Introduction

On November 30, at the sidelines of the Global Conference on Cyber Capacity Building (GC3B) in Accra, Ghana, the International Press Institute, Global Partners Digital, and the Media Foundation for West Africa (MFWA) hosted a side event under the theme: Cybercrime laws and regulations: implications for press freedom and human rights in Africa. 

In attendance were individuals from the private sector, government, and civil society organizations across the world including from countries like Ghana, Nigeria, Kenya, Zimbabwe, Uganda, Botswana, Egypt, Mexico, Peru, and the United Kingdom.

This meeting unpacked various provisions in cybercrime legislation in different countries in the region and discussed the need to balance internet and digital regulation with promoting fundamental rights. Participants also explored the areas of collaboration and coordination with different partners across different sectors.

The event featured four expert panellists:

  • Grace Githaiga, CEO, Kenya ICT Action Network, Kenya
  • Josephine Miliza,  Africa Policy Coordinator at APC, Kenya
  • Obioma Okonkwo, Legal Head at Media Rights Agenda, Nigeria
  • Allen Sempala Kigozi, Head of Legal at Unwanted Witness, Uganda

The discussion was moderated by IPI Africa Advocacy and Partnerships Lead Nompilo Simanje.

Participants at the roundtable discussion on Cybercrime laws and regulations: implications for press freedom and human rights in Africa. Photo: IPI

Summary: The threat from cybercrime laws

Josephine Miliza who works with community networks in Africa, as part of an initiative to promote access to the Internet and access to information in rural and marginalized communities, shared her insights on the issue of regulation. She highlighted that some of the approaches to regulation can be rigid and stifle innovation. At the same time, rural and marginalized communities are at higher risk of being victims of cybercrime due to limited digital literacy. She highlighted the importance of promoting the principles of openness, inclusivity, and free flow of information when considering cybercrime and cybersecurity regulation. Josephine also highlighted the need for the private sector to be consistent in issuing transparency reports, and also to ensure that in their engagements with governments, they also emphasize the need to ensure that human rights are not compromised.

Obioma Okonkwo highlighted that cybercrime laws across the region of Africa have been couched in a way that creates avenues for stifling freedom of expression instead of providing mechanisms to prevent and mitigate cybercrimes and promote online safety for the citizens. She highlighted that cybercrime laws in the region have been used to target journalists who have dissenting voices and have been exposing government officials of their corrupt activities. Some of the provisions in cybercrime laws pertain to publishing falsehoods, which goes against international standards on the criminalization of false information.

Examples were shared of the Nigeria cybercrime law and the Benin Digital Code as some of the pieces of legislation that should be reviewed and aligned to international standards for the protection of free expression and media freedom.

Reference was made to the case of Benin journalist Ignace Sossou who was arrested in December 2019, following the publishing of a tweet and he was detained for about 18 months in prison.

In May 2022, Ghanaian journalist Noah Dameh was also arrested and charged with false publication following a Facebook post on a story that involved a company called ElectroChem Ghana Limited.

Another example was the case of Nigerian journalist Agba Jalingo who was arrested, detained, and tortured for 34 days for allegedly violating Section 24 of the Nigeria Cybercrimes Act on publishing falsehoods.

In August 2022, two Zimbabwean journalists were also arrested for violating Section 164C of the Cyber and Data Protection Act stemming from their court reporting which was alleged to have propagated false data messages.

Of note, was the emphasis that most of the provisions in cybercrime laws in the region are very broad and vague which creates loopholes that permit the laws to be abused to the detriment of fundamental rights.

Allen Sempala Kigozi echoed sentiments that had been earlier shared in the room that the introduction of cyber laws has been more restrictive than enabling drawing from experiences in Uganda. This is also coupled with other laws like the Interception of Communication Act and Data Protection laws. Sempala noted that the ambiguity of data protection laws in Africa makes it difficult to draw the line between protecting privacy and enabling investigative journalism therefore making it hard for journalists to freely undertake their work.

In January 2023, the Court in Uganda declared Section 25 of the Computer Misuse Act to be unconstitutional.

Grace Githaiga indicated that balancing cybercrime regulation with the promotion of fundamental human rights does pose some tension between civil society and government. However, drawing from KICTANET’s experience in Kenya she highlighted that it is important to continue engaging government officials, building relationships, and documenting the areas that the government should address. She also highlighted that in addition to false news provisions, insult laws are also being resuscitated in cybercrime laws, and in Kenya, a blogger was once arraigned before the court for allegedly insulting the president in violation of the cybercrime law.

It was, however, highlighted that in the case of Kenya, the Ministry of ICT recently set up a task force to review some media and communication laws which presents an opportunity to push for legal reform.

