Tanzania Recording Laws: Privacy Rules and Penalties (2026)

Tanzania recording laws rest on a one-party consent baseline under Rule 5 of the Electronic and Postal Communications (Investigation) Regulations 2017, but that baseline sits beneath a heavy state-surveillance regime anchored by the Cybercrimes Act 2015 (Act 14 of 2015) and the Electronic and Postal Communications Act (EPOCA) 2010 (Cap. 306, R.E. 2022).

Information last verified on 2026-05-15. This article has not yet been reviewed by a licensed lawyer.

Jurisdiction scope: This article addresses recording and interception law in the United Republic of Tanzania (mainland Tanzania and Zanzibar) under the Electronic and Postal Communications Act 2010, the Cybercrimes Act 2015, the Personal Data Protection Act 2022, the Constitution of Tanzania 1977, and subsidiary regulations. It does not address other East African jurisdictions; for those, see our world recording laws hub.

Is Tanzania One-Party or Two-Party Consent?

Tanzania is a one-party consent jurisdiction in principle. Rule 5 of the Electronic and Postal Communications (Investigation) Regulations 2017 permits a party to a communication to intercept it, which legal commentators read as a participant-recording exception: if you are on a phone call or participating in a conversation, you may record it. The rule also permits interception where the person has the consent of the person sending the communication, or where the person is the intended recipient.

This one-party baseline, however, comes with substantial uncertainty. No Tanzanian court has ruled on whether Rule 5's participant exception survives scrutiny under Section 120 of EPOCA, which broadly prohibits all interception without "lawful authority." Rule 6(1) of the same Regulations states that "no person shall intercept, attempt to intercept, authorise or instruct any other person to intercept or attempt to intercept any communication at any place in the United Republic except as warranted under the Regulations," language that could be read to require a formal warrant even for participant recording.

The practical picture is further complicated by three factors. First, the Personal Data Protection Act 2022 imposes transparency and consent obligations on all personal data processing, including voice recordings, which means a legally permissible interception under the Regulations may still violate data protection law if the other party is not informed. Second, the Cybercrimes Act 2015 separately criminalizes interception of electronic transmissions with its own penalty structure, and prosecutorial discretion about which statute to invoke creates inconsistent outcomes. Third, Tanzania's rule-of-law environment means that legal text and enforcement practice do not always align.

The safe practical answer: recording a call or conversation in which you participate is likely lawful under Rule 5, but informing the other party and obtaining consent before recording eliminates legal exposure under both the interception statutes and the PDPA.

Constitutional Right to Privacy

Tanzania's privacy protections start at the highest level of law. Article 16 of the Constitution of the United Republic of Tanzania (1977) establishes the foundational right:

"Every person is entitled to respect and protection of his person, the privacy of his own person, his family and of his matrimonial life, and respect and protection of his residence and private communications."

Article 16(2) directs state authorities to establish legal procedures governing when and how privacy rights may be limited. This constitutional mandate is the basis for all subsequent legislation dealing with communications interception and surveillance.

The specific mention of "private communications" is significant. It signals that the framers of Tanzania's Constitution intended to protect not just physical privacy but also the content of conversations and correspondence. Any law permitting interception or recording must satisfy the constitutional requirement that limitations on privacy follow established legal procedures.

In practice, enforcement of this constitutional guarantee has been uneven. Privacy International has documented that Tanzania's institutional capacity to protect communications privacy has lagged behind the constitutional promise, particularly as digital surveillance tools have become more accessible to both government agencies and private actors.

President Samia Suluhu Hassan, who succeeded John Magufuli in March 2021, initially signaled a reform agenda. She lifted bans on several media organizations and released some journalists. But by 2024 and 2025, the pattern of press suppression reasserted itself, with newspaper licenses suspended, platforms banned, and journalists arrested during protest coverage. The constitutional promise of Article 16 coexists, uneasily, with the surveillance and content-control architecture built since 2015.

EPOCA 2010: The Primary Interception Prohibition

The Electronic and Postal Communications Act (EPOCA) of 2010 (Cap. 306, Revised Edition 2022) is Tanzania's principal law governing telecommunications. Section 120 contains the core prohibition on unauthorized interception.

