Online debate on African Union Convention on Cyber Security (AUCC)
Good morning Listers We would like to propose an online discussion on the African Union Convention on Cyber Security(AUCC)http://pages.au.int/sites/default/files/AU%20Cybersecurity%20Convention%20EN... on multiple lists of KICTANet and ISOC-KE, in Kenya and on I-Network list moderated by the Collaboration on International ICT Policy in East and Southern Africa (CIPESA) and ISOC -Uganda, starting from Monday 25th to Friday 29th November 2013. We will also share the concerns with the best bits list http://bestbits.net/, the Internet Governance Caucus list http://igcaucus.org/ and Access Now https://www.accessnow.org/ since we would like to give as much input as possible. We have been in discussion with AUC and the drafters have accepted to receive our input despite having gone through this process two years ago with African governments. In light of this window of opportunity, we suggest we engage. AUC will discuss the convention during the AU ICT week scheduled for December 1-6, 2013http://www.africanictweek.org/ For Kenya, it is important that we engage, the reason being that if Kenya signs into this convention in January 2014, it will become binding as stipulated in Kenya’s 2010 Constitution Article 2 (6) which states: Any treaty or convention ratified by Kenya shall form part of the law of Kenya under this Constitution. The Convention is therefore more like a Bill of Parliament. 1. Background to the African Union Convention on Cyber Security (AUCC) African Union (AU) convention (52 page document) seeks to intensify the fight against cybercrime across Africa in light of increase in cybercrime, and a lack of mastery of security risks by African countries. Further, that one challenge for African countries is lack of technological security adequate enough to prevent and effectively control technological and informational risks. As such “African States are in dire need of innovative criminal policy strategies that embody States, societal and technical responses to create a credible legal climate for cyber security”. The Convention establishes a framework for cybersecurity in Africa “through organisation of electronic transactions, protection of personal data, promotion of cyber security, e-governance and combating cybercrime” (Conceptual framework). 2. Division of the Convention Part 1 Electronic transactions Section I: Definition of terms Section II: Electronic Commerce (Fields of application of electronic commerce, Contractual responsibility of the electronic provider of goods and services). Section III: Publicity by electronic means. Section IV: Obligations in electronic form (Electronic contracts, Written matter in electronic form, Ensuring the security of electronic transactions). Part II PERSONAL DATA PROTECTION Section I: Definition Section II: Legal framework for personal data protection (Objectives of this Convention with respect to personal data, Scope of application of the Convention, Preliminary formalities for personal data processing). Section III: Institutional framework for protection of personal data (Status, composition or organization, Functions of the protection authority). Section IV: Obligations relating to the conditions governing the processing of personal data (basic principles governing the processing of personal data, Specific principles governing the processing of sensitive data, Interconnection of personal data files). Section V: The rights of the person whose personal data are to be processed (Right to information, Right of access, Right of opposition, Right of correction or suppression). Section VI: Obligations of the personal data processing official (Confidentiality obligations, Security obligations, Conservation obligations, Sustainability obligations). PART III – PROMOTING CYBERSECURITY AND COMBATING CYBERCRIME Section 1: Terminology, National cyber security framework, Legislative measures, National cyber security system, National cyber security monitoring structures). Section II: Material penal law (Offenses specific to Information and Communication Technologies [Attack on, computerized data, Content related offenses], Adapting certain information and communication technologies offenses). Section II: Criminal liability for corporate persons (Adapting certain sanctions to the Information and Communication Technologies, Other penal sanctions, Procedural law, Offenses specific to Information and Communication Technologies). PART IV: COMMON AND FINAL PROVISIONS Section I: Monitoring mechanism Section II: Final responses The Proposed Discussion We have picked on articles that need clarity, and would request listers to kindly discuss them and provide recommendations where necessary. Also, where necessary, listers are encouraged to identify and share other articles that need clarifications that we may have left out. Day 1 Monday 25/ 11/2013 We begin with Part 1 on Electronic transactions and pick on four articles which we will discuss on Monday (25/11) and Tuesday (26/11). Section III: Publicity by electronic means Article I – 7: Without prejudice to Article I-4 any advertising action, irrespective of its form, accessible through online communication service, shall be clearly identified as such. It shall clearly identify the individual or corporate body on behalf of whom it is undertaken. Question: Should net anonymity be legislated? If so, what measures need to be or not be considered? Question: Should individuals or companies be obliged to reveal their identities and what are the implications? Article I – 8: The conditions governing the possibility of promotional offers as well as the conditions for participating in promotional competitions or games where such offers, competitions or games are electronically disseminated, shall be clearly spelt out and easily accessible. Question: Should an international (or should we call it regional) law legislate on promotional offers and competitions offered locally? Day 2 Tuesday 26/11/13 Article I – 9: Direct marketing through any form of indirect communication including messages forwarded with automatic message sender, facsimile or electronic mails in whatsoever form, using the particulars of an individual who has not given prior consent to receiving the said direct marketing through the means indicated, shall be prohibited by the member states of the African Union. Article I – 10: The provisions of Article I – 9 above notwithstanding, direct marketing prospection by electronic mails shall be permissible where: 1) The particulars of the addressee have been obtained directly from him/her, 2) The recipient has given consent to be contacted by the prospector partners 3) The direct prospection concerns similar products or services provided by the same individual or corporate body. Question: Is this a realistic way of dealing with spam? Article I – 27 Where the legislative provisions of Member States have not laid down other provisions, and where there is no valid agreement between the parties, the judge shall resolve proof related conflicts by determining by all possible means the most plausible claim regardless of the message base employed. Question: What is the meaning of this article and is it necessary? Some clarity needed! Day 3 Wednesday 27 /11/13 Today, we move onto PART II: PERSONAL DATA PROTECTION and will deal with three questions. Objectives of this Convention with respect to personal data Article II – 2: Each Member State of the African Union shall put in place a legal framework with a view to establishing a mechanism to combat breaches of private life likely to arise from the gathering, processing, transmission, storage and use of personal data. The mechanism so established shall ensure that any data processing, in whatsoever form, respects the freedoms and fundamental rights of physical persons while recognizing the prerogatives of the State, the rights of local communities and the target for which the businesses were established. Question: What is the relevance of this article? What are these state prerogatives? And given the increased interest of state surveillance, how can states balance respect of FOE while recognising state prerogatives? Article II-6, II-7, 11-8, II-11, II-12, II-13 refer to a Protection Authority which is meant to establish standards for data protection. Article II – 14 provides for each Member State of the African Union to establish an authority with responsibility to protect personal data. It shall be an independent administrative authority with the task of ensuring that the processing of personal data is conducted in accordance with domestic legislations. In article II-17 states that ‘Sworn agents may be invited to participate in audit missions in accordance with extant provisions in Member States of the African Union’. Question: Considering that this article seems to be tied to the Protection Authority, what is its relevance? And who is a ‘sworn agent?’ What should this authority look like in terms of its composition? Article II – 20: …Members of the protection authority shall not receive instructions from any authority in the exercise of their functions. Article II – 21: Member States are engaged to provide the national protection authority human, technical and financial resources necessary to accomplish their mission. Question: It appears that this Data Protection Authority is envisaged to be fully government supported. Therefore, should we be talking of its independence? In what way should this article be framed so that it ensures independence of the Authority? Article II – 28 to II-34 outlines six principles governing the processing of personal data namely: Consent and of legitimacy, Honesty, Objective, relevance and conservation of processed personal data, Accuracy, Transparency and Confidentiality and security of personal data. Under each of the specific principles, detailed explanation of how each should be undertaken is offered. Question: Is this explanation and detailing of how to undertake each necessary in an international (regional) law necessary or needed? Is this legislation overkill? Day 4 Thursdsay 28/11/2013 Part III Day 4 will focus on PROMOTING CYBERSECURITY AND COMBATING CYBERCRIME Article III – 14: Harmonization 1) Member States have to undertake necessary measures to ensure that the legislative measures and / or regulations adopted to fight against cybercrime enhance the possibility of regional harmonization of these measures and respect the principle of double criminality. Question: What is the principle of double criminality here? Section II: Other penal sanctions Article III – 48 Each Member State of the African Union have to take necessary legislative measures to ensure that, in the case of conviction for an offense committed by means of digital communication facility, the competent jurisdiction or the judge handling the case gives a ruling imposing additional punishment. Question: What is the interpretation of additional punishment? Is this not granting of absolute powers to judges? Day Five 29/11/2013 This will be dedicated to any other issue(s)that listers may want to raise in regard to the Convention. Further, listers can go back to issues of any other day and discuss them here. What other issue(s) would you like to raise? References DRAFT AFRICAN UNION CONVENTION ON THE CONFIDENCE AND SECURITY IN CYBERSPACEhttp://pages.au.int/sites/default/files/AU%20Cybersecurity%20Convention%20EN... http://daucc.wordpress.com/ http://www.thepetitionsite.com/takeaction/262/148/817/ http://daucc.wordpress.com/2013/10/29/paper-review-basic-drawbacks-of-the-dr... http://michaelmurungi.blogspot.com/2012/08/comments-on-draft-african-union.h... Have a great weekend and see you on Monday. RgdsGrace
Great going GG Appreciate it. Best Alice On 22/11/2013 08:42, Grace Githaiga wrote:
Good morning Listers
We would like to propose an online discussion on the African Union Convention on Cyber Security(AUCC)http://pages.au.int/sites/default/files/AU%20Cybersecurity%20Convention%20EN... multiple lists of KICTANet and ISOC-KE, in Kenya and onI-Network list moderated by theCollaboration on International ICT Policy in East and Southern Africa(CIPESA) and ISOC -Uganda,starting from Monday 25^th to Friday 29^th November 2013. We will also share the concerns with the best bits list http://bestbits.net/, the Internet Governance Caucus list http://igcaucus.org/ and Access Now https://www.accessnow.org/ since we would like to give as much input as possible.
We have been in discussion with AUC and the drafters have accepted to receive our input despite having gone through this process two years ago with African governments. In light of this window of opportunity, we suggest we engage. AUC will discuss the convention during the AU ICT week scheduled for December 1-6, 2013http://www.africanictweek.org/
For Kenya, it is important that we engage, the reason being that if Kenya signs into this convention in January 2014, it will become binding as stipulated in Kenya's 2010 Constitution Article 2 (6) which states:/Any treaty or convention ratified by Kenya shall form part of the law of Kenya under this Constitution./The Convention is thereforemore like a Bill of Parliament.
*1.* *Background to the African Union Convention on Cyber Security (AUCC)*
African Union (AU) convention (52 page document) seeks to intensify the fight against cybercrime across Africa in light of increase in cybercrime, and a lack of mastery of security risks by African countries. Further, that one challenge for African countries is lack of technological security adequate enough to prevent and effectively control technological and informational risks. As such "African States are in dire need of innovative criminal policy strategies that embody States, societal and technical responses to create a credible legal climate for cyber security".
The Convention establishes a framework for cybersecurity in Africa "through organisation of electronic transactions, protection of personal data, promotion of cyber security, e-governance and combating cybercrime" (Conceptual framework).
*2.* *Division of the Convention*
*Part 1 Electronic transactions*
Section I: Definition of terms
Section II: Electronic Commerce (Fields of application of electronic commerce, Contractual responsibility of the electronic provider of goods and services).
Section III: Publicity by electronic means.
Section IV: Obligations in electronic form (Electronic contracts, Written matter in electronic form, Ensuring the security of electronic transactions).
*Part II PERSONAL DATA PROTECTION*
Section I: Definition
Section II: Legal framework for personal data protection (Objectives of this Convention with respect to personal data, Scope of application of the Convention, Preliminary formalities for personal data processing).
Section III: Institutional framework for protection of personal data (Status, composition or organization, Functions of the protection authority).
Section IV: Obligations relating to the conditions governing the processing of personal data (basic principles governing the processing of personal data, Specific principles governing the processing of sensitive data, Interconnectionof personal data files).
Section V: The rights of the person whose personal data are to be processed (Right to information, Right of access, Right of opposition, Right of correction or suppression).
Section VI: Obligations of the personal data processing official (Confidentiality obligations, Security obligations, Conservation obligations, Sustainability obligations).
**
*PART III -- PROMOTING CYBERSECURITY AND COMBATING CYBERCRIME*
Section 1: Terminology, National cyber security framework, Legislative measures, National cyber security system, National cyber security monitoring structures).
Section II: Material penal law (Offenses specific to Information and Communication Technologies [Attack on, computerized data, Content related offenses], Adapting certain information and communication technologies offenses).
Section II: Criminal liability for corporate persons (Adapting certain sanctions to the Information and Communication Technologies, Other penal sanctions,Procedural law, Offenses specific to Information and Communication Technologies).
