By Ashnah Kalemera |
Tanzania has issued online content regulations that oblige bloggers, owners of discussion forums, as well as radio and television streaming services to register with the communications regulator and to pay hefty licensing and annual fees.
There are three types of licences. A license for provision of online content services comes at an initial cost of TZShs 1.1 million (USD 484) comprised of an application fee of USD44 and an initial licencing fee of USD 440. In addition, there is an annual licence fee of USD440, and a similar amount has to paid for licence renewal after three years.
A licence to stream radio or television content on the internet costs TZShs 250,000 (USD110), with annual licence fees set at USD 88. This licence also has to be renewed after three years at a cost of USD 88.
The Electronic and Postal Communications (EPOCA) (Online Content) Regulations, 2018, which were issued on March 13, 2018, join a catalogue of legislation related to online content in Tanzania that threatens citizens’ constitutionally guaranteed rights to privacy and freedom of expression. The regulations are also likely to negatively impact on an already fragile intermediary liability landscape in a country fraught with increasing media repression and persecution of government critics.
When the Tanzania Communications Regulatory Authority (TCRA) initially published the draft regulations last September, they did not have the requirement to apply for online content service licences as set out in Regulation 14 of the enacted regulations. It states: “Any person who wishes to provide online content services shall fill in an application form as prescribed in the First Schedule and pay fees as set out in the Second Schedule to these Regulations.”
Applicants are required to provide their company details including physical address, shareholding, citizenship of shareholders/directors and tax registration. The communications regulator, TCRA, has the right to cancel licences over non-compliance.
The regulations that have been issued are more regressive than the draft which the regulator issued in September 2017 for public comment.
See CIPESA’s full analysis of the draft EPOCA Content Regulations, 2017 – available in English and Swahili.
Under obligations of internet cafes, the final regulations introduced two clauses that threaten user privacy. Under regulation 9, café owners are required “to ensure that all computers used for public internet access are assigned public static IP addresses”. This could inhibit the use of circumvention tools such as Virtual Private Networks (VPN) that rely on dynamic IP address protocols, and which citizens resorted to using in neighbouring Uganda during state-initiated interruptions to communications.
Further, the regulations extend café owners’ obligations to install camera equipment to include registration of users “upon showing a recognised identity card”. Pursuant to regulation 9(2), recorded surveillance and the user register “shall be kept for a period of twelve months.”
Several regressive provisions from the draft version were also passed. Regulation 6(1) requires licenced service providers who provide online content or facilitate online content production to terminate or suspend subscriber accounts and remove content if found in contravention of the regulations, within 12 hours from the time of notification by TCRA or by an affected person. This requirement places a heavy technical and human resource burden on content hosts and providers to have in place competencies to handle complaints within 12 hours.
Swift content restriction or removal is also required of online content hosts under regulation 8(b) and content providers and users under regulation 5(1)(g). As we argued in an earlier brief, while content such as revenge pornography and that which promotes violent extremism may be justifiably removed promptly, there is a danger that the regulations may be applied unjustifiably to content such as that relating to exposure of corruption or human rights violations.
Whereas regulation 16 provides for a complaints handling procedure, the regulations do not provide for the process nor mechanisms for legal recourse over contested content.
Regulation 5(1)(e) requires content providers to “have in place mechanisms to identify source of content”. This obligation poses a threat to the right to anonymity and whistleblowing and may lead to self-censorship.
Moreover, Regulation 12 on content prohibited from publication lists restrictions with broad definitions and which have potential to limit freedom of expression. In terms of scope, it includes unspecified content that “causes annoyance”; “uses disparaging or abusive words which is calculated to offend an individual or a group of persons”; and is “crude”, “obscene” or “profane” including in local languages.
Regulation 12 also prohibits publication of “false content which is likely to mislead or deceive the public except where it is clearly pre-stated that the content is i) satire and parody ii) fiction; and iii) where it is preceded by a statement that the content is not factual.”
Nonetheless, the regulations have some positive elements, among them regulation 10(b) which requires users to use device passwords to ensure that unscrupulous and unauthorized persons do not access their social media accounts.
The requirement for provision of easily accessible user terms and conditions by licensed service providers, adoption of a code of conduct for content hosting, and publication of a safe internet use policy for internet cafes, are also commendable in promoting user awareness of platform policies. The regulations also provide important safeguards for child protection online, such as regulation 13 which prohibits children’s to access to prohibited content online.
In a boost to privacy and data protection, regulation 11 prohibits unauthorised disclosure of “any information received or obtained” under the provisions of the regulations, except where the information is required for law enforcement purposes. Furthermore, regulation 11 restricts use of information only to the “extent” that is “necessary for the proper performance of official duties.” Nonetheless, in the absence of data protection and privacy legislation in Tanzania, these safeguards could be rendered of little value and hence prone to abuse.
It remains to be seen how the new regulations will be enforced and how they will impact on citizens’ rights online. However, given Tanzania’s history of predatory action against internet users following the enactment of the Cybercrime Act, 2015, the new regulations are likely to be utilised to further undermine the internet freedom situation in the country.