Professional Documents
Culture Documents
GROUP 7 ICT LAWS - REVIEWED Upload
GROUP 7 ICT LAWS - REVIEWED Upload
Presented by Group 7
5.0 APPENDIX 11
REFERENCES 12
ABSTRACT
The rise in cybercrime has led to African countries creating Cyber/Internet Crime Acts
to prohibit the increase in Internet related crimes, prevent these kinds of activities,
protect her citizens, detect, and prosecute offending parties. This study analyses the ICT
laws of Nigeria and South Africa, and exposes their strengths and weaknesses.
1.0 NIGERIA’S CYBERCRIME ACT 2015
The Nigerian Cyber Crime Act was enacted by the National Assembly of the Federal
Republic of Nigeria to
(a) Provide an effective and unified legal, regulatory and institutional framework for
the prohibition, prevention, detection, prosecution and punishment of cybercrimes in
Nigeria;
(c) Promote cyber security and the protection of computer systems and networks,
electronic communications; data and computer programs, intellectual property and
privacy rights.
2. “The death penalty for an offence committed against a system or network that
has been designated critical national infrastructure of Nigeria that results in the death of
an individual” as quoted by the Nigerian Cybercrime Act 2015 (amongst other
punishments for lesser crimes).
4. The Cybercrime Act 2015 made a provision for identity theft, as it provides a
strict punishment of imprisonment for a term of not less than 3 years or a fine of not
less than N7 million or to both fine and imprisonment.
An example of identity fraud would be the individual who impersonated Chief Bola
Ahmed Tinubu on Facebook and was apprehended recently by the police.
5. For offences related to child-pornography, the act stipulates punishments of
imprisonment for a term of 10 years or a fine of not less than N20 million or to both
fine and imprisonment, depending on the nature of the offence and the act carried out
by the accused persons. The offences are: producing, procuring, distributing, and
possession of child pornography.
7. The Nigerian Cybercrime Act 2015 prohibits using an Internet domain name
with bad faith intent to profit from the popularity of a trademark belonging to someone
else, or to profit by selling to its original owner.
“Individuals who engage in this are liable on conviction to imprisonment for a term of
not less than 2 years or a fine of not less than N5 million or to both fine and
imprisonment” as quoted in the Nigerian Cybercrime Act 2015.
The above is just a high-level overview of certain interesting provisions in the newly
passed legislation.
The Act itself contains 43 sections, and is a very important piece of legislation to foster
the development of the nascent ICT sector in Nigeria.
2.0 SOUTH AFRICAN INFORMATION TECHNOLOGY LAW
South Africa has one of the largest information and communications technology (ICT)
markets in Africa by value. It shows technological leadership in the mobile software
field, security software as well as electronic banking services.
As an increasingly important contributor to South Africa's GDP, the country's ICT and
electronics sector is both sophisticated and developing.
Several international corporates operate subsidiaries from South Africa, including IBM,
Unisys, Microsoft, Intel, Systems Application Protocol (SAP), Dell, Novell and
Compaq. It is seen as a regional hub and a supply base for neighbouring countries.
The South African market is price-sensitive, also on the capital goods’ side.
What is the law regards data privacy or data protection in South Africa? Does South
Africa have a Data Protection Act?
In terms of South African law, the right to privacy is protected in terms of the common
law and section 14 of the Constitution of South Africa 1996.
“In both instances, the right to privacy is limited, and to prove an infringement will most
probably be fairly difficult. There is also established case law on:
bodily privacy,
the privacy of communications, and
territorial privacy”
The Protection of Personal Information Act (called the POPI Act or POPIA) brings an
end to the uncertainty regarding the law on the use and processing of personal
information. POPIA is essentially the South African Data Protection Bill or Data
Protection Act.
The POPI Act recognises the right to privacy enshrined in the Constitution and gives
effect to this right by mandatory procedures and mechanisms for the handling and
processing of personal information.
The POPI Act is in line with current international trends and laws on privacy.
‘Processing’ is widely defined, including the ‘collection, recording, organisation,
storage, updating or modification, retrieval, consultation, use, dissemination by means
of transmission, distribution or making available in any other form, merging, linking,
as well as blocking, erasure or destruction of personal information.’
The POPI Act provides eight information protection principles to govern the processing
of personal information. There are specific provisions for:
a) Direct marketing,
b) Automated decision making,
c) The processing of cross-border flows of data.
People often provide information for one reason and do not realise that it may be used
for other purposes as well, therefore POPIA prescribes eight specific principles for the
lawful processing and use of personal information. In a nutshell, the POPIA principles
are:
“The offences and penalties in POPIA quite limited. For example, one directed against
the hindering and obstruction of the Information Regulator in the execution of its
obligations and duties.
