UNIVERSITY OF IRINGA

FACULTY OF LAW

COURSE NAME: ICT LAW

NAME OF LECTURER: MR. NISILE MWAIJENGO

NAME OF STUDENT: ASHIRAFU HAMIDU KATATUMBA

REG. NUMBER: LLB-29347

NATURE OF WORK: INDIVIDUAL ASSIGNMENT

DATE OF SUBMISSION: 12nd Dec, 2023

QUESTION
Tanzania has domesticated several sub regional, regional, and global legal instruments that
advocates for data protection and the right to privacy. These include the Universal Declaration of
Human Rights (1948), the International Covenant on Civil and Political Rights (1966), the UN
Convention on the Rights of the Child (1989), the African Charter on Human and Peoples’
Rights (1981), African Charter on the Rights and Welfare of the Child (1990), the African Union
Convention on Cyber security and Personal Data Protection (the Malabo Protocol of 2014),
Treaty for the establishment of the East African Community (1999), EAC Legal Framework for
Cyber Laws (2008), SADC Model Law on Data Protection (2013). To what extent is The
Personal Data Protection Act No. 11 of 2022 at harmony with these instruments

1
INTRODUCTION

This is individual assignment which require to discuss on the issue of personal data protection,
where by after looking different internal instruments which provide on the same issue then to
look our municipal law on personal data protection and to discuss how it harmony with the
provision of those international instruments.

Personal Data Protection

The right to personal data protection is about safeguarding and upholding the dignity of
individuals when processing their personal data, and is closely linked to the right to privacy as
per Article 16 of The Constitution of United Republic of Tanzania. 1 It is key in building trust
between people and organizations, particularly in a digital age.

Personal data protection regulatory frameworks ensure that personal information is processed in
a fair, transparent, and responsible manner, and that people maintain control over who, how,
why, and when their data is processed.2 Such frameworks have been evolving rapidly in recent
years, but their origins date back to the 1970s when various European countries started enacting
data protection laws. This was followed in 1981 by the adoption of the first, and currently the
only, binding international legal instrument on data protection, the Council of Europe’s (CoE)
Convention for the Protection of Individuals with regard to Automatic Processing of Personal
Data (also referred to as ‘Convention 108 ), as modernized in 2018 (hereinafter ‘Modernized
Convention 108 or ‘Convention 108+’).3

The PDPA was passed into law on 27 November 2022. It provides detailed provisions on
personal data protection which are geared towards protection of personal data, places restrictions
upon personal data collectors and processors, and establishes a Personal Data Protection
Commission ('the Commission') to administer and enforce the provisions of the PDPA.4

The Personal Data Protection Act No. 11 of 2022 sets conditions for the protection of personal
information with the aim of setting a minimum level of requirements for the collection and
1
1977 as amended from time to time
2
https://ico.org.uk/for-organisations/guide-to-dataprotection/introduction-to-dpa-2018/some-basic-concepts/>
Retrieved 28 Nov 2023.
3
http://www.sciencedirect.com Retrieved 28 Nov 2023
4
https://www.dataguidance.com/notes/tanzania-data-protection-overview Retrieved 28 Nov 2023

2
processing of personal information, establishing a Commission for the Protection of Personal
Information, strengthening the protection of personal information processed by Government
agencies and institutions personal, and other related issues. The law will be used in Tanzania
Mainland and Tanzania Zanzibar except for Tanzania Zanzibar it will not be used for non-union

matters.

The Personal Data Protection law as anticipated by most sets out what should be done to make
sure everyone’s data is safe, used properly, and fairly. Key pieces of information that are
commonly stored by businesses, be that employee records, transaction data, customer details, or
data collection, need to be protected. The protection allows for the data from being misused by
third parties for fraud, such as phishing scams, identity theft, and other forms of misuse.

Main body

On this part am going to elaborate under hat extent the Peraonal Data Protection Act harmony
with those international instrument given on the question. On answering this question properly
am going to use the way of explain how does the international instrument address the issue of
data protectio and then on the same spot i will compare to what is provided on The personal Data
Protection Act concerning what is provided onthe certaininstrument concerning Personal Data
Protection.

Universal Declaration of Human Rights (1948)

After theend of WWI and WWII the world has employ the time on formulating United Nation
Organization (UN) in 1945vand the main purpose of establing UN is to protect world peace
throungh enacting law which specifically will protect the human right and through that
instrument one among the right established is right to privacy.

