By Ndimphiwe ShabanguPublished on
Page last updated on
This article was originally published in Issue 1 of Southern Africa Digital Rights, an online publication produced under "The African Declaration on Internet Rights and Freedoms: Fostering a human rights-centred approach to privacy, data protection and access to the internet in Southern Africa" project.
Since early 2021 the Kingdom of Eswatini has been gripped by waves of civil unrest, with reports having emerged of human rights violations perpetrated by the country’s security services and internet shutdowns implemented by the government in response to protests.
In June-July 2021, Eswatini experienced civil unrest which stemmed from governance related issues. The unrest resulted in violence which led to the death of citizens and damage to property. This resulted in the government directing telecommunications service providers – state-owned Eswatini Post and Telecommunications Corporation, MTN Eswatini and Eswatini Mobile – to shut down the internet.  This had never been witnessed before in the Kingdom. There were more protests in October 2021, and the government again shut down the internet and resorted to restricting social media platforms.  It should be noted that internet shutdowns and restrictions negatively affect businesses, and disrupted citizens’ ability to communicate.
The political situation has remained volatile throughout the first half of 2022, as the general mood of unrest has continued to threaten to spill into public again.
It was in this climate of heightened political sensitivity and instability that the Kingdom, in early 2022, gazetted various cyber laws that will regulate how citizens conduct themselves on the internet.
The Swaziland Communications Commission Act of 2013 established what is now called the Eswatini Communications Commission, which is a regulatory body that regulates all communications services, including the internet, in the country. This commission is under the Ministry of Information, Communication and Technology (MICT).
The creation of the Eswatini Communications Commission has been the catalyst for and instrumental in the enactment of the latest batch of cyber laws.  These new laws are the Computer Crime and Cyber Crime Act, 2022, the Data Protection Act, 2022, and the Electronic Communications and Transactions Act, 2022.
The Computer Crime and Cyber Crime Act, 2022, and the Data Protection Act, 2022, were gazetted and came into force on 4 March 2022, while the Electronic Communications and Transactions Act, 2022, which was also gazetted on the same date, had yet to be brought into force by the end of May 2022.
The Computer Crime and Cyber Crime Act, 2022  criminalises offences committed against and through the use of computer systems and electronic communications networks. Whilst mechanisms to protect citizens against criminal and terrorist elements that emanate from the use of the internet are necessary, there is a danger and risk that this can be misused by governments to curtail freedom of expression on the internet, which has implications such as the shrinking of online civil society spaces. Among the concerns expressed is that the law has the potential to be interpreted in a way that targets vocal human rights defenders, media practitioners and activists. The regulations of the law are yet to be developed.
The Data Protection Act, 2022  is a law that provides for the collection, processing, disclosure and protection of personal data and other matters. Data protection is imperative as internet usage increases. There are entities that collect and store people’s personal data for commercial and other purposes, such as monitoring internet user’s online habits and preferences. The law also includes provisions for third parties who collect data with consent. Furthermore, the law covers the protection and confidentiality of particular categories of personal data, such as health information.
The Electronic Communications and Transactions Act, 2022  is for the purpose of regulating electronic transactions, electronic communications and the use of e-government services, amongst others. This law is considered important in enabling the country’s fourth industrial revolution, which coincides with rising levels of internet use. Furthermore, with increasing roll-out and penetration of e-commerce and other digital platforms, it has become imperative for countries to implement laws to regulate such platforms and technologies to protect users.
Cybercrime law flagged
Long before it became law, when it was first mooted in August 2020, the then Computer Crime and Cyber Crime Bill stirred controversy when it was announced that it would also “include an item to criminalise the posting of so-called ‘fake news’ on the internet, potentially covering any story that is considered by the royal authorities as damaging to the kingdom’s image.” 
In early September 2020 it was reported that the bill would carry heavy fines and jail sentences for “Facebook abusers” and “fake news perpetrators”.  At the same time it was reported that the secretary general of the opposition People’s United Democratic Movement (PUDEMO), Wandile Dludlu, labelled the bill as “draconian” and that “it was intended to silence people expressing their views” online. Also at that time, the president of the Eswatini National Association of Journalists (SNAJ), Welcome Siyabonga Dlamini, expressed the hope that the proposed law “was not intended to muzzle the media or victimise individuals considered holding dissenting views or beliefs from those of the government.”
A year later, in November 2021, as the bill passed the final stages of enactment in the Eswatini parliament, the country’s Deputy Prime Minister, Themba Masuku, was reported to have come out in defence of the bill, stating that the intent behind it was not “nefarious” and that it was “not meant to target some Emaswati” at a time of political and social unrest. 
How this law interacts with and impacts the Data Protection Act, 2022, will be discussed in a forthcoming article.