The position of Tanzania before enactment of the Personal Dat Protection Act there were

different laws and case laws which used in protection of data

In international frame work

Tanzania is party to International human rights instruments that protect the right to privacy.

These include the Universal Declaration of Human Rights (UDHR), International Covenant

on Civil and Political Rights (ICCPR), Convention on the Rights of the Child (CRC) and

the African Charter on the Rights and Welfare of the Child.

For instance, article 17 of the ICCPR provides unequivocally that no one shall be subjected to

arbitrary or unlawful interference with their privacy, family, home or correspondence, nor to

unlawful attacks on their honour and reputation. The United Nations Human Rights Committee

has noted that states parties to the ICCPR have a positive obligation to “adopt legislative and

other measures to give effect to the prohibition against such interferences and attacks as well as

to the protection of this right [privacy].”

In national level

The Constitution of the United Republic of Tanzania 1977 (as amended time to time) by virtual

of article 16 provide that every person is entitled to respect and protection of themselves, their

family and their matrimonial life and respect and protection of their residence and

communication.

This Article facilitate much for enactment of the laws that stipulate how the privacy right are

protected, persuade or interfered with by the government.

Despite the Constitutional provisions on privacy, Tanzania is yet to enact a comprehensive laws

on data protection. There are nonetheless some national laws with provisions on protection of the

right to privacy and data protection in Tanzania. However, some of laws like :

 National Payment System Act 2015. It applicable in financial sector where by this

provide for confidentiality of information without disclose to any person unless it was

authorized by any law provided by virtual of section 45 of the act , also the act provide

for protection of the consumer information as provided by virtual of section 47 (1) of the

act there it state that Without prejudice to any other written laws a payment system

provider shall- (a) protect the privacy of a participant and customer information; and (b)

not disclose information of a participant or customer unless the disclosure is made in

compliance with the law, an order of a court or with the express consent of the system

participant or customer concerned. Also buy virtual of section 53 of the act provide that

any A person who gains access to another person's financial data, record or transaction

with the aid of any device, electronic device or any scheme or method that facilitate

retrieval of information and data without permission commits an offence.

 Bank of Tanzania ( Financial Consumer Protection) Regulation 2019 it applicable in

financial sector where by it aim in protection of consumers form unfair deceptive or

abuse practices by virtual of regulation 36 provide for every financial service provider

measures to protect the consumer financial and personal information and not to share the

same information to a third part unless it permitted by the law or upon consumer consent

 The Banking and Financial Institution Act, 2006 applied the same to financial service

sector and the role played is duty to confidentiality not to disclose the customer

information to a third party unless or otherwise its permitted by the law. By virtual of
 section 48 of the act prohibit banks from disclose the customers information or affairs

unless permitted by the law.

 The Tanzania Intelligence and Security Services Act, 1996

 The Electronic and Postal Communication Act, 2010 (EPOCA), and its regulations

applicable to the electronic and postal communication sector. By virtual of section 98 (1)

if the Act provide a duty of confidentiality that A person who is member, employee of

application service licensee, or its agent, shall have a duty of confidentiality of any

information received in accordance with the provisions of this Act. (2) A person shall not

disclose the content of information of any customer received in accordance with the

provisions of this Act, except where such person is authorized by any other written law.

 Cyber Crimes Act 2015, against publication of information of a data subject in a

misleading manner with intent to defame, threaten, abuse, insult, or otherwise deceive or

mislead the public. By way of using computer system, devices, data located within

Tanzania or person located in Tanzania

 Electronic Transaction Act 2022, the law recognize electronic transactions which include

recognition of electronic signatures, documents as well as communications, this act

stablish the electronic government service that enable government to deliver services and

interact with public electronically and also becomes so easy to collect electronic evidence

and its admissibility.

 Access to Information Act 2016, this Act provide the access to information as well as the

scope of information which are public access and to promote transparent and

accountability of information provider and related matters . the law provide that every

person have a right to access information required under control of information producer
 or holder. But the law provide the exception to a certain information not be released by

the information holder which involve un warranties invasion of the privacy of an

individual.

have contentious provisions that potentially limit the right to privacy including by allowing

surveillance and monitoring of digital communications and other online activity of citizens.

