Trends in Africa
Module 7: Cybercrimes
As the AU notes in the ‘Common Approach on Cybersecurity and Cybercrimes’:
“[T]he rapid pace of innovation in the ICT sector can result in gaps in the legislative and regulatory cybersecurity framework since the challenge for the legislator is the delay in the recognition of the new types of offences and the adoption of amendments to the applicable legislation.”(1)
As a result, many African governments have been keenly adopting new cybercrimes legislation in an attempt to keep pace and to continue to protect against crimes committed online. There are currently at least 41 African states that have basic cybercrimes legislation either fully or partially in place, though many are missing implementing regulations.(2)
However, cybercrimes legislation is increasingly being used to unjustly regulate internet content as well, including undesirable criticism or dissent. Access Now notes that one of the main concerns about the plethora of laws that are currently being enacted to regulate cybercrimes — whilst there may be a legitimate aim in doing so — is that many of them lack clear definitions and are susceptible to being used to regulate online content and restrict freedom of expression.(3)
This is a growing concern among human rights defenders as many have been subjected to a wave of arrests and convictions in what is an escalating assault on freedom of expression by cybercrime laws. Many of the laws are vague and overbroad, lacking clear definitions, leaving them open to arbitrary and subjective interpretation.
For example, Nigeria’s Cybercrime Act of 2015 has been widely criticised for being used to suppress dissent and silence the media.(4) The Committee to Protect Journalists states that in just the first year of the law being in force, five bloggers who criticised politicians and businesspeople online and through social media were accused of the crime of cyberstalking under the new law, which carries a fine of up to 7 million naira (USD$22 000) and a maximum jail term of three years. According to Paradigm Initiative Nigeria, it gives law enforcement “extensive powers to hold personal data without corresponding liability” and has “no provision… to seek redress.”(5) It also makes the all-too-common error of using vaguely defined “national security” as a justification for outlawing a wide range of online activities.(6)
Other common problematic clauses in cybercrimes legislation include those that criminalise the “creation of sites with a view to disseminating ideas and programmes contrary to public order or morality”, “broadcasting information to mislead security forces”, “publication of false information,” and more.(7)
In the case of Andare v Attorney General of Kenya,(8) the High Court of Kenya emphasised that the state has a duty to demonstrate that cybercrimes laws are permissible in a free and democratic society, to establish the relationship between the limitation and its purpose, and to show that there were no less restrictive means to achieve the purpose intended.(9) Unfortunately, too few states in Africa have so far taken this approach.