The High Court has ruled that mobile phone operators in Malawi should not comply with a Macra directive that companies should furnish the authority with subscribersâ€™ call detail records (CDRs).
The Malawi Communications Regulatory Authority (Macra) earlier made the directive for the implementation of its new monitoring equipment, dubbed â€˜the spy machineâ€™.
The presiding judge, Justice Lovemore Chikopa, has also issued a permanent injunction restraining Airtel, TNM, the Malawi Telecommunications Limited (MTL) and Access Communications Limited (ACL) from furnishing Macra with the CDRs.
Chikopa made the ruling on Wednesday in Lilongwe in a case where a subscriber to all the four mobile operators Alick Kimu sued the companies from providing the CDRs to Macra, arguing doing so would be a breach to his privacy.
Said Chikopa: â€œThe plaintiff sought two declarations and an injunction. The first declaration was to the effect that he is entitled to having his right to privacy safeguarded by the defendants under the Constitution, the Act and the operating licences. That is granted.
â€œSecondly, the plaintiff sought a declaration that compliance with the Macra directive would in the circumstances of this case be a breach of his right to privacy. That is granted as well. The plaintiff also sought an injunction restraining the defendants from furnishing Macra with CDRs. That is also granted. Meaning that the interim injunction granted herein is made permanent.â€
The judge said between April 2009 and September 2010, Macra procured a Consolidated ICT Regulatory Management System (CIRMS) which he said the â€œthe plaintiff rather carelessly called â€˜the spy machineâ€™â€.
Chikopa noted that the system was, according to a bid document issued by Macra, to have capacity of lawful interception; Internet interception; GSM and CDMA, GPRS interception; and equipment identity registry.
The judge said after commissioning the CIRMS, Macra requested from the defendants various detailed information.
â€œThe defendants were, to be fair to them, reluctant to comply with the requests. They thought compliance would compromise the confidentiality and privacy of their subscribers apart from breaching constitutional guarantees of privacy,â€ saidÂ Chikopa.
The judge said the information which Macra was requesting from the mobile operators â€“CDRsâ€”includes information about who called which number; details of calls received; time and duration of calls; location where call was made or received; SMS sent and received; type of handset used and other detailed subscriber information.
â€œThat is private information which should only be disclosed at the discretion of the owner thereof,â€ said Chikopa.
The judge said the right to privacy is provided for under Section 21 of the Constitution and was quick to note that the right is not absolute, saying Section 44 (1) and (2) provides for instances in which the right can be limited.
Said the judge: â€œFor the record, the right can be limited if the limitation is prescribed by law, is reasonable, is recognised by international human rights standards and is necessary in open and democratic society.â€
â€œIn this case, a limitation does not become legal merely because it came from Macra [or] indeed any regulator. It is because it complies with the test set out in Section 44 above mentioned. Does it? The answer is in the negative. No legislation has been pointed out which allows the defendant to limit the right.
â€œIf the defendants complied with the directive from Macra they would, in our view, be in breach of the plaintiffâ€™s right to privacy as provided for under the Constitution, the Act and the licences. The directive is incapable of being saved by Section 44.â€