Promoting Effective and Inclusive ICT Policy in Africa

Tag Archives: Law

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Law
19May

Zambia’s Cybersecurity and Cybercrimes Laws Raise Alarms for Digital Rights

Author CIPESA Posted on

By Edrine Wanyma |

In April 2025, the Zambian Parliament enacted two laws – the Cyber Security Act, 2025, and the Cyber Crimes Act, 2025 – which pose significant threats to digital rights and civil liberties in the country.

Despite significant concerns raised by civil society and digital rights advocates, including the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) and Bloggers of Zambia, the two laws were passed with minimal revisions, leaving intact several provisions that undermine fundamental freedoms, including the right to privacy, freedom of expression, access to information, assembly and association.

Last December, CIPESA and Bloggers of Zambia submitted to the parliament a detailed analysis highlighting critical human rights concerns with the two proposed laws. The concerns include the overly broad surveillance powers and the weak oversight mechanisms that provide latitude for wantonly interfering with individuals’ rights.

Broadly Worded and Vague Definitions

The laws are riddled with broadly worded and vague definitions. Terms such as “law enforcement officer,” “critical information,” “critical information infrastructure,” “internet connection record,” and “call-related information” are so vague that they risk being interpreted to serve the interests of those in power. There is also a high risk they could be weaponised to target government opponents, critics, journalists and online activists.

For instance, the expansive definition of “critical information” refers to computer data that relates to a broad range of areas, including public safety, public health, economic stability, national security, international stability and the sustainability and restoration of critical cyberspace, providing authorities with a carte blanche to monitor and control information flow.

Similarly, the definition of “law enforcement officer” extends beyond traditional roles to include officers from the Anti-Corruption Commission, Drug Enforcement Commission and even individuals designated by the President. This expansion raises concerns about accountability, particularly as these officers can apply for communication interception orders ex parte (without notifying the target), thereby denying affected parties the right to contest such actions. This dangerously expands the scope of surveillance without meaningful judicial oversight or accountability.

Oversight and Accountability Concerns

Section 4 of the Cyber Security Act establishes the Zambia Cyber Security Agency under the general direction of the President. This arrangement can undermine the agency’s independence and increase the risk of political interference in its operations. The agency’s mandate, which includes regulating service providers, coordinating cybersecurity responses, and auditing information systems, requires robust oversight mechanisms, which are glaringly absent in the law. 

Similarly, the establishment of the Central Monitoring and Coordination Centre under section 21 (Part V) of the Cyber Security Act, with powers to lawfully intercept communications, raises red flags. Section 21 grants this body sweeping authority without creating adequate checks and balances. The lack of robust judicial oversight and transparency mechanisms raises alarms about privacy violations, which would contravene Zambia’s constitution and international human rights instruments.

Risk of Abuse and Shrinking Civic Space

The two new laws are an addition to a catalogue of restrictive laws, regulations and policies that control the enjoyment of civil liberties in online spaces. For instance, in 2021, the government ordered restrictions on social media platforms such as WhatsApp, Facebook, Twitter, and Instagram during the general elections. With general elections due in August 2026, the passage of these laws fuels fears of heightened controls, intensified censorship, surveillance, and clampdowns on civic actors.

Section 39 of the Cyber Security Act requires electronic communications service providers to install systems that can facilitate real-time interception of communications. These provisions can enable real-time surveillance of individuals’ private communication. Such provisions can be misused by the government, unscrupulous individuals and other unauthorised persons to snoop on individuals’  private communications, particularly since the laws do not provide for adequate oversight over surveillance.

Section 22 of the Cyber Crimes Act criminalises vague offences such as the use of digital platforms for harassment or humiliation, terms that are open to subjective interpretation and could be used to suppress legitimate speech, including criticism of public officials. It also reintroduces aspects of defamation which have attracted wide calls for decriminalisation, including by the African Commission on Human and Peoples’ Rights. In 2022, Zambia had shown progress when plans to decriminalise defamation were revealed. Defamation has been widely employed to arrest and prosecute government critics  and opponents in the country.

The enactment of these laws highlights a disturbing trend across Africa, where cyber laws are increasingly being used to curtail democratic participation rather than protect citizens from cyber threats. The overreach seen in Zambia’s laws mirrors similar patterns in other countries, where digital regulation is co-opted for political control.