What Section 120 Prohibits

Section 120 makes it an offense for any person to, without lawful authority under EPOCA or any other written law:

• Intercept, attempt to intercept, or procure any other person to intercept or attempt to intercept any communications
• Disclose or attempt to disclose to any other person the contents of any communications, knowingly or having reason to believe the information was obtained through unlawful interception
• Use or attempt to use the contents of any communications, knowingly or having reason to believe the information was obtained through unlawful interception

The prohibition covers three distinct acts: the interception itself, the disclosure of intercepted material, and the use of intercepted material. Each is a separate offense.

Penalties Under EPOCA Section 120

The penalty for a conviction under EPOCA Section 120 is not independently confirmed from the primary statutory text reviewed for this article. The TZS 5,000,000 minimum fine and 12-month minimum imprisonment figure that appears in legal commentary on Tanzania's interception regime is verified as the penalty under Rule 6 of the 2017 Investigation Regulations (issued under EPOCA), not directly from the face of Section 120 itself. Until a primary-source reading of Section 120 is confirmed, readers should treat the Rule 6 penalty figures as the verified floor for unauthorized interception offenses under the EPOCA framework. Courts retain discretion to impose higher penalties.

The penalty structure is notable because it sets minimums rather than maximums. This signals legislative intent to treat unauthorized interception as a serious offense rather than a minor regulatory violation.

Who Can Lawfully Intercept

Section 120 creates an exception for interception conducted with "lawful authority under this Act or any other written law." In practice, this means interception authorized under the Investigation Regulations, the Prevention of Terrorism Act, or by the Tanzania Intelligence and Security Service.

The Tanzania Communications Regulatory Authority (TCRA) oversees the telecommunications sector and works with law enforcement agencies to facilitate lawful interception. Only public officers or TCRA-appointed officers authorized by the Ministry of Science and Technology and the Ministry of Home Affairs may conduct authorized interceptions.

Cybercrimes Act 2015: Digital Interception and Press Freedom Concerns

The Cybercrimes Act of 2015 (Act 14 of 2015) adds a parallel set of criminal provisions targeting electronic communications. While EPOCA focuses on telecommunications broadly, the Cybercrimes Act specifically addresses computer systems and digital transmissions. It has also become a central instrument for suppressing journalists and critics.

Section 6: Illegal Interception

Section 6 of the Cybercrimes Act makes it an offense to intentionally and unlawfully intercept, by technical or other means:

• Non-public transmissions to, from, or within a computer system
• Non-public electromagnetic emissions from a computer system
• Non-public connected computer systems

The section also criminalizes circumventing protection measures implemented to prevent access to non-public transmission content.

The Act defines "interception" broadly to include "acquiring, viewing, listening or recording any computer data communication through any other means of electronic or other means, during transmission." That definition explicitly includes recording as a form of interception.

Penalties Under the Cybercrimes Act

A person convicted of illegal interception under Section 6 faces a minimum fine of TZS 5,000,000 or imprisonment for a minimum term of one year, or both. For offenses involving critical information infrastructure, penalties escalate to a minimum fine of TZS 100,000,000 (approximately USD 38,000) or three times the loss caused, with a minimum prison term of five years.

Section 8: Data Espionage

Section 8 addresses obtaining computer data that is protected against unauthorized access. This provision could apply to accessing recorded communications stored on devices or servers. The penalty is a minimum fine of TZS 20,000,000 or three times the value of the undue advantage gained, with a minimum prison term of five years.

Section 32: Surveillance Without Judicial Oversight

Section 32 of the Cybercrimes Act authorizes surveillance of computer systems and communications without making judicial oversight mandatory before surveillance begins. Article 19 has analyzed that this provision "does not make it mandatory for investigating police officers to seek judicial oversight while engaging in surveillance," which violates international standards on privacy and freedom of expression. The High Court of Tanzania upheld this provision when it was challenged, in what Article 19 described as "a further blow to free expression."

