African Union Convention on Cyber Security and Personal Data Protection
This Convention on the establishment of a Legal Framework for Cybersecurity and Personal Data Protection embodies the existing commitments of African Union Member States at sub-regional, regional and international levels to build the Information Society, that it aims at defining the objectives and broad orientations of the Information Society in Africa and strengthening existing legislations on Information and Communication Technologies (ICTs) of Member States and the Regional Economic Communities (RECs);
The goal of this Convention is to address the need for harmonized legislation in the area of cyber security in Member States of the African Union, and to establish in each State party a mechanism capable of combating violations of privacy that may be generated by personal data collection, processing, transmission, storage and use; that by proposing a type of institutional basis, the Convention guarantees that whatever form of processing is used shall respect the basic freedoms and rights of individuals while also taking into account the prerogatives of States, the rights of local communities and the interests of businesses; and take on board internationally recognized best practices;
This Convention seeks, in terms of substantive criminal law, to modernize instruments for the repression of cybercrime by formulating a policy for the adoption of new offences specific to ICTs, and aligning certain offences, sanctions and criminal liability systems in force in Member States with the ICT environment.
Adopted by the 23rd Ordinary Session of the Assembly of the Union, Malabo, 27th June 2014.