HIPSSA Project. Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Meeting with the Tanzanian ICT Ministry. PRESENTATION ON DATA PROTECTION BILL Pria Chetty, International Legal Expert on Data Protection 07.03.12. Why enact Data Protection Law?
Support for Harmonization of the ICT Policies in Sub-Sahara Africa,
Meeting with the Tanzanian ICT Ministry
PRESENTATION ON DATA PROTECTION
International Legal Expert on Data Protection
Give effect to right to privacy
ICT technology developments impacts right to the protection of personal data in commercial activities and electronic government (eGov) activities
Illegitimate and unlawful use of individual’s information
Automated decision making
Direct marketing practices
Data protection regulation - ensure that the benefits of using information and communication technologies is not met with weakened protection of personal data
International and regional frameworks establish the primary themes, intent and functional requirements for data protection regulation.
Within Tanzania, enquire:
Designated national data protection legislation
Prevalence of regulation that has a bearing on the right to privacy and protection of personal information in Tanzania.
3Object of the Act
to promote the protection of personal information processed by public and private bodies; to introduce information protection principles so as to establish minimum
requirements for the processing of personal information; and to provide for
matters connected therewith
Data Protection Officer
“data controller” or “controller” refers to any natural person, legal person or public body which alone or jointly with others determines the purpose and means of processing of personal information. Where the purpose and means of processing are determined by or by virtue of an act, decree or ordinance, the controller is the natural person, legal person or public body has been designated as such by or by virtue of that act, decree or ordinance.
processing: refers to any operation or set of operations which is performed upon personal information, whether or not by automated means, such as obtaining, recording or holding the data or carrying out any operation or set of operations on data, including –
(a) organization, adaptation or alteration of the data;
(b) retrieval, consultation or use of the data; or
(c) alignment, combination, blocking, erasure or destruction of the data
(1)This Act shall not affect the operation of any law that makes provision with respect to the collection, holding, use, correction or disclosure of personal information and is capable of operating concurrently with this Act. If any other legislation provides for safeguards for the protection of personal information that are more extensive than those set out in the information protection principles, the extensive safeguards prevail.
(2)This Act shall not restrict the ways of processing and production of information which are legally sanctioned under this Act, including such processing and procedures set out in Schedule One.
Government departments – national security, defence, prosecution of offences, journalistic purposes, judicial processes, powers of judiciary
Does apply to partial automated processing
Data Controller may appoint a representative
Schedule of Exemptions for Consultation Process and Regulations
Prescription of Court
Duty of Correction of Personal Information (Public Bodies only)
Promotion of Access to Information Act
ITU International Expert: Data Protection
Mobile: 083 384 4543