One problematic aspect that was raised in this discussion was the aspect that in other countries the custodian of the cybercrime laws would be the Ministry of National Security instead of the Ministry of ICTs. This results in national security taking priority over general online safety of citizens and the creation of an enabling environment for them to exercise their digital rights.

From the regional context, reference was made to the Africa Convention on Cybercrime and Protection of Personal Information (Malabo Convention) which was adopted in 2014 and only came into force in 2023. The participants acknowledged that due to the 9-year gap from the time the Convention was adopted to when it came into force, there would be a need to review and update the Convention.

Looking at the international landscape, the U.N. Cybercrime Treaty was also unpacked, with participants sharing concerns that if the treaty is adopted in its current form, with the latest draft having been published in November 2023, it will create a tool for authoritarian governments in Africa to undermine fundamental rights. It was highlighted that the Treaty has provisions that will endanger journalists and human rights defenders. It was also noted that if governments ratify and domesticate the Treaty with its current provisions then this will take away some of the gains that have been made towards rights-respecting legislation.

One of the key questions that was asked was whether there is a need for a UN Cybercrime Treaty considering that there already is the Malabo Convention at the African regional level and also the Budapest Convention.

It was recommended that an assessment should be made of the power being given to government authorities and how such power can potentially be misused. It was also highlighted that there is no consensus on what cybercrimes are, hence making it difficult to specifically propose other viable solutions apart from criminalization of conduct and overregulation of the digital landscape. The classification of offenses should also be reviewed, especially the aspects on terrorism. Further, it was also suggested a mechanism for the implementation of the UN Cybercrime Treaty should be developed and also ensure that it is clarified that the Convention will act as a guide that enables countries to define their approach.

One of the key aspects raised was also the importance of assessing the practicalities of the UN Cybercrime Treaty for the African region especially considering that the region is still lagging on several aspects. It was noted that some countries still do not have National cybersecurity strategies or National Cybersecurity Emergency Response task forces.

As the UN Cybercrime Treaty is due to be deliberated sometime in January 2024, it was agreed that there is a need to fast-track advocacy interventions including spotlighting cybercrime laws in the various countries and their impact. This will serve to give a clear picture of the potential impact of an international convention like the UN Cybercrime Treaty.

IPI Africa Advocacy and Partnerships Lead Nompilo Simanje moderates the discussion around cybercrime laws. Photo: IPI.

Recommendations 

  • There is a need to undertake human rights impact assessments of cybercrime laws in the region
  • Media practitioners should report extensively on how cybercrime laws in the region are impacting them and their capacity to undertake their professional duties and exercise their right to seek, receive, and impart information
  • Some provisions in the UN Cybercrime Treaty should be reviewed, and narrowly defined, while the regulation of terrorism should not be the anchor of the treaty as anti-terrorism laws have also been enforced in a manner that undermines fundamental rights and shrinks the civic space
  • Civil society organizations and academia should undertake research that can build the capacity of governments and assist in informing their policy positions
  • Legislation on cybercrime should also be viewed from a gender impact perspective and ensure that analysis is made of how it will potentially be used to prosecute people
  • Identify, document, and report on best practices drawn from how other countries have positively implemented their cybercrime legislation while respecting human rights
  • There is a need for civil society organizations from the region to also contribute to the deliberations on the UN Cybercrime Treaty and engage delegates representing the various countries for example through the sessions of the Ad Hoc Committee and also session of the Open Ended Working Group
  • Utilize multistakeholder platforms like the GFCE Africa Hub to highlight the implications of current cybercrime laws in the region and the potential impact of the proposed UN Cybercrime Treaty
  • Civil society organizations should ensure buy-in from countries with a record of promoting human rights to engage fellow governments on rights respecting cybersecurity policies
  • While the government’s role is to regulate it is necessary to undertake balanced regulation and also create an enabling environment for civil society to operate
  • The private sector also has an opportunity to demonstrate how human rights violations impact their sector

Conclusions 

In conclusion, it was agreed that three critical questions should be answered by stakeholders like civil society, government, and the private sector to inform the way forward not only concerning the national laws but also the UN Cybercrime treaty. The questions that must be considered when approaching cybercrime legislation:

  • Why does our government want this cybersecurity law or the UN Cybercrime Treaty?
  • What are the problems or challenges that this law or Treaty intends to address?
  • Is the current or proposed law or the Treaty going to help to address the existing problem or will it potentially be used to restrict fundamental rights?

 

This event was supported by a grant from the Federal Ministry for European and International Affairs of the Republic of Austria. IPI’s wider Africa program work is supported by the Government of Canada’s Office of Human Rights, Freedoms and Inclusion (OHRFI).