**
* PART IV: COMMON AND FINAL PROVISIONS*
Section I: Monitoring mechanism
Section II: Final responses
**
*The Proposed Discussion*
We have picked on articles that need clarity, and would request listers to kindly discuss them and provide recommendations where necessary.Also, where necessary, listers are encouraged to identify and share other articles that need clarifications that we may have left out.
*Day 1 Monday 25/ 11/2013*
*We begin with Part 1 on Electronic transactions and pick on four articles which we will discuss on Monday (25/11) and Tuesday (26/11). *
*Section III: Publicity by electronic means*
* Article I -- 7:*
/ Without prejudice to Article I-4 any advertising action, irrespective of its form, accessible through online communication service, shall be clearly identified as such. It shall clearly identify the individual or corporate body on behalf of whom it is undertaken./
*Question:*Should net anonymity be legislated?If so, what measures need to be or not be considered?
*Question:*Should individuals or companies be obliged to reveal their identities and what are the implications?
* Article I -- 8:*
/The conditions governing the possibility of promotional offers as well as the conditions for participating in promotional competitions or games where such offers, competitions or games are electronically disseminated, shall be clearly spelt out and easily accessible./
*Question:*Should aninternational (or should we call it regional)law legislate on promotional offers and competitions offered locally?
*_Day 2 Tuesday 26/11/13_*
*Article I -- 9: */Direct marketing through any form of indirect communication including messages forwarded with automatic message sender, facsimile or electronic mails in whatsoever form, using the particulars of an individual who has not given prior consent to receiving the said direct marketing through the means indicated, shall be prohibited by the member states of the African Union./
* *
*Article I -- 10:*
/ The provisions of Article I -- 9 above notwithstanding, direct marketing prospection by electronic mails shall be permissible where:/
/1) The particulars of the addressee have been obtained directly from him/her,/
/2) The recipient has given consent to be contacted by the prospector partners/
/3) The direct prospection concerns similar products or services provided by the same individual or corporate body./
*Question:*Is this a realistic way of dealing with spam?
* *
*Article I -- 27*
/Where the legislative provisions of Member States have not laid down other provisions, and where there is no valid agreement between the parties, the judge shall resolve proof related conflicts by determining by all possible means the most plausible claim regardless of the message base employed./
*Question:*What is the meaning of this article and is it necessary?Some clarity needed!
*_Day 3 Wednesday 27 /11/13_*
*_Today, we move onto PART II: PERSONAL DATA PROTECTION and will deal with three questions._*
*Objectives of this Convention with respect to personal data*
*Article II -- 2:*
/Each Member State of the African Union shall put in place a legal framework with a view to establishing a mechanism to combat breaches of private life likely to arise from the gathering, processing, transmission, storage and use of personal data./
/The mechanism so established shall ensure that any data processing, in whatsoever form, respects the freedoms and fundamental rights of physical persons while recognizing the prerogatives of the State, the rights of local communities and the target for which the businesses were established./
*Question:*What is the relevance of this article?What are these state prerogatives? And given the increased interest of state surveillance, how can states balance respect of FOE while recognising state prerogatives?
*Article II-6, II-7, 11-8, II-11, II-12, II-13 refer to a Protection Authority*which is meant to establish standards for data protection. Article II -- 14///provides for each Member State of the African Union to establish an authority with responsibility to protect personal data. It//shall be an independent administrative authority with the task of ensuring that the processing of personal data is conducted in accordance with domestic legislations./
In article II-17 states that '/Sworn agents may be invited to participate in audit missions in accordance with extant provisions in Member States of the African Union'./
*Question:*Considering that this article seems to be tied to the Protection Authority, what is its relevance? And who is a 'sworn agent?'What should this authority look like in terms of its composition?
* *
*Article II -- 20:*
/...Members of the protection authority shall not receive instructions from any authority in the exercise of their functions. /
* *
*Article II -- 21:*
/Member States are engaged to provide the national protection authority human, technical and financial resources necessary to accomplish their mission./
*Question:*It appears that this Data Protection Authority is envisaged to be fully government supported. Therefore, should we be talking of its independence? In what way should this article be framed so that it ensures independence of the Authority?
* *
*Article II -- 28 to II-34*outlines six principles governing the processing of personal data namely:
Consent and of legitimacy,
Honesty,
Objective, relevance and conservation of processed personal data,
Accuracy,
Transparency and
Confidentiality and security of personal data.
Under each of the specific principles, detailed explanation of how each should be undertaken is offered.
*Question:*Is this explanation and detailing of how to undertake each necessary in aninternational (regional) law necessary or needed?Is this legislation overkill?
* *
*Day 4 Thursdsay 28/11/2013 Part III*
*Day 4 will focus on PROMOTING CYBERSECURITY AND COMBATING CYBERCRIME*
*Article III -- 14: Harmonization*
/1) Member States have to undertake necessary measures to ensure that the legislative measures and / or regulations adopted to fight against cybercrime enhance the possibility of regional harmonization of these measures and respect the principle of double criminality./
*Question*: What is the principle of double criminality here?
**
*Section II: Other penal sanctions*
*Article III -- 48*
/Each Member State of the African Union have to take necessary legislative measures to ensure that, in the case of conviction for an offense committed by means of digital communication facility, the competent jurisdiction or the judge handling the case gives a ruling imposing additional punishment./
*Question:* What is the interpretation of additional punishment? Is this not granting of absolute powers to judges?
**
*Day Five 29/11/2013*
This will be dedicated to any other issue(s)that listers may want to raise in regard to the Convention. Further, listers can go back to issues of any other day and discuss them here.
What other issue(s) would you like to raise?
**
*References*
DRAFT AFRICAN UNION CONVENTION ON THE CONFIDENCE AND SECURITY IN CYBERSPACEhttp://pages.au.int/sites/default/files/AU%20Cybersecurity%20Convention%20EN...
http://www.thepetitionsite.com/takeaction/262/148/817/
http://daucc.wordpress.com/2013/10/29/paper-review-basic-drawbacks-of-the-dr...
http://michaelmurungi.blogspot.com/2012/08/comments-on-draft-african-union.h...
Have a great weekend and see you on Monday.
Rgds
Grace
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/alice%40apc.org
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Great move indeed Regards Poncelet On 23 November 2013 16:18, Alice Munyua <alice@apc.org> wrote:
Great going GG
Appreciate it.
