Zimbabwe
AI behavior law: bot and agent disclosure, crawler and training-data rules, automated-agent transactions, and algorithmic decision-making.
Summary
Zimbabwe's Cyber and Data Protection Act No. 5 of 2021 (Chapter 12:07; in force 11 March 2022) is a combined data protection and cybercrime statute enforced by POTRAZ (Postal and Telecommunications Regulatory Authority of Zimbabwe). It amends the Criminal Law Act to introduce computer-related offences including unlawful interference with computer systems and creates a Data Protection Authority and Cyber Security Centre within POTRAZ. The Act applies to any automated processing of personal data. Public websites carry implicit authorisation; the unlawful-access provisions require intentional, unlawful conduct. Data Protection Regulations were issued in 2024, clarifying compliance requirements. No sui generis database right exists. No TDM exception. No scraping-specific case law. Public-page crawling of non-personal data is low risk; collecting personal data requires a lawful basis; technical circumvention and post-C&D scraping carry criminal exposure.
Automated-access legality
Carried forward from the crawler-law index. Governs whether automated clients may access public websites in this jurisdiction.
| Dimension | Value |
|---|---|
| Authorization test | without permission |
| Public-page carve-out | unsettled |
| Terms-of-service browsewrap enforceable | notice dependent |
| Terms-of-service clickwrap enforceable | yes |
| Copyright exception model | fair dealing narrow |
| Text and data mining — commercial status | unsettled |
| Text and data mining — opt-out mechanism | none |
| robots.txt legal weight | non binding notice |
| AI training-specific law | none |
| Privacy regime | Cyber and Data Protection Act No. 5 of 2021 (POTRAZ Data Protection Authority) |
| Trespass to chattels | not recognized |
Last reviewed: 2026-05-23. Confidence: medium. Not legal advice.