African Union's draft Cybercrime Convention

TL;DR: African Union’s draft Cybercrime Convention: Majority of the Convention is spent defining legal protection for entities and persons using the internet and other electronic means to do business. A whole section of the Convention is reserved to define rights of persons and protection from ‘strong men’.

Council of Europe’s ETS 185 Convention on Cybercrime (Budapest Convention):

Assumes legal environment exists where rights and obligations of persons and entities are clearly defined and protected. Provides a framework for law enforcement and legal actions for fighting crime done by electronic means.

With that out of the way, here’s how and why I got to re-read Budapest Convention and read AU Cybercrime Convention.

When Adam Segal posted on Twitter that African Union (AU) drafted a Cybercrime Convention I couldn’t help but wonder just why would there be a need for another such convention. Especially seeing that the CoE’s Budapest Convention of 2001 is well and truly on the way to become world standard (with China and Russia two clear dissenters of the Budapest Convention, primarily due to Article 32).

I decided to take a closer look at the draft AU Convention and soon it became obvious just why they’re taking the road they are: the legal environment in AU is not as developed and mature as the one in most countries that have ratified the Budapest Convention. The following sentence in the linked article summarises the issue rather well:

“[al]though cybersecurity is high on the political agenda, the AU is preoccupied with ensuring that Kenyan president Uhuru Kenyatta does not attend his trial at The Hague to face charges of crimes against humanity.”

The AU Convention consists of four parts:

Part I: Ecommerce and electronic Transactions Part II: Personal data protection Part III: Promoting cybersecurity and combating cybercrime Part IV: Common and final provisions

The Articles of the AU Convention provide the foundations that we in the West take for granted: that the paper and electronic communications carry similar legal weight, protection of personal data (heh), means by which institutions can handle personal data, principle of transparency, right of opposition and correction of wrong data, etc. It tries to address some of the legal loopholes that we see exploited in the West, but since this is just a Convention it does not, itself, have a legal binding. What it does is provide a legal framework for its signatory countries to then implement in laws.