Best Alice
On 22/11/2013 08:42, Grace Githaiga wrote:
Good morning Listers
We would like to propose an online discussion on the African Union Convention on Cyber Security(AUCC) http://pages.au.int/sites/default/files/AU%20Cybersecurity%20Convention%20EN... on multiple lists of KICTANet and ISOC-KE, in Kenya and on I-Network list moderated by the Collaboration on International ICT Policy in East and Southern Africa (CIPESA) and ISOC -Uganda, starting from Monday 25th to Friday 29th November 2013. We will also share the concerns with the best bits list http://bestbits.net/, the Internet Governance Caucus list http://igcaucus.org/ and Access Now https://www.accessnow.org/ since we would like to give as much input as possible.
We have been in discussion with AUC and the drafters have accepted to receive our input despite having gone through this process two years ago with African governments. In light of this window of opportunity, we suggest we engage. AUC will discuss the convention during the AU ICT week scheduled for December 1-6, 2013http://www.africanictweek.org/
For Kenya, it is important that we engage, the reason being that if Kenya signs into this convention in January 2014, it will become binding as stipulated in Kenya’s 2010 Constitution Article 2 (6) which states: *Any treaty or convention ratified by Kenya shall form part of the law of Kenya under this Constitution. *The Convention is therefore more like a Bill of Parliament.
*1.* *Background to the African Union Convention on Cyber Security (AUCC)*
African Union (AU) convention (52 page document) seeks to intensify the fight against cybercrime across Africa in light of increase in cybercrime, and a lack of mastery of security risks by African countries. Further, that one challenge for African countries is lack of technological security adequate enough to prevent and effectively control technological and informational risks. As such “African States are in dire need of innovative criminal policy strategies that embody States, societal and technical responses to create a credible legal climate for cyber security”.
The Convention establishes a framework for cybersecurity in Africa “through organisation of electronic transactions, protection of personal data, promotion of cyber security, e-governance and combating cybercrime” (Conceptual framework).
*2.* *Division of the Convention*
*Part 1 Electronic transactions*
Section I: Definition of terms
Section II: Electronic Commerce (Fields of application of electronic commerce, Contractual responsibility of the electronic provider of goods and services).
Section III: Publicity by electronic means.
Section IV: Obligations in electronic form (Electronic contracts, Written matter in electronic form, Ensuring the security of electronic transactions).
*Part II PERSONAL DATA PROTECTION*
Section I: Definition
Section II: Legal framework for personal data protection (Objectives of this Convention with respect to personal data, Scope of application of the Convention, Preliminary formalities for personal data processing).
Section III: Institutional framework for protection of personal data (Status, composition or organization, Functions of the protection authority).
Section IV: Obligations relating to the conditions governing the processing of personal data (basic principles governing the processing of personal data, Specific principles governing the processing of sensitive data, Interconnection of personal data files).
Section V: The rights of the person whose personal data are to be processed (Right to information, Right of access, Right of opposition, Right of correction or suppression).
Section VI: Obligations of the personal data processing official (Confidentiality obligations, Security obligations, Conservation obligations, Sustainability obligations).
*PART III – PROMOTING CYBERSECURITY AND COMBATING CYBERCRIME*
Section 1: Terminology, National cyber security framework, Legislative measures, National cyber security system, National cyber security monitoring structures).
Section II: Material penal law (Offenses specific to Information and Communication Technologies [Attack on, computerized data, Content related offenses], Adapting certain information and communication technologies offenses).
Section II: Criminal liability for corporate persons (Adapting certain sanctions to the Information and Communication Technologies, Other penal sanctions, Procedural law, Offenses specific to Information and Communication Technologies).
* PART IV: COMMON AND FINAL PROVISIONS*
Section I: Monitoring mechanism
Section II: Final responses
*The Proposed Discussion*
We have picked on articles that need clarity, and would request listers to kindly discuss them and provide recommendations where necessary. Also, where necessary, listers are encouraged to identify and share other articles that need clarifications that we may have left out.
*Day 1 Monday 25/ 11/2013*
*We begin with Part 1 on Electronic transactions and pick on four articles which we will discuss on Monday (25/11) and Tuesday (26/11). *
*Section III: Publicity by electronic means*
* Article I – 7:*
* Without prejudice to Article I-4 any advertising action, irrespective of its form, accessible through online communication service, shall be clearly identified as such. It shall clearly identify the individual or corporate body on behalf of whom it is undertaken.*
*Question:* Should net anonymity be legislated? If so, what measures need to be or not be considered?
*Question:* Should individuals or companies be obliged to reveal their identities and what are the implications?
* Article I – 8:*
*The conditions governing the possibility of promotional offers as well as the conditions for participating in promotional competitions or games where such offers, competitions or games are electronically disseminated, shall be clearly spelt out and easily accessible.*
*Question:* Should an international (or should we call it regional) law legislate on promotional offers and competitions offered locally?
*Day 2 Tuesday 26/11/13*
*Article I – 9: **Direct marketing through any form of indirect communication including messages forwarded with automatic message sender, facsimile or electronic mails in whatsoever form, using the particulars of an individual who has not given prior consent to receiving the said direct marketing through the means indicated, shall be prohibited by the member states of the African Union.*
*Article I – 10:*
* The provisions of Article I – 9 above notwithstanding, direct marketing prospection by electronic mails shall be permissible where:*
*1) The particulars of the addressee have been obtained directly from him/her,*
*2) The recipient has given consent to be contacted by the prospector partners*
*3) The direct prospection concerns similar products or services provided by the same individual or corporate body.*
*Question:* Is this a realistic way of dealing with spam?
*Article I – 27*
*Where the legislative provisions of Member States have not laid down other provisions, and where there is no valid agreement between the parties, the judge shall resolve proof related conflicts by determining by all possible means the most plausible claim regardless of the message base employed.*
*Question:* What is the meaning of this article and is it necessary? Some clarity needed!
*Day 3 Wednesday 27 /11/13*
*Today, we move onto PART II: PERSONAL DATA PROTECTION and will deal with three questions.*
*Objectives of this Convention with respect to personal data*
*Article II – 2:*
*Each Member State of the African Union shall put in place a legal framework with a view to establishing a mechanism to combat breaches of private life likely to arise from the gathering, processing, transmission, storage and use of personal data.*
*The mechanism so established shall ensure that any data processing, in whatsoever form, respects the freedoms and fundamental rights of physical persons while recognizing the prerogatives of the State, the rights of local communities and the target for which the businesses were established.*
*Question:* What is the relevance of this article? What are these state prerogatives? And given the increased interest of state surveillance, how can states balance respect of FOE while recognising state prerogatives?
