Stay networked. Get informed. Broadcast your projects.
Many African countries have adopted or are in the process of adopting cyber security legislation. However, the laws being adopted are likely to create interpretation nightmares unless the definitions of technical terms are harmonized. For example, the African Union Convention on Cybersecurity and Personal Data Protection has more emphasis on personal as opposed to corporate data. It defines personal data as "any information relating to an identified or identifiable natural person”. On the other hand, Kenya’s Cybercrime and Computer related Crimes Bill, 2014 refers to a “person” as any company or association or body of persons corporate or unincorporated. Once the AU convention is ratified by 15 member states, it automatically becomes applicable to the rest of the member states. This might create a conflict with existing cyber crime legislation in some coutries. Definitions in legal instruments must not be ambiguous or subject to multiple interpretations. The meaning could be further lost or diluted when the documents are translated into other languages.
Another example is the definition of information. The AU Convention defines information as “any element of knowledge likely to be represented with the aid of devices and to be used, conserved, processed or communicated…”. On the other hand, the Kenya Cybercrime bill defines the same term as “data, text, images, sounds, codes, computer programs, software and databases”. Such varying definitions could lead to needless legal arguments on technicalities rather than the substance of the matter. The harmonization of definitions is particularly important when dealing with cross-border cybercrimes.