Press Freedom Criticism

Human Rights Watch documented in 2019 that the government used the Cybercrimes Act to "arbitrarily arrest and, in some cases, bring harassing prosecutions against journalists, activists, and opposition politicians." Article 19 has called for the repeal or significant reform of the Act to align it with international human rights standards. The Act's provisions on false or misleading online information have been used to prosecute individuals for social media posts rather than for actual unauthorized recording, but the surveillance infrastructure the Act enables has direct implications for anyone who records and publishes information about government conduct.

Overlap with EPOCA

A single act of recording a phone call transmitted over digital networks could theoretically violate both EPOCA Section 120 and Cybercrimes Act Section 6. Legal commentators in Tanzania have noted that this overlap creates uncertainty about which statute prosecutors would invoke and which penalty structure would apply.

The 2017 Investigation Regulations: The One-Party Exception in Detail

The Electronic and Postal Communications (Investigation) Regulations of 2017, issued under EPOCA, provide the most detailed framework for lawful interception in Tanzania. They also contain the Rule 5 participant exception discussed in the quick-answer section above.

Rule 5: The Participant Exception

Rule 5 of the Investigation Regulations permits interception under the following circumstances:

• The person is a party to the communication
• The person has the consent of the person sending the communication
• The person is the intended recipient of the communication
• The person is authorized by law
• The interception is bona fide, for purposes of providing, installing, maintaining, or repairing a communications service

The first three items suggest that a participant in a conversation may record it without committing an offense under the Regulations. If you are a party to a phone call, Rule 5 appears to allow you to record that call.

Why This Exception Is Uncertain

Before relying on Rule 5 as blanket permission to record, consider several problems.

First, regulations are subordinate to the parent Act. If EPOCA Section 120 is interpreted to prohibit all non-authorized interception, a regulation cannot create exceptions that the Act does not contemplate. No Tanzanian court has ruled on whether Rule 5's participant exception survives scrutiny under Section 120.

Second, Rule 5 exists within the Investigation Regulations, a framework designed primarily for law enforcement interception. The participant exception may have been intended to cover cooperating witnesses working with police, not private citizens recording personal conversations.

Third, Rule 4 of the same Regulations restates the constitutional privacy protection from Article 16, suggesting the drafters intended privacy to remain the default position.

Fourth, Rule 6(1) separately states that "no person shall intercept, attempt to intercept, authorise or instruct any other person to intercept or attempt to intercept any communication at any place in the United Republic except as warranted under the Regulations." This language suggests that even participant recording may require a warrant.

Law Enforcement Interception

For government agencies, the pathway is clearer. The Director-General of the Tanzania Intelligence and Security Service or the Director of Criminal Investigations may intercept communications after obtaining a warrant from the Inspector General of Police. Telecommunications providers are required to maintain technical capabilities for "lawful interceptions at all times" and provide "real-time and full-time monitoring facilities."

The warrant serves as a disclosure order against any person with access to encrypted or protected information.

Personal Data Protection Act 2022

Tanzania's Personal Data Protection Act (PDPA) (Act No. 11 of 2022), enacted in 2022 with accompanying regulations effective October 28, 2023, adds another layer to the recording analysis.

How the PDPA Applies to Recording

The PDPA defines personal data broadly to include any information relating to an identified or identifiable individual. A recording of someone's voice, statements, or image falls within this definition. Processing personal data, which includes collection, storage, and use, requires a lawful basis.

The Act establishes six principles for data processing:

• Lawfulness, fairness, and transparency
• Purpose limitation
• Data minimization
• Accuracy
• Storage limitation
• Security

Recording a conversation without the other party's knowledge would likely violate the transparency principle. Using that recording for a purpose other than what was disclosed would violate purpose limitation.

Consent Under the PDPA

For sensitive personal data, which includes information revealing political opinions, religious beliefs, health status, or sexual life, the PDPA requires explicit written consent that can be withdrawn at any time. If a recorded conversation touches on any of these topics, the consent threshold is higher than for ordinary personal data.

Clyde & Co has noted that the PDPA requires data controllers to provide a "simplified means to withdraw their consent," suggesting that consent must be ongoing and revocable, not a one-time permission.

