2013 Africa Union Framework for Cyber security in Africa



Similar documents
DRAFT AFRICAN UNION CONVENTION ON THE ESTABLISHMENT OF A LEGAL FRAMEWORK CONDUCIVE TO CYBER SECURITY IN AFRICA

Cyber Stability 2015 Geneva, 09 July African Union Perspectives on Cybersecurity and Cybercrime Issues.

AFRICAN UNION CONVENTION ON CYBER SECURITY AND PERSONAL DATA PROTECTION EX.CL/846(XXV)

Diversity of Cultural Expressions INTERGOVERNMENTAL COMMITTEE FOR THE PROTECTION AND PROMOTION OF THE DIVERSITY OF CULTURAL EXPRESSIONS

ATLANTA DECLARATION AND PLAN OF ACTION FOR THE ADVANCEMENT OF THE RIGHT OF ACCESS TO INFORMATION

GUIDELINES ON COMPLIANCE WITH AND ENFORCEMENT OF MULTILATERAL ENVIRONMENTAL AGREEMENTS

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

CYBER SECURITY STRATEGY OF THE CZECH REPUBLIC FOR THE PERIOD

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT

Declaration of Internet Rights Preamble

CYBER SECURITY LEGISLATION AND POLICY INITIATIVES - UGANDA CASE

Standing Committee on Copyright and Related Rights

Cyber Security Strategy of Georgia

Criminal Justice Sector and Rule of Law Working Group

How To Write A Cyber Security Convention In Africa

CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE

The Romanian Parliament adopts the present law. Chapter I: General Provisions

COMMUNIQUE. AFRICAN ICT MINISTERIAL ROUND-TABLE ON 42 nd MEETING OF ICANN. Hotel Méridien Dakar, SENEGAL. 21 Octobre 2011

Multilateral Legal Responses to Cyber Security in Africa: Any Hope for Effective International Cooperation?

7.0 Information Security Protections The aggregation and analysis of large collections of data and the development

Draft WGIG Issues Paper on Spam

CYBERCRIME AND THE LAW

-«Trustee Authority»: Entity that defines and regulates the conditions of assignment and use of Domain Names, applying to each particular Extension.

UNDERSTANDING REGARDING NOTIFICATION, CONSULTATION, DISPUTE SETTLEMENT AND SURVEILLANCE

Personal Data Act (1998:204);

DATA PROTECTION LAWS OF THE WORLD. India

Regulations of the Audit and Compliance Committee of Gamesa Corporación Tecnológica, S.A.

National Cyber Security Policy -2013

CROATIAN PARLIAMENT 1364

engagement will not only ensure the best possible law, but will also promote the law s successful implementation.

Life Insurance Charter of Quality

DRAFT BILL. The PRESIDENT OF THE REPUBLIC To be known that the National Congress decrees and I sanction the following Law.

UNIÃO AFRICANA Addis Ababa, Ethiopia, P.O. Box: 3243 Tel.: (251-11) Fax: (251-11)

Life Insurance Charter of Quality

DRAFT BILL PROPOSITION

OPTIONAL PROTOCOL TO THE CONVENTION ON THE RIGHTS OF THE CHILD ON THE INVOLVEMENT OF CHILDREN IN ARMED CONFLICT

Public Consultation On Draft Resolution to Issue Anti-SPAM Regulations

Credit Union Code for the Protection of Personal Information

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information

Michael Yakushev PIR-Center, Moscow (Russia)

Philippines Philippines Philippinen. Report Q173. in the name of the Philippine Group

OF THE REPUBLIC OF ARMENIA ON LIMITED LIABILITY COMPANIES

Policy on the Security of Informational Assets

THE FORTY RECOMMENDATIONS OF THE FINANCIAL ACTION TASK FORCE ON MONEY LAUNDERING

PERMANENT COURT OF ARBITRATION OPTIONAL RULES FOR ARBITRATING DISPUTES BETWEEN TWO STATES

Under European law teleradiology is both a health service and an information society service.

