By Gonjetso Dikiya | Head of Legal Services- Dispute Settlement Services
Data protection is an emerging field that has taken centre stage in the information age. The information age has witnessed more advanced technology and greater reliance on internet facilities. The scope and reach of social media platforms are but one area that has grown exponentially. The benefits of the information age cannot be overstated. However, the information age also eased access to personal data which is increasingly processed using modern technological devices. This has caused many to rethink the boundaries of privacy in the contemporary world. ‘Everyday millions of ordinary people are subject to a variety of technologies that invade their privacy’. Consequently, it has become critical to consider various privacy issues concerning the protection of personal data in the information age.
Data protection is an ambit of the broader field of privacy law. Privacy refers to the right to be left alone.’It is the claim of individuals, groups or institutions to determine for themselves, when, how and to what extent information about them is communicated to others.Essentially, privacy is one of the ultimate expressions of an individual’s autonomy in that privacy accords the person ‘control over his or her personal information’ and enables one to ‘conduct his or her personal affairs relatively free from unwanted intrusions’. From this perspective, privacy protects the individual from unwanted intrusions from both the state and the public
- Guarantees of Privacy under the Constitution of the Republic of Malawi
The right to privacy in Malawi is guaranteed under section 21 of the Constitution. The section is not exhaustive in its provisions but arguably seeks to highlight some crucial contents of the right to privacy. Section 21 sets the framework for the operation of data protection in Malawi as it specifically includes the right not to be subjected to interferences with private communications including mail and all forms of telecommunications. The section is broad enough to cover the discourse of data protection.
- Statutory Guarantees on Data Protection
The Electronic Transactions and Cyber Security Act, [ETCSA],2016 is the only legislation that currently expressly provides for data protection in Malawi. The ETCSA contains express provisions that incorporate and infuse most of the governing core principles of data protection recognised internationally. The ETCSA provides for the fair and lawful processing of information, purpose limitation, minimality, quality, openness and transparency, security, and accountability. The Act also provides extensively for the participation of data subjects in the processing of their data. Most of these data protection principles under the ETCSA are expressed in terms similar to most recognised international data protection principles.
The ETCSA, however, omits several key principles that have internationally been embraced as core to any data protection regime. To highlight a few areas, the ETCSA does not provide for the protection of sensitive data and children’s data. The international best practices require a higher threshold for the protection of such data. The ETCSA does not fully embrace principles of data participation in the processing of their personal data and other crucial areas like the right for data subjects to withdraw consent to the processing of their personal data are visibly missing from the ETCSA.
- The New Dawn: Data Protection Bill [DPB]
Considering the foregoing, there have been several calls for Malawi to adopt a comprehensive data protection regime. The draft DPB aims to bring about a comprehensive regime regulating data protection in all areas where personal data is being processed. The DPB is very progressive and comprehensively incorporates the key norms on data protection that have been embraced on the international platform.
Data protection is of critical importance in the information age. Technological mechanisms can easily be manipulated to the detriment of people’s personal data. This short article has highlighted how data protection should be at the fore in ensuring the right to privacy is preserved. In my next articles, I shall focus on the DPB and attempt to highlight some of the notable highlights, and I shall explore some of the notable gaps and weaknesses that may need to be resolved before the DPB is passed into law.
 Khalid Alkhatib & Ahmad Alaiad ‘The influences of Privacy, Security, and Legal Concerns on Online Banking Adoption: A Conceptual Framework’ in Shadi A Aljawarneh Online Banking Security Measures and Data Protection. (2017) 118.