DRAFT OF DATA PROTECTION ACT 2013_ 28 October 2013.doc

8/10/2019 DRAFT OF DATA PROTECTION ACT 2013_ 28 October 2013.doc

1/64

UNITED REPUBLIC OF TANZANIA

MINISTRY OF COMMUNCATIONS, SCIENCE AND TECHNOLOGY

DATA PROTECTION BILL, 2013

1

Draft of Data Protection Bill, 2013


2/64

Arrangeen! "# Se$!%"n&

PART I

PRELIMINARY

Section Title

1 Short Title

2 Commencement

3 Objective of the Act

4 Interpretation

5 Savings

PART II

COLLECTION, USE, DISCLOSURE AND RETENTION OF PERSONAL INFORMATION

6 Collection of personal information

So!rce an" notification of personal information

# Acc!rac$ of personal information to be chec%e" before !se

& 'imits on !se of personal information

1( 'imits on "isclos!re of personal information11 Con"ition for !se or "isclos!re of personal information

12 Storage an" sec!rit$ of personal information

13 )etention an" "isposal of personal information

14Correction of personal information

15 *ata Controller to ens!re compliance

16 +rocessing of Sensitive +ersonal Information

1 'imitations to accommo"ate national la,s

1# Commissioner to or"er e-ceptions

1& Commission to set con"itions for processing sensitive personal information

2



3/64

PART III

DATA PROTECTION COMMISSIONER

2( Office of "ata +rotection Commissioner

21 Ten!re of Office

22 .!alifications for appointment

23 /!nctions of the Commissioner

24 )estriction on emplo$ment

25 /illing of vacanc$

26 Staff an" /!n"s

PART I'

REGISTER OF DATA CONTROLLERS AND INFORMATION BUREAU

2 )egister of *ata Controllers an" Information b!rea!

2# Application for registration or amen"ment

2& Acceptance or )ef!sal

3( *!ration an" rene,al

31 Inspection

32 *eregistration

3



4/64

PART '

IN'ESTIGATION OF COMPLAINTS

33 )eceipt an" investigation of complaints

34 0o"e of complaint

35 otice of investigation

36 Commissioner to ma%e )eg!lations for investigation proce"!res

3 Investigations Confi"entialit$

3# +o,ers of Commissioner in carr$ing o!t investigations

3& /in"ings an" recommen"ations of Commissioner

4( )evie, of compliance ,ith the Act

41 )eport to +arliament42 Sec!rit$ re!irements

43 Confi"entialit$

44 +rotection from criminal or civil procee"ings

PART 'I

MISCELLANEOUS

45*ata +rotection Officers an"

*ata +rocessors

46 *ata Controller *irection

4 +rocee"ings ,here "isclos!re ,as in goo" faith

4# )eg!lations

4& Co"e of Con"!ct

5( histle blo,ing

4



5/64

PART 'II

TRANSBORDER DATA FLO(

51 Transfer to a state ,ith a"e!ate "ata protection frame,or%

52 Transfer to a state that "oes not have a"e!ate protection for "ata protection

SCHEDULE I

RIGHTS OF DATA SUB)ECTS

SCHEDULE II

E*CEPTIONS TO DATA PROCESSING PRINCIPLES

1 ational sec!rit$

2 Crime an" ta-ation

3 ealth an" social ,or%

4 )eg!lation of financial services etc

5 Appointment an" professional privilege

6 +a$rolls an" Acco!nts

Other e-emptions

5



6/64

SCHEDULE IIISANCTIONS

6



7/64

NOTICE

This 7ill to be s!bmitte" to the ational Assembl$ is p!blishe" for general information to the p!blic

together ,ith a statement of its objects an" reasons

*ar es Salaam8

2(13 Secretary to the Cabinet

A BILL

for

A B%++ #"r an A$! !" r""!e !-e r"!e$!%"n "# er&"na+ %n#"ra!%"n r"$e&&e. / /+%$ an. r%a!e

/".%e& !" %n!r".$e %n#"ra!%"n r"!e$!%"n r%n$%+e& &" a& !" e&!a/+%&- %n% re4%reen!& #"r

!-e r"$e&&%ng "# er&"na+ %n#"ra!%"n an. !" r"%.e #"r a!!er& $"nne$!e. !-ere5%!-6

7T" /e ena$!e. / !-e Par+%aen!8

7



8/64

PART I

PRELIMINARY

8



9/64

Short title1 This Act ma$ be cite" as the *ata +rotection Act8 2(13

Commencement 2 This Act shall come into operation on a "a$ to be appointe" b$ the 0inister8 b$ or"er

p!blishe" in the 9a:ette

Object of the

Act

3 The object of this Act is to ma%e provision for the protection of personal information8

collection8 hol"ing8 !se8 correction an" "isclos!re of personal information in a manner

that recogni:es the right of privac$ of in"ivi"!als ,ith respect to their personal

information

Interpretation 4 In this Act ;

her j!"icial or legall$ appointe"

representative accepts that his>her personal information be processe"


10/64


11/64

11



12/64

@a information relating to the race8 national or ethnic origin8 religion8 age or

marital stat!s of the in"ivi"!al?

@b information relating to the e"!cation or the me"ical8 criminal or

emplo$ment histor$ of the in"ivi"!al or information relating to

financial transactions in ,hich the in"ivi"!al has been involve"?@c an$ i"entif$ing n!mber8 s$mbol or other partic!lar assigne" to the

in"ivi"!al?

@" the a""ress8 fingerprints or bloo" t$pe of the in"ivi"!al?

@e the name of the in"ivi"!al ,here it appears ,ith other personal

information relating to the in"ivi"!al or ,here the "isclos!re of the

name itself ,o!l" reveal information abo!t the in"ivi"!al?

@f correspon"ence sent to a "ata controller b$ the in"ivi"!al that is e-plicitl$

or implicitl$ of a private or confi"ential nat!re8 an" replies to s!chcorrespon"ence that ,o!l" reveal the contents of the original

correspon"ence? an"

@g the vie,s or opinions of an$ other person abo!t the in"ivi"!al


13/64

personal information for ,hich a "ata controller is responsible is "isclose"

13



14/64


15/64

the prosec!tion of offen"ers or the e-ec!tion of sentences or sec!rit$

meas!res8 to the e-tent that a"e!ate safeg!ar"s have been establishe" in specific

legislation for the protection of the relevant personal information?

@c for e-cl!sivel$ jo!rnalistic p!rposes b$ responsible parties ,ho are s!bject to8

b$ virt!e of office8 emplo$ment or profession8 a co"e of ethics that provi"esa"e!ate safeg!ar"s for the protection of personal information?

@" relating to the j!"icial f!nctions an" proce"!res of a co!rt an" the po,ers of the

j!"iciar$? an"

@e b$ p!blic bo"ies that are e-empte" from the application of the "ata protection

principles in terms of reg!lations ma"e b$ the 0inister

@4 This la, is applicable

@a This Act is applicable to an$ processing of personal information performe"

,holl$ or partl$ b$ a!tomate" means

@b to the processing of personal information carrie" o!t in the conte-t of the

effective an" act!al activities of an$ controller "omicile" in Tan:ania or in a

territor$ ,here Tan:anian la, applies b$ virt!e of international p!blic la,? an"

@c to the processing of personal information b$ a controller ,ho is not "omicile" in

Tan:ania8 if the processing of the personal information is in Tan:ania an" s!ch

processing is not for the p!rposes of mere transit of personal information thro!gh

Tan:ania

@6 In the circ!mstances referre" in S!bsection 4@b8 the controller shall "esignate a

representative8 ,ho shall be the "ata controllerDs representative8 for the p!rposes of

compliance ,ith this Act8 ,itho!t prej!"ice to the obligations of the controller !n"er

this Act or legal procee"ings that ma$ be bro!ght against the controller

15



16/64

PART II

COLLECTION, USE, DISCLOSURE AND RETENTION OF PERSONAL DATA

16



17/64

Collection

of personal

"ata

6@1 A "ata controller shall not collect personal "ata !nless;

@a the information is collecte" for a la,f!l p!rpose "irectl$ relate" to a f!nction or

activit$ of the "ata controller? an"

@b the collection of the "ata is necessar$ for8 or "irectl$ relate" to8 that p!rpose

@2 A "ata controller shall not collect personal "ata;

@a b$ !nla,f!l means? or

@b b$ means that8 in the circ!mstances

@i are !na!thorise"? or

intr!"e to an !nreasonable e-tent !pon the privac$ of the "ata s!bject

concerne"

@ii

So!rce an"

notification

of personal

information

@1 A "ata controller shall8 s!bject to s!bsection @38 collect personal information "irectl$

from the "ata s!bject concerne"

@2 At or before the time8 or if that is not practicable8 as soon as practicable after8 a "ata

controller collects personal information !n"er s!bsection @18 the "ata controller shall ta%e

s!ch steps as are8 in the circ!mstances8 reasonable to ens!re that the "ata s!bject concerne"

is a,are of ;

@a the p!rposes for ,hich the information is being collecte"?

