Monthly Archives: November 2013

KiCTAnet Online debate on African Union Convention on Cyber Security (AUCC)

KiCTAnet Online debate on the draft African Union Convention on Cyber Security (AUCC) happening this week.


Day 1 Monday 25/ 11/2013
We begin with Part 1 on Electronic transactions and pick on four articles which we will discuss on Monday (25/11) and Tuesday (26/11).

Section III: Publicity by electronic means

Article I – 7:

Without prejudice to Article I-4 any advertising action, irrespective of its form, accessible through online communication service, shall be clearly identified as such. It shall clearly identify the individual or corporate body on behalf of whom it is undertaken.

Question: Should net anonymity be legislated? If so, what measures need to be or not be considered?

Question: Should individuals or companies be obliged to reveal their identities and what are the implications?

Article I – 8:

The conditions governing the possibility of promotional offers as well as the conditions for participating in promotional competitions or games where such offers, competitions or games are electronically disseminated, shall be clearly spelt out and easily accessible.

Question: Should an international (or should we call it regional) law legislate on promotional offers and competitions offered locally?

Day 2 Tuesday 26/11/13

Article I – 9:

Direct marketing through any form of indirect communication including messages forwarded with automatic message sender, facsimile or electronic mails in whatsoever form, using the particulars of an individual who has not given prior consent to receiving the said direct marketing through the means indicated, shall be prohibited by the member states of the African Union.

Article I – 10:

The provisions of Article I – 9 above notwithstanding, direct marketing prospection by electronic mails shall be permissible where:

1) The particulars of the addressee have been obtained directly from him/her,

2) The recipient has given consent to be contacted by the prospector partners

3) The direct prospection concerns similar products or services provided by the same individual or corporate body.

Question: Is this a realistic way of dealing with spam?

Article I – 27

Where the legislative provisions of Member States have not laid down other provisions, and where there is no valid agreement between the parties, the judge shall resolve proof related conflicts by determining by all possible means the most plausible claim regardless of the message base employed.

Question: What is the meaning of this article and is it necessary? Some clarity needed!

Day 3 Wednesday 27 /11/13

Today, we move onto PART II: PERSONAL DATA PROTECTION and will deal with three questions.

Objectives of this Convention with respect to personal data

Article II – 2:

Each Member State of the African Union shall put in place a legal framework with a view to establishing a mechanism to combat breaches of private life likely to arise from the gathering, processing, transmission, storage and use of personal data.

The mechanism so established shall ensure that any data processing, in whatsoever form, respects the freedoms and fundamental rights of physical persons while recognizing the prerogatives of the State, the rights of local communities and the target for which the businesses were established.

Question: What is the relevance of this article? What are these state prerogatives? And given the increased interest of state surveillance, how can states balance respect of FOE while recognising state prerogatives?

Article II-6, II-7, 11-8, II-11, II-12, II-13 refer to a Protection Authority which is meant to establish standards for data protection. Article II – 14 provides for each Member State of the African Union to establish an authority with responsibility to protect personal data. It shall be an independent administrative authority with the task of ensuring that the processing of personal data is conducted in accordance with domestic legislations.

In article II-17 states that

‘Sworn agents may be invited to participate in audit missions in accordance with extant provisions in Member States of the African Union’

Question: Considering that this article seems to be tied to the Protection Authority, what is its relevance? And who is a ‘sworn agent?’ What should this authority look like in terms of its composition?

Article II – 20:

…Members of the protection authority shall not receive instructions from any authority in the exercise of their functions

Article II – 21:

Member States are engaged to provide the national protection authority human, technical and financial resources necessary to accomplish their mission.

Question: It appears that this Data Protection Authority is envisaged to be fully government supported. Therefore, should we be talking of its independence? In what way should this article be framed so that it ensures independence of the Authority?

Article II – 28 to II-34 outlines six principles governing the processing of personal data namely:

Consent and of legitimacy,


Objective, relevance and conservation of processed personal data,


Transparency and

Confidentiality and security of personal data.

Under each of the specific principles, detailed explanation of how each should be undertaken is offered.

Question: Is this explanation and detailing of how to undertake each necessary in an international (regional) law necessary or needed? Is this legislation overkill?

