In Mozambique there is no specific legislation on data protection or privacy. However, there are other sources of law that impose some privacy obligations, including:
- The Civil Code (Decree-Law no. 47344, of November 25, 1966, in force in Mozambique through Edict no. 22869, dated September 4, 1967)
- The Penal Code (Law n.º 35/2014 of December 31)
- The Labour Law (Law n.º 23/2007, of August 1)
- The Electronic Transactions Law (Law n.º 3/2017, of January 9)
In addition, the Constitution of the Republic of Mozambique provides that all citizens are entitled to the protection of their private life and have the right to honor, good name, reputation, protection of their public image and privacy. Further, Article 71 of the Constitution identifies the need to legislate on access, generation, protection and use of computerized personal data (either by public or private entities); however, implementing legislation has not yet been approved.
In Mozambique there is no specific legislation on data protection or privacy. However, there are other sources of law that impose some privacy obligations, including:
- The Civil Code (Decree-Law no. 47344, of November 25, 1966, in force in Mozambique through Edict no. 22869, dated September 4, 1967)
- The Penal Code (Law n.º 35/2014 of December 31)
- The Labour Law (Law n.º 23/2007, of August 1)
- The Electronic Transactions Law (Law n.º 3/2017, of January 9)
In addition, the Constitution of the Republic of Mozambique provides that all citizens are entitled to the protection of their private life and have the right to honor, good name, reputation, protection of their public image and privacy. Further, Article 71 of the Constitution identifies the need to legislate on access, generation, protection and use of computerized personal data (either by public or private entities); however, implementing legislation has not yet been approved.
Definition of personal data
At the moment, the law does not define the concept of 'personal data'.
Definition of sensitive personal data
There is no law defining sensitive personal data. However, the Constitution of the Republic of Mozambique imposes restrictions on recording and handling any individually identifiable information concerning a person’s political, philosophical or ideological beliefs, religious beliefs, membership in a political party or trade union and (particulars) related to the person’s privacy.
There is no data protection authority in Mozambique.
There is no data protection registration requirement in Mozambique.
Mozambique law does not require the appointment of data protection officers.
Under the Constitution of the Republic of Mozambique, individually identifiable information, concerning to political, philosophical or ideological beliefs, religious beliefs, membership in a political party or trade union and (particulars) related to the person’s privacy may not be stored or processed in a database.
The law does not generally restrict cross-border transfers of personal information. The Constitution of the Republic of Mozambique imposes restrictions on disclosures of personal information to third parties.
Under the Electronic Transactions Law (Law n.º 3/2017, of January 9), the person / entity responsible for processing electronic data, must protect personal data against risks, losses, unauthorized access, destruction, use, modification or disclosure.
There is no breach notification requirement in Mozambique.
The Penal Code (Law n.º 35/2014 of December 31) provides for certain computer-related crimes, such as intrusion through informatics, which is subject to imprisonment from two to eight years and a one-year fine. There is also the crime of fraud through electronic means, which is subject to imprisonment for at least one year and a corresponding fine.
However, given that Mozambique does not have specific data protection laws nor a specific authority responsible to oversee data protection matters, enforcement of data protection-related matters is minimal.
The rules applicable to electronic advertisement and marketing are provided under the Advertisement Code (Decree n.º 38/2016, of August 31) and the Electronic Transactions Law (Law n.º 3/2017, of January 9).
Under the Electronic Transactions Law, express consent from a recipient is required prior to sending direct marketing communications via automated dialing systems, fax machines and email, unless one of the following applies:
- If the sender obtained the contact details of the recipient during the sale or negotiations for the sale of a product or service to the recipient
- The direct marketing refers to similar products or services to those of the recipient
- At the moment of initial collection of the data, the recipient was offered the option to refuse of use of his contact details, and decided not to refuse
- If the recipient did not refuse the use of its data in any subsequent communications
Under the Advertisement Code, electronic marketing messages should be clearly identified and include sufficient information, so as to allow the common recipient to easily understand all of the following:
- The nature of the message
- The advertiser
- The promotional offers, such as discounts, prizes, gifts and promotional contests and games, as well as the conditions to which they are bound (if applicable)
All direct marketing message must provide recipients with information about how to opt out of further marketing communications, as well as the identity details of the source from which the contact details of the consumer have been obtained.
Other than the above general rule, there are no other rules applicable to online privacy.