@b the fact that the collection of the information is for a!thori:e" p!rposes8

p!rposes a!thori:e" in la,? an"

@c the inten"e" recipients of the information

@3 A "ata controller is not oblige"to compl$ ,ith s!bsection @1 ,here ;

@a the information is p!blicl$ available?

@b the "ata s!bject concerne" a!thorises the collection of the information from

thir" part$? or

@c non;compliance ,ill not prej!"ice the interests of the "ata s!bject concerne" in

the reasonable e-pectation of the "ata controller an" compliance is not

reasonabl$ practicable in the circ!mstances of the partic!lar case

@" non;compliance is necessar$ ;

@i for the prevention8 "etection8 investigation8 prosec!tion or8 p!nishment

of an$ offence or breach of la,?

@ii for the enforcement of a la, imposing a pec!niar$ penalt$?

17



18/64

@iii for the protection of p!blic reven!e?

@iv for the preparation for8 or con"!ct of8 procee"ings before an$ co!rt or

trib!nal8 or implementation of the or"ers of a co!rt or trib!nal? or

@v in the interests of national sec!rit$8 national "efence or international

relations relate" to international sec!rit$ or "efence? or

@e compliance ,o!l" prej!"ice the la,f!l p!rpose of the collectionAcc!rac$ of

personal

information

to be

chec%e"

before !se

# here "ata controller hol"s personal information8 having regar" to the p!rpose for ,hich

the information is propose" to be !se"8 it shall not !se that information ,itho!t ta%ing s!ch

steps as are8 in the circ!mstances8 reasonable to ens!re that8 the information is complete8

acc!rate8 !p to "ate8 relevant an" not mislea"ing

'imits on

!se of

personal

information

& S!bject to section 128 ,here "ata controller hol"s personal information that ,as collecte"

in connection ,ith a partic!lar p!rpose8 it shall not !se that information for an$ other

p!rpose !nless G

@a the in"ivi"!al concerne" a!thori:es the !se of the information for that other

p!rpose@s?

@b !se of the information for that other p!rpose is a!thori:e" or re!ire" b$ or

!n"er la,?

@c the p!rpose for ,hich the information is !se" is "irectl$ relate" to the p!rpose

for ,hich the information ,as collecte"?

@" the information is !se" ;

@i in a form in ,hich the in"ivi"!al concerne" is not i"entifie"? or

@ii for statistical or research p!rposes an" ,ill not be p!blishe" in a form

that co!l" reasonabl$ be e-pecte" to i"entif$ the in"ivi"!al concerne"?

@e the "ata controller believes on reasonable gro!n"s that !se of the information

for that other p!rpose is necessar$ to prevent or lessen a serio!s an" imminent

threat to the life or health of the in"ivi"!al concerne" or other person8 or to

p!blic health or safet$? or

@f !se of the information for that other p!rpose is necessar$ ;

@i for the prevention8 "etection8 investigation8 prosec!tion or p!nishment of

an$ offence or breach of la,?

@ii for the enforcement of a la, imposing a pec!niar$ penalt$?@iii for the protection of p!blic reven!e?

@iv for the preparation for8 or con"!ct of8 procee"ings before an$ co!rt or


@v in the interests of national sec!rit$8 national "efence or international

relations

18



19/64

'imits on

"isclos!re

of personal

information

1(@1 S!bject to section 128 ,here "ata controller hol"s personal information8 it shall not

"isclose the information to a person8 bo"$ or agenc$8 other than the "ata s!bject concerne"8

!nless;;

@a the "ata s!bject concerne" has e-pressl$ or implicitl$ consente" to the

"isclos!re?

@b the "isclos!re of the information is re!ire" or a!thorise" b$ or !n"er la,?

@c the "isclos!re of the information is one of the p!rposes in connection ,ith

,hich the information ,as collecte"8 or is "irectl$ connecte" to that p!rpose?

@" the "ata s!bject concerne" is reasonabl$ li%el$ to have been a,are or ma"e

a,are !n"er section @2@c that information of that nat!re is or"inaril$ passe"

on to that person8 bo"$ or agenc$?

@e the information is to be "isclose" ;

@i in a form in ,hich the "ata s!bject concerne" is not i"entifie"? or

@ii for statistical or research p!rposes an" ,ill not be p!blishe" in a form

that co!l" reasonabl$ be e-pecte" to i"entif$ the "ata s!bject concerne"?

or

@f the "ata controller believes on reasonable gro!n"s that "isclos!re of the

information is necessar$ ;

@i to prevent or lessen a serio!s an" imminent threat to the life or health of

the in"ivi"!al concerne" or other person8 or to p!blic health or safet$?

@ii for the prevention8 "etection8 investigation8 prosec!tion or p!nishment

of an$ offence or breach of la,?

@iii the enforcement of a la, imposing a pec!niar$ penalt$?

@iv the protection of p!blic reven!e?@v the preparation for8 or con"!ct of8 procee"ings before an$ co!rt or


@vi in the interests of national sec!rit$8 "efence or international relations

@2 An$ person8 bo"$ or agenc$ incl!"ing a thir" part$ processor to ,hom personal

information is "isclose" !n"er s!bsection @1 shall not !se or "isclose the information for a

p!rpose other than the p!rpose for ,hich the information ,as given to that person8 bo"$ or

agenc$

Con"ition

for !se or

"isclos!re

of personal

11 @1 A "ata controller shall onl$ !se or "isclose personal information !n"er section & or

section 1(8 ,here s!ch !se or "isclos!re ,o!l" not amo!nt to an !nreasonable invasion of

privac$ of the "ata s!bject concerne"8 ta%ing into acco!nt the specific nat!re of the personal

information an" the specific p!rpose for ,hich it is to be so !se" or "isclose"

19



20/64

information

Storage an"

sec!rit$ of

personal

information

12 here the "ata controller hol"s personal information8 he shall ens!re that;

@a the information is protecte"8 b$ s!ch sec!rit$ safeg!ar"s as is reasonable in the

circ!mstances to ta%e8 against loss8 !na!thori:e" access8 !se8 mo"ification or

"isclos!re8 an" against other mis!se? an"

@b ,here it is necessar$ for the information to be given to a "ata processor or

other recipient in connection ,ith the provision of a service to the "ata s!bject8

ever$thing reasonabl$ ,ithin the po,er of the "ata controller is "one to prevent

!na!thori:e" !se or "isclos!re of the information

)etention an"

"isposal of

personal

information

13@1 here a "ata controller !ses personal information for a specifie" p!rpose

incl!"ing an a"ministrative p!rpose8 it shall retain the information for s!ch perio" of

time as ma$ be prescribe" b$ reg!lation in or"er to ens!re that the "ata s!bject

concerne" has a reasonable opport!nit$ to obtain access to the information

@2 S!bject to s!bsection @1 the 0inister shall prescribe b$ reg!lation8 g!i"elines for

the retention an" "isposal of personal information hel" b$ a "ata controller in

accor"ance ,ith the p!rpose of retention

Correction of

personal

information

@p!blic a!thorit$

14 @1 here a "oc!ment of a p!blic a!thorit$ to ,hich access has been given !n"er

an$ enactment8 contains personal information of a "ata s!bject an" that person claims

that the information;

@a is incomplete8 incorrect or mislea"ing? or

@b not relevant to the p!rpose for ,hich the "oc!ment is hel"8

the p!blic a!thorit$ ma$8 s!bject to s!bsection @28 on the application of the "ata

s!bject8 amen" the information !pon being satisfie" of the claim

@2 An application !n"er s!bsection @1 shall;

@a be in ,riting? an"

@b as far as practicable8 specif$;

@i the "oc!ment or official "oc!ment containing the recor" of

personal information that is claime" to re!ire amen"ment?

@ii the information that is claime" to be incomplete8 incorrect or

mislea"ing?

@iii ,hether the information is claime" to be incomplete8 incorrect or

mislea"ing?

