Tanzanian guesthouses urged to comply with personal data protection law

Morogoro. The Personal Data Protection Commission (PDPC) has raised concerns regarding sharing certain personal information at guesthouses, including a guest's place of departure and arrival, a violation of the law.

In his presentation, the PDPC Director of Registration and Compliance at the PDPC, Mr Stephen Wangwe, emphasised the importance of understanding the law to avoid legal consequences.

He clarified that details such as a guest’s origin, destination, or ethnicity are irrelevant to the guesthouse they are staying at.

“When you go to a guesthouse and you are asked to write where you are coming from, where you are going, and your ethnicity, all these are personal data, and it’s against the law,” explained Mr Wangwe.

“In the past, exam results were announced by names, but now they must use numbers to protect people’s data,” he added.

Furthermore, Mr Wangwe outlined that individuals have the right to file complaints if their data are used without consent, and appropriate actions will be taken to address breaches.

“If your information is misused and you don’t have anywhere to complain, it means you will lose trust in the service. Many people, for instance, avoid withdrawing money from ATMs because they don’t trust how their data may be exposed,” added Mr Wangwe.

He emphasised that the law aims to restore trust, requiring all entities handling personal data to register, be monitored, and ensure individuals are compensated in case of a breach.

Mr Wangwe outlined key data protection principles, including collecting and processing data legally, transparently, and for specific purposes.

Data should not be collected excessively or beyond what is necessary, and it must be obtained directly from the individual concerned.

Additionally, data should be kept confidentially, accurately, up-to-date, and stored only for as long as necessary.

Other principles include restrictions on transferring data outside the country.

Before transferring data abroad, permission must be obtained from relevant authorities to ensure protection.

A specific form (Number Seven) must be filled out to verify data accuracy before sharing.

Mr Wangwe added that there are currently 850 systems connected to the National Identification Authority (NIDA), hinting that any system seeking access must first obtain an approval certificate.

“In case your data has been used by any service provider you will receive a message requesting your permission," he stated.

He also outlined the benefits of the Personal Data Protection Law, such as promoting innovation, safeguarding individual privacy, empowering people, ensuring transparency, and increasing competition.

If someone’s data is shared without consent, he/she has the right to complain.

Mr Wangwe reiterated that information about where someone is coming from or going to is irrelevant for guesthouse records.

He also urged organisations announcing exam results to use numbers rather than names to maintain privacy.

Some citizens were unaware that providing departure and arrival details at guesthouses violated the law.

As a result, many have resorted to providing false details, including fake names and phone numbers.