Back to main site

    What is a Cybercrime?

    Module 7: Cybercrimes


    There is no precise, universal definition of the term ‘cybercrime’.  In general terms, it refers to a crime that is committed using a computer network or the internet.(1) This can cover a wide range of activities, including terrorist activities and espionage conducted with the help of the internet and illegal hacking into computer systems, content-related offences, theft and manipulation of data, and cyberstalking.(2)

    Cybercrimes and cybersecurity are two issues that cannot be separated in an interconnected digital environment.  Cybersecurity, or the management of cybercrimes, refers to the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber-environment and organisational and user’s assets, such as computing devices, applications and telecommunication systems.(3)

    Cybercrimes in International Law

    The African Union (AU) has sought to encourage a continent-wide approach to tackling cybercrimes through the Convention on Cyber Security and Personal Data Protection (known as the Malabo Convention).(4) Because of the cross-border and international nature of cybercrimes, the AU argues that “national legislation cannot be drafted in isolation and national governments must seek to harmonize national legislation, regulations, standards and guidelines on Cybersecurity issues.”(5) However, even the AU itself was the target of a major cyberattack between 2013 and 2017,(6) and the Malabo Convention has been criticised for using vague language which may be open to abuse by states.  An example is the provision that criminalises the use of insulting language.(7)

    Article 25 of the Malabo Convention calls on states to adopt legislation and/or regulatory measures to prosecute cybercrimes.  Nevertheless, the text is clear that such legislation should not infringe on fundamental rights and freedoms:

    “In adopting legal measures in the area of cybersecurity and establishing the framework for implementation thereof, each State Party shall ensure that the measures so adopted will not infringe on the rights of citizens guaranteed under the national constitution and internal laws, and protected by international conventions, particularly the African Charter on Human and Peoples’ Rights, and other basic rights such as freedom of expression, the right to privacy and the right to a fair hearing, among others.”(8)

    The UN General Assembly Resolution on the Creation of a global culture of cyber security also states that:

    “Security should be implemented in a manner consistent with the values recognised by democratic societies, including the freedom to exchange thoughts and ideas, the free flow of information, the confidentiality of information and communication, the appropriate protection of personal information, openness and transparency.”(9)

    The Convention on Cybercrime of the Council of Europe (CETS No.185), known as the Budapest Convention, is the only binding international instrument on cybercrime, and serves as a useful guideline for countries developing cybercrimes legislation.(10)

    Cybercrimes in Domestic Law

    Cybercrime legislation has proliferated across Africa in recent years but, unfortunately, at the time of publication, the Malabo Convention had been ratified by only thirteen of the fifteen states required for it to enter into force.(11)

    In order to ensure that cybercrimes laws do not unnecessarily infringe on the fundamental rights to freedom of expression, privacy and access to information, they should meet the following criteria:

    • Provide narrow, clear and adequate definitions of cybercrimes.
    • Require proof about the likelihood of harm arising from a given criminal activity.
    • Require the nature of the threat to national security resulting from any criminal activity to be identified.
    • Provide for a public interest defence in relation to the obtaining and dissemination of information classified as secret.
    • As a general principle, not impose prison sentences for expression-related offences, except for those permitted by international legal standards and with adequate safeguards against abuse.(12)


    1. Article 19, ‘Freedom of Expression and ICTs: overview of international standards’ at p 25 (2018) (accessible at: Back
    2. Id. Back
    3. Institute for Security Studies, Karen Allen ‘Is Africa cybercrime savvy?’ (2019) (accessible at: Back
    4. African Union, ‘A global approach on Cybersecurity and Cybercrime in Africa’ at p 9 (accessible at: at p.3. Back
    5. Le Monde, ‘A Addis-Abeba, le siège de l’Union africaine espionné par Pékin’ (2018) (accessible at: Back
    6. African Union ‘Convention on Cyber Security and Personal Data Protection’ Article 3(g) (2014) (accessible at: Back
    7. Id. Back
    8. UN General Assembly, Fifty-seventh session, ‘Resolution on the Creation of a global culture of cyber security, at p 3 (accessible at: Back
    9. Council of Europe, ‘Budapest Convention and Related Standards’, (accessible at: Back
    10. African Union, ‘List of countries which have signed, ratified/accede to the African Union Convention on Cybersecurity and Personal Data Protection,’ (2022) (accessible at: Back
    11. Media Defence, ‘Training manual on digital rights and freedom of expression online, at pp 62 (2020) (accessible at: Back