20



21/64

@iv the applicantDs reasons for so claiming? an"

@v the amen"ment re!este" b$ the applicant

@3 To the e-tent that it is practicable to "o so8 the p!blic a!thorit$ shall8 ,hen

ma%ing an$ amen"ment !n"er this section to personal information in a "oc!ment8

ens!re that it "oes not permanentl$ "elete the recor" of the te-t of the "oc!ment as it

e-iste" prior to the amen"ment

@4 here a p!blic a!thorit$ is not satisfie" ,ith the reasons for an application

!n"er s!bsection @18 it ma$ ref!se to ma%e an$ amen"ment to the information an"

inform the "ata s!bject applicant of its ref!sal together ,ith its reasons for so "oing

@5 The p!blic a!thorit$ ma$ opt an application !n"er s!bsection @1 to be in a

"ata message or electronic form "epen"ing on agreement bet,een s!ch a!thorit$ an"

that "ata s!bject

*ata Controller to

ens!re compliance

15 @1 It shall be the responsibilit$ of the "ata controller to ens!re that8 the "ata

controller8 the "ata controllerDs representative or the "ata protection officers or an$

other persons ,or%ing !n"er the a!thorit$ of the "ata controller incl!"ing an$

emplo$ee or s!bcontractor an" the "ata processor to ens!re compliance to the

re!irements of this Act

+rocessing of

Sensitive +ersonal

Information

16 @1

@a The processing of sensitive personal information revealing racial or ethnic

origin8 political opinions8 religio!s or philosophical beliefs8 affiliation8 tra"e;

!nion membership8 the gen"er an" the processing of "ata concerning se- life

as ,ell as an$ personal information ,hich are consi"ere" b$ the Tan:anian

la, as presenting a major ris% to the rights an" interests of the "ata s!bject8 in

partic!lar !nla,f!l or arbitrar$ "iscrimination8 an" ,here processe" for ,hat

the$ reveal or contain8 is prohibite" !nless the "ata s!bject has given his

consent in ,riting for s!ch processing of personal information s!bject to a

limitation of s!ch consent ,here the la, "oes not permit that the prohibitionis able to be remove" ,ith the ,ritten consent of the "ata s!bject

@b The consent referre" to in @1 @a above can be ,ith"ra,n b$ the "ata s!bject

at an$ time an" ,itho!t an$ e-planation or charges

@c The Commissioner ma$ "etermine the cases in ,hich the prohibition to

process the "ata referre" to in this section cannot be remove" even ,ith the

21



22/64

"ata s!bjectBs consent

@" here the "ata s!bject from ,hom consent is so!ght for the p!rpose of this

Act8 is a minor8 a person of !nso!n" min" or an$ other person !nable to

consent8 s!ch personBs consent shall be so!ght from his parents8 g!ar"ian8

heirs8 attorne$s or an$ other person recogni:e" b$ la, to be acting on behalfof the person ,hose consent is to be so!ght

22



23/64

@2 S!b Section @1 above shall not appl$ ,here

@a the processing is necessar$ to carr$ o!t the obligations an" specific rights of the

controller in the fiel" of emplo$ment la,? or

@b the processing is necessar$ to protect the vital interests of the "ata s!bject or ofanother person8 ,here the "ata s!bject is ph$sicall$ or legall$ incapable of giving

his>her consent or is not represente" b$ his>her legal8 j!"icial or agree"

representative? or

@c the processing is carrie" o!t in the co!rse of its legitimate activities b$ a

fo!n"ation8 association or an$ other non;profit organi:ation ,ith a political8

philosophical8 religio!s8 health;ins!rance or tra"e;!nion aim an" on con"ition that the

processing relates solel$ to the members of the organi:ation or to persons ,ho have

reg!lar contact ,ith it in connection ,ith its p!rposes an" that the "ata is not"isclose" to a thir" part$ ,itho!t the "ata s!bjectsB consent? or

@" the processing is necessar$ to compl$ ,ith social sec!rit$ la,s? or

@e the processing is necessar$8 ,ith appropriate g!aranties8 for the establishment8

e-ercise or "efense of legal claims? or

@f the processing relates to "ata ,hich has apparentl$ been ma"e p!blic b$ the "ata

s!bject? or

@g the processing is necessar$ for the p!rposes of scientific research an" theCommissioner shall has specifie" the con"itions !n"er ,hich s!ch processing ma$ be

carrie" o!t? or

@h the processing is carrie" o!t accor"ing to the legislation on p!blic statistics? or

@i the processing is necessar$ for the p!rposes of preventive me"icine or me"ical

"iagnosis8 the provision of care or treatment to the "ata s!bject or one of his>her

relatives8 or the management of health;care services provi"e" in the interest of the

"ata s!bject8 an" the sensitive personal information concerne"8 is processe" !n"er the

s!pervision of a health professional in accor"ance ,ith the legislation governing s!ch

health care services? or

@j the processing of personal information referre" is a!thori:e" b$ a la, or an$

e!ivalent legislative act for another reason of s!bstantial p!blic interest? or

@% the processing is carrie" o!t b$ associations ,ith a legal personalit$ or

23



24/64

organi:ations of p!blic interest ,hose main objective is the protection an"

@l promotion of h!man rights an" f!n"amental free"oms8 ,ith a vie, to achieving

that objective8 provi"e" that the processing has been a!thori:e" b$ the Commission

24



25/64

'imitations to

accommo"ate

national la,s

1 @1 The 0inister ma$ ma%e reg!lations to limit the application of the provisions of

this Act ,hen s!ch limitation is necessar$ to

@a preserve national sec!rit$?

@b preserve p!blic safet$ @incl!"ing the economic ,ell;being or interest of the

co!ntr$ ,hen the processing operation relates to State sec!rit$ matters?

@c the prevention8 investigation8 or proof of criminal offences8 the prosec!tion of

offen"ers or the e-ec!tion of criminal sentences or sec!rit$ meas!res or violation to

professional co"es of con"!ct in the case of the legal profession

@" a monitoring8 inspection or reg!lator$ tas% connecte" ,ith the e-ercise of

official "!ties in the cases referre" to in this Section

@e the processing of personal "ata carrie" o!t for the sole p!rpose of

i literar$ an" artistic e-pression?

ii professional jo!rnalism8 accor"ing to the ethical r!les of this profession

@2 The reg!lations p!rs!ant to S!bsection @1 shall not prevent the application ofprovisions of the Civil +roce"!re Co"e8 the Criminal +roce"!re Co"e8 the la,s

relating to the me"ia an" an$ other la,s that provi"e for the con"itions of the e-ercise

of the right of repl$ an" that prevent8 limit8 compensate an"8 if necessar$8 sanctionviolations of privac$ an" attac%s on the rep!tation of in"ivi"!als

H-ceptions to

processing of

sensitive "ata

1# +!rs!ant to the provisions of this Act8 e-ceptions to the prohibitions on the

processing of sensitive personal information shall be as containe" in Sche"!le II to

this Act

Commission to setcon"itions for

processing

sensitive personal

information

1& The Commission shall set con"itions to be met for an$ processing of sensitivepersonal information a!thori:e" b$ or"er of the Commissioner

+A)T III

O//ICH O/ *ATA +)OTHCTIO CO00ISSIOH)

Office of *ata

+rotection

Commissioner

2( @1 /or the p!rposes of this Act8 there is hereb$ establishe" the office of the *ata+rotection Commissioner ,hich shall be an in"epen"ent bo"$ for ens!ring that

processing of personal "ata in private an" p!blic spheres a"here to the provisions of

this Act;

@2 The Commissioner shall be appointe" b$ the +resi"ent !pon the recommen"ation

of the 0inister8 s!bject to s!ch terms an" con"itions as ma$ be specifie" in the

25



26/64

instr!ment of appointment

26



27/64

Ten!re of office 21 @1 The Commissioner shall hol" office for a perio" of five $ears an" shall8 at the

e-piration of s!ch perio"8 be eligible for reappointment s!bject to a limitation to t,o

consec!tive terms of office

@2 A person appointe" as Commissioner ma$ resign from office b$ ,riting !n"er his

han" a""resse" to the +resi"ent

@3 The Commissioner ma$ be remove" from office for inabilit$ to "ischarge the

f!nctions of office !n"er this Act or for miscon"!ct

.!alifications for

appointment

22@1 o person shall be !alifie" for appointment to the office of *ata +rotection

Commissioner if that person;

@a is a 0ember of +arliament?

@b is a member of a local government a!thorit$?

@c is an insolvent?

@" has at an$ time been convicte" of an$ offence involving "ishonest$ or moral

t!rpit!"e?

@e has less than an aggregate of 1( $ears of ,or% e-perience in the p!blic service?

or

@f "oes not possess !alifications an" s%ills commens!rate ,ith the

responsibilities an" f!nctions of the Commissioner

@2 The Commissioner shall vacate office if an$ circ!mstances arise that8 if he ,ere

not a Commissioner8 ,o!l" ca!se him to be "is!alifie" for appointment as s!ch8 b$

virt!e of s!bsection @1 of this section

/!nctions of the

Commissioner

23@1 The f!nctions of the Commissioner shall be ;

@a to monitor compliance b$ "ata controllers of the provisions of this Act?

@b to provi"e a"vice to "ata controllers on their obligations !n"er the provisions8

an" generall$ on the operation8 of this Act?

@c to receive an" investigate complaints abo!t allege" violations of the

protection of personal information an" information privac$ of persons an" in

respect thereof ma$ ma%e reports to complainants?