Day 4 Thursday 28/11/2013 Part III


Article III – 14: Harmonization

1) Member States have to undertake necessary measures to ensure that the legislative measures and / or regulations adopted to fight against cybercrime enhance the possibility of regional harmonization of these measures and respect the principle of double criminality.

Question: What is the principle of double criminality here?

Section II: Other penal sanctions

Article III – 48

Each Member State of the African Union have to take necessary legislative measures to ensure that, in the case of conviction for an offense committed by means of digital communication facility, the competent jurisdiction or the judge handling the case gives a ruling imposing additional punishment.

Question: What is the interpretation of additional punishment? Is this not granting of absolute powers to judges?

Day Five 29/11/2013

This will be dedicated to any other issue(s)that listers may want to raise in regard to the Convention. Further, listers can go back to issues of any other day and discuss them here.

What other issue(s) would you like to raise?

Find more info here


Leave a comment

Filed under Debate, Events

In the Papers: Strathmore Law School Dean Dr. Luis Franceschi takes a Stab on the African Union draft Cybersecurity Convention

Screen Shot of Daily Nation on November 16, 2013

Screen Shot of Daily Nation on November 16, 2013

Our Dean Dr. Luis Franceschi who is a regular commentator and columnist with the Daily Nation Kenya wrote about the African Union draft Cyber-security Convention.

In his issue He raises the issue of awareness of the AUCC draft;

If right now you are asking, “What is the AUCC?” you are not alone. Indeed, a major problem with the AUCC is that so few people, companies, and organisations even know of its existence, yet it is scheduled to be passed by the AU in January 2014. – Dr. Luis Franceschi

Read the whole article here;

AU Cyber-security Convention ignores practical reality by Dr. Luis Franceschi on Daily Nation November 15, 2013

Leave a comment

Filed under In the News

CIPIT’s Letter to the African Union Calling for Stakeholder Input on the African Union Convention on Cyberspace

Below is a letter from Centre for Intellectual Property and Information Technology Law addressed to the African Union calling for more stakeholder input on African Union draft Cybersecurity Convention.

Here is the link

Leave a comment

Filed under African Union, Cybersecurity, Petition

AUCC Timeline’s: Presentation made by Mr. Auguste Yankey of AU’s Information Society Division in Yaounde, Cameroon

The above presentation by Mr. Auguste Yankey of African Union’s Information Society Division made in Yaounde, Cameroon sheds some light on the process and timelines adopted by the African Union and United Nations Economic Community for Africa in adopting to eventual endorsement of the AUCC.

Key Timelines
1. The Oliver Thambo Declaration – Johannesburg, South Africa in November 2009 [Adoption of the Resolution]
2. The 14th AU Summit of Heads of State and Government declaration on ICT in Africa – Addis Ababa, Ethiopia. February 2010 [Endorsement of the Resolution]
3. The Abuja Declaration, CITMC-3 – Abuja, Nigeria. August 2010 [Confirmation of this resolution]
4. The Khartoum Declaration – Khartoum, Sudan. September 2012 [Endorsement of the Final AU draft Convention]

Leave a comment

Filed under African Union, Cybersecurity, Documents

In the News: Kenyan bid to stop ‘flawed’ AU cybersecurity convention – By Gareth van Zyl, IT Web Africa

IT Web Africa

IT Web Africa

Kenyan bid to stop ‘flawed’ AU cybersecurity convention – By Gareth van Zyl, IT Web Africa

Leave a comment

Filed under In the News

In the News: Information Cabinet Secretary Dr. Fred Matiang’i and the Media Council Bill – 2013

I was in the dark on the Media Bill‘ – ICT CS Fred Matiang’i

[We wouldn’t want the same to happen in respect to the #dAUCC]

About the Media Council Legislation
AN ACT of Parliament to provide for the realization of the right to freedom of expression and freedom of the media, and for the establishment of the Media Council of Kenya a body independent of control by government, political or commercial interests that reflects the interests of all sections of the society to set media standards and regulate and monitor compliance with those standards; for the conduct and discipline of journalists and the media and for connected purposes IEA

Leave a comment

Filed under In the News