The Media Institute of Southern Africa (MISA) Zimbabwe has warned the public against viral social media claims suggesting that a new “Cyber Crimes Act” has been enacted and is now being enforced in Zimbabwe.
The organisation says the claims are false and legally inaccurate, and has called for greater public awareness of existing cyber and data protection laws and how they affect online activity.
The warning follows the circulation of a widely shared message asserting that a “Cyber Crimes Bill” is now an Act of Parliament, listing alleged offences and severe penalties. These include imprisonment for accessing another person’s phone, recording private conversations, publishing misleading information and purported “domestic terrorism” offences carrying life sentences.
MISA Zimbabwe’s Legal and ICT Policy Officer, Helen Sithole, said Zimbabwe does not have a newly enacted, standalone Cyber Crimes Act.
“The Cyber and Data Protection Act is not well known to the public and journalists. Hence the recent information about a standalone cyber crimes act with penalties went rampant,” she said.
“There is need for more publicity around the Cyber and Data Protection Act and how it impacts our online activities and courses of redress.”
She said the misinformation spread rapidly, even appearing on the website of at least one law firm.
“I noted even one law firm placing the so-called cyber crimes act penalties on their website. We live in a society affected by clickbait culture rather than due diligence before publication,” Sithole added.
Zimbabwe’s existing cyber-related offences are contained in the Cyber and Data Protection Act [Chapter 12:07] of 2021, which regulates data protection and cybersecurity. The law amends the Criminal Law (Codification and Reform) Act [Chapter 9:23], where cybercrime offences are set out.
Legal experts note that there is no separate or recently passed “Cyber Crimes Act” with independently numbered sections as claimed in the viral message.
Under the amended Criminal Code, offences include unauthorised access to computer systems or data, punishable by up to five years’ imprisonment, or up to ten years in aggravating circumstances. Unlawful interference with data, such as deleting, altering or obstructing information, carries similar penalties.
The law also criminalises the unlawful disclosure of access codes or computer data, with penalties of up to ten years’ imprisonment, as well as a range of electronic communications offences, including cyberbullying, threatening messages, the spread of harmful false data, spam and the distribution of intimate images without consent.
However, MISA Zimbabwe says there are no provisions in Zimbabwean cyber laws that criminalise recording private conversations simply because one is party to them, nor is there a cyber-specific “domestic terrorism” offence carrying life imprisonment, as claimed online.
The Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ), the country’s designated Data Protection Authority, has also raised concerns over the misleading claims. It has reiterated that Zimbabwe does not have a standalone Cyber Crimes Act and urged the public to rely on verified legal sources for information on cyber laws.
MISA Zimbabwe has urged journalists, institutions and social media users to verify legal information before sharing it, warning that misinformation about the law can cause unnecessary fear and confusion among citizens.
Support CITE’s fearless, independent journalism. Your donation helps us amplify community voices, fight misinformation, and hold power to account. Help keep the truth alive. Donate today