As technology deepens its roots in society and our daily lives, the risks increase. Globally, laws and regulations have been put in place to keep the citizenry and businesses safe. Unfortunately, some regions have stronger protections than others. However, improving cybersecurity regulations across Africa could greatly benefit the continent by enabling it to participate in the fourth Industrial Revolution securely.
I will be discussing international, national, and regional cybersecurity regulations, to identify what Africa can learn and implement.
International cybersecurity regulations
In 2001, the Convention on Cybercrime, also known as the Budapest Convention was signed. It was the first international treaty that sought to address laws relating to crimes on the internet or on computers.
Various countries across the world are parties to this convention. Being a part of this gives countries a legal framework for international cooperation; sharing information and experiences of how the convention can be implemented in different areas. The convention opens doors for countries and regions to cooperate in a trusted and efficient way.
The Lomé Declaration
Similar to the above international laws, the African Union took steps to protect its people, most recently signing the Lomé Declaration in March 2022. This recognised that the Covid-19 pandemic had revealed the urgency for the African continent to pursue its digital transformation, in particular through the development and securing of online activities and services.
It stressed that “digital transformation constitutes a formidable growth lever for the African continent and can contribute to the achievement of the vision and objectives of the African Union’s Agenda 2063 and the United Nations’ Sustainable Development Goals.’’ Ministers attending the Declaration ratified the AU Convention on Cyber Security and Personal Data protection, otherwise called the Malabo Convention which includes regulations on electronic transactions, personal data protection, and cyber security and cybercrime.
Furthermore, counties across Africa have been making progress with their own set of regulations to govern data privacy and security. For example, South Africa has implemented the Protection of Personal Information (POPI) act, while Nigeria has its version in the Nigerian Data Protection Regulation (NDPR) and Kenya has the Data Protection Act. Both Kenya and South Africa have modelled their acts after the EU’s GDPR.
While this is a fine start, at present only 17 of the 54 African states have enacted data privacy laws.
As digitalisation holds important potential for the continent to ensure its inclusion in the digital age, cybersecurity measures should ideally be adopted by all of the African countries.
Part of the resistance may come from the disparity between the cyber troubles that the ECOWAS states have prioritised versus those of the SADC region. For example, the ECOWAS states might experience different cyber troubles and thus have prioritised certain laws while the SADC have prioritised others.
SADC cybersecurity progression
According to HardPro Senior Solutions Architect, Gilbert Kabugi, the cybersecurity regulations adopted by the SADC region are robust, indicating that “several countries in SADC have enacted data protection laws that borrow from the EU data protection law to govern access to data, which is a move in the right direction through enforcing compliance”.
And while progress has been, made there is still room for improvement. SADC member countries could still integrate laws such as the Model Laws on Computer Crimes and Cybercrimes, Data Security and Electronic Transactions and Electronic Commerce.
Actions that can be taken
First and foremost, governments across Africa should take the opportunity to uplift their people by educating the masses on cyber safety and cyber security. Youth should be encouraged to take up careers in this field to ensure that knowledge grows along with the technology. Next, it is important for the region to take lessons from both the Budapest and the Malabo conventions. In fact, the Budapest convention invites any country across the world to become a party or a signatory. Not only this, but they should be open to knowledge and experience sharing from across the region. Within SADC, the difficulty in adopting and implementing different cybersecurity regulations lies with the perception of security as a whole. According to Gilbert Kabugi, viewing security as a single function is shortsighted – and an overall view of the overlapping concepts and requirements of cybersecurity is needed to implement these regulations.
Digital rights must be enforced and governments in the region can take the lead on this.
Even though cybersecurity laws are complicated, it is a positive sign that one third of the continent has some in place. Along with encouraging more countries to adopt cybersecurity regulations, the region now must work on balancing cyber rights with basic rights and pursue a safer cyber future.