This case was culled from IOL news in 2004 (referenced below)
Site-https://www.iol.co.za/news/south-africa/hackers-vandalise-45-south-african-
websites-121014
Reinhardt Buys, an Internet lawyer in Cape Town granted an interview to IOL news
and said the following;
"On Thursday last week, a hacker group referring to itself as Spykids hacked into
websites located in Cape Town and Stellenbosch," Buys said as quoted by
"The fact that all the websites are in the Western Cape seems to show the hackers
broke into a single server and therefore had access to all the websites hosted on that
server."
“Buys said many businesses in South Africa were too embarrassed to say their sites
had been hacked into and often did not report cases to the Directorate of Special
Investigations” as quoted by www.iol.com
Buys said he suspected the attacks were carried out from outside the country, "most
probably" from Brazil."
"Most hackers seem to be from Brazil because it has the least effective legislation in
place," he said.
Most owners of defaced websites in the United States tended not to file complaints
with the police, but to "claim their losses from the Internet Service Providers who host
the websites and who should have provided proper protections" as quoted by
www.iol.com
"They are just out for the boast and the more prestigious the company hacked, the
more the boasting rights."
4.0 COMPARING AND CONTRASTING THE NIGERIAN WITH THE
SOUTH AFRICAN LAW
“The penalty is imprisonment for a term of not more than two years or a fine of not
more than five million naira or both fine and imprisonment” as quoted in section 8 of
the Cybercrimes Act
While in South Africa, under ECT Act, one who is caught in same act as stated for
Nigeria is liable to an undefined fine or imprisonment for a period of five years
In Nigeria, it is an offence in the Advance Fee Fraud Act (AFF Act) for any internet
service provider not to register with the Economic and Financial Crime Commission
(EFCC) and the penalty for such lead to conviction to imprisonment for a term of not
less than three years without an option of a fine and in the case of continuing offence
leads to a fine of fifty thousand naira for each day the offence occur.
It also an offence in the Cybercrime Act on any person or institution who fails to report
an incident to the National Computer Emergency Response Team (CERT) within seven
days of its occurrence commits an offence and such a person or institution is liable to
denial of internet services and also will be fine with the sum of two million naira.
While in South Africa, there is no imposed duty law under the current legislative
framework to implement cyber security measures on organization but the Protection of
Personal Information Act 4 of 2013 was declared and has not yet started that responsible
parties (internet service provider) should implement reasonable technical and
organisational measures to guide their personal information against unauthorised access
such as cyber security measures.
4.3 NIGERIAN AND SOUTH AFRICAN LAW ON PHISHING
Under the Cybercrime Act of the Nigeria law, phishing such as masquerading in an
electronic communication like emails in such that a mail is sent to an individual or
groups of individuals to change their account details in an attempt to get confidential
information from such individual such as usernames, passwords bank card details for
the purpose of defrauding is liable to three years’ imprisonment or a fine of one million
naira or both fine and imprisonment.
While in South Africa, phishing is categories under common law of theft and the penalty
depend on the court that hears the case but the penalty under magistrate court fifteen
years’ imprisonment.
APPENDIX
South African Information Technology Law, POPI and the Eight Principles
Comparison on Nigeria and South Africa ICT Law, Law on Hackers, phishing
Ogundele
https://iclg.com/practice-areas/cybersecurity-laws-and-regulations/nigeria
https://iclg.com/practice-areas/cybersecurity-laws-and-regulations/south-africa
https://lawpadi.com/10-things-about -nigerias-cybercrime-act-2
https://www.michalsons.com/privacy-in-south-africa/150
https://www.iol.co.za/news/south-africa/hackers-vandalise-45-south-websites-121014
https://www.export.gov/article?south-africa-information-technology
https://iclg.com/practice-areas/cybersecurity-laws-and-regulations/nigeria
https://researchspace.ukzn.ac.sequence=1
http://lawnigeria.com/LawsoftheFederation/Cyber-Crime-Act,-2015.html
https://www.iol.co.za/news/south-africa/hackers-vandalise-45-south-african-websites-
121014
https://www.michalsons.com/blog/data-privacy-in-south-africa/150
https://www.export.gov/article?id=South-Africa-information-technology
http://www.natlotregcom.gov.ng/downloads/NLA_2005.pdf
http://gfc-conference.eu/wp-
content/uploads/2017/01/MERAVIGLIA_Technology_and_counterfeiting-
friends_or_foes.pdf
http://www.ncc.gov.ng/index.php/docman-main/industry-statistics/research-
reports/682-understanding-the-concept-of-cyber-security/file