KiCTAnet Online debate on African Union Convention on Cyber Security (AUCC)

KiCTAnet Online debate on the draft African Union Convention on Cyber Security (AUCC) happening this week.

Programme

Day 1 Monday 25/ 11/2013
We begin with Part 1 on Electronic transactions and pick on four articles which we will discuss on Monday (25/11) and Tuesday (26/11).

Section III: Publicity by electronic means

Article I – 7:

Without prejudice to Article I-4 any advertising action, irrespective of its form, accessible through online communication service, shall be clearly identified as such. It shall clearly identify the individual or corporate body on behalf of whom it is undertaken.

Question: Should net anonymity be legislated? If so, what measures need to be or not be considered?

Question: Should individuals or companies be obliged to reveal their identities and what are the implications?

Article I – 8:

The conditions governing the possibility of promotional offers as well as the conditions for participating in promotional competitions or games where such offers, competitions or games are electronically disseminated, shall be clearly spelt out and easily accessible.

Question: Should an international (or should we call it regional) law legislate on promotional offers and competitions offered locally?

Day 2 Tuesday 26/11/13

Article I – 9:

Direct marketing through any form of indirect communication including messages forwarded with automatic message sender, facsimile or electronic mails in whatsoever form, using the particulars of an individual who has not given prior consent to receiving the said direct marketing through the means indicated, shall be prohibited by the member states of the African Union.

Article I – 10:

The provisions of Article I – 9 above notwithstanding, direct marketing prospection by electronic mails shall be permissible where:

1) The particulars of the addressee have been obtained directly from him/her,

2) The recipient has given consent to be contacted by the prospector partners

3) The direct prospection concerns similar products or services provided by the same individual or corporate body.

Question: Is this a realistic way of dealing with spam?

Article I – 27

Where the legislative provisions of Member States have not laid down other provisions, and where there is no valid agreement between the parties, the judge shall resolve proof related conflicts by determining by all possible means the most plausible claim regardless of the message base employed.

Question: What is the meaning of this article and is it necessary? Some clarity needed!

Day 3 Wednesday 27 /11/13

Today, we move onto PART II: PERSONAL DATA PROTECTION and will deal with three questions.

Objectives of this Convention with respect to personal data

Article II – 2:

Each Member State of the African Union shall put in place a legal framework with a view to establishing a mechanism to combat breaches of private life likely to arise from the gathering, processing, transmission, storage and use of personal data.

The mechanism so established shall ensure that any data processing, in whatsoever form, respects the freedoms and fundamental rights of physical persons while recognizing the prerogatives of the State, the rights of local communities and the target for which the businesses were established.

Question: What is the relevance of this article? What are these state prerogatives? And given the increased interest of state surveillance, how can states balance respect of FOE while recognising state prerogatives?

Article II-6, II-7, 11-8, II-11, II-12, II-13 refer to a Protection Authority which is meant to establish standards for data protection. Article II – 14 provides for each Member State of the African Union to establish an authority with responsibility to protect personal data. It shall be an independent administrative authority with the task of ensuring that the processing of personal data is conducted in accordance with domestic legislations.

In article II-17 states that

‘Sworn agents may be invited to participate in audit missions in accordance with extant provisions in Member States of the African Union’

Question: Considering that this article seems to be tied to the Protection Authority, what is its relevance? And who is a ‘sworn agent?’ What should this authority look like in terms of its composition?

Article II – 20:

…Members of the protection authority shall not receive instructions from any authority in the exercise of their functions

Article II – 21:

Member States are engaged to provide the national protection authority human, technical and financial resources necessary to accomplish their mission.

Question: It appears that this Data Protection Authority is envisaged to be fully government supported. Therefore, should we be talking of its independence? In what way should this article be framed so that it ensures independence of the Authority?

Article II – 28 to II-34 outlines six principles governing the processing of personal data namely:

Consent and of legitimacy,

Honesty,

Objective, relevance and conservation of processed personal data,

Accuracy,

Transparency and

Confidentiality and security of personal data.

Under each of the specific principles, detailed explanation of how each should be undertaken is offered.

Question: Is this explanation and detailing of how to undertake each necessary in an international (regional) law necessary or needed? Is this legislation overkill?

Day 4 Thursday 28/11/2013 Part III

Day 4 will focus on PROMOTING CYBERSECURITY AND COMBATING CYBERCRIME

Article III – 14: Harmonization

1) Member States have to undertake necessary measures to ensure that the legislative measures and / or regulations adopted to fight against cybercrime enhance the possibility of regional harmonization of these measures and respect the principle of double criminality.

Question: What is the principle of double criminality here?


Section II: Other penal sanctions

Article III – 48

Each Member State of the African Union have to take necessary legislative measures to ensure that, in the case of conviction for an offense committed by means of digital communication facility, the competent jurisdiction or the judge handling the case gives a ruling imposing additional punishment.

Question: What is the interpretation of additional punishment? Is this not granting of absolute powers to judges?

Day Five 29/11/2013

This will be dedicated to any other issue(s)that listers may want to raise in regard to the Convention. Further, listers can go back to issues of any other day and discuss them here.

What other issue(s) would you like to raise?

Find more info here

Advertisements

Leave a comment

Filed under Debate, Events

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s