*Article II-6, II-7, 11-8, II-11, II-12, II-13 refer to a Protection Authority* which is meant to establish standards for data protection. Article II – 14 *provides for each Member State of the African Union to establish an authority with responsibility to protect personal data. It* *shall be an independent administrative authority with the task of ensuring that the processing of personal data is conducted in accordance with domestic legislations.*
In article II-17 states that ‘*Sworn agents may be invited to participate in audit missions in accordance with extant provisions in Member States of the African Union’.*
*Question:* Considering that this article seems to be tied to the Protection Authority, what is its relevance? And who is a ‘sworn agent?’ What should this authority look like in terms of its composition?
*Article II – 20:*
*…Members of the protection authority shall not receive instructions from any authority in the exercise of their functions. *
*Article II – 21:*
*Member States are engaged to provide the national protection authority human, technical and financial resources necessary to accomplish their mission.*
*Question:* It appears that this Data Protection Authority is envisaged to be fully government supported. Therefore, should we be talking of its independence? In what way should this article be framed so that it ensures independence of the Authority?
*Article II – 28 to II-34 *outlines six principles governing the processing of personal data namely:
Consent and of legitimacy,
Honesty,
Objective, relevance and conservation of processed personal data,
Accuracy,
Transparency and
Confidentiality and security of personal data.
Under each of the specific principles, detailed explanation of how each should be undertaken is offered.
*Question:* Is this explanation and detailing of how to undertake each necessary in an international (regional) law necessary or needed? Is this legislation overkill?
*Day 4 Thursdsay 28/11/2013 Part III*
*Day 4 will focus on PROMOTING CYBERSECURITY AND COMBATING CYBERCRIME*
*Article III – 14: Harmonization*
*1) Member States have to undertake necessary measures to ensure that the legislative measures and / or regulations adopted to fight against cybercrime enhance the possibility of regional harmonization of these measures and respect the principle of double criminality.*
*Question*: What is the principle of double criminality here?
*Section II: Other penal sanctions*
*Article III – 48*
*Each Member State of the African Union have to take necessary legislative measures to ensure that, in the case of conviction for an offense committed by means of digital communication facility, the competent jurisdiction or the judge handling the case gives a ruling imposing additional punishment.*
*Question: * What is the interpretation of additional punishment? Is this not granting of absolute powers to judges?
*Day Five 29/11/2013*
This will be dedicated to any other issue(s)that listers may want to raise in regard to the Convention. Further, listers can go back to issues of any other day and discuss them here.
What other issue(s) would you like to raise?
*References*
DRAFT AFRICAN UNION CONVENTION ON THE CONFIDENCE AND SECURITY IN CYBERSPACE http://pages.au.int/sites/default/files/AU%20Cybersecurity%20Convention%20EN...
http://www.thepetitionsite.com/takeaction/262/148/817/
http://daucc.wordpress.com/2013/10/29/paper-review-basic-drawbacks-of-the-dr...
http://michaelmurungi.blogspot.com/2012/08/comments-on-draft-african-union.h...
Have a great weekend and see you on Monday.
Rgds
Grace
_______________________________________________ kictanet mailing listkictanet@lists.kictanet.or.kehttps://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/alice%40apc.org
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/pileleji%40ymca.gm
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- Poncelet O. Ileleji MBCS Coordinator The Gambia YMCAs Computer Training Centre & Digital Studio MDI Road Kanifing South P. O. Box 421 Banjul The Gambia, West Africa Tel: (220) 4370240 Fax:(220) 4390793 Cell:(220) 9912508 Skype: pons_utd *www.ymca.gm <http://www.ymca.gm>www.waigf.org <http://www.waigf.org>www.aficta.org <http://www.aficta.org>www.itag.gm <http://www.itag.gm>www.npoc.org <http://www.npoc.org>http://www.wsa-mobile.org/node/753 <http://www.wsa-mobile.org/node/753>*www.diplointernetgovernance.org
This is a good and timely discussion GG, and the analysis is thorough. I would wish to see 1. how cross-border crimes are prosecuted, 2. where this draft is in contradiction to local laws, which one will take precedence? Regards On 23/11/2013, Poncelet Ileleji <pileleji@ymca.gm> wrote:
Great move indeed
Regards
Poncelet
On 23 November 2013 16:18, Alice Munyua <alice@apc.org> wrote:
Great going GG
Appreciate it.
Best Alice
On 22/11/2013 08:42, Grace Githaiga wrote:
Good morning Listers
We would like to propose an online discussion on the African Union Convention on Cyber Security(AUCC) http://pages.au.int/sites/default/files/AU%20Cybersecurity%20Convention%20EN... on multiple lists of KICTANet and ISOC-KE, in Kenya and on I-Network list moderated by the Collaboration on International ICT Policy in East and Southern Africa (CIPESA) and ISOC -Uganda, starting from Monday 25th to Friday 29th November 2013. We will also share the concerns with the best bits list http://bestbits.net/, the Internet Governance Caucus list http://igcaucus.org/ and Access Now https://www.accessnow.org/ since we would like to give as much input as possible.
We have been in discussion with AUC and the drafters have accepted to receive our input despite having gone through this process two years ago with African governments. In light of this window of opportunity, we suggest we engage. AUC will discuss the convention during the AU ICT week scheduled for December 1-6, 2013http://www.africanictweek.org/
For Kenya, it is important that we engage, the reason being that if Kenya signs into this convention in January 2014, it will become binding as stipulated in Kenya’s 2010 Constitution Article 2 (6) which states: *Any treaty or convention ratified by Kenya shall form part of the law of Kenya under this Constitution. *The Convention is therefore more like a Bill of Parliament.
*1.* *Background to the African Union Convention on Cyber Security (AUCC)*
African Union (AU) convention (52 page document) seeks to intensify the fight against cybercrime across Africa in light of increase in cybercrime, and a lack of mastery of security risks by African countries. Further, that one challenge for African countries is lack of technological security adequate enough to prevent and effectively control technological and informational risks. As such “African States are in dire need of innovative criminal policy strategies that embody States, societal and technical responses to create a credible legal climate for cyber security”.
