ZIMBABWEANS have come out guns blazing saying government’s new regulations requiring licences to operate WhatsApp groups are an affront to freedom of expression and privacy.

The policy, announced by ICT minister Tatenda Mavetera, mandates group administrators to obtain licences, appoint data protection officers and comply with stringent data protection laws, incurring fees ranging from US$50 to US$2 500.

The policy has far-reaching implications, particularly for informal social and community groups, according to Linda Masarira, opposition LEAD president.

“This will discourage the creation of such groups, stifling informal networks vital to Zimbabwean social life,” she said.

Masarira highlighted the potential surveillance implications, noting that WhatsApp’s end-to-end encryption had been a safe space for Zimbabweans to share views and ideas.

“Imposing a US$50 to US$2 500 fee, appointing a data protection officer and complying with stringent data protection laws create considerable barriers for average citizens running groups for non-commercial purposes, such as family chats, community initiatives or social clubs."

Keep Reading

Masarira added that the policy would inadvertently create a culture of fear around digital communication due potential fines for non-compliance.

“The regulation primarily benefits government by limiting spaces where citizens can exchange ideas, organise and hold authorities accountable. In short, this regulation is anti-people. While data protection is essential in a digital society, the unintended consequences will disrupt Zimbabwe’s social fabric, stifling grassroots movements, religious discussions and other informal yet essential interactions.”

Economist Vince Musewe labelled the proposition “ridiculous,” questioning the motive behind a requirement for ministerial approval for non-commercial groups, such as family or church groups.

“They will have to arrest the whole country for non-compliance,” Musewe said.

“So if I want to open a group for church then I would have to obtain authority from the minister. If I want to be an administrator for my family group then I have to obtain authority from the ministry which means I now must associate myself in WhatsApp groups that the minister approves. It’s a ridiculous move and no country has ever done that,” he said.

WhatsApp users echoed these concerns, citing overreaching implications on freedom of expression.

One group administrator expressed anxiety over potential liability for others’ opinions or humour, leading to self-censorship and stifled discussions.

One respondent who is also a group admin said that it was serious and concerning.

“What if admins are held liable for posts they didn’t see or approve?”

Mlondolozi Ndlovu, a media practitioner and practising lawyer, also shared the same sentiments.

“By requiring WhatsApp group admins to obtain a licence and appoint a data protection officer, government may be overstepping its bounds and infringing on citizens’ freedom of expression and freedom of the media as guaranteed by Section 61 of the Constitution of Zimbabwe”, hesaid.

Ndlovu also revealed that  new regulations imposed by the Postal and Telecommunications Regulatory Authority of Zimbabwe raise eyebrows. Requiring the said data collectors to obtain a licence and appoint a data protection officer seem excessive and could be seen as a money making scheme or in a way limit mass communication, he said.

“Another potential harm to be caused by these regulations is its poor and ambiguous interpretation clause. The regulations refer a lot to data collectors but it does not specify or define who the data collectors are. It is vague and unclear and is very much open to misinterpretations. Does it include WhatsApp group admins who are already panicking and ready to close their groups?” Ndlovu said.

“It is not only the interpretation clause that is vague and ambiguous, the regulations has a lot of vague terminologies [such as] ‘other benefit’. Laws couched in such broad terms that their application cannot be delimited and where the implementing officers can take different decisions on the same facts with all such decisions being justifiable on one or other reading of the law, should be revisited."

Ndlovu also said it was not clear that acquisition of these licences  will safeguard personal data and improve cyber security.

“The regulations impose a high degree of punishment for people that do not oblige to the licensing rules as it states in section 3(3) that any person who processes personal information in terms of this section without a data controller licence within the stipulated time frames shall be guilt of an offence and liable to a fine not exceeding level 11 or to imprisonment for a period not exceeding seven years or both such fine and such imprisonment.This kind of punishment is excessive and unwarranted,” he said.

"The regulations lack and should have provided clear prerequisites and guidelines upfront as to how the applications are made, the steps and orders to follow so that such rejections are avoided.

“The regulations also do not provide how long applicants have to wait before their licences are issued out. There is no guarantee how long one will have to wait before they get their licence and continue with their venture which makes them commercial profit.”

Ndlovu said the regulations could not be wholly taken in bad faith since there is a digital world where cyber security is always a threat. It is important to ensure measures which will protect people’s personal data.

“The regulations are a part of Zimbabwe’s broader data protection and cybersecurity legal framework.They harmonise existing laws to create a unified approach to data protection. They aim to enhance data protection practices, ensure compliance with legal standards and protect personal data in the digital age.”