Criminal Actions on Social Media
The Cyber and Data Protection Act (Chapter 12:07) became law in December 2021. In terms of section 2 of the Act, the object of the Act is to increase data protection in order to build confidence and trust in the secure use of information and communication technologies by data controllers, their representatives and data subjects.
The Act amends the provisions of the Criminal Law (Codification and Reform) Act (Chapter 9:23), the Criminal Procedure and Evidence Act (Chapter 9:07) and the Interception of Communications Act (Chapter 11:20). The purpose of this article is to focus on the amendments to the Criminal Law (Codification and Reform) Act as they relate to the criminalisation of harassment and circulation of false messages on social media applications like Facebook, Twitter and WhatsApp.
CIRCULATION OF DATA MESSAGES
The criminal liability introduced by the Cyber and Data Protection Act focusses on the circulation, broadcast or distribution of harmful data messages on a computer or information system. This computer system includes email, social media, online articles, websites, databases, digital audio and electronic documents. The positive side of these platforms is that it has made communication and connectivity much easier on a global scale. However, the downside is that the platforms are sometimes abused through harassment and the circulation of false messages. In this regard, the Cyber and Data Protection Act introduces measures to curb cyberbullying, harassment and the circulation of false messages, through stiff penalties and long prison sentences.
OFFENDERS OR PERPETRATORS
People and organisations who are perpetrators of cyberbullying, harassment and circulation of false messages rely on the anonymity that is provided by the internet to hide their true identity. They tend to create false online accounts or use pseudo names, and they persistently prey on their victims with the sole intention to intimidate, harass, or bully. The same people and organisations use these anonymous profiles to circulate false messages and share them with media houses for publication. Previously, such offenders, once identified, would be sued for defamation, which process is expensive and taxing on the victims (and they can still be sued in the civil courts nonetheless). The Cyber and Data Protection Act gives quicker and affordable access to recourse to the victims of harassment and circulation of false messages, as well as cyberbullying through the criminal justice system via arrests, investigations, trial, conviction and imprisonment.
CYBER-BULLYING AND HARASSMENT
The Cyber and Data Protection Act introduces section 164B in the Criminal Law (Codification and Reform) Act which criminalises cyberbullying and harassment. It states that any person who unlawfully and intentionally, by means of a computer or information system, generates and sends any data message to another person, or posts on any material whatsoever on any electronic medium accessible by any person, with the intent to coerce, intimidate, harass, threaten, bully or cause substantial emotional distress, or to degrade, humiliate or demean the person of another or to encourage a person to harm himself or herself, shall be guilty of a criminal offence. This offence carries a fine not exceeding level 10 as well as imprisonment for a period not exceeding ten years or to both.
In terms of this new section, it is now a criminal offence to generate and circulate data messages with the intention to coerce, intimidate, harass, threaten, bully or cause substantial emotional distress, or to degrade, humiliate or demean another person through any electronic medium. This provision protects individuals of all ages, including children, teens, adults, as well as corporate entities or organisations.
The criminality of the actions is in line with international standards on the protection against cyberbullying, which has become widespread due to the ease of access to the internet. Children and teenagers have been subjected to immense cyberbullying, leading to an increase in suicide rates among young people not only globally, but also in Zimbabwe.
On the other hand, corporate organisations have also been subject to cyberbullying in recent years, most of the time with the aim of extorting money from them, and humiliating them in the eyes of their clients, shareholders, employees and the general public. In Zimbabwe, there has been a significant increase of such incidents, including reporting of the same by the press.
It certainly is a welcome development that the Cyber and Data Protection Act criminalises cyberbullying, such that when the perpetrators, be they individuals or organisations, are unmasked behind the anonymous veil, they face a level 10 fine or 10 years imprisonment.
TRANSMISSION OF FALSE DATA MESSAGES INTENDING TO CAUSE HARM
In terms of section 164C, any person who unlawfully and intentionally, by means of a computer or information system, makes available, broadcasts or distributes data to any other person concerning an identified or identifiable person knowing it to be false with intent to cause psychological or economic harm shall be guilty of a criminal offence. The person shall be liable to a fine not exceeding level 10 or to imprisonment for a period not exceeding five years or to both.
This section criminalises the circulation, by computer or information system, of false data messages about a person, which are intended to cause psychological or economic harm. Essentially, anyone who circulates, broadcasts or distributes false messages about a person is criminally liable, and can face a level 10 fine or five years imprisonment.
Through this section, the Cyber and Data Protection Act provides significant protection to victims, particularly where they can prove that the messages are false. Such messages, be they voice notes, or text messages, or pictures, or documents, do in fact cause significant psychological, emotional and reputational harm to the victims. In some cases, these messages also lead to financial and economic harm, as some victims lose their jobs or sources of livelihood. It is a welcome development that such conduct be visited by prison sentence, so that the perpetrators can atone for their actions.
The Cyber and Data Protection Act’s amendments to the Criminal Law (Codification and Reform) Act introduce other criminal offences as they relate to computer systems, computer data, data storage mediums, data codes and devices. These offences include hacking, unlawful acquisition of data, unlawful interference with data or data storage medium, unlawful interference with computer system, unlawful disclosure of data code, and unlawful use of data or devices.
The Act criminalises certain conduct as it relates to electronic communications and materials, in addition to cyberbullying and transmission of false messages. These include transmission of data message inciting violence or damage to property, sending threatening data message, spam, transmission of intimate images without consent, production and dissemination of racist and xenophobic material, and identity-related offence.
The Act creates offences against children such as recording of genitalia and buttocks beneath closing without consent, production, distribution, and possession of child sexual abuse material, and exposing children to pornography.
All the above offences carry a fine of between level 10 and level 14, and imprisonment for at least 5 to 10 years.
By amending the Criminal Law (Codification and Reform) Act, the Cyber and Data Protection Act makes significant strides in protecting the rights of people and organisations from cyberbullying and the transmission of false messages, and other such offences. The Act goes a long way to protect the right to privacy not only of individuals and organisations, but also of young children, who have also found themselves as victims of cyberbullying due to ease of access to the internet and social media.
The stiff fines and hefty prison terms serve as an indicator that while the perpetrator, who can be either an individual or an organisation, may use the tools online to hide their identity, when they are caught, they face severe penalties and jail time of up to 10 years.
In short, the public should exercise more due care on what they choose to post online, whether as an originator of the data or simply sharing, forwarding or re-retweeting material. The same applies to the service providers who are the enablers of these platforms like internet service providers as well as other telecommunication operators. The laws relating to civil and criminal defamation have, in essence, caught up with the