@" to in!ire generall$ into an$ matter8 incl!"ing an$ enactment or la,8 or an$

practice8 or proce"!re8 ,hether governmental or non;governmental8 or an$

technical "evelopment8 if it appears to the Commissioner that the protection

of personal information an" information privac$ of the in"ivi"!al is being8 or

ma$ be8 infringe" thereb$?

@e for the p!rpose of promoting the protection of in"ivi"!al privac$8 partic!larl$

27



28/64

information privac$8 to !n"erta%e e"!cational programmes on the

CommissionerDs behalf or in co;operation ,ith other persons or a!thorities

acting on behalf of the Commissioner?

28



29/64

@f to ma%e p!blic statements in relation to an$ matter affecting the information

privac$ of the in"ivi"!al or of an$ class of in"ivi"!als?

@g to receive an" invite representations from members of the p!blic on an$

matter affecting the information privac$ of the in"ivi"!al?

@h to cons!lt an" co;operate ,ith other persons an" bo"ies concerne" ,ith the

information privac$ of the in"ivi"!al?

@i to ma%e s!ggestions to an$ person in relation to an$ matter that concerns the

nee" for8 or the "esirabilit$ of8 action b$ that person in the interests of the


@j to !n"erta%e research into8 an" to monitor "evelopments in8 "ata processing

an" comp!ter technolog$ to ens!re that an$ a"verse effects of s!ch

"evelopments on the information privac$ of in"ivi"!als are minimi:e"8 an" to

report to the 0inister the res!lts of s!ch research an" monitoring?

@% to e-amine an$ propose" legislation @incl!"ing s!bsi"iar$ legislation or

propose" polic$ of the 9overnment that the Commissioner consi"ers ma$

affect the information privac$ of in"ivi"!als8 an" to report to the 0inister the

res!lts of that e-amination?

@l to report @,ith or ,itho!t re!est to the 0inister from time to time on an$

matter affecting the privac$ of the in"ivi"!al8 incl!"ing the nee" for8 or

"esirabilit$ of8 ta%ing legislative8 a"ministrative8 or other action to give

protection or better protection to the information privac$ of the in"ivi"!al?

@m to report to the 0inister from time to time on the "esirabilit$ of the

acceptance8 of an$ international instr!ment relating to the "ata protection an"


@n to gather s!ch information as in the CommissionerDs opinion ,ill assist the

Commissioner in "ischarging the "!ties an" performing the f!nctions of the

Commissioner !n"er this Act?

@o to "o an$thing inci"ental or con"!cive to the performance of an$ of the

prece"ing f!nctions?

@p to e-ercise an" perform s!ch other f!nctions8 po,ers8 an" "!ties as are

conferre" or impose" on the Commissioner b$ or !n"er this Act or an$ other

enactment?

@ prono!nce a"ministrative sanctions as permitte" b$ the Act or ancillar$

reg!lations in the case of violation of the provisions of this la,?

@r create8 maintain an" !p"ate the register ,hich shall be accessible to an$

person ,ho re!ests access in accor"ance ,ith this Act?

@s receive notifications re!ire" in terms of this Act incl!"ing notifications from

"ata controllers an" notifications of sec!rit$ breaches?

29



30/64


31/64

)estriction on

emplo$ment

24 A person appointe" as a Commissioner shall be a f!ll;time officer an"shall not be

emplo$e" in an$ other capacit$ "!ring an$ perio" in ,hich the person hol"s office as

a Commissioner.

@,/illing of vacanc$

of the

CommissionerBs

post

25@1 here;

a a vacanc$ arises in the office of the Commissioner? or

b b$ reason of illness8 absence from the co!ntr$ or other s!fficient ca!se8 a

person appointe" as a Commissioner is !nable to perform his or her f!nctions

!n"er this Act8

@- the +resi"ent ma$8 !pon the recommen"ation of the 0inister8 appoint a

s!itable person to act in that office or perform those f!nctions8 as the case

ma$ be

@2 The +arliament shall arrange ann!all$8 for the !se of the Commissioner8 s!ch s!ms

of mone$ as ma$ be necessar$ for the proper e-ercise8 performance an" "ischarge8 b$

the Commissioner8 of his po,ers8 "!ties an" f!nctions !n"er this Act

@$

@3 The Commissioner shall8 a""itionall$ collect f!n"s from fees an" fines from

sanctions prono!nce" against breach of provisions of this Act b$ "ata controllers

p!rs!ant to this Act

Staff an" f!n"s 26 @1 There shall be appointe" s!ch officers an" emplo$ees as ma$ be necessar$

to enable the +rivac$ Commissioner to "ischarge the "!ties an" perform thef!nctions of s!ch Commissioner !n"er this Act

@2 +arliament shall appropriate ann!all$8 for the !se of the Commissioner8

s!ch s!ms of mone$ as ma$ be necessar$ for the proper e-ercise8 performance an"

"ischarge8 b$ the Commissioner8 of his po,ers8 "!ties an" f!nctions !n"er this

Act

@3 The Commissioner shall a""itionall$ collect the financial sanctions prono!nce"

against "ata controllers p!rs!ant to this Act

31



32/64

PART I'

REGISTER OF DATA CONTROLLERS AND INFORMATION BUREAUS

32



33/64


34/64

p!rposes

@3 A registere" person ma$ at an$ time appl$ to the Commissioner for the

alteration of an$ partic!lars incl!"e" in the entr$ or entries relating to that person

@4 here the alteration ,o!l" consist of the a""ition of a p!rpose for ,hich

personal information are to be hel"8 the person ma$8 instea" of ma%ing anapplication !n"er s!bsection @38 ma%e a fresh application for registration in

respect of the a""itional p!rpose

@5 A registere" person shall ma%e an application !n"er s!bsection @3 ,henever

necessar$ for ens!ring that the entr$ or entries relating to that person are c!rrent

an" acc!rate

34



35/64

Acceptance or

ref!sal

2& @1 S!bject to this section the Commissioner shall8 as soon as practicable an"

in an$ case ,ithin the perio" of three months after receiving an application for

registration or for the alteration of registere" partic!lars8 notif$ the applicant in

,riting ,hether his application has been accepte" or ref!se"? an" ,here the

Commissioner notifies an applicant that his application has been accepte"8 thenotification shall state;

@a the partic!lars entere" in the register8 or the alteration ma"e? an"

@b the "ate on ,hich the partic!lars ,ere entere" or the alteration ,as ma"e

@2 The Commissioner shall not ref!se an application meeting ,ith formalities

specifie" in this Act !nless the Commissioner

@a consi"ers that the partic!lars propose" for registration or8 as the case ma$ be8

the partic!lars that ,o!l" res!lt from the propose" alteration8 ,ill not give

s!fficient information as to the matters to ,hich the$ relate? or@b is satisfie" that the applicant is li%el$ to contravene an$ of the "ata protection

principles of this Act? or

@c consi"ers that the information available to him is ins!fficient to satisf$ him

that the applicant is !nli%el$ to contravene an$ of those principles

@3 S!bsection @2@a shall not be constr!e" as precl!"ing the acceptance b$ the

Commissioner of partic!lars e-presse" in general terms in cases ,here that is

appropriate8 an" the Commissioner shall accept partic!lars e-presse" in s!ch

terms in an$ case in ,hich he is satisfie" that more specific partic!lars ,o!l" beli%el$ to prej!"ice the p!rpose or p!rposes for ,hich the "ata are to be hel"

*!ration an"

rene,al

3(@1 o entr$ shall be retaine" in the register after the e-piration of the initial

perio" of registration e-cept in p!rs!ance of a rene,al application ma"e to the

Commissioner in accor"ance ,ith this section

@2 S!bject to s!bsection @18 the initial perio" of registration an" the perio" for

,hich an entr$ is to be retaine" in p!rs!ance of a rene,al shall be a perio" five

$ears beginning ,ith the "ate on ,hich the entr$ in !estion ,as ma"e or8 as the

case ma$ be8 the "ate on ,hich that entr$ ,o!l" fall to be remove" if the

application ha" not been ma"e

@3 here the Commissioner notifies an applicant for registration that his

application has been accepte"8 the notification shall state the "ate ,hen the initial

perio" of registration ,ill e-pire

@4 An$ person ,ho8 in connection ,ith a rene,al application8 %no,ingl$ or

35



36/64

rec%lessl$ f!rnishes the Commissioner ,ith information ,hich is false or

mislea"ing in a material respect shall be g!ilt$ of an offence

@5 Hver$ rene,al application shall be accompanie" b$ the prescribe" fee an" no

s!ch application shall be ma"e e-cept in the perio" of 6 months en"ing ,ith the

e-piration of@a the initial perio" of registration? or

@b if there have been one or more previo!s rene,al applications8 the c!rrent

rene,al perio"

@6 here a person ma%ing a rene,al application notifies the Commissioner in

,riting that no alteration of registere" partic!lars is so!ght8 no f!rther partic!lars

ma$ be necessar$ in s!pport of the application

@ itho!t prej!"ice to the foregoing provisions of this section8 the

Commissioner ma$ at an$ time remove an entr$ from the register at the re!estof the person to ,hom the entr$ relates

