper or accidental disclosure of information (Regulation 6).

In addition, Regulation 11 imposes a duty to “any person who is holding users information not to disclose the information except where a law enforcement agency requires doing so”.

Regulations 18 of the Regulations provides that:

‘Any person, who contravenes the provisions of these Regulations, commits an offence and shall, upon conviction be liable to a fine of not less than five million Tanzanian shillings or to imprisonment for a term of not less than twelve months or to both.’

However, this does not guarantee that the Tanzania communications Regulatory Authority Online content committee as a Regulatory body shall be liable for breach of privacy of an individual; it cannot be a judge of its own cause. It only makes the service providers liable for the breach in its exclusion.

The law is trite clear on the limitation of exercising the right to privacy. However the procedures for obtaining a private communication were not followed, if need be for the court to use the individual communications for evidence, then a court order should be used to obtain the communication and not vice versa.

(c) Cyber Crimes Act, 2015

Section (7), provides for the protection against illegal data interference. However, Cybercrimes Act provides for the procedures that infringe the right to privacy and limits the enjoyment of the right to privacy even when it does not infringe the rights and freedoms of others or the public interest.

It grants excessive power to the police without the need of court order to search and seize. Even when the rights of other people or public interests are not at risk, police officers can exercise their power, which could infringe privacy.

Section 31(1) of the Cybercrimes Act provides differently from the limitations set in the constitution that:

‘The right to privacy can be limited when Police officer in charge of a police station or a law enforcement officer of a similar rank, upon being satisfied that there are reasonable grounds to suspect that a computer system may be used as evidence in proving an offence or is acquired by any person as a result of an offence, may issue an order authorizing a law enforcement officer to enter into any premise and search or seize a device or computer system as per this provision interference of other people’s rights or public interest is not the case.’

Under this law, the issue of proportionality to achieve the legitimate object is not considered. This provision infringes the right to privacy because the limitations imposed should not be more than reasonably necessary.

(d) The Access to Information Act 2016

Section 6(1) (b) provides for non-disclosure of information unless it is determined that the disclosure is in the interest of the public.

However, this Act has loopholes on data ownership and whether individuals have power over the information that they supply to and comes under the control of a third party. Secondly, the restriction of the transfer of data outside the Tanzania jurisdiction and an individual has a right to demand the deletion of his/her information that is captured and recorded even if the information is legitimately captured and recorded.

  • The Role of Tanzania Communications Regulatory Authority in Protecting Individual Communication and Protect the Citizens’ Right to Privacy

One of the functions of the Tanzania Communications Authority, among many others, is to protect and preserve private communications and information of network services users and ICT in general. In such a clear duty relating to the protection of communications and personal information and confidentiality the Code of Conduct of the Communications Authority directs that:

  • Every Consumer has a right to the protection and preservation of his/her personal data.
  • The Tanzania Communications Regulatory Authority has also mandated that all ICT and telecommunications service providers must protect, maintain and respect the confidentiality of personal communications of all users of their services.
  • It is a criminal offense for Network and ICT services providers to provide personal information or communications without the consent of the authority competent to allow such information to be provided.

Despite the presence of this role and duty towards consumers, we have recently witnessed serious violations of the right to protect and maintain sensitive or even private or group communications. We have witnessed popular people’s voices in private conversations, e-mail notices and institutional notifications online, text messages of people online as well as pictures and all kinds of information that individuals would rather not have been exposed. However, we have not seen any specific measures being taken by this authority to identify all individuals who have surveilled on personal data without following legal procedures.

6.0 Our Call and Advice:

     Our Advice to the Parliament and Government

  • We urge the Government to enact the Data Protection and Privacy Act to prevent the violation of the right to privacy, which is in line with the Constitution of Tanzania and other International Agreements on the right to privacy in communications.
  • The court should remain the sole authority with the mandate to authorize the use of personal communications and personal information only if they are required for evidence in court proceedings or for national security. If such information is taken in accordance with the law then it should be used for the intended purpose only and not illegally publicizing it.
  • We call upon the parliament to make amendments of the laws to provide a clear definition of what Public Interest is, so as to avoid misconception and exposure of private information “public interests”, which have not been clearly defined.
  • The government should respect the right to privacy whilst creating a proper definition of what public interest is. Until a clear definition is put into place, surveillance should be stopped and let individuals enjoy their right to privacy.
  • There is also a need to create a mechanism to monitor authorities that conduct legal surveillance even by forming parliamentary committees, such as appointing a monitoring commissioner.
  • To change the various provisions of the law that are currently applied to arbitrary interfere with people’s communication without following the legal procedures.

 

         Advice to ICT and Communication Service Providers

  1. Services providers should protect the image of their businesses consumers for they are doing business with them in good faith and in accordance with the law. Therefore, service providers should not be influenced by anyone, let it be the government institutions or individual persons, to breach the duty of confidentiality that they owe the consumers.
  2. It is a criminal offence for services providers to tamper with and release personal data without authorization from court. Hence respect and protection of private data should be the paramount duty of services providers.
  3. In the event that private communications of their customers are surveilled or illegally disseminated, they should come forward and condemn the act.
  4. They should join the Tanzania Human Rights Defenders Coalition (THRDC) together with other stakeholders, to demand for a Data and Privacy Protection legislation for the protection on ICT and telecommunications users’ communications.

 

   Advice to the Tanzania Communications Regulatory Authority (TRCA)

 

  1. The Tanzania Communications Regulatory Authority has to ensure that services providers block and remove contents of personal data which have been captured lawfully or unlawfully and have been circulated to the public legally or illegally.
  2. The Tanzania Communications Regulatory Authority through its Consumer Protection Committee should ensure they fully play their role in protecting personal data, by making sure service providers become liable for the breach of individual communications, which should have otherwise been protected by services
  3. TCRA through its Consumer Protection Committee should ensure that services providers respect their commitment to protect and respect principles of personal communications, which would otherwise be protected them. They should refrain from being manipulated to leak personal information, without making due diligence and satisfy themselves that there is an order of the court requiring them to issue personal data.

 

         Advice to the Public

  1. Those whose right to privacy has been breached should seek redress from the High Court of Tanzania.
  2. The society should avoid and abstain from publishing, circulating online and offline personal data and information of others, for it is against the law and may attract criminal charges.

 

 

Issued on 28th July 2019,

By:

Mr. Onesmo Olengurumwa,

National Coordinator – Tanzania Human Rights Defenders Coalition (THRDC)