The Convention establishes a framework for cybersecurity in Africa “through organisation of electronic transactions, protection of personal data, promotion of cyber security, e-governance and combating cybercrime” (Conceptual framework).
*2.* *Division of the Convention*
*Part 1 Electronic transactions*
Section I: Definition of terms
Section II: Electronic Commerce (Fields of application of electronic commerce, Contractual responsibility of the electronic provider of goods and services).
Section III: Publicity by electronic means.
Section IV: Obligations in electronic form (Electronic contracts, Written matter in electronic form, Ensuring the security of electronic transactions).
*Part II PERSONAL DATA PROTECTION*
Section I: Definition
Section II: Legal framework for personal data protection (Objectives of this Convention with respect to personal data, Scope of application of the Convention, Preliminary formalities for personal data processing).
Section III: Institutional framework for protection of personal data (Status, composition or organization, Functions of the protection authority).
Section IV: Obligations relating to the conditions governing the processing of personal data (basic principles governing the processing of personal data, Specific principles governing the processing of sensitive data, Interconnection of personal data files).
Section V: The rights of the person whose personal data are to be processed (Right to information, Right of access, Right of opposition, Right of correction or suppression).
Section VI: Obligations of the personal data processing official (Confidentiality obligations, Security obligations, Conservation obligations, Sustainability obligations).
*PART III – PROMOTING CYBERSECURITY AND COMBATING CYBERCRIME*
Section 1: Terminology, National cyber security framework, Legislative measures, National cyber security system, National cyber security monitoring structures).
Section II: Material penal law (Offenses specific to Information and Communication Technologies [Attack on, computerized data, Content related offenses], Adapting certain information and communication technologies offenses).
Section II: Criminal liability for corporate persons (Adapting certain sanctions to the Information and Communication Technologies, Other penal sanctions, Procedural law, Offenses specific to Information and Communication Technologies).
* PART IV: COMMON AND FINAL PROVISIONS*
Section I: Monitoring mechanism
Section II: Final responses
*The Proposed Discussion*
We have picked on articles that need clarity, and would request listers to kindly discuss them and provide recommendations where necessary. Also, where necessary, listers are encouraged to identify and share other articles that need clarifications that we may have left out.
*Day 1 Monday 25/ 11/2013*
*We begin with Part 1 on Electronic transactions and pick on four articles which we will discuss on Monday (25/11) and Tuesday (26/11). *
*Section III: Publicity by electronic means*
* Article I – 7:*
* Without prejudice to Article I-4 any advertising action, irrespective of its form, accessible through online communication service, shall be clearly identified as such. It shall clearly identify the individual or corporate body on behalf of whom it is undertaken.*
*Question:* Should net anonymity be legislated? If so, what measures need to be or not be considered?
*Question:* Should individuals or companies be obliged to reveal their identities and what are the implications?
* Article I – 8:*
*The conditions governing the possibility of promotional offers as well as the conditions for participating in promotional competitions or games where such offers, competitions or games are electronically disseminated, shall be clearly spelt out and easily accessible.*
*Question:* Should an international (or should we call it regional) law legislate on promotional offers and competitions offered locally?
*Day 2 Tuesday 26/11/13*
*Article I – 9: **Direct marketing through any form of indirect communication including messages forwarded with automatic message sender, facsimile or electronic mails in whatsoever form, using the particulars of an individual who has not given prior consent to receiving the said direct marketing through the means indicated, shall be prohibited by the member states of the African Union.*
*Article I – 10:*
* The provisions of Article I – 9 above notwithstanding, direct marketing prospection by electronic mails shall be permissible where:*
*1) The particulars of the addressee have been obtained directly from him/her,*
*2) The recipient has given consent to be contacted by the prospector partners*
*3) The direct prospection concerns similar products or services provided by the same individual or corporate body.*
*Question:* Is this a realistic way of dealing with spam?
*Article I – 27*
*Where the legislative provisions of Member States have not laid down other provisions, and where there is no valid agreement between the parties, the judge shall resolve proof related conflicts by determining by all possible means the most plausible claim regardless of the message base employed.*
*Question:* What is the meaning of this article and is it necessary? Some clarity needed!
*Day 3 Wednesday 27 /11/13*
*Today, we move onto PART II: PERSONAL DATA PROTECTION and will deal with three questions.*
*Objectives of this Convention with respect to personal data*
*Article II – 2:*
*Each Member State of the African Union shall put in place a legal framework with a view to establishing a mechanism to combat breaches of private life likely to arise from the gathering, processing, transmission, storage and use of personal data.*
*The mechanism so established shall ensure that any data processing, in whatsoever form, respects the freedoms and fundamental rights of physical persons while recognizing the prerogatives of the State, the rights of local communities and the target for which the businesses were established.*
*Question:* What is the relevance of this article? What are these state prerogatives? And given the increased interest of state surveillance, how can states balance respect of FOE while recognising state prerogatives?
*Article II-6, II-7, 11-8, II-11, II-12, II-13 refer to a Protection Authority* which is meant to establish standards for data protection. Article II – 14 *provides for each Member State of the African Union to establish an authority with responsibility to protect personal data. It* *shall be an independent administrative authority with the task of ensuring that the processing of personal data is conducted in accordance with domestic legislations.*
In article II-17 states that ‘*Sworn agents may be invited to participate in audit missions in accordance with extant provisions in Member States of the African Union’.*
*Question:* Considering that this article seems to be tied to the Protection Authority, what is its relevance? And who is a ‘sworn agent?’ What should this authority look like in terms of its composition?
*Article II – 20:*
*…Members of the protection authority shall not receive instructions from any authority in the exercise of their functions. *
*Article II – 21:*
*Member States are engaged to provide the national protection authority human, technical and financial resources necessary to accomplish their mission.*
*Question:* It appears that this Data Protection Authority is envisaged to be fully government supported. Therefore, should we be talking of its independence? In what way should this article be framed so that it ensures independence of the Authority?
*Article II – 28 to II-34 *outlines six principles governing the processing of personal data namely:
Consent and of legitimacy,
Honesty,
Objective, relevance and conservation of processed personal data,
Accuracy,
Transparency and
Confidentiality and security of personal data.
Under each of the specific principles, detailed explanation of how each should be undertaken is offered.
*Question:* Is this explanation and detailing of how to undertake each necessary in an international (regional) law necessary or needed? Is this legislation overkill?