RE: Comments on Vietnam s Draft Law on Information Security, version 2.22

REPUBLIC OF ARMENIA LAW ON COMBATING MONEY LAUNDERING AND TERRORISM FINANCING

Online Security, Traffic Data and IP Addresses. Review of the Regulatory Framework for Electronic Communications

EBA FINAL draft Regulatory Technical Standards

Federation of Law Societies of Canada

The Asian Bankers Association (ABA) And Formal Workout Regime

Council of the European Union Brussels, 26 June 2015 (OR. en)

DEMOCRATIC REPUBLIC OF TIMOR-LESTE NATIONAL PARLIAMENT

Internet Technical Governance: Orange s view

BASEL CONVENTION ON THE CONTROL OF TRANSBOUNDARY MOVEMENTS OF HAZARDOUS WASTES AND THEIR DISPOSAL

Human Services Quality Framework. User Guide

Docket No. DHS , Notice of Request for Public Comment Regarding Information Sharing and Analysis Organizations

GARANTE PER LA PROTEZIONE DEI DATI PERSONALI WHEREAS

PROMOTION AND PROTECTION OF INVESTMENT BILL

DEPARTMENT OF HUMAN RESOURCES, SCIENCE AND TECHNOLOGY

THE CONCEPT of State Migration Policy

St. Peter s C.E. Primary School Farnworth , Internet Security and Facsimile Policy

technical factsheet 176

Freedom of information guidance Exemptions guidance Section 41 Information provided in confidence

ANNEX FRAMEWORK OF COOPERATION FOR AFRICA TURKEY PARTNERSHIP

Re: RIN 3235-AL13 - Notice of Proposed Rulemaking: Clearing Agency Standards for Operation and Governance (File Number )

Convention on the Promotion of a Transnational Long-term Voluntary Service for Young People

H. R SEC DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION.

Federation of Law Societies of Canada. Ottawa, November 26, 2013

RECOMMENDED CHARTER FOR THE IDENTITY ECOSYSTEM STEERING GROUP

How To Stop Spam

ADDENDUM TO ADMINISTRATIVE SERVICES AGREEMENT FOR HIPAA PRIVACY/SECURITY RULES

THE EUROPEAN LAW INSTITUTE (ELI)

Kenya s Presentation to CAFRAD Conference of ICT Security and Defence Experts Tangier, Morocco, June 2014

ICC Guidelines on Whistleblowing

Table of contents: ***

Mapping of outsourcing requirements

PROTECTION OF PERSONAL INFORMATION BILL

Universal Declaration on Bioethics and Human Rights

Vienna Convention on Succession of States in respect of Treaties

Information and Observations on the Scope and Application of Universal Jurisdiction. Resolution 65/33 of the General Assembly

Daniel Castro. Senior Analyst. Information Technology and Innovation Foundation (ITIF)

Taking care of what s important to you

ICMA Private Wealth Management Charter of Quality

PROTECTION OF PERSONAL INFORMATION

* * * Initial Provisions for. CHAPTER [ ] - Regulatory Cooperation

Charter of Consumer Rights in the Digital World

Second Cyber Security Summit, November 11, 2013 in Bonn Final communique

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

UNCCT International Conference on National and Regional Counter- Terrorism Strategies Bogota, Colombia 31 January - 1 February 2013

Conference of the States Parties to the United Nations Convention against Corruption

Binding Corporate Rules ( BCR ) Summary of Third Party Rights

UNMIK REGULATION NO. 2003/37 ON THE PROMULGATION OF THE LAW ON POSTAL SERVICES ADOPTED BY THE ASSEMBLY OF KOSOVO

Acceptable Use Policy and Terms of Service

SELF-REGULATION RULES OF THE ASSOCIATION ROMANDE DES INTERMÉDIAIRES FINANCIERS (ARIF)

Practice Note. 10 (Revised) October 2010 AUDIT OF FINANCIAL STATEMENTS OF PUBLIC SECTOR BODIES IN THE UNITED KINGDOM

Ouagadougou Action Plan to Combat Trafficking In Human Beings, Especially Women and Children

Advance copy of the authentic text. The copy certified by the Secretary-General will be issued at a later time.

Accreditation by Overseas Qualification, Professional Association Membership or Advanced Standing

Transcription:

Contributions by DotConnectAfrica 2013 Africa Union Framework for Cyber security in Africa Comments to the DRAFT AFRICAN UNION CONVENTION ON THE ESTABLISHMENT OF A CREDIBLE LEGAL FRAMEWORK FOR CYBER SECURITY IN AFRICA

