Scribd
Upload
51 views6 pages

PDPA 1st Draft

The document provides an overview of Tanzania's Personal Data Protection Act which aims to safeguard privacy rights and regulate personal data processing. It establishes a Data Protection Authority to register and monitor data collectors and processors, investigate complaints, and issue penalties. The Act covers data collection, use, disclosure, retention and transfer, as well as the rights of data subjects to file complaints.

Uploaded by

joseph
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
51 views6 pages

PDPA 1st Draft

The document provides an overview of Tanzania's Personal Data Protection Act which aims to safeguard privacy rights and regulate personal data processing. It establishes a Data Protection Authority to register and monitor data collectors and processors, investigate complaints, and issue penalties. The Act covers data collection, use, disclosure, retention and transfer, as well as the rights of data subjects to file complaints.

Uploaded by

joseph
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

TITLE: SAFEGUARDING THE RIGHT TO PRIVACY: AN OVERVIEW OF

THE PERSONAL DATA PROTECTION ACT CAP 44 0F 2022.

Have you signed in an any platform that you were required to provide your

personal data? leave that alone, have you ever wondered how those data are

processed, used, handled and protected? probably you have, and let me

guess; you must’ve come out with some conclusions on the above raised

issues.

In contemporary digital landscapes, the ubiquity of platforms requiring


personal data raises pertinent questions about the processing, usage, and
handling of such information.

This paper aims to provide a succinct overview of the key concepts


introduced by the Personal Data Protection Act (PDPA) in Tanzania, delving
into the rights of data subjects, the duties of data controllers and protectors,
and the regulatory authority governing personal data protection.

A. Constitutional and International Foundations:

Personal data falls within the ambit of right to privacy which is


Constitutional right as it is stipulated under Article 16 of the Constitution
of the United Republic of Tanzania (1977) as amended time to time which
provides, shelters and guarantees the right to privacy to everyone.
Furthermore, the right to privacy is recognized and protected under
International Legal Instruments, to include Article 12 of the Universal
Declaration of Human Rights (UDHR) and Article 17 of the International
Covenant on Civil and Political Rights (ICCPR) which prohibit unlawful
interference or attacking with a person’s privacy and arbitrarily degrading
his reputation. Tanzania as State Party to the Treaties has a duty to enact
Laws as one of measures to safeguard such right.
B. Legislative Initiatives:

Being member state of the above-mentioned International Instrument and

as other democratic countries, Tanzania had taken a number of initiates in

ensuring the right of privacy is well protected. Several laws had been

enacted with the purpose of safeguarding such right, to mention a few they

include, the Electronic and Postal Communication Act, the National

Payment System Act, Banking and Financial Institutions Act, Cyber Security

Act.

Despite above mentioned pre-existing laws, the surge in technological

advancements necessitated a specific law to regulate the protection of

personal data.

C. Introduction of the PDPA:

Due to massive growth of technology, many transactions nowadays are

concluded through internet hence some sensitive data of the user should be

submitted to the online operator so as finalize the process.

Due to sensitivity of the data submitted to data collector or processor hence

the PDPA came into effect on November 27, 2022, marking a significant

milestone in Tanzania's legislative journey to provide comprehensive

guidance on collecting and processing personal data.

Primary objective of the enactment of this law is to ensure protection of

personal data by regulating and providing guidance in the process of

collecting and processing personal data also, to establish legal institution

vested with jurisdiction of overseeing/monitoring implementation of this Act.

The Act applies within the territories of Tanzania or anywhere that laws of
Tanzania are applicable as far as principles of International Laws are

applicable.

Key Concepts Introduced by the PDPA:


1. Data Protection Authority

2. Registration of Data Collectors and processors

3. Data collection, use, disclosure and retention

4. Data transfer

5. Rights of Data subject

6. Complaints and penalties

1. Data Protection Authority

The Act establishes a Personal Data Protection Commission. The

commission is a body corporate with its common seal. It can sue and be

sued, its function shall be inter alia to register and monitor compliance to

data Collectors and Processors, to receive and investigate on complaints

received on violation of personal data. The Commission is vested with power

to issue an award, the Act allows a party who is not satisfied with the award

to apply for review within twenty-one (21) days from the date when the

award was delivered, the application should be made by using form no. 8 of

the regulation. Any aggrieved party has a right to appeal against the award

to the High Court within twenty-one (21) days after the date when the award

was delivered.

2. Registration of Data Collectors and processors


The Act provides for the requirement for Data Processor to apply for

registration to the commission.

The application is submitted to the commission through Form No. 1 of

Personal Data Protection (Personal Data Collection and Processing) GN

No.449C of 202, the form shall be accompanied with certificate of

incorporation (if the applicant is a company) or identity documents (if the

applicant is a natural person) and receipt for payment of the application.

Upon successful registration, the data controller shall receive a certificate

which shall be valid for 5 years. The law also has granted power to the

commission to reject registering or renewing of the certificate issued,

however upon rejection the applicant has a right to appeal to the Minister

responsible for Communication.

Take note that, the principles are applying only to private Data

Processor/Collectors, the Act provides that, Public Institutions which deals

with Data collection or processing shall be deemed to be registered with the

Commission under the Act and shall abide with the Act.

3. Data collection, use, disclosure and retention

The Law prohibits any individual or an institution to collect or process data

if she is not registered by the Commission. The subject data shall be aware

of the use and recipients of the data collected. The data collector should

ensure the data collected is used lawful and within the intended purpose.

4. Data transfer

The Act prohibits to transfer personal data to another jurisdiction with

stringent conditions that must be met first before transferring the personal

data. The conditions are; the recipient country must have adequate and
sufficient legal framework to the personal data. The Law also covers

countries which do not have adequate and sufficiency legal framework to

protect personal data. For personal data to be transferred to countries which

do not have adequate and sufficient legal framework, the Commission must

be satisfied by the data controller that the country will provide high level of

insurance on protection of personal data which is transferred into it.

5. Rights of Data subject

Data controllers are legally obligated proper usage, preservation and

protection of personal data. Transparency is emphasized, requiring data

controllers to inform data subjects of the intended use and duration of data

processing. The data controller should not use the data contrary to what is

informed to data subject unless by operation of law or the other use is

directly related to the purpose of what the data was collected.

6. Complaints and penalties

Any person or a group of persons who has been affected or whose rights

have been violated by an act of the data controller or data processor may

institute a complaint to the commission by using Form No.1 of Personal

Data Protection (Complaints Settlement Procedures) GN NO. 449B of 2023

or complaints may be instituted orally to the Commission. The Commission

shall reduce the complaints to Form No. 1 of the Regulation. If it is a group

of people wants to submit its complaints, it should be accompanied with the

minutes of the meeting to show evidence that, the group resolved to institute

such claim.
Be informed that, the Commission may reject the complaint. The following

are the reasons that may move the commission to reject the complaint; lack

of locus standi, no cause of action or cause of action does not arise from the

Act, the matter is pending to other court or the matter is time barred.

In conclusion, the Personal Data Protection Act represents a crucial step in


Tanzania's commitment to safeguarding the right to privacy. It stands as a
robust legislative framework designed to fortify the right to privacy in the
digital age. By defining key concepts, outlining rights and duties, and
establishing a robust regulatory framework, the Act aims to ensure
responsible and ethical handling of personal data in an era marked by
technological advancements.

You might also like