PDPA Penalties

The Personal Data Protection Commission enforces the Act through both administrative and criminal channels:

• Administrative fines up to TZS 100,000,000 (approximately USD 38,000)
• Criminal penalties for unauthorized disclosure: individuals face fines up to TZS 20,000,000 or imprisonment up to 10 years
• Corporate penalties: fines up to TZS 5,000,000,000 (approximately USD 1.9 million)
• Compensation awards with no statutory ceiling

These penalties apply alongside, not instead of, the penalties under EPOCA and the Cybercrimes Act. A single unauthorized recording could theoretically trigger liability under all three statutes.

PDPC Enforcement Timeline

The Personal Data Protection Commission was formally launched on April 3, 2024. The Commission issued two implementing regulations on October 28, 2023: the Personal Data Protection (Personal Data Collection and Processing) Regulations 2023 and the Personal Data Protection (Complaints Settlement Procedures) Regulations 2023. The deadline for all data controllers to register with the Commission was October 10, 2024. Organizations that collect voice recordings, operate CCTV, or process employee personal data and have not registered are currently in violation of the PDPA's registration requirement.

Recording Police and Journalists in Tanzania

Tanzanians who record or publish recordings of government officials, police, or security forces operate in a high-risk environment shaped by overlapping legal tools and an enforcement pattern documented by international press freedom organizations.

Legal Framework

No provision of Tanzanian law explicitly prohibits recording a police officer or government official in a public setting. The constitutional right to freedom of expression under Article 18 of the Constitution supports the argument that recording public officials engaged in their official duties serves a public interest.

In practice, however, the toolkit of repressive enforcement includes:

• Cybercrimes Act 2015, Section 16: prohibits publishing information that is false, deceptive, or misleading. The definition of "false" has been applied expansively to content critical of official conduct.
• Media Services Act 2016, Section 19(1): requires journalists to hold accreditation from the Journalists Accreditation Board. Practicing journalism without accreditation, including publishing recorded material, carries a penalty of three to five years imprisonment and/or TZS 5-20 million fine.
• EPOCA Online Content Regulations 2020: prohibit content that "motivates or promotes phone tapping, espionage, data theft, tracking, recording or intercepting communications or conversation without right." The phrase "without right" is undefined, giving authorities broad discretion.

RSF and International Documentation

Reporters Without Borders (RSF) ranked Tanzania 97th in the 2024 World Press Freedom Index, a significant improvement of 46 places from 143rd in 2023 -- reflecting the early Samia reform period. But violations continued. On June 13, 2024, police arrested journalist Dinna Maningo at her home in Tarime for publishing "confidential investigation reports" and confiscated her equipment. During 2024, newspapers The Citizen and Mwananchi had their online publication licenses suspended after publishing content critical of President Hassan. In June 2025, the government banned both the social media platform X (formerly Twitter) and the local discussion platform Jamii Forums during the election campaign period.

Freedom House's Freedom in the World 2025 report noted that authorities required a special permit for reporting on police or prison activities and that "journalists needed special permission to cover meetings of the National Assembly."

Practical Guidance

Anyone intending to record police conduct or publish recordings of government officials in Tanzania should understand that no statutory protection for such recording currently exists. The legal tools for prosecution are in place and have been used. The risk of confiscation, arrest, and prosecution under the Cybercrimes Act or Media Services Act is real and has been documented by multiple credible international organizations.

Media Services Act 2016

The Media Services Act 2016 (Act No. 12 of 2016) regulates media and journalism in Tanzania. It has been extensively criticized by Tanzanian civil society and found by the East African Court of Justice to be incompatible with the EAC Treaty on multiple grounds.

Accreditation and Recording Restrictions

Section 19(1) of the Media Services Act requires all persons practicing journalism to hold accreditation from the Journalists Accreditation Board. "Journalism" is defined broadly enough to include recording and publishing audio or video material about matters of public interest. Practicing journalism without accreditation is an offense carrying three to five years imprisonment and/or a TZS 5-20 million fine.

For recording purposes, the practical effect is that a citizen who records a newsworthy event and publishes it without accreditation may be prosecuted as an unaccredited journalist. This creates a significant chilling effect on the use of recording devices in connection with matters of public interest.