Where by Article 12 of the Universal Declaration of Human Rights 5 Provides that; "No one shall
be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to
attacks upon his honour and reputation. Everyone has the right to the protection of the law
against such interference or attacks.16The Article provide a good basis of what privacy means,

5
(1948)

3
and as the fact that the Constitution17adhere to the principles established by this Declaration,
then as stated earlier the Declaration provides a good basis for the definition of privacy".

That Article gives the obligation to the member state of UN to enact law which specifically
protect the right of privacy whic directly play a role on protection of personal data, where by
Tanzania fullfill that obligation imposed by un and enacting The Personal dat protection Act6
where by the long tittle of The personal Data Protection Act 7 shows how it harmony the
provision of Article 2 of The Universal Declaration of Human Rights8 where by the main
purpose of enacting that Act is to deal with all matters concerning data protection by enforcing
and protecting the right of privacy as well as the protection of personal data also it establish the
commission which will deal with matter concerning personal data.

The International Covenant on Civil and Political Rights (1966)

Article 17(1) of this instrument provide that No one shall subjected to arbitrary or unlawful
interference with his privacy, family, home or correspondence, nor to unlawful attacks on his
honor and reputation.

Article 17(2) provides that Everyone has the right to the protection of the law against such
interference or attacks.

As those Articles provides it directly reflect on Personal data protection where By Article 17(1)
provides fir the right of privacy of everyone Information or his personal data and then Article
17(1) give the member state the obligation of enacting law whichi will directly protect individual
on his personal data. This Article gave the guard person against his data which it has to be
protected by the law enacted by the parlianment.

After see what is provied under this international instrument now am going to show to what
extent The personal Data Protection Act9 harmony the provision of Article 17(1) and (2) of The
international convenant on civil and political Right. Under Long tittle of the Act prove that An
Act to provide for principles of protection of personal data so as to establish minimum

6
Act no. 11 of 2022
7
Act no. 11 of 2022
8
(1948)
9
Act No. 11 of 2022

4
requirements for the collection and processing of personal data; to provide for establishment of
Personal Data Protection Commission; to provide for improvement of protection of personal data
processed by public and private bodies; and to provide for matters connected therewith.

So according to the long tittle of The personal Data Protection Act shows how it harmony the
provision of Article 17(1)(2) of The International Covenant on Civil and Political Rights 10 where
by the main purpose of enacting that Act is to deal with all matters concerning data protection by
enforcing and protecting the right of privacy as well as the protection of personal data also it
establish the commission which will deal with matter concerning personal data.

So generally the Act harmonize the protection of personal data as to the right of privacy as
provided under The International Covenant on Civil and Political Rights 11 by explaining the acts
which will ammount the infringement of personal data also it show the punishment when
someone infringe that right of other person. Also the Act provides for the principle of personal
data protection under Section 512
The UN Convention on the Rights of the Child (1989)

This is one among global legal instruments Which is the result of United Nation Commision
where by they employ time to enact instrument which basically adress the matter concerning
child to the member state who ratify it. One Among important issue which addressed in this
instrument is protection of personal data of the child.

Article 16 (1) of The UN Convention on the Rights of the Child 13 provide that No child shall be
subjected to arbitrary or unlawful interference with his or her privacy, family, home or
correspondence, nor to unlawful attacks on his or her honour and reputation.

14
Article 16 (2) of The UN Convention on the Rights of the Child The child has the right to the
protection of the law against such interference or attacks.

The provision above show and provide the protection of the privacy of the child and no one
should interfere his privacy and the law goes further and impose obligation to the member state
10
(1966)
11
Ibid
12
Act no 11 of 2022
13
(1989)
14
(1989)

5
to establish legal framework which will play a role of protecting that intereference. So globaly
throught this international the protection of personal data of the child has protected.

Due to the reason that Tanzania is the member state of UN has domesticate this global
instrument through enacting The personal data protection Act15 which play a role of protection of
personal data of the child in Tanzania where by

So Section 30(1) of The personal Data Act 16 protect the interference of Child data by imposing
the obligation to the data processor not to process the data of the child without his consent and
due to the fact that the child is minor can not consent himself Section 30(4) of The personal Data
Act impose the power to the parent to consent on behalf of his child.