*Day 4 Thursdsay 28/11/2013 Part III*
*Day 4 will focus on PROMOTING CYBERSECURITY AND COMBATING CYBERCRIME*
*Article III – 14: Harmonization*
*1) Member States have to undertake necessary measures to ensure that the legislative measures and / or regulations adopted to fight against cybercrime enhance the possibility of regional harmonization of these measures and respect the principle of double criminality.*
*Question*: What is the principle of double criminality here?
*Section II: Other penal sanctions*
*Article III – 48*
*Each Member State of the African Union have to take necessary legislative measures to ensure that, in the case of conviction for an offense committed by means of digital communication facility, the competent jurisdiction or the judge handling the case gives a ruling imposing additional punishment.*
*Question: * What is the interpretation of additional punishment? Is this not granting of absolute powers to judges?
*Day Five 29/11/2013*
This will be dedicated to any other issue(s)that listers may want to raise in regard to the Convention. Further, listers can go back to issues of any other day and discuss them here.
What other issue(s) would you like to raise?
*References*
DRAFT AFRICAN UNION CONVENTION ON THE CONFIDENCE AND SECURITY IN CYBERSPACE http://pages.au.int/sites/default/files/AU%20Cybersecurity%20Convention%20EN...
http://www.thepetitionsite.com/takeaction/262/148/817/
http://daucc.wordpress.com/2013/10/29/paper-review-basic-drawbacks-of-the-dr...
http://michaelmurungi.blogspot.com/2012/08/comments-on-draft-african-union.h...
Have a great weekend and see you on Monday.
Rgds
Grace
_______________________________________________ kictanet mailing listkictanet@lists.kictanet.or.kehttps://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/alice%40apc.org
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/pileleji%40ymca.gm
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- Poncelet O. Ileleji MBCS Coordinator The Gambia YMCAs Computer Training Centre & Digital Studio MDI Road Kanifing South P. O. Box 421 Banjul The Gambia, West Africa Tel: (220) 4370240 Fax:(220) 4390793 Cell:(220) 9912508 Skype: pons_utd
*www.ymca.gm <http://www.ymca.gm>www.waigf.org <http://www.waigf.org>www.aficta.org <http://www.aficta.org>www.itag.gm <http://www.itag.gm>www.npoc.org <http://www.npoc.org>http://www.wsa-mobile.org/node/753 <http://www.wsa-mobile.org/node/753>*www.diplointernetgovernance.org
-- ______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh kenya.or.ke | The Kenya we know
Thanks Alice, Poncelet and Kivuva. Looking forward to your active contribution to the debate starting tomorrow. WarmlyGG Date: Sat, 23 Nov 2013 22:26:57 +0000 From: pileleji@ymca.gm Subject: Re: [kictanet] Online debate on African Union Convention on Cyber Security (AUCC) CC: kictanet@lists.kictanet.or.ke To: ggithaiga@hotmail.com Great move indeed Regards Poncelet On 23 November 2013 16:18, Alice Munyua <alice@apc.org> wrote: Great going GG Appreciate it. Best Alice On 22/11/2013 08:42, Grace Githaiga wrote: Good morning Listers We would like to propose an online discussion on the African Union Convention on Cyber Security(AUCC)http://pages.au.int/sites/default/files/AU%20Cybersecurity%20Convention%20EN... on multiple lists of KICTANet and ISOC-KE, in Kenya and on I-Network list moderated by the Collaboration on International ICT Policy in East and Southern Africa (CIPESA) and ISOC -Uganda, starting from Monday 25th to Friday 29th November 2013. We will also share the concerns with the best bits list http://bestbits.net/, the Internet Governance Caucus list http://igcaucus.org/ and Access Now https://www.accessnow.org/ since we would like to give as much input as possible. We have been in discussion with AUC and the drafters have accepted to receive our input despite having gone through this process two years ago with African governments. In light of this window of opportunity, we suggest we engage. AUC will discuss the convention during the AU ICT week scheduled for December 1-6, 2013http://www.africanictweek.org/ For Kenya, it is important that we engage, the reason being that if Kenya signs into this convention in January 2014, it will become binding as stipulated in Kenya’s 2010 Constitution Article 2 (6) which states: Any treaty or convention ratified by Kenya shall form part of the law of Kenya under this Constitution. The Convention is therefore more like a Bill of Parliament. 1. Background to the African Union Convention on Cyber Security (AUCC) African Union (AU) convention (52 page document) seeks to intensify the fight against cybercrime across Africa in light of increase in cybercrime, and a lack of mastery of security risks by African countries. Further, that one challenge for African countries is lack of technological security adequate enough to prevent and effectively control technological and informational risks. As such “African States are in dire need of innovative criminal policy strategies that embody States, societal and technical responses to create a credible legal climate for cyber security”. The Convention establishes a framework for cybersecurity in Africa “through organisation of electronic transactions, protection of personal data, promotion of cyber security, e-governance and combating cybercrime” (Conceptual framework). 2. Division of the Convention Part 1 Electronic transactions Section I: Definition of terms Section II: Electronic Commerce (Fields of application of electronic commerce, Contractual responsibility of the electronic provider of goods and services). Section III: Publicity by electronic means. Section IV: Obligations in electronic form (Electronic contracts, Written matter in electronic form, Ensuring the security of electronic transactions). Part II PERSONAL DATA PROTECTION Section I: Definition Section II: Legal framework for personal data protection (Objectives of this Convention with respect to personal data, Scope of application of the Convention, Preliminary formalities for personal data processing). Section III: Institutional framework for protection of personal data (Status, composition or organization, Functions of the protection authority). Section IV: Obligations relating to the conditions governing the processing of personal data (basic principles governing the processing of personal data, Specific principles governing the processing of sensitive data, Interconnection of personal data files). Section V: The rights of the person whose personal data are to be processed (Right to information, Right of access, Right of opposition, Right of correction or suppression). Section VI: Obligations of the personal data processing official (Confidentiality obligations, Security obligations, Conservation obligations, Sustainability obligations). PART III – PROMOTING CYBERSECURITY AND COMBATING CYBERCRIME Section 1: Terminology, National cyber security framework, Legislative measures, National cyber security system, National cyber security monitoring structures). Section II: Material penal law (Offenses specific to Information and Communication Technologies [Attack on, computerized data, Content related offenses], Adapting certain information and communication technologies offenses). Section II: Criminal liability for corporate persons (Adapting certain sanctions to the Information and Communication Technologies, Other penal sanctions, Procedural law, Offenses specific to Information and Communication Technologies). PART IV: COMMON AND FINAL PROVISIONS Section I: Monitoring mechanism Section II: Final responses The Proposed Discussion We have picked on articles that need clarity, and would request listers to kindly discuss them and provide recommendations where necessary. Also, where necessary, listers are