36



37/64

Inspection of

registere"

partic!lars

31@1 The Commissioner shall provi"e facilities for ma%ing the information

containe" in the entries in the register available for inspection @in visible an"

legible form b$ members of the p!blic at all reasonable ho!rs on pa$ment of

s!ch fee if an$ as ma$ be prescribe"

@2 The Commissioner shall8 on pa$ment of s!ch fee8 if an$8 as ma$ beprescribe"8 s!ppl$ an$ member of the p!blic ,ith a cop$ in ,riting of the

partic!lars containe" in the entr$ ma"e in the register in p!rs!ance of an$

application for registration

*eregistration 32 @1 If the Commissioner is satisfie" that a registere" person has contravene"

or is contravening an$ of the "ata protection principles8 the Commissioner ma$

@a serve the person ,ith a "e;registration notice stating that the Commissioner

proposes8 at the e-piration of s!ch perio" as is specifie" in the notice8 to remove

from the register all or an$ of the partic!lars constit!ting the entr$ or an$ of the

entries containe" in the register in respect of that person? an"

@b s!bject to the provisions of this section8 remove those partic!lars from the

register at the e-piration of that perio"

@2 S!bject to s!bsection @18 the perio" specifie" in a "eregistration notice shall

not e-pire before the en" of the perio" ,ithin ,hich an appeal can be bro!ght

against the notice an"8 if s!ch an appeal is bro!ght8 the partic!lars shall not be

remove" pen"ing the "etermination or ,ith"ra,al of the appeal

@3 If b$ reason of special circ!mstances the Commissioner consi"ers that an$

partic!lars sho!l" be remove" from the register as a matter of !rgenc$ he ma$

incl!"e a statement to that effect in the "e;registration notice? an" in that event

s!bsection @4 shall not appl$ an" the partic!lars shall be remove" imme"iatel$

@4 The Commissioner ma$ cancel a "e;registration notice b$ ,ritten notification

to the person on ,hom it ,as serve"

@5 In "eci"ing ,hether to serve a "e;registration notice the Commissioner shall

consi"er ,hether the contravention has ca!se" or is li%el$ to ca!se an$ person

"amage or "istress8 an" the Commissioner shall not serve s!ch a notice !nless he

is satisfie" that compliance ,ith the principle or principles in !estion cannot be

a"e!atel$ sec!re" b$ the service of an enforcement notice

@6 A "e;registration notice shall contain a statement of the principle or principles

,hich the Commissioner is satisfie" have been or are being contravene" an" the

reasons for reaching that concl!sion?

37



38/64

PART '

IN'ESTIGATION OF COMPLAINTS

38



39/64

)eceipt an"

investigation of

complaints

33@1 S!bject to this Act8 the Commissioner shall receive an" investigate a

complaint from an$ person in respect of an$ matter relating to;

@a

@b

the collection8 retention or "isposal of personal information b$ a

"ata controller? or

the !se or "isclos!re of personal information hel" b$ a "ata

controller?

@2 othing in this Act precl!"es the Commissioner from receiving an"

investigating complaints of a nat!re "escribe" in s!bsection @1 that are

s!bmitte" b$ a person a!thori:e" b$ the complainant to act on behalf of the

complainant8 an" a reference to a complainant in an$ other section incl!"es a

reference to a person so a!thori:e"

@3 here the Commissioner is satisfie" that there are reasonable gro!n"s to

investigate a matter !n"er this Act8 the Commissioner ma$ initiate a complaint

in respect thereof

0o"e of

complaint

34 @1 A complaint !n"er this Act shall be ma"e to the Commissioner in

,riting !nless the Commissioner a!thori:es other,ise

@2 The Commissioner shall give s!ch reasonable assistance as is necessar$ inthe circ!mstances to enable an$ person ,ho ,ishes to ma%e a complaint to the

Commissioner8 to p!t the complaint in ,riting

otice of

investigation

35 7efore commencing an investigation of a complaint !n"er this Act8 the

Commissioner shall notif$ the chief e-ec!tive officer of the "ata controller

concerne" of the intention to carr$ o!t the investigation an" shall inform the

chief e-ec!tive officer of the s!bstance of the complaint

Commissioner

to ma%e

)eg!lations for

proce"!re

36 S!bject to the provisions of this Act8 the Commissioner ma$ ma%e

reg!lations to "etermine proce"!res to be follo,e" in the "ischarge of an$ "!t$

or the performance of an$ f!nction of the Commission !n"er this Act

Investigation

Confi"entialit$

3 @1 Hver$ investigation of a complaint !n"er this Act shall be con"!cte"

confi"entiall$

39



40/64

40



41/64

@2 In the co!rse of an investigation of a complaint !n"er this Act b$ the

Commissioner8 the person ,ho ma"e the complaint an" the chief e-ec!tive

officer of the "ata controller concerne" shall be given an opport!nit$ to ma%e

representations to the Commissioner8 b!t no one shall be "eeme" entitle" as of

right to be present "!ring8 to have access to8 or to comment on8 representationsma"e to the Commissioner b$ an$ other person

+o,ers of

Commissioner

in carr$ing o!t

investigations

3#@1 The Commissioner has8 in relation to carr$ing o!t of the investigation of

an$ complaint !n"er this Act8 po,er ;

@a to s!mmon an" enforce the appearance of persons before the

Commissioner an" compel them to give oral or ,ritten evi"ence

on oath an" to pro"!ce s!ch "oc!ments an" things as the

Commissioner "eems re!isite to the f!ll investigation an"

consi"eration of the complaint?

@b to receive an" accept s!ch evi"ence an" other information8

,hether on oath or b$ affi"avit or other,ise8 as the

Commissioner sees fit8 ,hether or not the evi"ence or

information is or ,o!l" be a"missible in a co!rt of la,?

@" to enter an$ premises occ!pie" b$ an$ "ata controller on

satisf$ing sec!rit$ re!irements of the premises?

@e to interrogate an$ person in an$ premises entere" p!rs!ant to

paragraph@" an" other,ise carr$ o!t therein s!ch in!iries

,ithin the po,er of the Commissioner !n"er this Act as the

Commissioner sees fit? an"

@f to e-amine or obtain copies of or e-tracts from boo%s or other

recor"s fo!n" in an$ premises entere" p!rs!ant to paragraph@"

containing an$ matter relevant to the investigation

@2 ot,ithstan"ing an$ other Act of +arliament or an$ privilege !n"er the la,

of evi"ence8 the Commissioner ma$8 "!ring the investigation of an$ complaint

!n"er this Act8 e-amine an$ information recor"e" in an$ form hel" b$ a p!blic

a!thorit$ an" no information shall be ,ithhel" from the Commissioner on an$

gro!n"s

41



42/64

@3 An$ "oc!ment or articles pro"!ce" p!rs!ant to this section b$ an$ person or

"ata controller shall be ret!rne" b$ the Commissioner ,ithin ten "a$s after a

re!est is ma"e to the Commissioner b$ that person or controller8 b!t nothing in

this s!bsection precl!"es the Commissioner from again re!iring its pro"!ction

in accor"ance ,ith this section

/in"ings an"

recommen"atio

ns of the

Commissioner

3&@1 If8 on investigating a complaint !n"er this Act in recommen"ations in

respect of personal information8 the Commissioner fin"s that the complaint is

,ell;fo!n"e"8 the Commissioner shall provi"e the chief e-ec!tive officer of the

"ata controller that has control of the personal information ,ith a report

containing;

@a the fin"ings of the investigation an" an$ recommen"ations that

the Commissioner consi"ers appropriate? an"