Also Section 63(1) of The personal Data Act impose the penalty for any data processor who will
go against the provision of Section 30 and also Section 63(2 17) provide for the order of forfeiture
Where by the infringer will be ordered to bring devices containing the personal data connected
with the commission of an offence.

Generally to larger extent The personal Data Act harmonize the provision of Article 16 of The
UN Convention on the Rights of the Child 18, because it cover all requirement on protection of the
child privacy by give power the data of the child not to be processed without his consent also to
give power parent to consent on behalf of his child.

The African Charter on Human and Peoples’ Rights (1981)

This is one among the regional instrument which basically it aim to address the protection of
Human and peaples right in Africa. The African Union has enacted The African Charter on
Human and Peoples’ Rights19 to govern all matters concerning human right in Africa.

One among the important thing which The African Union has consider into that instrument is the
protection of personal data where by under Article 4 of the The African Charter on Human and
Peoples’ Rights20 provides that "Human being are inviolable. Every human being shall be
15
Act no. 11 of 2022
16
Act no. 11 of 2022
17
Act no. 11 of 2022
18
(1989)
19
(1981)
20
(1981)

6
entittles to respect his life and the intergrity of his person. No one may be arbitrary deprived of
this right" This provision inderectly provide for the protection of person data due to the fact that
the provision want the integrity of person to be respected and one among the thing which amount
the respect of intergrity of person is to keep his privacy or to keep his data on the way that no
one can interfere it because there some of data can amount to lower the intergrity of person.

Tanzania as the member state of Africa Union has employ time to enact law which specifically
addres the issue of protection of personal data and enact The personal Data protection Act 21 This
Act has managed to harmony The African Charter on Human and Peoples’ Rights 22 by providing
the protection of personal data which hinder to respect the human intergrity by imposing
obligation to data processor to keep that data in the way that no one can interfere it. And under
Section 63(1) of The personal Data Act23 impose the penalty for any data processor who will go
against the provision of Section 30 and also Section 63(2) provide for the order of forfeiture
Where by the infringer will be ordered to bring devices containing the personal data connected
with the commission of an offence.

Generally The personal Data Protection Act 24 has managed to harmony with the provisions of
The African Charter on humn and peoples right25 by including the personal data protection as to
the right of privacy which directed used to secure security of his person.

African Charter on the Rights and Welfare of the Child (1990)

This instrument was enacted specifically by the African union so that to cover different matter
concerning child issues for his welfare, among other things this convention also do not forgot on
provide the protection of child privacy. Where by this instrument require the privacy of the child
to be protected for his welfare also it give the right only his parents to supervise his data. The
instrument goes further and impose the obligation to the member state to establish legal frame
work which will specifically protect the dat of the child.

21
Act no. 11 of 2022
22
(1981)
23
Act no. 11 of 2022
24
Act no. 11 of 2022
25
(1981)

7
Article 10 of African Charter on the Rights and Welfare of the Child 26 provide that No child
shall subject to arbitrary or unlawful interfernce with his privacy, family home or
correspondence, or to the attacks upon his honour or reputation, provided that parents or legal
guardians shall have the right to exercise reasonable supervision over the conduct of their
children. The child has the right to the protection by the law against such interference or attacks.
This provision try to provide to what extent the data of child should be protected and also
impose the obligation to the member state to establish legal framework which will address the
protectio of privacy of the child and which that legl framework shall impose punishment for
those who will interfere the privacy of the child with inclusion of parent who given a power to
interfere his child data for the purpose of supervision only.

On the same spot on the protection of the personal data of the child Tanzania as the member state
of African union and to which has ratify the African Charter on the Rights and Welfare of the
Child27 to harmony with Article 10 which provide for the right of privacy of the child and which
impose the obligation of protection of the child privacy, Tanzania has employ the time through
parlianment on enacting the law whic specifically play a role of protection of personal data
which is The Personal Data Protection Act28 and on the same point under Section 30 of The
personal data Act29 protection Act30 Provide for Prohibition on processing of sensitive personal
data where by it state that "A person shall not process sensitive personal data without obtaining
prior written consent of the data subject".

So by that provision directly it protect the data of child because one among the sensitive personal
data include data of the child. According to Section 3 of The personal Data Act 31 define Sensitive
personal data to mean “genetic data, data related to children, data related to offences, financial
transactions of the individual, security measure or biometric data" so by this definition it show
that child data is one among the sensitive personal data.