The history of elections in Africa has further shown the elevation of controls over the civic space, including online spaces, to curtail speech, engagements and participation for civil society organisations (CSOs), human rights defenders (HRDs), journalists, bloggers and other online activists including through enhanced surveillance. The developments in Zambia raise fears of similar occurrences of high-handed control.

Zambia’s parliament should get back on the drafting table and ensure that the two new laws are aligned with regional and international human rights standards, including the African Charter on Human and Peoples’ Rights, the African Union Convention on Cybercrime and Personal Data Protection, and the Declaration of Principles on Freedom of Expression and Access to Information in Africa.

  • Overbroad criminal provisions should be expunged from the laws or narrowed.
  • Oversight mechanisms should be strengthened to ensure independence and accountability in surveillance activities.
  • All responsible parties, including enforcement and judicial officials, should be trained and their capacities built to ensure application of the laws within the acceptable human rights standards including legality and proportionality.
  • Zambia should ensure compliance with data protection and privacy standards in implementation of the laws to avoid overlaps and wanton infringements.

As Zambia prepares for its 2026 general elections, it is vital that cybersecurity and cybercrime measures do not become tools for political repression. Instead, they should serve to protect users, enhance trust in digital systems, and uphold the rights and freedoms guaranteed to all.

10Dec

Human Rights Day: Here’s How African Countries Should Advance Digital Rights

Author CIPESA Posted on

By Edrine Wanyama and Patricia Ainembabazi |

As the world marks Human Rights Day 2024, themed Our Rights, Our Future, Right Now, we are reminded of the urgent need to advance and protect human rights in an increasingly digital world.  Today, CIPESA joins the world in commemorating Human Rights Day and reflecting on the immense opportunities that the digital age brings for the realisation of human rights. Indeed, this year’s theme emphasises the need for immediate actions to safeguard rights in the digital sphere for a just and equitable future.

Whereas human rights have traditionally been enjoyed in offline spaces, the digital landscape presents unprecedented opportunities for the enjoyment of a broad range of rights, including access to information, civic participation, and freedom of expression, assembly, and association. However, the potential of digital technology to catalyse the enjoyment of these rights has steadily been threatened by challenges such as internet shutdowns, regressive laws that enable governments to clamp down on the digital civic space, and the digital divide.

The threats to digital rights, democracy, and the rule of law in Africa are numerous. They are often the result of growing authoritarianism and repression, political instability, corruption, the breakdown of public institutions, gender disparities, and growing socio-economic inequalities. Below are key intervention areas to advance digital rights on the continent.

Combat Internet  Shutdowns and Internet Censorship  

Internet shutdowns are increasingly used as a tool to suppress dissent, stifle freedom of expression, restrict access to information and freedom of assembly and association. The #KeepItOn coalition documented at least 146 incidents of shutdowns in 37 countries in Africa between January 2016 and June 2023. These disruptions continue despite evidence that they harm individuals’ rights, are counterproductive for democracy, and have long lasting impacts on national economies and individuals’ livelihoods.

A separate survey of 53 African countries shows that, as of 2023, the majority (44) had restrictions on political media, 34 had implemented social media restrictions, two restricted VPN use and seven restricted the use of messaging and Voice Over IP applications.
Governments must commit to keeping the internet open and accessible, while telecom companies must uphold transparency and resist arbitrary shutdown orders. The African Union’s recent Resolution 580 by the African Commission on Human and Peoples’ Rights (ACHPR) should specifically guide governments in keeping the internet on, even during electoral periods.

Curb Unmitigated Surveillance  

The privacy of individuals while using digital technologies is critical to protecting freedom of expression, the right to privacy, assembly, and association. Unregulated surveillance practices threaten privacy and freedom of expression across Africa, often targeting journalists, activists, and political opponents. Governments must adopt robust data protection laws, ensure judicial oversight over surveillance, and implement transparency mechanisms to prevent abuse.  In many countries,  laws governing state surveillance have gaps that allow state institutions to target government critics or political opposition members by conducting surveillance without sufficient judicial, parliamentary, or other independent, transparent and accountable oversight. 