encouraged to identify and share other articles that need clarifications that we may have left out. Day 1 Monday 25/ 11/2013 We begin with Part 1 on Electronic transactions and pick on four articles which we will discuss on Monday (25/11) and Tuesday (26/11). Section III: Publicity by electronic means Article I – 7: Without prejudice to Article I-4 any advertising action, irrespective of its form, accessible through online communication service, shall be clearly identified as such. It shall clearly identify the individual or corporate body on behalf of whom it is undertaken. Question: Should net anonymity be legislated? If so, what measures need to be or not be considered? Question: Should individuals or companies be obliged to reveal their identities and what are the implications? Article I – 8: The conditions governing the possibility of promotional offers as well as the conditions for participating in promotional competitions or games where such offers, competitions or games are electronically disseminated, shall be clearly spelt out and easily accessible. Question: Should an international (or should we call it regional) law legislate on promotional offers and competitions offered locally? Day 2 Tuesday 26/11/13 Article I – 9: Direct marketing through any form of indirect communication including messages forwarded with automatic message sender, facsimile or electronic mails in whatsoever form, using the particulars of an individual who has not given prior consent to receiving the said direct marketing through the means indicated, shall be prohibited by the member states of the African Union. Article I – 10: The provisions of Article I – 9 above notwithstanding, direct marketing prospection by electronic mails shall be permissible where: 1) The particulars of the addressee have been obtained directly from him/her, 2) The recipient has given consent to be contacted by the prospector partners 3) The direct prospection concerns similar products or services provided by the same individual or corporate body. Question: Is this a realistic way of dealing with spam? Article I – 27 Where the legislative provisions of Member States have not laid down other provisions, and where there is no valid agreement between the parties, the judge shall resolve proof related conflicts by determining by all possible means the most plausible claim regardless of the message base employed. Question: What is the meaning of this article and is it necessary? Some clarity needed! Day 3 Wednesday 27 /11/13 Today, we move onto PART II: PERSONAL DATA PROTECTION and will deal with three questions. Objectives of this Convention with respect to personal data Article II – 2: Each Member State of the African Union shall put in place a legal framework with a view to establishing a mechanism to combat breaches of private life likely to arise from the gathering, processing, transmission, storage and use of personal data. The mechanism so established shall ensure that any data processing, in whatsoever form, respects the freedoms and fundamental rights of physical persons while recognizing the prerogatives of the State, the rights of local communities and the target for which the businesses were established. Question: What is the relevance of this article? What are these state prerogatives? And given the increased interest of state surveillance, how can states balance respect of FOE while recognising state prerogatives? Article II-6, II-7, 11-8, II-11, II-12, II-13 refer to a Protection Authority which is meant to establish standards for data protection. Article II – 14 provides for each Member State of the African Union to establish an authority with responsibility to protect personal data. It shall be an independent administrative authority with the task of ensuring that the processing of personal data is conducted in accordance with domestic legislations. In article II-17 states that ‘Sworn agents may be invited to participate in audit missions in accordance with extant provisions in Member States of the African Union’. Question: Considering that this article seems to be tied to the Protection Authority, what is its relevance? And who is a ‘sworn agent?’ What should this authority look like in terms of its composition? Article II – 20: …Members of the protection authority shall not receive instructions from any authority in the exercise of their functions. Article II – 21: Member States are engaged to provide the national protection authority human, technical and financial resources necessary to accomplish their mission. Question: It appears that this Data Protection Authority is envisaged to be fully government supported. Therefore, should we be talking of its independence? In what way should this article be framed so that it ensures independence of the Authority? Article II – 28 to II-34 outlines six principles governing the processing of personal data namely: Consent and of legitimacy, Honesty, Objective, relevance and conservation of processed personal data, Accuracy, Transparency and Confidentiality and security of personal data. Under each of the specific principles, detailed explanation of how each should be undertaken is offered. Question: Is this explanation and detailing of how to undertake each necessary in an international (regional) law necessary or needed? Is this legislation overkill? Day 4 Thursdsay 28/11/2013 Part III Day 4 will focus on PROMOTING CYBERSECURITY AND COMBATING CYBERCRIME Article III – 14: Harmonization 1) Member States have to undertake necessary measures to ensure that the legislative measures and / or regulations adopted to fight against cybercrime enhance the possibility of regional harmonization of these measures and respect the principle of double criminality. Question: What is the principle of double criminality here? Section II: Other penal sanctions Article III – 48 Each Member State of the African Union have to take necessary legislative measures to ensure that, in the case of conviction for an offense committed by means of digital communication facility, the competent jurisdiction or the judge handling the case gives a ruling imposing additional punishment. Question: What is the interpretation of additional punishment? Is this not granting of absolute powers to judges? Day Five 29/11/2013 This will be dedicated to any other issue(s)that listers may want to raise in regard to the Convention. Further, listers can go back to issues of any other day and discuss them here. What other issue(s) would you like to raise? References DRAFT AFRICAN UNION CONVENTION ON THE CONFIDENCE AND SECURITY IN CYBERSPACEhttp://pages.au.int/sites/default/files/AU%20Cybersecurity%20Convention%20EN... http://daucc.wordpress.com/ http://www.thepetitionsite.com/takeaction/262/148/817/ http://daucc.wordpress.com/2013/10/29/paper-review-basic-drawbacks-of-the-dr... http://michaelmurungi.blogspot.com/2012/08/comments-on-draft-african-union.h... Have a great weekend and see you on Monday. Rgds Grace _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/alice%40apc.org The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/pileleji%40ymca.gm The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. -- Poncelet O. Ileleji MBCS Coordinator The Gambia YMCAs Computer Training Centre & Digital Studio MDI Road Kanifing South P. O. Box 421 Banjul The Gambia, West Africa Tel: (220) 4370240 Fax:(220) 4390793 Cell:(220) 9912508 Skype: pons_utd www.ymca.gm www.waigf.org www.aficta.org www.itag.gm www.npoc.org http://www.wsa-mobile.org/node/753 www.diplointernetgovernance.org _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/ggithaiga%40hotmail.co... The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
participants (4)
-
Alice Munyua -
Grace Githaiga -
Kivuva -
Poncelet Ileleji