By Richard Mulonga
There is a wave of cybersecurity and data protection regulations being introduced in a number of African countries. Some countries have already enacted these internet laws, while others are in the process of introducing the regulations.
Notably, the introduction of cybersecurity and data protection laws in these African jurisdictions has caused consternation, contestation and debate regarding the process of law enactment and the fact that some clauses or terminologies are understood to be vague. It has also been noted with trepidation that the penalties contained in these cyber regulations are often excessive and very punitive.
Cybersecurity and personal data protection regulations are important in this age of information flow. Internet regulations must be put in place in order to make online spaces safe, inclusive, accessible and affordable for all. This is because the internet is a critical tool for the enjoyment of human rights, such as freedom of expression, access to information and freedom of assembly online. However, the internet laws being introduced in certain African jurisdictions are viewed, in their current form, as an affront to digital rights.
During the session “Cyber security enhancement for the use and harnessing of ICT” at the 2018 African Internet Governance Forum (AFIGF2018) in Khartoum, Sudan, it was generally acknowledged that Africa needs to be clear and specific about what kind of cybersecurity is needed on the continent. It was further acknowledged that the internet is not a luxury but a need, one which is at the centre of all socioeconomic processes. The internet is currently viewed as an important tool for human development. Therefore, the creation of cybersecurity and data protection regulations must be transparent and inclusive, and the resulting laws should be seen as enhancing digital rights.
“It is important to be clear about what kind of internet we want in face of cyber security in Africa. Ideally, the kind of internet we want must be based on various stakeholder interests. We want the kind of internet security that is stable, transparent, secure and all stakeholders feel ownership of the process,” said Olusegun Olugbile, one of the panellists.
Often, cybersecurity is viewed from the lens of national security, and it is usually developed at the expense of human rights, including freedom of expression. Ostensibly, however, cybersecurity is a broad concept that extends beyond national security because the internet is borderless.
It is also important to clarify what we really mean by “national security” because the definition is often left vague and at the whim of security forces to determine. The priority is usually to protect “national security” at the expense of human rights. What must we prioritise? National security or human rights? It is difficult to achieve widely accepted cybersecurity and data protection laws with ambiguous definitions.
Cybersecurity must be about protecting citizens’ security and privacy. Cybersecurity laws in Africa should adhere to a uniform standard, unlike the current approach in which each country develops regulations that may not necessarily be in tandem with each other or correspond to the aspirations of regional and continental bodies, such as the Southern African Development Community (SADC) and the African Union.
It is recommended that cybersecurity and data protection regulations are developed in an open and transparent manner, with an emphasis on digital rights and citizen participation in internet governance processes.
Richard Mulonga is a Zambian journalist having worked as a broadcaster, news reporter, photojournalist and columnist. He worked briefly for two Zambian NGOs in communications and is now an avid blogger, journalism trainer and founder of the Bloggers of Zambia. Richard is passionate about free speech, media rights and access to information as critical precursors to all human rights. With Bloggers of Zambia he is currently leading online and offline campaign #OpenSpaceZM on proposed cyber laws in Zambia which are viewed as a threat to good internet governance and freedom of expression.