Through research and training, CIPESA has highlighted the dangers of mass surveillance and supported the development of data protection frameworks. Our work with National Human Rights Institutions in countries like Ethiopia has strengthened their capacity to monitor and address surveillance abuses. 

Combat Disinformation  

The proliferation of disinformation is detrimental to citizens’ fundamental rights, including freedom of expression, access to information, freedom of assembly and association and participation, especially in electoral democracy. It also means that many citizens lack access to impartial and diverse information. Disinformation undermines trust, polarises societies, and disrupts democratic processes. Combating disinformation requires governments, civil society, and private sector collaboration on fact-checking, media literacy campaigns, and rights-respecting regulations.  

Our extensive research on countering disinformation in Africa provides actionable recommendations for addressing this challenge. By partnering with media organisations, platforms, and fact-checking initiatives, CIPESA has promoted factual reporting and fought misinformation, particularly during elections.

Fight Technology-Facilitated Gender-Based Violence (TFGBV)

Online harassment and abuse disproportionately target women and marginalised groups, limiting their ability to engage freely in digital spaces. Governments, intermediaries, and civil society must collaborate to ensure safer online environments and provide support systems for victims. Also, African countries need clear laws against TFGBV, with attendant capacity development for the judiciary and law enforcers to implement those laws.

CIPESA continues to conduct workshops on addressing gender-based violence in digital spaces and supporting organisations working on these issues, equipping key actors with tools to report and counter this vice. Our advocacy efforts have also emphasised platform accountability and comprehensive anti-TFGBV policies. 

De-weaponize the Law  

The digital civic space and the emerging issues such as disinformation, misinformation, false news and national security and public order have created opportunities for authoritarian governments to weaponise laws in the name of efforts to curb “abuse” by citizens. Unfortunately, the laws are employed as repressive tools targeted at curtailing freedom of expression, access to information, assembly and association online. Indeed they have been employed to gag the spaces within which freedoms were enjoyed, and to silence critics and dissenters. Governments should embark on a clear reform agenda to repeal all draconian legislation and enact laws which are progressive and align with the established regional and international human rights standards. 

As part of CIPESA’s efforts to expose civic space wrongs and manipulations through publishing of policy briefs and legal analyses, we enjoin partners, collaborators and other tech sector players in amplifying voices that call for actions to expose the misuse of laws on information disorder, anti-cybercrime laws and other repressive legislation through evidence based advocacy that could fundamentally  influence successful challenge of unjust laws in courts, regional forums and  human rights enforcement mechanisms for galvanisation of success across the continent.  

Arrest the Digital Divide  

The digital divide remains a significant barrier to the enjoyment of rights and to inclusive citizen participation, with rural, underserved communities, and marginalised groups disproportionately affected. This divide excludes millions from accessing opportunities in education, healthcare, and economic participation. Common contributing factors include high internet usage costs, expensive digital devices, inadequate digital infrastructure and low digital literacy. Addressing this gap requires affordable internet, investment in rural connectivity, and digital literacy programmes.

CIPESA’s research sheds light on the main barriers to connectivity and affordability, including the effective use of Universal Service Funds. Promoting inclusive digital access, particularly for marginalised communities, requires collective action from governments and other tech sector players, calculated towards enabling equitable access to, and utilisation of digital tools.

Promote Multistakeholder Engagements  

The complexity of digital rights challenges necessitates continuous collaboration and building of partnerships amongst governments, civil society, and private sector actors. CIPESA has facilitated multistakeholder dialogues that bring together diverse actors to address digital rights concerns, including national dialogues and the annual Forum on Internet Freedom in Africa (FIFAfrica). These engagements have led to actionable commitments form governments, civil society and other tech sector players and strengthened partnerships for progressive reforms. 


Last Word

CIPESA reaffirms its commitment to advancing digital rights for all across Africa. However, the challenges to meaningful enjoyment of digital rights and the advancement of digital democracy are myriad. The solutions lie in concerted efforts by various actors, including governments, the private sector, and civil society, all of whom must act now to protect digital rights for a better human rights future . 

04Mar

Legal Innovation and Tech Fest 2020

Celebrating the people, technology, ideas & innovations that are literally transforming the way law firms & in-house legal teams operate. See event details here.