The Public Private Partnership Commission (PPPC) has extolled the Data Protection (DP) Act as a robust legal framework designed to safeguard Malawians from all abuses related to personal data.
The Commission under the Digital Malawi Project (DIGMAP) with funding from the World Bank collaborated with the Ministry of Information and Digitalization, the Ministry of Justice and Constitution Affairs, the Malawi Communication Regulatory Authority (MACRA), and the National Registration Bureau (NRB) to draft and finalize the DP Bill, currently enacted as the DP Act.
The DP Act provides stringent protections for sensitive personal data, such as biometric data, race or ethnic origin, religion, beliefs relating to the freedom of conscience, health status, political opinions, or affiliations, just to mention a few.
Speaking in an interview today, PPPC Chief Executive Officer Patrick Kabambe said the Act offers guidance and best practice rules for individuals, organizations, and the government to follow on how to use personal data, including regulating data processing and protecting citizens’ rights regarding their data.
“The DP Act is coming in when there are numerous cases of personal data abuses. In this regard, the legal framework is essential in safeguarding Malawians from such abuses,” he said.
Kabambe clarified the distinction between the DP Act and the Access to Information (ATI) Act.
He noted that while the ATI Act governs access to public information to hold the government accountable, the DP Act focuses on protecting personal data from abuses.
Kabambe explained: “The ATI Act regulates access to public information to hold the government accountable. On the other hand, the DP Act safeguards personal data from all forms of abuses.”
He emphasized that the regulations under the DP Act have been finalized through DIGMAP to complement the Act.
The Act, among other provisions, empowers MACRA, designated as the DP Authority, to develop and publish guidelines to promote data protection and ensure compliance.
“The DP Act does not permit MACRA to keep or process personal data but rather ensures that the Act is abided by all data controllers or data processors,” Kabambe clarified.
Additionally, MACRA is tasked with raising public awareness of the Act and international data protection frameworks.
The legal framework also encourages the development and implementation of personal data protection technologies and administrative measures, aligning with international standards and applicable laws.