26
(1990)
27
(1990)
28
Act no. 11 of 2022
29
Act no. 11 of 2022
30
Act no. 11 of 2022
31
Act no. 11 of 2022

8
So Section 30(1) of The personal Data Act 32 protect the interference of Child data by imposing
the obligation to the data processor not to process the data of the child without his consent and
due to the fact that the child is minor can not consent himself Section 30(4) of The personal Data
Act33 impose the power to the parent to consent on behalf of his child.

Also Section 63(1) of The personal Data Act34 impose the penalty for any data processor who
will go against the provision of Section 30 and also Section 63(2) provide for the order of
forfeiture Where by the infringer will be ordered to bring devices containing the personal data
connected with the commission of an offence.

Generally to larger extent The personal Data Act harmonize the provision of Article 10 of
African Charter on the Rights and Welfare of the Child, because it cover all requirement on
protection of the child privacy by give power the data of the child not to be processed without his
consent also to give power parent to consent on behalf of his child.

African Union Convention on Cyber Security and Personal Data Protection (Malabo
Convention) (2014)

The African Union has invest the time to estblish regional instrument which directly deals with
the personal data protection as the result we got African Union Convention on Cyber Security
and Personal Data Protection (Malabo Convention) 35, This entire Instrument talks specifically on
how the member of African Union are obliged on enacting law or establishing legal frame work
which will play a role on value the right of privacy and also the protection of personal data
specifically physical data also to establish the legal framework which will punish a person who
will violate that fundamental right of another person.

Where by Article 8 of African Union Convention on Cyber Security and Personal Data
Protection (Malabo Convention)36 state that each state party shall commit itself to establishing a
legal frame work aimed at to value fundamental right and public freedom, particularly the

32
Act no. 11 of 2022
33
Act no. 11 of 2022
34
Act no. 11 of 2022
35
(2014)
36
(2014)

9
protection of physical data and also to establish punishment to any one who will violate the right
of privacry of another person without prejudice the principle of free flow of personal data.

As the obligation of Malabo Convention to establish the legal frame on the issue of personal dat
protection as fundamental right Tanzania as member state employ the time and enact the law to
fullfill that obligation imposed by the Malabo convention as the result we got The personal Data
protection Act, which harmonize to what provided on Article 8 of The Malabo Convention37,
Where by Section 27 of personal data Protection Act 38 provide that A data controller and his
representatives shall ensure that personal data is protected, by such security safeguards that is
reasonable in the circumstances necessary for the personal data protection against negligent loss
or unauthorised destruction, alteration, access or processing of the personal data. This provision
it show how the legal framework protect the personal data by imposing the obligation to the data
processor to handle data in secure manner.

Also the provision of Part VII of Personal Dat Protection Act 39 provides for Investigation of
complaint where by Section 39 of that part explain about Complaints against violation of
personal data protection principles. So this provision also harmony the Malabo Convention of the
issue of violation of right of privacy so when someone violate that fundamental principle tha
Personal Data protection Act establish the commission which have a role on receiving complaint
against the violation but not only that but also to do investigation concerning the violation
alleged by a person.

40
Lastly The personal Data Protection Act under Section 50 establish the payment of
compensation as the punishiment where by Section 50(1) Subject to the provisions of section 37,
the Commission may, in addition to any penalty given under this Act, order a data controller or
data processor who causes damages to the data subject following contraventions of any
provisions of this Act to pay compensation to the data subject. So it impose the punishment as
the requirement of Malabo Convention41 that every member state shall establish the legal
framework which will punish the v+iolater of right of privacy as fundamental right.

37
(2014)
38
Act no 11 of 2022
39
Act no. 11 of 2022
40
Act no. 11 of 2022
41
(2014)

10
So generally the Personal data Protection Act succeed to harmony the Malabo Convention on the
issues of personal data protectionbecause it establish the legal framework to deal with all matters
concerning the oersonal data Protection, as the results of protecting the right of privacy.