@b ,here appropriate8 an or"er that8 ,ithin a time specifie" therein8

notice be given to the Commissioner of an$ action ta%en or

propose" to be ta%en to implement the recommen"ations

containe" in the report or reasons ,h$ no s!ch action has been or

is propose" to be ta%en

@2 The Commissioner shall8 after investigating a complaint !n"er this Act8

report to the complainant the res!lts of the investigation8 b!t ,here a notice has

been re!este" !n"er paragraph @1 @b8 no report shall be ma"e !n"er this

s!bsection !ntil the e-piration of the time ,ithin ,hich the notice is to be given

to the Commissioner

@3 here a notice has been re!este" !n"er paragraph @1@b b!t no s!ch

notice is receive" b$ the Commissioner ,ithin the time specifie" thereof or the

action "escribe" in the notice is8 in the opinion of the Commissioner8

ina"e!ate or inappropriate or ,ill not be ta%en in a reasonable time8 the

Commissioner shall so a"vise the complainant in his report !n"er s!bsection @2

an" ma$ incl!"e in the report s!ch comments on the matter as he thin%s fit

)evie, of

compliance

,ith Act

4(@1 The Commissioner ma$8 from time to time at his "iscretion 8 carr$ o!t an

investigation in respect of personal information !n"er the control of a "ata

controller to ens!re compliance ,ith this Act

42



43/64

@2 If8 follo,ing an investigation !n"er s!bsection @18 the Commissioner

consi"ers that a "ata controller has not complie" ,ith this Act8 the

Commissioner shall provi"e the chief e-ec!tive officer of the controller ,ith a

report containing the fin"ings of the investigation an" an$ recommen"ations

that the Commissioner consi"ers appropriate

@3 An$ report ma"e b$ the Commissioner !n"er s!bsection @2 ma$ be

incl!"e" in a report ma"e to the +arliament p!rs!ant to this Act

)eport to

+arliament

41 The Commissioner shall8 as soon as practicable after the thirt$;first "a$ of

*ecember of each $ear8 prepare a report on the activities of the office "!ring

that $ear an" ca!se a cop$ of the report to be lai" before +arliament

Sec!rit$

re!irements

42 The Commissioner an" ever$ person acting on behalf or !n"er the "irection

of the Commissioner ,ho receives or obtains information relating to an$

investigation !n"er this Act or an$ other Act of +arliament shall8 ,ith respect to

the !se of that information8 satisf$ an$ sec!rit$ re!irements applicable to8 an"

ta%e an$ oath of secrec$ re!ire" to be ta%en b$8 persons ,ho normall$ have

access to an" !se of that information

Confi"entialit$ 43 S!bject to this Act8 the Commissioner an" ever$ person acting on behalf or

!n"er the "irection of the Commissioner shall not ma%e an$ !na!thori:e"

"isclos!res of information that comes to their %no,le"ge in carr$ing o!t "!ties

an" performing f!nctions !n"er this Act

+rotection from

criminal or civil

procee"ings

44 @1 o criminal or civil procee"ings shall be instit!te" against the

Commissioner8 or an$ person acting on behalf or !n"er the "irection of the

Commissioner8 for an$thing "one8 reporte" or sai" in goo" faith in the co!rse of

the e-ercise or performance or p!rporte" e-ercise8 "ischarge8 or performance of

an$ po,er8 "!t$ or f!nction of the Commissioner !n"er this Act

@2 /or the p!rposes of an$ la, relating to libel or slan"er8

@a an$thing sai"8 an$ information s!pplie" or an$ "oc!ment or thing

pro"!ce" in goo" faith in the co!rse of an investigation carrie"

o!t b$ or on behalf of the Commissioner !n"er this Act is

privilege"? an"

43



44/64

PART 'I

MISCELLANEOUS

44



45/64

*ata +rotection

Officers an"

*ata +rocessors

45 The hea" of a "ata controller ma$8 s!bject to this Act 8 b$ or"er8 "esignate one

or more officers or emplo$ees to be *ata +rotection Officers of that controller to

e-ercise8 "ischarge or perform an$ of the po,er8 "!ties or f!nctions of the hea" of

the "ata controller !n"er this Act that are specifie" in the or"er

*ata Controller

Instr!ctions

46 An$ person having access to the personal information an" acting !n"er the

a!thorit$ of the controller or of the "ata processor8 as ,ell as the "ata processor

himself>herself8 ma$ process personal information onl$ as instr!cte" b$ the

controller8 ,itho!t prej!"ice to an$ "!t$ impose" b$ la,

+rocee"ings

,here

"isclos!re ,as

in goo" faith

4 In an$ civil or criminal procee"ings against a "ata controller for the "isclos!re

of an$ personal information to the Commissioner or to a "ata s!bject8 or for an$

conse!ences that flo, from that "isclos!re8 s!ch "isclos!re shall be "eeme" to

have been ma"e in goo" faith

+o,er of the

0inister to

ma%e

)eg!lations

4# @1 The 0inister ma$ ma%e reg!lations for giving effect to the p!rpose of this

Act an" for prescribing an$thing re!ire" or a!thori:e" b$ this Act to be

prescribe"

@2 ot,ithstan"ing the generalit$ of s!bsection @18 reg!lations ma"e !n"er this

section ma$ prescribe ;

@a The g!i"elines for the "isposal of personal information hel" b$ a "ata

controller?

@b The "!ties of the "ata protection officer ,hen acting in the capacit$ as s!ch

for an" on behalf of a "ata controller?

@c The "!ties of the "ata controllerDs representative ,hen acting in the capacit$

as s!ch for an" on behalf of the "ata controller? an"

@" Sanctions that appl$ to offences an" violations of the Act

@3

Co"e of

Con"!ct

4& @1 The Commissioner shall or"er "ata controllers to "ra, !p of co"es of

con"!ct inten"e" to contrib!te to the proper implementation of this Act ta%ing

acco!nt of the specific feat!res of the vario!s in"!str$ sectors the relevant "ata

controllers

@2 S!ch co"es shall be s!bmitte" to the Commissioner for consi"eration

@3 The Commissioner shall ascertain8 among other things8 ,hether the "rafts

45



46/64

s!bmitte" to it are in accor"ance ,ith the national provisions a"opte" p!rs!ant to

this la, an" legitimate in"!str$ sector an" ,here it sees fit8 see% the vie,s of "ata

s!bjects or their representatives an" cons!lt ,ith the "ata controller@s an" relevant

in"!stries for the p!rposes of ascertaining necessar$ revisions prior to the approval

of the co"e of con"!ct b$ p!blication in the 9a:ette

histle

blo,ing

5( @1 The Commissioner shall establish r!les giving the a!thori:ation for an"

governing the ,histle blo,ing s$stem

@2 The governing ,histle blo,ing p!rs!ant to s!bsection @1 shall preserve

@a the principles of fairness8 la,f!lness an" p!rpose of the processing?

@b the principles relate" to the proportionalit$ as the limitation of the scope8

acc!rac$ of the "ata ,hich ,ill be processe"?

@c the principle of openness ,ith "elivering an a"e!ate collective an"

in"ivi"!al information on

i the scope an" p!rpose of the ,histle blo,ing?ii the processing of reporting?

iii the conse!ences of the j!stifie" an" !nj!stifie" reporting?

iv the ,a$ of e-ercising the rights of access8 to rectification8 "eletion

as ,ell as the competent a!thorit$ to ,hich a re!est can be ma"e?

v the thir" part$ ,hich ma$ receive personal "ata concerning the

informer an" the person ,ho is implicate" in the scope of the

processing of the reporting

@" the technical an" organi:ational r!les?

@e r!les concerning the rights of the "ata s!bject b$ ma%ing clear that the

right of access "oesnBt allo, to access to personal "ata lin%e" to a thir"

person ,itho!t his>her e-press an" ,ritten consent?

@f the r!les of notification to the A!thorit$?

46



47/64

PART 'II

TRANSBORDER DATA FLO(

47



48/64

Transfer to a state

,ith a"e!ate "ata

protection

frame,or%

51 @1 The Commissioner ma$8 s!bject to the provisions of this Act8 prohibit

the transfer of personal "ata from the State to a place o!tsi"e the State

@2 +ersonal information shall onl$ be transferre" to recipient co!ntr$ that

has a legal frame,or% that provi"es for a"e!ate "ata protection8 provi"e"

that;

@a the recipient establishes that the "ata is necessar$ for the

performance of a tas% carrie" o!t in the p!blic interest or p!rs!ant

to the la,f!l f!nctions of a "ata controller8 or

@b the recipient establishes the necessit$ of having the "ata

transferre" an" there is no reason to ass!me that the "ata s!bjectBs

legitimate interests might be prej!"ice" b$ the transfer or the

processing in the recipient co!ntr$

@3 The controller shall8 not,ithstan"ing @2 above8 be re!ire" to ma%e a

provisional eval!ation of the necessit$ for the transfer of the "ata

@4 The recipient shall ens!re that the necessit$ for the transfer of the "ata

can be s!bse!entl$ verifie"

@5 The "ata controller shall ens!re that the recipient shall process the

personal information onl$ for the p!rposes for ,hich the$ ,ere

transferre"

Transfer to a state

that "oes not have

a"e!ate "ata

protection

frame,or%

52 @1 +ersonal information shall onl$ be transferre" to recipients states8

other than those referre" to in Section 5(8 if an a"e!ate level of

protection is ens!re" in the co!ntr$ of the recipient an" the "ata is

transferre" solel$ to permit processing other,ise a!thorise" to be

!n"erta%en b$ the controller

@2 The a"e!ac$ of the level of protection affor"e" b$ the relevant thir"

co!ntr$ in !estion shall be assesse" in the light of all the circ!mstances

s!rro!n"ing the relevant "ata transfer@s8 partic!lar consi"eration shall be

given to the nat!re of the "ata8 the p!rpose an" "!ration of the propose"

processing8 the recipientDs co!ntr$8 the relevant la,s in force in the thir"

co!ntr$ an" the professional r!les an" sec!rit$ meas!res ,hich are

complie" ,ith in that recipientDs co!ntr$

@3 The Commissioner shall establish the categories of processing for

48



49/64

,hich an" the circ!mstances in ,hich the transfer of personal information

to co!ntries o!tsi"e Tan:ania is not a!thori:e"

49



50/64

@4 7$ ,a$ of "erogation from @3 above8 a transfer or a set of transfers of

personal information to a recipient in a co!ntr$ o!tsi"e Tan:ania or a

co!ntr$ ,hich "oes not ens!re an a"e!ate level of protection ma$ ta%e

place in one of the follo,ing cases

@a the "ata s!bject has !nambig!o!sl$ given his>her consent to

the propose" transfer?