Apart from these laws there are several case laws which are decided and show the position

before the enactment of the Personal Data Protection Act as follows:

Jamii Media Company Ltd v. The Attorney General (2017) TLS LR 447

The petitioner was an operator of a website where by users are permitted to post, engage and

participate in in discussions of social, economic, or political relevance in a society. According to

the Cybercrimes Act, the police officers had issued disclosure order which demanding the

disclosure of information regarding the users of the platform, threatening to prosecute the

petitioner if they did not comply.

The petitioner filed a petition to challenge Sections 32 and 38 of the Cybercrimes Act as

unconstitutional by go against Articles 13(6)(a), 16, and 18(1) and (2) of the Constitution. The

petitioner's contention was that Section 32 of the Cybercrimes Act takes away the right to

privacy and Section 38 of the Cybercrimes Act offends the right to be heard.

The High Court of Tanzania ('the High Court') held that Section 32 of the Cybercrimes Act this

section is relevant and its permissible where the information are required by police for

investigation so the petitioner must produce and give access to it and its permissible national
and international proportional limits and that it was not unreasonable for people in possession of

relevant data to disclose it to investigators.

Deogras John Marando v Managing Director, Tanzania Beijing Huayuan Security Guard

Service co. Ltd, High Court of Tanzania, Civil Appeal No 110 of 2018 (unreported)

In this case respondent used the identity of likeness of appellant in advertisement of the appellant

security company for commercial purposes without the consent of the appellant. Although there

was no comprehensive law in Tanzania for protection of personal image and privacy the High

Court relied upon Article 16 of the Constitution and drew from common law principles to award

general damages in favor of the Appellant. The High Court adopted the following principles in

its judgment in this case:

 there must be intrusion of personal privacy of the claimant on their identity/image

by the respondent;

 there must be appropriation of the claimant's image or celebrity or likeness for the

respondent's advantage in any form but in particular commercial purposes;

 there must be lack of consent from the claimant; and

 there must be proof that the respondent earned profit out of the illegal use of the

claimant's image.

Raymond Paul Kanegene and Bob Chacha Wangwe v The Attorney General, High Court of

Tanzania, Consolidated Misc. Civil Cause No. 15 OF 2019 & No. 5 OF 2020
In this case the petitioner was challenging the constitutionality of sections 16 and 39(2)(a) and

(b) of the Cybercrimes Act, which were alleged to be in violation of the right to privacy and the

right to freedom of expression under Articles 16 and 18 of the Constitution.

Section 16 of the Cybercrimes Act provides that any person who publishes information or data

presented in a picture, text, symbol, or any other form in a computer system knowing that such

information or data is false, deceptive, or misleading or inaccurate, and with intent to defame,

threaten, abuse, insult, or otherwise deceive or mislead the public or concealing commission of

an offence, commits an offence, and shall on conviction be liable to a fine of not less than TZS 5

million (approx. €2,010) or to imprisonment for a term of not less than three years or to both.

And section 39(2) of the Cybercrimes Act provides that the Minister may prescribe procedures

for service providers to:

 inform the competent authority of alleged illegal activities undertaken or

information provided by recipients of their services; and

 avail competent authorities, at their request, with information enabling the

identification of recipients of their service.

In relation to Section 39 (2)(a) and (b) of the PDPA, the submissions were based on the argument

that the Minister's power to prescribe the procedures requiring service providers to divulge

specified information and identify service recipients interferes with the right to privacy and

private communication under Article 16(1) of the Constitution, and the right to freedom of

opinion and expression, the right to seek, receive and disseminate information and ideas without

restrictions as provided under Article 18 of the Constitution. It was argued that service providers
should not be compelled to give information without the consent of a person who issued such

information.

The High Court was of the view that the constitutionality of a statutory provision is not in what

could happen in its operation but in what it actually provides for, and that the mere possibility of

a statutory provision being abused in actual operation will not, as a matter of general rule make it

invalid. On that ground the petition was dismissed and it was held that the impugned provisions

do not violate the constitutional provisions.

Kisonga Ahmed Issa & Another Vs. Republic, Court of Appeal of Tanzania, Consolidated

Criminal Appeal No. 17 of 2016 and 362 of 2017, and in Francis Nyandindi v Republic, High

Court of Tanzania (at Dar es Salaam), Criminal Appeal No. 173 of 2021, (unreported)

Article 16 of the Constitution was used to refuse admissibility of evidence of a quotioned

statement during criminal investigation process on the ground that the statement recorded the

statement of the accused while their rights to privacy were being violated.