Trends in Africa
Module 7: Cybercrimes
The AU has previously noted that:
“[T]he rapid pace of innovation in the ICT sector can result in gaps in the legislative and regulatory cybersecurity framework since the challenge for the legislator is the delay in the recognition of the new types of offences and the adoption of amendments to the applicable legislation.”(1)
As a result, many African governments have been keenly adopting new cybercrime legislation in an attempt to keep pace and to continue to protect against crimes committed online. Currently, at least 39 African states have basic cybercrime legislation either fully or partially in place, though many are missing implementing regulations.(2)
However, cybercrimes legislation is increasingly being used to unjustly regulate internet content as well, including undesirable criticism or dissent. Access Now notes that one of the main concerns about the plethora of laws that are currently being enacted to regulate cybercrimes — whilst there may be a legitimate aim in doing so — is that many of them lack clear definitions and are susceptible to being used to regulate online content and restrict freedom of expression.(3)
This is a growing concern among human rights defenders as many have been subjected to a wave of arrests and convictions in what is an escalating assault on freedom of expression by cybercrime laws. Many of the laws are vague and overbroad, lacking clear definitions, leaving them open to arbitrary and subjective interpretation.
For example, Nigeria’s Cybercrime Act of 2015 has been widely criticised for being used to suppress dissent and silence the media.(4) The Committee to Protect Journalists states that in just the first year of the law being in force, five bloggers who criticised politicians and businesspeople online and through social media were accused of the crime of cyberstalking under the new law, which carries a fine of up to 7 million naira (USD$22 000) and a maximum jail term of three years. According to Paradigm Initiative Nigeria, it gives law enforcement “extensive powers to hold personal data without corresponding liability” and has “no provision… to seek redress.”(5) It also makes the all-too-common error of using vaguely defined “national security” as a justification for outlawing a wide range of online activities.(6) In 2020, the ECOWAS Community Court of Justice (ECOWAS Court) ruled that section 24 of the Act — which criminalises the sending of grossly offensive, indecent, or false messages — did not align with Nigeria’s obligations under the African Charter and the ICCPR, and ordered Nigeria to repeal or amend the law.(7)
Other common problematic clauses in cybercrimes legislation include those that criminalise the “creation of sites with a view to disseminating ideas and programmes contrary to public order or morality”, “broadcasting information to mislead security forces”, “publication of false information,” and more.(8) Recently, Zimbabwe, Eswatini, Tanzania, Zambia, Uganda, Rwanda, and Malawi have recently passed cybercrimes legislation.(9) Zambia’s Cyber Security and Cyber Crimes Act is currently being challenged at the Constitutional Court by a group of civil society organisations alleging that it contains provisions that threaten the right to protection of the law and the right to freedom of expression.(10)
In the case of Andare v Attorney General of Kenya,(11) the High Court of Kenya emphasised that the state has a duty to demonstrate that cybercrimes laws are permissible in a free and democratic society, to establish the relationship between the limitation and its purpose, and to show that there were no less restrictive means to achieve the purpose intended.(12)