Back to main site
Back to main site

      Trends in Africa

      Module 7: Cybercrimes

      The AU has previously noted that:

      “[T]he rapid pace of innovation in the ICT sector can result in gaps in the legislative and regulatory cybersecurity framework since the challenge for the legislator is the delay in the recognition of the new types of offences and the adoption of amendments to the applicable legislation.”(1)

      As a result, many African governments have been keenly adopting new cybercrime legislation in an attempt to keep pace and to continue to protect against crimes committed online. Currently, at least 39 African states have basic cybercrime legislation either fully or partially in place, though many are missing implementing regulations.(2)

      However, cybercrimes legislation is increasingly being used to unjustly regulate internet content as well, including undesirable criticism or dissent. Access Now notes that one of the main concerns about the plethora of laws that are currently being enacted to regulate cybercrimes — whilst there may be a legitimate aim in doing so — is that many of them lack clear definitions and are susceptible to being used to regulate online content and restrict freedom of expression.(3)

      This is a growing concern among human rights defenders as many have been subjected to a wave of arrests and convictions in what is an escalating assault on freedom of expression by cybercrime laws. Many of the laws are vague and overbroad, lacking clear definitions, leaving them open to arbitrary and subjective interpretation.

      For example, Nigeria’s Cybercrime Act of 2015 has been widely criticised for being used to suppress dissent and silence the media.(4) The Committee to Protect Journalists states that in just the first year of the law being in force, five bloggers who criticised politicians and businesspeople online and through social media were accused of the crime of cyberstalking under the new law, which carries a fine of up to 7 million naira (USD$22 000) and a maximum jail term of three years. According to Paradigm Initiative Nigeria, it gives law enforcement “extensive powers to hold personal data without corresponding liability” and has “no provision… to seek redress.”(5) It also makes the all-too-common error of using vaguely defined “national security” as a justification for outlawing a wide range of online activities.(6) In 2020, the ECOWAS Community Court of Justice (ECOWAS Court) ruled that section 24 of the Act — which criminalises the sending of grossly offensive, indecent, or false messages — did not align with Nigeria’s obligations under the African Charter and the ICCPR, and ordered Nigeria to repeal or amend the law.(7)

      Other common problematic clauses in cybercrimes legislation include those that criminalise the “creation of sites with a view to disseminating ideas and programmes contrary to public order or morality”, “broadcasting information to mislead security forces”, “publication of false information,” and more.(8) Recently, Zimbabwe, Eswatini, Tanzania, Zambia, Uganda, Rwanda, and Malawi have recently passed cybercrimes legislation.(9) Zambia’s Cyber Security and Cyber Crimes Act is currently being challenged at the Constitutional Court by a group of civil society organisations alleging that it contains provisions that threaten the right to protection of the law and the right to freedom of expression.(10)

      In the case of Andare v Attorney General of Kenya,(11) the High Court of Kenya emphasised that the state has a duty to demonstrate that cybercrimes laws are permissible in a free and democratic society, to establish the relationship between the limitation and its purpose, and to show that there were no less restrictive means to achieve the purpose intended.(12)

      Download module

      Footnotes

      1. African Union, ‘A global approach on Cybersecurity and Cybercrime in Africa’ at p 9 (accessible at: https://au.int/sites/default/files/newsevents/workingdocuments/31357-wd-a_common_african_approach_on_cybersecurity_and_cybercrime_en_final_web_site_.pdf) at p.3. Back
      2. UNCTAD above n 17. Back
      3. Access Now, ‘When “cybercrime” laws gag free expression: stopping the dangerous trend across MENA’ (2018) (accessible at: https://www.accessnow.org/when-cybercrime-laws-gag-free-expression-stopping-the-dangerous-trend-across-mena/). Back
      4. Committee to Protect Journalists, Peter Nkanga ‘How Nigeria’s cybercrime law is being used to try to muzzle the press’ (2016) (accessible at: https://cpj.org/2016/09/how-nigerias-cybercrime-law-is-being-used-to-try-t/). Back
      5. Id. Back
      6. OrderPaper, ‘Tomiwa Ilori, The Nigerian Cybercrimes Act 2015: Is It Uhuru Yet?’ (accessible at: http://www.orderpaper.ng/nigerian-cybercrimes-act-2015-uhuru-yet/). Back
      7. The Incorporated Trustees of Laws and Rights Awareness Initiatives v Nigeria, ECOWAS Court Suit No. ECW/CCJ/APP/53/2018 (2020) (accessible at: http://www.courtecowas.org/wp-content/uploads/2020/09/JUD_ECW_CCJ_JUD_16_20.pdf). Back
      8. Id at p 8. Back
      9. Media Defence, ‘Mapping Digital Rights and Online Freedom of Expression Litigation in East, West and Southern Africa,’ (2020) (accessible at: https://www.mediadefence.org/resource-hub/resources/mapping-digital-rights-and-online-freedom-of-expression-litigation-in-east-west-and-southern-africa/). Back
      10. MISA-Zimbabwe, ‘Zambia’s newly enacted cybercrime law challenged in court,’ (2021) (accessible at: https://zimbabwe.misa.org/2021/04/06/zambias-newly-enacted-cybercrime-law-challenged-in-court/). Back
      11. High Court of Kenya at Nairobi, Petition No. 149 of 2015 (2015) (accessible at: http://kenyalaw.org/caselaw/cases/view/121033/). Back
      12. See also, Shreyal Singh v India, Writ 167 of 2012 (accessible at: https://globalfreedomofexpression.columbia.edu/wp-content/uploads/2015/06/Shreya_Singhal_vs_U.O.I_on_24_March_2015.pdf). Back