Guideline 10 (g) of the Outsourcing Guidelines for Banks and Financial Institutions stipulates that banks and financial institutions are prohibited from outsourcing their primary data centres to locations outside the country. In addition, Art. 42 of the Payment Systems Licensing and Approval Regulations requires a payment system provider to place its primary data centre in relation to payment system services in Tanzania.

Sections 31 and 32 of the Personal Data Protection Act permit the transfer of personal data outside Tanzania only on the following circumstances: a) to a country with an adequate personal data protection legal system (i.e. essentially equivalent levels of protection to that within Tanzania) provided the recipient has proven (i) such transfer is necessary for important reasons of public interest or any other legitimate purpose or (ii) the importance of the transfer and there is no reason to assume that the transfer or processing in the recipient country may prejudice the subject's legitimate interests. The data collector or processor must carry out a prior data protection impact assessment on the need to transfer personal data and ensure the recipient of the data only processes the relevant information in the data and for the purpose for which the data was transferred; b) to any other country with appropriate safeguards on the security and protection of personal data provided the data is transferred to be processed for a purpose approved by the data subject, unless the data subject has consented to such transfer, or the transfer is necessary:
- For the performance of a contract between the data subject and the data collector or the implementation of pre-contractual measures taken at the request of the data subject.
- For the conclusion or performance of a contract concluded or to be concluded in the interest of the data subject between the collector and another person.
- For any public interest or the establishment, exercise or defence of a legal claim.
- To protect the vital interests of the data subject.
- In accordance with a law aimed at giving information to the public, which affords an opportunity for public consultation in general or anyone with a legitimate interest to submit their comments in accordance with a procedure laid down by law.

Tanzania has not joined any free trade agreement committing to open transfers of cross-border data flows.

The Personal Data Protection Act provides a comprehensive regime of data protection in Tanzania. It contains detailed provisions imposing obligations on data controllers and data processors, including requirements associated with data security and international data transfers, and establishes the Personal Data Protection Commission.

Tanzania has not signed the World Intellectual Property Organization (WIPO) Copyright Treaty.

Section 13 of the Online Content Regulations (2020) requires internet cafe operators to:
- keep a proper service user register and ensure every person using internet service is registered upon showing a recognised identity card;
- install surveillance cameras to record and archive activities inside the cafe.
The images recorded by a surveillance camera and the register of users recorded shall be kept for a period of 12 months.

Tanzania has not signed the World Intellectual Property Organization (WIPO) Performances and Phonograms Treaty.

According to the Electronic and Postal Act of 2010, the licensee of a telecommunications licence is required to store subscriber communication data for one month, after which the data must be submitted to the Tanzania Communications Regulatory Authority. Section 91 specifies that: "(1) There shall be a database kept within the Authority in which all Subscriber Information shall be stored. (2) The Authority shall be responsible for monitoring and supervising the information stored under sub-section (1). (3) Every application services licensee shall be required to submit to the Authority, once a month, a list containing its subscribers' information. (4) The Authority shall issue guidelines on the details of subscriber information to be submitted."

Tanzania does not have a comprehensive framework in place that provides effective protection of trade secrets. It is reported that the protection of trade secrets is mostly by way of common law and equity in the form of judicial decisions.

Section 27.3 of the Personal Data Protection Act requires that either the data collector or the data processor must appoint a personal data protection officer who will ensure the security of the data.

It is reported that there is an obligation for passive infrastructure sharing in Tanzania to deliver telecom services to end users. It is practised in both the mobile and fixed sectors based on commercial agreements.

Sections 34 and 35 of the Cybercrimes Act allow a police station or a law enforcement officer to collect or record traffic or content data associated with a specified communication during a specified period without a court order. Section 32 states that "(1) Where the disclosure of data is required for the purposes of a criminal investigation, or the prosecution of an offence, a police officer in charge of a police station or a law enforcement officer of a similar rank may issue an order to any person in possession of such data compelling him to disclose such data."

Section 22 of the Electronic and Postal Communications (Licensing) Regulations stipulates that foreign investment in the telecommunications sector is restricted to a maximum of 75%

TTCL (Tanzania Telecommunications Company Limited) is a state-owned telecommunications company in Tanzania that offers fixed-line, mobile, broadband internet, and data services. The company also has a fibre optic network throughout the country, enabling it to offer high-speed connectivity services to businesses and homes. TTCL has been a key player in the expansion of Tanzania's telecommunications infrastructure and the promotion of internet access and other telecommunications services throughout the country.
TTCL was privatised in February 2001, when a Consortium MSI of the Netherlands and Detecon of Germany acquired 35% shares of the company from the Government of Tanzania. However, the Government of Tanzania fully repossessed TTCL ownership by 100% from June 2016. Tanzanian government owns 40% of Bharti Airtel. The Government of Zanzibar (a partly self-governing state in Tanzania) owns a 15% stake in Zanzibar Telecom (Zantel).
It is reported that the government's effort to privatise TTCL has stalled. TTCL has been given management of the national fibre backbone and will service all districts; private operators must contract for service with TTCL. In addition, investors report that though the government has authorised some private companies to build terrestrial fibre networks, governing regulations remain unclear and inconsistently applied.

It is reported that Tanzania mandates functional and accounting separation for operators with significant market power (SMP) in the telecom market.