Content Restrictions

The Act prohibits publishing content that "threatens the national defense, public safety, public order, or the economy" or that "injures the reputation, rights and freedom of other persons." These broad categories give authorities discretion to classify a wide range of recordings as prohibited content.

EACJ Ruling

The East African Court of Justice found several provisions of the Media Services Act incompatible with the EAC Treaty's fundamental principles. However, enforcement of EACJ rulings depends on political will, and the Act remains in force.

Phone Recording in Tanzania

Tanzania's laws do not draw a clear line between recording phone calls and other forms of interception. Here is how the legal framework applies to telephone recording specifically.

Recording Your Own Calls

The Investigation Regulations Rule 5 suggests that a party to a communication may intercept it. If this provision applies to personal phone recording, then recording a call you are participating in is likely lawful under the Regulations.

But the PDPA's transparency requirement creates a separate obligation. Even if the interception itself is permitted under Rule 5, failing to inform the other party that you are recording may violate data protection law. The safest course is to inform the other party before pressing record.

Recording Someone Else's Calls

Recording a phone conversation to which you are not a party is unambiguously illegal under both EPOCA Section 120 and Cybercrimes Act Section 6. There is no exception for family members, employers, or anyone else who is not a participant in the call.

Call Recording by Businesses

Businesses that record customer calls face obligations under the PDPA in addition to the interception statutes. At minimum, businesses must notify callers that the call is being recorded, state the purpose of the recording, provide a mechanism for callers to opt out, secure the recorded data, retain recordings only as long as necessary, and register as a data controller with the Personal Data Protection Commission.

The PDPA requires registration of all data controllers and processors with the Commission. Operating a call recording system without registration is an ongoing violation. As of October 10, 2024, the registration deadline has passed; organizations not yet registered should treat this as an urgent compliance issue.

In-Person Recording

The legal framework for recording face-to-face conversations in Tanzania is even less defined than for phone calls.

Private Conversations

Article 16 of the Constitution protects "private communications" without limiting that phrase to electronic or telephone communications. A private, in-person conversation qualifies. Recording such a conversation without consent could violate constitutional privacy rights.

The PDPA's requirements for lawful processing, transparency, and consent apply regardless of the medium. Recording someone's voice during a private meeting and storing that recording constitutes processing of personal data.

The Practical Gap

Neither EPOCA nor the Cybercrimes Act was written with in-person recording in mind. EPOCA addresses telecommunications interception. The Cybercrimes Act addresses computer systems and digital transmissions. A person recording a face-to-face conversation on a smartphone occupies a legal gray area where the interception statutes may not technically apply, but the constitutional right to privacy and the PDPA almost certainly do.

This gap is not unusual for East African legal systems, but it creates real uncertainty. Until a court addresses the question or Parliament passes targeted legislation, the legal status of in-person recording in Tanzania remains unresolved.

Recording in Public Places

Tanzania has not enacted specific legislation governing recording in public spaces. The analysis turns on general privacy principles.

In genuinely public settings such as markets, streets, and transportation hubs, the expectation of privacy is reduced. CCTV systems operate in many public areas in Tanzania, and the TCRA has not treated their operation as inherently unlawful.

However, the PDPA treats images and recordings captured in public as personal data if they identify or could identify specific individuals. Organizations operating CCTV in public-facing locations must comply with the PDPA's registration and processing requirements.

The Online Content Regulations 2022, issued under EPOCA, require internet cafe operators to install surveillance cameras recording activities on the premises and to retain that footage. The same Regulations prohibit content promoting "recording or intercepting communications or conversation without right," without defining what constitutes a recording "without right" in a public setting.

Private conversations that happen to take place in public, such as a discussion at a restaurant or in a hotel lobby, may still carry a reasonable expectation of privacy. Recording such conversations without consent could trigger both constitutional and PDPA liability.

Workplace Recording and Surveillance

Tanzanian employers who monitor employees through recording or surveillance must navigate both employment law and data protection law.

Employer Obligations

Under the Employment and Labour Relations Act (ELRA), employers have confidentiality obligations regarding information obtained during the employment relationship. Section 102 of ELRA addresses unauthorized disclosure of financial and business information.