Treaty for the establishment of the East African Community (1999)

This is one among the sub regional instrument which govern East African Community apart of
all thing it imposes different obligations to its member state. One among the obligation is
provided under Article 6(d) which provides that "good governance including adherence to the
principle of democracy, rule of law, accountability, transparence, social justice, equal
opportunity, gender equality as well as the recognition, promotion and protection of human and
peoples right in accordance withe the provision of African Charter on human and peoples right"

Under Article 4 of the African charter on human and peoples rights 42 impose the obligation to the
member state to enact law which will play a role on protection of dignity of his person. So
Tanzania as Fullfill that requirement through enactment of The personal Data protection Act
which according to Section 4 of The personal Data Act 43provides the objectives of the Act which
the main objectives is to play a role on protection of of personal data and to punish those who
violate the privacy of the other.

EAC Legal Framework for Cyber Laws (2008)

This is one among of the sub-regional Instrument enacted to govern member state of the
Community. One among the important thing which introduced on this instrument is protection of
Personal Data as right of privacy is concerned whereby under Article 2 and 3 Chapter II of EAC
Legal Framework for Cyber Laws44 Provides for illegal access and illegal interception of
personal data.

This Instrument imposes obligation to the member state to adopt the law on protection of
personal Data. Tanzania has managed to harmony with that condition by enacting The Protection

42
(1981)
43
Act no. 11 of 2022
44
(2008)

11
of Personal Data Act45 which by looking the long tittle and objective of the Act is to establish
legal framework with the role of protection of personal data by imposing punishment for those
who will violate the right of privacy.

SADC model Law on Data Protection (2013)

Among other things which are provided under this Instrument, the protection of personal data is
one among them wher by Article 24 of this Instrument provide security of the data as well as
protection of the privacy of the person. By providing the security of the data means it entails the
protection of personal data. So this instrument by providing security of data means it gives
person to be aware on handling well the data of another person in the way which will not
ammount the interference by another person.

The personal data Protection Act46 This Act harmony Article 24 of SADC model Law on Data
Protection47 where by under Section 5 of The personal Data protection secure the data of person
by providing the principles of person data protection, those principles entails to secure the
protection of person dat where on handling or on processing the person data every person has to
adhere those princple and fails to adhere it he will be punished.

Those principle are Proceced lawfully, collected for explicit, specified and legitimate purposes,
adequate, relevant and limited to what is necessary in relation to the purposes for which it is
processed, accurate and where necessary, kept up to date, stored in a form which permits
identification of data subjects for no longer than is necessary for the purposes for which the
personal data is processed, not transferred abroad.

So by that Act to provide for those principles of personal data protection it entails to secure the
right of privacy as fundamental right. So on dealing with any personal data, the public or
individual person who will go contrary to those principles he/she will be punished.

Also Section 27 of The Personl Data Protection Act also it harmony with the provision of Article
24 of SADC model Law on Data Protection where by it explain the security of data to the data

45
Act no.11 of 2022

46
Act no 11 of 2022
47
(2013)

12
processors that he has to take all necessary measures so that to make sure the data are secured in
such a way which will no infringe the right of privacy of data provider.

Conclusion

The personal Data protection Act has play a role on personal data protection due to the reason
that Tanzania is the member of different Global, regional and Sub regional treaty so it was
mandatory to enact law which will compromise on what provided on those treaties basically on
protection of personal data.

As per my view i came up with conclusion that The personal Data protection Act has managed
on harmonization on protection of personal data which is right of privacy as regarded to different
treties. The reason why i said so it is due to the reason that The Act has managed to cover all
necessary things as provided to those Treaties.

BIBLIOGRAPHY

CONSTITUTION

 The Constitution of United Republic of Tanzania of 1977 as amended from time to time
STATUTE

13
  The Personal Data Protection Act no.11 of 2022
INTERNATIONAL INSTRUMENT

 The Universal Declaration of Human Rights (1948)

 The International Covenant on Civil and Political Rights (1966)
 The UN Convention on the Rights of the Child (1989)
 The African Charter on Human and Peoples’ Rights (1981)
 African Charter on the Rights and Welfare of the Child (1990)
 The African Union Convention on Cybersecurity and Personal Data Protection (the
Malabo Protocol of 2014)
 Treaty for the establishment of the East African Community (1999)
 EAC Legal Framework for Cyber Laws (2008), SADC Model Law on Data Protection
(2013)
ONLINE MATERIAL

 https://ico.org.uk/for-organisations/guide-to-dataprotection/introduction-to-dpa-2018/
some-basic-concepts/>
 http://www.sciencedirect.com
 https://www.dataguidance.com/notes/tanzania-data-protection-overview

14