Executive Summary The rapid development of ICT and its penetration in all sectors of the economies and especially Africa is a progress that must be appreciated, catalyzed and encouraged. With the increase in online dependence of ICT, there also comes the proliferation of cyber crime and thus necessitating the strengthening of cyber security measures as well as establishment of cyber legislations. It s our hope that the proposed Convention on Cyber Security will be prepared in a multistakeholder model that will include all the voices in order to develop proper mechanism to contribute to the preservation of the institutional, human, financial, technological and informational assets and resources put in place by institutions to achieve their objectives and embraces important elements of electronic commerce and the protection of personal data. Introduction of DotConnectAfrica DotConnectAfrica (DCA) is a not-for-profit, non-partisan organization that has its base of operation in Nairobi, Kenya and headquartered in I/F River Court 6th Denis Street Port Louis, Mauritius, Africa, Reg.ID CT8710DCA90). Its main charitable objects are: (a) for the advancement of education in information technology to the African society; and (b) in connection with (a) to provide the African society with a continental Internet domain name to have access to Internet services for the people of Africa as a purpose beneficial to the public in general. DCA is well represented in Addis Ababa Ethiopia, Nigeria, South Africa, London United Kingdom, and California, USA. DotConnectAfrica (DCA) has been spearheading the proposed new Top Level Domain (TLD).africa (DotAfrica) Initiative since 2006. DotAfrica is one of the new generic Top Level Domains (gtlds) that will be delegated into the root zone of the Internet Domain Name Structure (DNS) by the Internet Corporation of Assigned Names and Numbers (ICANN), a US-based institution that is at the apex of Global Internet Governance. As an independent Non-Profit, non-partisan entity, DCA Trust intends to utilize surplus proceeds from the registry operation accruing to the Trust Fund for Charitable projects. Funds will be regularly allocated to different corporate social responsibility programs. Specific projects will be identified, and supported. As the first gtld for Africa, it will aim at bridging the digital divide that exists between other regions of the Internet community and Africa by promoting the use of ICT for development.

Preamble: The Draft Convention should lay a background for the African states to review their legislations on cyber security. ICT is becoming a key element and player in the development of a nation and more importantly day to day running of institutional mandates. Businesses play a key role in deriving and generating revenue that is used to run governmental affairs, this affects how tax regimes and systems must be properly instituted to match the changing commercial sector that is increasingly dependent on ICT and most importantly mobile online transactions. Africa is growing into this important technology, ICT comes with several critical issues that must be addressed for proper operations that can curb issues such as cyber crime that includes fraud, impersonation, spam among many others. Interventions that are of a continental or global levels that require signing of such conventions must be properly drafted and understood by all the stakeholders, this includes the governments, businesses, academia and citizens, this will provide a harmonized treaty that will at least not overlook critical existing individual government legislations nor contradict them. Electronic commerce organization, personal data protection, cyber security promotion and cyber crime control are the most important factors of the online economy and while it s critical to create harmonized continental legislation it s important that the personal data and privacy is protected as the bottom line.

Recommendations on select sections of the draft legislations. 3) Objective and goal The objective of the Convention on Cyber Security is to contribute to the preservation of the institutional, human, financial, technological and informational assets and resources put in place by institutions to achieve their objectives. The Convention embodies the treatment of cyber crime and cyber security in its strict sense, but is not confined solely to these elements. It also embraces important elements of electronic commerce and the protection of personal data. Its ultimate goal is eminently protective given that it is geared to protecting: Institutions against the threats and attacks capable of endangering their survival and efficacy; The rights of persons during data gathering and processing against the threats and attacks capable of compromising such rights. Similarly, the Convention seeks to: Reduce related institutional (and personal) intrusions or gaps in the event of disaster; Facilitate the return to normal functioning at reasonable cost and within a reasonable timeframe; Establish the legal and institutional mechanisms likely to guarantee normal exercise of human rights in cyber space. Comment 1 The bullet point needs to add the wording and personal in the verbatim for completeness Section II: Electronic Commerce Chapter 1: Field of application of electronic commerce Article I 2: Electronic commerce is an economic activity by which a person offers or provides goods and services by electronic means. Comment 2: Structure the statement so as to complete the entire transaction, i.e. Electronic commerce is an economic activity by which a person offers/provides or receives/solicits goods and services by electronic means. Article I 4: Without prejudice to other information obligations defined by extant legislative and regulatory texts in African Union Member States, any person/ (Add: persons) exercising the activities set forth in Article I 2 of this Convention shall provide to those for whom the goods and services are meant, easy, direct and uninterrupted access using an open standard in regard to the following information:

Comment 3: Define the terms open standard, is there a known universal meaning of the word open standard and what its implications are and or institutionalism Article I 8: Also the addition of the word Persons for completeness Any publicity action, irrespective of its form, accessible through on-line communication service, shall be clearly identified as such. It shall clearly identify the individual or corporate body on behalf of whom it is undertaken. Comment 4: Clearly outline the word identify in this case so as not to go against the online anonymity as a defined right of a user. Since online anonymity is not built into the cyberspace structures, and is also an avenue for individuall right to self-determination and privacy and therefore it may a breach of declaration of peoples unanimous freedom of the cyberspace Article I 9: Publicity actions, especially promotional offers such as price discounts, bonuses or free gift, as well as promotional competitions or games disseminated by electronic mail, shall upon receipt be clearly and unequivocally identified in the title of the message by their addressees or, where this is technically impossible, on the body of the message. Comment 5: This section though defined will not be very helpful because of the generality of the statement, further its perhaps unhelpful to the users, further its unnecessary for an international treaty, perhaps this could be covered in the country legislation if at all necessary. This portion over emphasizes unnecessary rationale Article I 14: Concealing the identity of the person on behalf of whom the communication is issued or mentioning a subject unrelated to the transaction or service offered, shall equally be prohibited in the African Union. Comment 6: There in need for more clarification required here in Identity concealing and third parties Section IV: Treaty obligations in electronic form Chapter 1: Contracts in electronic form Article I 16: Electronic means may be used to disseminate contractual conditions or information on goods or services. Comment 7: Define the role of the notary in this state for the purposes of contractual conditions

Article 1 18: Information meant for a professional may be addressed to him/her by electronic mail provided he/she has communicated his/her electronic professional address. Comment 8: The article may have the following phrase as an addition and given consent as to the use of the said address as proof of communication Article 1 18: Information meant for a professional may be addressed to him/her by electronic mail provided he/she has communicated his/her electronic professional address. Article I 19: 5) The means of electronic consultation of the professional and commercial rules by which the author of the offer intends to be guided, if need be. Article I 22: Agreements concluded between professionals may be exempted from the provisions of Articles I 20 and 21 of this Convention. Comment 9: There need for the definition of the broad scope of the word professional as implied in the draft in order to avoid ambiguity of the law. Article I 23: In the absence of legal provisions to the contrary, no person shall be compelled to take a legal action by electronic means. Article I 39: Subject to legal provisions to the contrary, no one shall be compelled to undertake a legal act by electronic means. Comment 10: There is repetition in this law, please consolidate these points Article I 35: Where the legal provisions of Member States have not laid down other provisions, and where there is no valid agreement between the parties, the judge shall resolve proof related conflicts by determining by all means possible the most plausible claim regardless of the message base employed The respective countries have to build their legislations to mitigate cross border/ international conflicts concerning cyber law. In this case, the notaries and all related parties have to be given their definitive mandate, however in this case Article 1-35 does not define its scope

**************** Article III 1 7: International cooperation Each Member State shall adopt such measures as it deems necessary to foster exchange of information and the sharing of quick, expeditious and reciprocal data by Member States organizations and similar organizations of other Member States with responsibility to cause the law to be applied in the territory on bilateral or multilateral basis. Comment 11: At this juncture it will be necessary to ensure the proper understanding of the legislations and their harmonization and upgrading of existing individual governmental laws to prevent a case of contradicting legislations that can break the existing laws. Before a continental ratification, individual government legislations must be used as the default, harmonization of such is therefore encouraged. Section II: Legal framework for personal data protection Chapter 1: Objectives of this Convention with respect to personal data Article II 14: Each Member State of the African Union shall establish an authority with responsibility to protect personal data. The body so established shall be an independent administrative authority with the task of ensuring that the processing of personal data is conducted in accordance with the provisions of this Convention. Article II 16: The protection authority shall comprise parliamentarians, deputies, senators, senior judges of the Tribunal of Accounts, Council of State, Civil and Criminal Appeal Court, personalities qualified as a result their knowledge of computer science, as well as professional networks or sectors. Article II 18: Members of the protection authority shall be subject to professional secrecy in accordance with the extant texts of each Member State. Each protection authority shall formulate rules of procedure containing, inter alia, rules governing deliberations, processing and presentation of cases. Comment 12: These articles define the membership and the constituting mandates of the said Protection authority however it should be left to the countries to define the authorities under inbuilt country contributions/laws or bylaws so as not to create a different center of power or parallel agency.

Article II 2: Page 21 Each Member State of the African Union shall put in place a legal framework with a view to establishing a mechanism to combat breaches of private life likely to arise from the gathering, processing, transmission, storage and use of personal data. The mechanism so established shall ensure that any data processing, in whatsoever form, respects the freedoms and fundamental rights of physical persons while recognizing the prerogatives of the State, the rights of local communities and the interest of enterprises. Comment 13: Should add an addendum, if so possible, the said individual states shall enact their legislations before the ratification of the aforementioned convention

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information