The PDPA classifies employers as data controllers when they collect, store, and process employee personal data. Clyde & Co has analyzed that employers using CCTV, biometric systems, or electronic monitoring tools must comply with the full range of PDPA obligations, including the requirement that personal data be "collected and processed lawfully, fairly and transparently."

What Employers Must Do

Employers who record or monitor employees should inform employees in writing about any monitoring or recording practices, state the specific purpose for each monitoring tool, limit monitoring to what is necessary for the stated purpose, secure all recorded data against unauthorized access, retain recordings only as long as needed, and register as a data controller with the Personal Data Protection Commission.

Penalties for Employer Violations

Non-compliance carries significant risk. PDPA penalties range from TZS 1,000,000 to TZS 5,000,000,000, and individual officers may face personal liability. ELRA violations carry fines up to TZS 1,000,000 for unauthorized disclosure of employment-related information.

Voyeurism and Hidden Cameras

Tanzania's Penal Code (Cap. 16, R.E. 2022) does not contain a specific voyeurism or hidden-camera statute comparable to those enacted in many common-law jurisdictions since 2000. However, several existing provisions create legal exposure for covert visual recording.

The Penal Code's general provisions on indecency, criminal trespass, and causing a public nuisance can reach hidden-camera conduct depending on the circumstances and the nature of the recording. Where a covert recording captures sexual or intimate content, it may constitute a criminal offense under the Penal Code's provisions on obscenity and indecent publications.

The PDPA provides the more robust framework. Any covert recording of an identifiable individual, whether audio or video, constitutes collection of personal data without consent. The transparency principle under the PDPA requires that data subjects be informed of the collection of their data. A hidden camera recording by definition violates this principle. Penalties under the PDPA for unauthorized processing of personal data reach TZS 5,000,000,000 for corporate offenders.

Beyond the PDPA, Section 6 of the Cybercrimes Act's broad definition of interception as "acquiring, viewing, listening or recording" may extend to hidden-camera video captures if those captures are transmitted through or stored on a computer system, which covers effectively all modern digital cameras.

The absence of a dedicated voyeurism statute is a recognized gap in Tanzanian law, noted in the 2022 analysis of the PDPA's implementation challenges.

Deepfake and AI-Generated Recordings

As of May 2026, Tanzania has no specific legislation targeting deepfake content or AI-generated synthetic audio or video. The country's legal framework addresses these emerging technologies only through general provisions in existing statutes.

Applicable Existing Provisions

Several existing laws may reach deepfake conduct:

Cybercrimes Act 2015, Section 7 (Illegal Data Interference): Section 7 prohibits intentionally and unlawfully damaging, deleting, deteriorating, altering, or suppressing computer data. Creating a synthetic recording that alters or misrepresents another person's statements could constitute illegal data interference, though the provision was not designed with AI-generated content in mind.

Cybercrimes Act 2015, Section 16 (False Information): Publishing AI-generated audio or video that is false, deceptive, or misleading may constitute an offense under Section 16, which has been the primary tool for prosecuting online content in Tanzania.

PDPA 2022: Using someone's voice, image, or likeness to generate synthetic content constitutes processing of biometric personal data without consent. Such processing without lawful basis violates the PDPA's consent requirements and the data minimization principle.

Legislative Gap

No pending deepfake bill has been identified in Tanzanian parliamentary records as of May 2026. Given the pace of AI adoption across East Africa and Tanzania's history of reactive legislation (the Cybercrimes Act was itself a reactive response to emerging digital threats in 2015), targeted deepfake legislation is a foreseeable development but cannot currently be confirmed.

Anyone creating or using AI-synthesized recordings involving identifiable Tanzanians should assume that existing PDPA consent requirements and Cybercrimes Act false-information provisions apply, while acknowledging that no enforcement precedent currently exists for this specific conduct.

Cross-Border Recording

When a recording crosses Tanzania's national boundary, whether by capturing a call to a foreign number or by storing or transmitting a recording to a server in another country, both Tanzanian law and the receiving jurisdiction's law may apply.

