Permissible Personal Data Breaches (Article 8)
August 16, 2022


Edith Michael Mtweve


10.1 The Concept of Permissible Data Protection and Privacy Breaches  

Data protection and privacy cannot be absolute, there are circumstances which call for disregard to some data protection and privacy principles.

10.2 International Instruments

Essentially the GDPR[i] provides for the material scope of inapplicability of the Regulation on the following amongst others;

Processing of personal data by a natural person on purely personal or household activities;

Processing by competent authorities with regard to criminal offences, on their prevention, investigation, detection and/or prosecution; or in the implementation/execution of criminal sanctions with the inclusion of safeguarding and preventing threats posed to public security.

The Malabo Convention[ii] also provides areas where the principles of data protection under the Convention shall not be applicable;

This Convention shall not be applicable to:

  1. a) Data processing undertaken by a natural person within the exclusive context of his/her personal or household activities, provided however that such data are not for systematic communication to third parties or for dissemination;
  2. b) Temporary copies produced within the context of technical activities for transmission and access to a digital network with a view to automatic, intermediate and temporary storage of data and for the sole purpose of offering other beneficiaries of the service the best possible access to the information so transmitted.

The SADC Model[iii] provides for limitations of the applicability of the rights and obligations with regard to data protection with regard to implementing/safeguarding the following;

  1. State security
  2. Defence;
  3. Public safety; 
  4. Criminal offences’ prevention, investigation, or proof, criminal offenders’ prosecution or criminal sanctions’ executions or in undertaking security measures or on issues of violation to professional codes of conduct for regulated professions;
  5. Regulatory activities;
  6. Literary and artistic works; and
  7. Professional journalism, pursuant to journalism ethical rules.


10.3 African Legislation

The Kenyan law allows data processing and control with a disregard to the data principles in the event where such processing is;

  1. Meant to cater for purely personal or household activities;[iv]
  2. Necessary for national security or public interest;[v]
  3. Warranted necessary disclosures under any written law or under a court order;[vi]
  4. Meant for publication of a literary work, where such data controller reasonably believes that the publication shall be for public interest, additionally such data control ad processing is subject to compliance with an applicable code of ethics governing the publication in question;[vii]
  5. Meant for research , history and statistics;[viii]
  6. Exemptions as prescribed by the Data Commissioner;[ix]

The Ghanaian law provides exemptions in the applicability of the provisions of the Act on data processing on the following issues;

  1. National security[x]: which has also been sub-categorized to include instances of; public order, public safety, public morality, national security, or public interest.
  2. Crime and taxation: [xi]which has further been qualify to involve instances of; the prevention or detection of crime, the apprehension or prosecution of an offender, or the assessment or collection of a tax or duty or of an imposition of a similar nature.
  3. Health, education and social work[xii]
  4. Data protection regulatory activities[xiii]
  5. Journalism, literature and art[xiv]
  6. Research, history and statistics[xv]
  7. Disclosure required by law or made in connection with a legal proceeding[xvi]
  8. Domestic purposes[xvii]
  9. Confidential references given by data controller[xviii]
  10. Armed Forces[xix]
  11. Judicial appointments and honours[xx]
  12. Public service or ministerial appointment[xxi]
  13. Examination marks[xxii]
  14. Examination scripts[xxiii]
  15. Professional privilege[xxiv]


10.3 Permissible Personal Data and Privacy Breaches under Tanzanian Legislation

Despite the fact that Tanzania does not have a specific law on data protection and privacy, the existent sector specific Legislation


10.3.1  The Constitution

Article 16 (1) of the Constitution in guaranteeing personal privacy rights in Tanzania, is subjected to a claw-back clause which makes the right not absolutely guaranteed pursuant to Article 16(2). The right to privacy may not be absolute under state enacted Legislation addressing the manner and extent to which the right to privacy may be infringed.


10.3.2 The Cybercrimes Act, 2015

Section 37 of the law warrants the use of forensic tools in obtaining evidence with regard to a suspect or persons of interest on cyber related crimes, these could be used to obtain a person’s personal data without regard to their right to privacy guaranteed under the Constitution.


10.3.3 The Anti-terrorism Act, 2002

Section 31 of the law warrants the interception of personal information with regard to interception of communications by an individual under investigation for terrorism related offences.


10.2. 4 The Way Forward

It is now inevitable for Tanzania to devise a sound data protection policy and to equally enact a comprehensive data protection and privacy law drawing inspiration to the existent international instruments and local legislations and customizing the law to meet the current and developing aspects peculiar to Tanzania and its international relations and undertakings.


[i] Ibid., GDPR, Article 2(2)

[ii] Ibid., Malabo Convention, Article 9(2)

[iii] Ibid., SADC Model Law, Article 42(1) and (2)

[iv] Section 51 of the Kenyan Data Protection Act, 2019

[v] Id.

[vi] Id.

[vii] Ibid., Section 52

[viii] Ibid., Section 53

[ix] Ibid., Section 54

[x] Section 60(1) of the Ghanaian Data Protection Act, 2012

[xi] Ibid., Section 61

[xii] Ibid., Section 62

[xiii] Ibid., Section 63

[xiv] Ibid., Section 64

[xv] Ibid., Section 65

[xvi] Ibid., Section 66

[xvii] Ibid., Section 67

[xviii] Ibid., Section 68

[xix] Ibid., Section 69

[xx] Ibid., Section 70

[xxi] Ibid., Section 71

[xxii] Ibid., Section 72

[xxiii] Ibid., Section 73

[xxiv] Ibid., Section 74

Victory Attorneys & Consultants © 2023

Augustine Dominic Shio

Managing Partner

Augustine Dominic Shio is also known as Mr Shio is a highly sought-after and widely recognized criminal law expert with more than 30 years of experience advising and assisting corporations and individuals charged with white-collar crimes.


Before founding the firm Mr Shio held several positions in the public sector, he served as a Principal State Attorney at the Attorney General’s Chambers, Legal Advisor at the President’s Office (Commission for Enforcement of the Leadership Code), Director of Legal Services and Complaints at the Ministry of Home Affairs and retired as a Deputy Director of Public Prosecutions at the Directorate of the Public Prosecutions.

Mr Shio is a recipient of the Presidential Medal for his distinctive public services and ethics of the highest order. His distinguished aptitude in handling complex criminal cases, particularly money laundering, economic and organized crimes has enabled the firm to handle high profile criminal cases in Tanzania.

Practice Focus

As the firm’s head of the Financial & Organized Crimes Department, Mr Shio represents corporations and individuals in the telecoms, media & ICT, mining, oil & gas and banking sectors in high profile criminal cases. He has advised and prepared legal compliance models and for large scale agribusiness operators, public listed companies and securities dealers and brokers in line with sector-specific laws.

He possesses vast experience in advising multinational corporations on money laundering and tax evasion throughout the life span of their commercial transactions.

Mr Shio has represented clients in major plea bargaining negotiations at the office of the Director of Public Prosecutions. He is renowned for closing some of the best pleas deals in the country on behalf of many locals and expatriates charged with money laundering, economic and organized crimes and cybercrimes. Additionally, Mr Shio consults and assists criminally charged individuals to secure pre-trail and post-trial bail on serious criminal charges.


Mr Shio holds a Bachelor’s Degree (LL.B Hons) from the University of Dar es Salaam, Certificate in Criminal Justice and Treatment of Offenders from the United Nations Institute (Fuchu, Japan). He is a certified criminal law expert in Money Laundering and Terrorism.

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Join our mailing list to receive the latest legal updates, events announcements and many more.

You have Successfully Subscribed!

Share This