@b the transfer is necessar$ for the performance of a contract

bet,een the "ata s!bject an" the controller or the

implementation of pre;contract!al meas!res ta%en in response

to the "ata s!bjectBs re!est?

@c the transfer is necessar$ for the concl!sion or performance of a

contract concl!"e" or to be concl!"e" bet,een the controller

an" a thir" part$ in the interest of the "ata s!bject?

@" the transfer is necessar$ or legall$ re!ire" on important

p!blic interest gro!n"s8 or for the establishment8 e-ercise or

"efense of legal claims?

@e the transfer is necessar$ in or"er to protect the legitimate

interests of the "ata s!bject? an"

@f the transfer is ma"e from a register ,hich8 accor"ing to acts or

reg!lations8 is inten"e" to provi"e information to the p!blic

an" ,hich is open to cons!ltation either b$ the p!blic in

general or b$ an$ person ,ho can "emonstrate a legitimate

interest8 to the e-tent that the con"itions lai" "o,n in la, for

cons!ltation are f!lfille" in the case at han"

@5 itho!t prej!"ice to the provisions of the previo!s paragraph8 the

Commissioner ma$ a!thori:e a transfer or a set of transfers of personal

information to a recipient co!ntr$ o!tsi"e Tan:ania or an$ other co!ntr$

,hich "oes not in its la,s ens!re an a"e!ate level of protection8 if the

controller satisfies the Commissioner that it shall ens!re a"e!ate

safeg!ar"s ,ith respect to the protection of privac$ an" f!n"amental

rights an" free"oms of the "ata s!bjects concerne"8 an" regar"ing the

e-ercise of the "ata s!bjectDs rights s!ch safeg!ar"s can be appropriate"

thro!gh a"e!ate legal an" sec!rit$ meas!res an" contract!al cla!ses in

partic!lar

)eco!rse to the @1 An$ person aggrieve" b$ the "ecision of the Commissioner !n"er this Act8

50



51/64

J!"icial A!thorit$ shall be entitle" to appeal to the CommissionBs appeal committee

@2 S!bject to the e-ha!stion of the appeal offere" thro!gh the Commission

!n"er this Act8 an$ person ,ho is "issatisfie" b$ the "ecision thereof shall

be entitle" to p!rs!e appeals ,ith j!"icial a!thorities

SCHEDULE I

RIGHTS OF DATA SUB)ECTS

)ight of access

to personal "ata

1 @1 S!bject to the follo,ing provisions of this section an" to other provisions of

this act8 an in"ivi"!al is entitle";

@a to be informe" b$ an$ "ata controller ,hether personal "ata of ,hich that

in"ivi"!al is the "ata s!bject are being processe" b$ or on behalf of that "ata

controller8

@b if that is the case8 to be given b$ the "ata controller a "escription of;

@i the personal "ata of ,hich that in"ivi"!al is the "ata s!bject8

@ii the p!rposes for ,hich the$ are being or are to be processe"8 an"

@iii the recipients or classes of recipients to ,hom the$ are or ma$ be "isclose"8

@c to have comm!nicate" to him in an intelligible form;

@i the information constit!ting an$ personal "ata of ,hich that in"ivi"!al is

the "ata s!bject8 an"

@ii an$ information available to the "ata controller as to the so!rce of those "ata8

an"

@" ,here the processing b$ a!tomatic means of personal "ata of ,hich that

in"ivi"!al is the "ata s!bject for the p!rpose of eval!ating matters relating to him

s!ch as8 for e-ample8 his performance at ,or%8 his cre"it,orthiness8 his reliabilit$or his con"!ct8 has constit!te" or is li%el$ to constit!te the sole basis for an$

"ecision significantl$ affecting him8 to be informe" b$ the "ata controller of the

logic involve" in that "ecision;ta%ing

@2 A "ata controller is not oblige" to s!ppl$ an$ information !n"er s!bsection @1

!nless he has receive";

51



52/64


53/64

@2 If the co!rt is satisfie"8 on the application of an$ person ,ho has given a notice

!n"er s!bsection @18 that the "ata controller has faile" to compl$ ,ith the notice8

the co!rt ma$ or"er him to ta%e s!ch steps for compl$ing ,ith the notice as the

co!rt thin%s fit

@3 In this section


54/64

)ight to

Compensation

for fail!re to

compl$ ,ith

certainre!irements

5 @1 An in"ivi"!al ,ho s!ffers "amage b$ reason of an$ contravention b$ a "ata

controller of an$ of the re!irements of this Act is entitle" to compensation from

the "ata controller for that "amage

@2 An in"ivi"!al ,ho s!ffers "istress b$ reason of an$ contravention b$ a "ata

controller of an$ of the re!irements of this Act is entitle" to compensation from

the "ata controller for that "istress if;

@a the in"ivi"!al also s!ffers "amage b$ reason of the contravention8 or

@b the contravention relates to the processing of personal "ata for the special

p!rposes

@3 In procee"ings bro!ght against a person b$ virt!e of this section it is a "efence

to prove that he ha" ta%en s!ch care as in all the circ!mstances ,as reasonabl$

re!ire" to compl$ ,ith the re!irement concerne"

)ectification8

bloc%ing8

eras!re an"

"estr!ction

6 @1 If a co!rt is satisfie" on the application of a "ata s!bject that personal "ata of

,hich the applicant is the s!bject are inacc!rate8 the co!rt ma$ or"er the "ata

controller to rectif$8 bloc%8 erase or "estro$ those "ata an" an$ other personal "ata

in respect of ,hich he is the "ata controller an" ,hich contain an e-pression of

opinion ,hich appears to the co!rt to be base" on the inacc!rate "ata

@2 S!bsection @1 applies ,hether or not the "ata acc!ratel$ recor" information

receive" or obtaine" b$ the "ata controller from the "ata s!bject or a thir" part$

@3 here the co!rt;

@a ma%es an or"er !n"er s!bsection @18 or

@b is satisfie" on the application of a "ata s!bject that personal "ata of ,hich he

,as the "ata s!bject an" ,hich have been rectifie"8 bloc%e"8 erase" or "estro$e"

,ere inacc!rate8 it ma$8 ,here it consi"ers it reasonabl$ practicable8 or"er the "ata

controller to notif$ thir" parties to ,hom the "ata have been "isclose" of the

rectification8 bloc%ing8 eras!re or "estr!ction

@4 If a co!rt is satisfie" on the application of a "ata s!bject;

@a that he has s!ffere" "amage b$ reason of an$ contravention b$ a

"ata controller of an$ of the re!irements of this Act in respect of an$ personal

"ata8 in circ!mstances entitling him to compensation !n"er this Act8 an"

@b that there is a s!bstantial ris% of f!rther contravention in respect of those

"ata in s!ch circ!mstances8

the co!rt ma$ or"er the rectification8 bloc%ing8 eras!re or "estr!ction of an$ of

those "ata

54



55/64

@5 here the co!rt ma%es an or"er !n"er s!bsection @4 it ma$8 ,here it consi"ers

it reasonabl$ practicable8 or"er the "ata controller to notif$ thir" parties to ,hom

the "ata have been "isclose" of the rectification8 bloc%ing8 eras!re or "estr!ction

@6 In "etermining ,hether it is reasonabl$ practicable to re!ire s!ch notification

as is mentione" in s!bsection @3 or @5 the co!rt shall have regar"8 in partic!lar8 to

the n!mber of persons ,ho ,o!l" have to be notifie"

55



56/64

SCHEDULE II

E*CEPTIONS TO DATA PROCESSING PRINCIPLES

56



57/64

ational

sec!rit$

1 @1 The processing of personal information is e-empt from the provisions of this

Act ,here the processing is re!ire" for the p!rpose of safeg!ar"ing national

sec!rit$

@2 An$ !estion ,hether the e-emption mentione" in s!bsection @1 is or at an$time ,as re!ire" for the p!rpose there mentione" in respect of an$ personal

information shall be "etermine" b$ the 0inister an" a certificate signe" b$ the

0inister cel1if$ing that the e-emption is or at an$ time ,as so re!ire" shall be

concl!sive evi"ence of that fact

@3 The processing of personal information ,hich is not e-empt !n"er s!bsection

@1 is e-empt from the non;"isclos!re provisions in an$ case in ,hich the

"isclos!re of the "ata is for the p!rpose of safeg!ar"ing national sec!rit$

@4 /or the p!rposes of s!bsection @3 a certificate signe" b$ the 0inister certif$ing

that personal information is or has been "isclose" for the p!rpose mentione" in that

s!bsection shall be concl!sive evi"ence of that fact

Crimes an"

ta-ation

2 @1 The processing of personal information hel" for the p!rpose of

@a the prevention or "etection of crime?