PDPA Cross-Border Transfer Requirements

The Personal Data Protection Act 2022 restricts transfers of personal data to countries outside Tanzania unless those countries provide an adequate level of data protection or the data subject has explicitly consented to the transfer. A recording of a Tanzanian individual stored on a cloud server in a foreign country constitutes a cross-border data transfer subject to the PDPA's adequacy requirements.

The PDPC has not yet published a formal list of jurisdictions deemed adequate for data transfer purposes, which creates practical uncertainty for businesses using foreign cloud storage for recordings.

EAC Regional Framework

The East African Community's Eastern Africa Regional Digital Integration Project (EARDIP) is developing a framework for cross-border data flows and shared cybersecurity standards across EAC member states, which include Tanzania, Kenya, Uganda, Rwanda, Burundi, South Sudan, and the Democratic Republic of Congo. Harmonized standards could simplify cross-border recording compliance within the EAC bloc, but this framework is not yet in force.

Practical Guidance for Cross-Border Calls

For a call between a person in Tanzania and a person in another country, the general principle is that Tanzanian law governs the conduct of the Tanzanian participant. If the Tanzanian participant records the call under Rule 5's one-party exception, that recording may still engage the other country's consent law if the other party is in a two-party consent jurisdiction. The safest approach, regardless of the cross-border configuration, is to inform all parties and obtain consent before recording.

Penalties Summary

Tanzania's penalty structure for unauthorized recording and interception reflects the seriousness with which the legal system treats communications privacy.

These penalties can stack. A single act of unauthorized recording that involves intercepting a phone call, storing the recording, and sharing it with a third party could trigger prosecution under EPOCA, the Cybercrimes Act, and the PDPA simultaneously.

Business Compliance Checklist

Organizations operating in Tanzania that record communications or conduct surveillance should take the following steps:

• Register with the Personal Data Protection Commission as a data controller immediately; the October 10, 2024 registration deadline has passed and unregistered organizations are in ongoing violation
• Appoint a Data Protection Officer as required by the PDPA
• Obtain informed consent before recording any call or conversation, with clear disclosure of the purpose
• Provide a mechanism for individuals to withdraw consent at any time
• Implement technical security measures to protect recorded data
• Limit data retention to the minimum period necessary for the stated purpose
• Post visible notices in any area where CCTV or audio recording equipment operates
• Conduct regular compliance audits against PDPA requirements and the PDPA Collection and Processing Regulations 2023
• Train staff on Tanzania's interception and data protection laws
• Maintain records of all data processing activities for regulatory inspection
• Review cross-border data transfer arrangements for adequacy with PDPA requirements

Telecommunications companies face additional obligations. Under the Investigation Regulations, providers must maintain technical capabilities for lawful interception and cooperate with warranted requests from law enforcement.

Recent Developments (2022-2026)

Tanzania's legal landscape for recording and privacy has shifted substantially in the period since the existing article was last reviewed.

Personal Data Protection Commission launched (April 2024): The PDPC, established under the PDPA 2022, formally launched on April 3, 2024. Two implementing regulations took effect October 28, 2023. The data-controller registration deadline was October 10, 2024. The Commission has begun receiving complaints and conducting outreach, though formal enforcement actions have not yet been widely publicized.

Press freedom deterioration (2024-2025): After initial improvements under President Hassan, press freedom conditions worsened markedly. RSF ranked Tanzania 97th in the 2024 World Press Freedom Index (up from 143rd in 2023 due to early reforms), but journalist Dinna Maningo was arrested in June 2024; newspapers The Citizen and Mwananchi had online licenses suspended; and in June 2025, the government banned X and Jamii Forums during the election campaign. Freedom House's 2025 report documents authorities requiring permits for reporting on police or prison activities.

VPN ban (2024): The government banned unauthorized VPN use in 2024, eliminating an important privacy tool for journalists and activists seeking to communicate or record securely.

Online Content Regulations amendments (2022): G.N. No. 136 of March 18, 2022 amended the 2020 Online Content Regulations under EPOCA. The 2022 amendments reduced licensing fees, removed general social media users from the licensing requirement, and allowed mainstream media to simulcast online. The prohibition on promoting unauthorized recording or interception carried over from the 2020 version.

