Today Access Now releases a policy brief analyzing draft cybercrime laws in four African Union countries to help legislators meet human rights obligations as they craft laws under the African Union Convention on Cyber Security and Personal Data.
We urge all AU countries to ratify the convention, and to implement it in a way that upholds their obligations under the African Charter on Human and People’s Rights, as well as international human rights law. We also encourage states to aim at a culture of involving the multistakeholder community in public-private partnerships. This simple act of opening up the legislative process can enable development of legislation that protects internet users, ensuring a secure internet without sacrificing human rights.
Specifically, our brief looks at draft laws in Kenya, Ethiopia, South Africa, and Zimbabwe.
We examine:
- Draft Zimbabwe Computer Crime and Cybercrime Law
- Draft Kenyan Computer and Cyber Crimes Bill 2016
- Ethiopia Computer Crime Proclamation 2016
- Draft South African Cybercrimes and Cybersecurity Bill 2015
Background: the African Union Convention on Cyber Security and Personal Data
Leaders in the African Union — a group of 54 African governments launched in 2002 — approved the AU Convention in June of 2014.
The convention covers a broad range of issues, including those important to human rights on the digital age: electronic commerce, data protection, and cybercrime, with a special focus on racism, xenophobia, child pornography, and national cybersecurity.
As of July 2016, eight African nations had signed the convention, including: Benin, Chad, Congo, Guinea Bissau, Mauritania, Sierra Leone, Sao Tome & Principe, and Zambia. Senegal ratified the convention in the July-November period, and remains the first and only AU country to have done so. Once it is deposited for ratification with the AU secretariat, many African nations will enact personal data protection laws for the first time, which would be upheld by new, independent public authorities. This could be a huge boon for users’ control over their private information.
In addition, each state would be required to develop a national cybersecurity strategy, pass cybercrime laws, and ensure that e-commerce is “exercised freely.” This will have a deep impact on digital rights in Africa.
The issues at stake for people in African Union countries
In our analysis of draft cybercrime laws in Kenya, Ethiopia, South Africa, and Zimbabwe, we identified common elements and issues of concern, including:
- Restrictions on whistleblowers and digital security researchers;
- Vague provisions regarding criminal defamation, which are open to abuse;
- Imposition of intermediary liability and criminalization of computer use;
- Data retention mandates;
- Issues surrounding illegally obtained evidence and government hacking;
- Issues surrounding the provision, or lack thereof, of competent judicial authority and due process, user notification, and transparency
What’s next
We need to increase the viability and usability of the internet as a platform for communications in Africa. This will enhance its effectiveness as a driver of commerce, education, health, and development generally. Improving digital security is integral to this effort, helping to expand global access to information and communications technologies
However, improving security entails protecting human rights. When new users connect to the internet, they should connect to a free, open, and secure internet.
You can read the full policy brief here. Access Now will continue to engage with the African Union and countries across the continent to ensure that laws to increase cybersecurity do not undermine human rights.