@b the apprehension or prosec!tion of offen"ers? or

@c the assessment or collection of an$ ta- or "!t$8

are e-empt from the s!bject access provisions of this la, in circ!mstances ,here

the application of those provisions to the "ata ,o!l" be li%el$ to prej!"ice an$ of

the matters mentione" in this s!bsection

@2 The processing of personal information ,hich

@a are hel" for the p!rpose of "ischarging stat!tor$ f!nctions? an"

@b consist of information obtaine" for s!ch a p!rpose from a person ,ho ha" it in

his possession for an$ of the p!rposes mentione" in s!bsection @1 8 are e-empt

from the s!bject access provisions to the same e-tent as personal information hel"

for an$ of the p!rposes mentione" in that s!bsection

3 +ersonal information are e-empt from the non;"isclos!re provisions in an$ case

57



58/64

in ,hich

@a the "isclos!re is for an$ of the p!rposes mentione" in s!bsection @1? an"

@b the application of those provisions in relation to the "isclos!re ,o!l" be li%el$

to prej!"ice an$ of the matters mentione" in that s!bsection? an" in procee"ings

against an$ person for contravening sections8 it shall be a "efence to prove that heha" reasonable gro!n"s for believing that fail!re to ma%e the "isclos!re in !estion

,o!l" have been li%el$ to prej!"ice an$ of those matters

58



59/64

ealth an"

social ,or%

3 @1 The 0inister ma$ b$ or"er e-empt from the s!bject access provisions8 or

mo"if$ those provisions in relation to personal information consisting of

information as to the ph$sical or mental health of the "ata s!bject

@2 The 0inister ma$ b$ or"er e-empt from the s!bject access provisions8 ormo"if$ those provisions in relation to personal information of s!ch other

"escriptions as ma$ be specifie" in the or"er8 being information

@a hel" b$ government "epartments or vol!nteer organi:ations or other bo"ies

"esignate" b$ the or"er? an"

@b appearing to him to be hel" for or ac!ire" in the co!rse of carr$ing o!t social

,or% in relation to the "ata s!bject or other in"ivi"!als

b!t the 0inister shall not !n"er this s!bsection confer an$ e-emption or ma%e an$

mo"ification e-cept so far as he consi"ers that the application to the "ata of thoseprovisions @or of those provisions ,itho!t mo"ification ,o!l" be li%el$ to

prej!"ice the carr$ing o!t of social ,or%

@3 An or"er !n"er this section ma$ ma%e "ifferent provision in relation to "ata

consisting of information of "ifferent "escriptions

)eg!lation of

financial

services etc

4 @1 +ersonal information hel" for the p!rpose of "ischarging stat!tor$ f!nctions to

,hich this section applies are e-empt from the s!bject access provisions in an$

case in ,hich the application of those provisions to the "ata ,o!l" be li%el$ to

prej!"ice the proper "ischarge of those f!nctions

@2 This section applies to an$ f!nctions "esignate" for the p!rpose of this section

b$ an or"er ma"e b$ the 0inister8 being f!nctions conferre" b$ or !n"er an$

enactment appearing to him to be "esigne" for protecting members of the p!blic

against financial loss "!e to "ishonest$8 incompetence or malpractice b$ persons

concerne" in the provision of ban%ing8 ins!rance8 investment or other financial

services or in the management of companies or to the con"!ct of insolvents

Appointment

an" professional

privilege

5 @ 1 +ersonal information hel" b$ a government "epartment are e-empt from the

s!bject access provisions if the "ata consist of information ,hich has been

receive" from a thir" part$ an" is hel" as information relevant to the ma%ing of

appointments

@2 +ersonal information is e-empt from the s!bject access provisions if the "ata

59



60/64

consist of information in respect of ,hich a claim to legal professional privilege

co!l" be maintaine" in legal procee"ings

60



61/64


62/64

+art if s!bsection @4 ,ere incl!"e" among the non;"isclos!re provisions

@6 +ersonal information hel" onl$ for

@a preparing statistics? or

@b carr$ing o!t research8

are e-empt from the s!bject access provisions? b!t it shall be a con"ition of thee-emption that the "ata are not !se" for an$ other p!rpose or "isclose" for an$

other p!rpose8 an" the res!lting statistics or the res!lts of the research are not ma"e

available in a form ,hich i"entifies the "ata s!bjects or an$ of them

62



63/64

Other

e-emptions

@1+ersonal information hel" b$ an$ person are e-empt from the provisions of this

Act if the "ata consist of information ,hich that person is re!ire" b$ or !n"er an$

enactment to ma%e available to the p!blic8 ,hether b$ p!blishing it8 ma%ing it

available for inspection or other,ise an" ,hether grat!ito!sl$ or on pa$ment of

fee

@2 The 0inister ma$ b$ or"er e-empt from the s!bject access provisions "ata

consisting of information the "isclos!re of ,hich is prohibite" or restricte" b$ or

!n"er an$ enactment if he consi"ers that the prohibition or restriction o!ght to

prevail over those provisions in the interests of the "ata s!bject or of an$ other

in"ivi"!al

@3 +ersonal information are e-empt from the s!bject access provisions if the "ataare %ept onl$ for the p!rpose of replacing other "ata in the event of the latter being

lost8 "estro$e" or impaire"

@4 +ersonal information are e-empt from the non;"isclos!re provisions in an$ case

in ,hich the "isclos!re is

@a re!ire" b$ or !n"er an$ enactment8 b$ an$ r!le of la, or b$ the or"er of co!rt

or

@b ma"e for the p!rpose of obtaining legal a"vice or for the p!rposes of8 or in theco!rse of legal procee"ings in ,hich the person ma%ing the "isclos!re is a part$ or

a ,itness

@5 +ersonal information are e-empt from the non;"isclos!re provisions in an$ case

in ,hich

@a the "isclos!re is to the "ata s!bject or a person acting on his behalf? or

@b the "ata s!bject or an$ s!ch person has re!este" or consente" to the partic!lar

"isclos!re in !estion? or

@c the "isclos!re is b$ a "ata controller or a person carr$ing on an information

b!rea! to his servant or agent for the p!rpose of enabling the servant or agent to

perform his f!nctions as s!ch

6 +ersonal information are e-empt from the non;"isclos!re provisions in an$ case

63



64/64

in ,hich the "isclos!re is !rgentl$ re!ire" for preventing inj!r$ or other "amage

to the health of an$ person or persons? an" in procee"ings against an$ person for

contravening sections of this Act it shall be a "efense to prove that he ha"

reasonable gro!n"s for believing that the "isclos!re in !estion ,as !rgentl$

re!ire" for that p!rpose

@ A person nee" not compl$ ,ith a notice8 re!est or or"er !n"er the s!bject

access provisions if compliance ,o!l" e-pose him to procee"ings for an$ offence

other than an offence !n"er this Act? an" information "isclose" b$ an$ person in

compliance ,ith s!ch notice8 re!est or or"er shall not be a"missible against him

in procee"ings for an offence !n"er this Act

SCHEDULE III

SANCTIONS

San$!%"n& @1 An$ member8 personnel8 cons!ltant8 contractor or other member of staff of the

Commission ,ho violates the obligation of secrec$ referre" to this Act shall be

liable for the pa$ment of a fine not e-cee"ing five million Shillings

@2 An$ person fo!n" to be g!ilt$ of an offence !n"er this la, shall be liable for

imprisonment for t,elve months or the pa$ment of a fine not e-cee"ing five

million Shillings8 or both

@3 Kpon conviction for an$ of the offences !n"er this Act8 the Co!rt shall or"er the

entire or partial p!blication of the j!"gment in one or more ne,spapers in the

manner it shall "etermine8 an" at the e-pense of the convicte" person

@4 Kpon conviction for an$ of the offences "escribe" in this section8 the co!rt ma$

or"er the sei:!re of the me"ia containing the personal information to ,hich the

offence relates8 s!ch as man!al filing s$stems8 magnetic "iscs or magnetic tapes8

an" an$ other relate" e!ipment or an$ other e!ipment8 or or"er the "eletion of

th " t

DRAFT OF DATA PROTECTION ACT 2013_ 28 October 2013.doc

Documents

Transcript of DRAFT OF DATA PROTECTION ACT 2013_ 28 October 2013.doc