Privacy Law at Mozambique
Mozambique's data protection and privacy landscape is evolving, with several legal provisions addressing aspects of personal data handling, though a comprehensive and enforceable data protection law is still lacking.
Constitutional and Legal Framework
The Constitution of the Republic of Mozambique guarantees the right to privacy and data protection as fundamental right. However, there is no standalone data protection la. The Law No. 3/2017 (Lei das Transações Eletrónicas) provides a legal framework for electronic transactions, e-commerce, and e-governance, offering limited regulation of data protection, primarily for users of information and communication technology
📜 Relevant Legislation
**Penal Code (Law No. 24/2019)*: Article 252 criminalizes unauthorized interception, recording, or dissemination of private communications, images, or data, with penalties of up to one year in prison and fines
**Labor Law (Act 13/2023)*: Protects employees' personal data and communications, requiring employers to obtain written consent before processing personal information and to respect the confidentiality of personal communications
*Law No. 34/2014: Regulates public access to information and public participation, classifying personal data held by public entities as confidential and prohibiting its disclosure without consent or a court order
🏦 Sector-Specific Regulations
While Mozambique lacks a comprehensive data protection law, sector-specific regulations exist:
*Banking Sector: The Bank of Mozambique mandates that credit institutions and financial companies base their data processing centres within the country and adhere to the Law on Credit Institutions and Financial Companies (LICSF) and the Law on Electronic Transactions to protect financial data
*Financial Data Security: The National Institute of Information and Communication Technologies (INTIC) has highlighted the absence of mandatory regulations for financial data security, emphasizing the need for specific legislation to address the growing threat of cyber-attacks
⚠️ Implementation Challenges
Mozambique faces several challenges in implementing effective data protection:
*Absence of a Dedicated Regulatory Authority: There is no independent agency responsible for overseeing data protection and enforcing compliance.
*Limited Public Awareness: A lack of awareness among the public and businesses regarding data protection rights and obligations hinders effective implementation.
*Cybersecurity Threats: The country experiences a high volume of cyber-attacks, underscoring the need for robust data protection measures
✅ Recommendations for Organizations
Organizations operating in Mozambique should:
*Obtain Explicit Consent: Ensure informed and explicit consent is obtained from individuals before collecting or processing their personal data.
*Implement Data Protection Measures: Adopt appropriate technical and organizational measures to safeguard personal data.
*Ensure Data Accuracy: Take reasonable steps to ensure the accuracy of personal data and update it when necessary.
*Maintain Confidentiality: Respect the confidentiality of personal communications and data, disclosing it only with consent or as required by law.
*Stay Informed: Monitor developments in data protection regulations and adapt practices accordingly.
RELATED Blog
0 comments