SIM Card Registration (2020, ongoing): Biometric SIM registration requirements make anonymous phone recording effectively impossible. All mobile subscribers are linked to government-issued identity documents.

Disclaimer

This article presents general legal information about recording laws in Tanzania. It is not legal advice and does not address any individual's specific situation. The laws discussed reflect the statutes, regulations, and other primary authorities in force as of May 15, 2026. Recording laws change; verify the current status of any statute or regulation before acting on information in this article. Consult a lawyer licensed to practice in Tanzania for advice on your specific circumstances.

Authorities Cited

1. Constitution of the United Republic of Tanzania, 1977, Art. 16. https://www.nao.go.tz/uploads/Constitution_of_the_United_Republic_of_Tanzania_en.pdf
2. Electronic and Postal Communications Act (EPOCA) 2010, Cap. 306 (R.E. 2022), s. 120. https://www.tcra.go.tz/uploads/documents/sw-1670493092-The%20Electronic%20and%20Postal%20Communications%20Act%20R_E%202022.pdf
3. Cybercrimes Act 2015, Act No. 14 of 2015, ss. 6, 7, 8, 16, 32. https://tanzlii.org/en/akn/tz/act/2015/14/eng@2015-05-22
4. Personal Data Protection Act 2022, Act No. 11 of 2022. https://www.pdpc.go.tz/media/media/THE_PERSONAL_DATA_PROTECTION_ACT.pdf
5. Electronic and Postal Communications (Investigation) Regulations 2017, Rules 4, 5, 6. https://www.tcra.go.tz/
6. Electronic and Postal Communications (Online Content) Regulations 2020; Amendment Regulations 2022 (G.N. No. 136). https://bowmanslaw.com/insights/tanzania-amendments-to-the-electronic-postal-communications-online-content-regulations/
7. Media Services Act 2016, Act No. 12 of 2016, ss. 19, 35. https://tanzlii.org/akn/tz/act/2016/12/eng@2016-11-18
8. Personal Data Protection (Personal Data Collection and Processing) Regulations 2023; Personal Data Protection (Complaints Settlement Procedures) Regulations 2023. https://www.pdpc.go.tz/en/policies-legislations/regulations/
9. Personal Data Protection Commission of Tanzania (PDPC). https://www.pdpc.go.tz/en/
10. Tanzania Communications Regulatory Authority (TCRA). https://www.tcra.go.tz/
11. Human Rights Watch, "As Long as I am Quiet, I am Safe: Threats to Independent Media and Civil Society in Tanzania" (Oct. 28, 2019). https://www.hrw.org/report/2019/10/28/long-i-am-quiet-i-am-safe/threats-independent-media-and-civil-society-tanzania
12. Article 19, "Tanzania: Cybercrime Act 2015" analysis. https://www.article19.org/resources/tanzania-cybercrime-act-2015/
13. Article 19, "Tanzania: Cybercrimes Act upheld in further blow to free expression." https://www.article19.org/resources/tanzania-cybercrimes-act-upheld-in-further-blow-to-free-expression/
14. Reporters Without Borders (RSF), Tanzania country profile. https://rsf.org/en/country/tanzania
15. Freedom House, Freedom in the World 2025: Tanzania. https://freedomhouse.org/country/tanzania/freedom-world/2025
16. Privacy International, "Right to Privacy in Tanzania" (2017). https://privacyinternational.org/sites/default/files/2017-12/privacy_tanzania.pdf
17. Global Network Initiative, Tanzania Surveillance Framework. https://clfr.globalnetworkinitiative.org/country/tanzania/
18. Clyde & Co, "Tanzania Personal Data Protection Act Overview" (Feb. 2023). https://www.clydeco.com/en/insights/2023/02/tanzania-personal-data-protection-act-of-2022
19. Clyde & Co, "Employer Obligations Under Tanzanian Law" (Mar. 2026). https://www.clydeco.com/en/insights/2026/03/employer-obligations-under-tanzanian-law
20. EAC Eastern Africa Regional Digital Integration Project (EARDIP), cross-border data flow framework. https://www.eac.int/eadrip-news-updates/eardip-press-releases/3434-eac-charts-path-for-secure-cross-border-data-flows