Assessing the need for cyberlaw harmonization

Cécile Barayre-El Shami Programme Manager, E-Commerce and Law Reform ICT Analysis Section, UNCTAD cecile.barayre@unctad.org

Commonwealth Cybersecurity Forum 2014 London, 5-6 February 2014

1

Cyberattacks have the potential to destabilize on a global scale. Cybersecurity must therefore be a matter of global concern. We need to work together to bolster confidence in our networks, which are central to international commerce and governance.

We need to strengthen national legislation … push for international frameworks for collaboration … and adopt the necessary measures to detect and defuse cyber threats.

Mr. Ban Ki-moon, UN Secretary-General, Seoul Conference on Cyberspace, Seoul, Republic of Korea, October 2013

2

Why cybersecurity matters

Technology is pervasive and omnipresent

Nearly as many SIM cards as people/applications 90% global penetration

60% in Africa

9% annual growth of Internet users worldwide Mobile money in expansion

2.5 billion people unbanked in lower to middle income countries

225 deployments as of February 2014, of which more than 50% in Africa

Increased use of cloud computing

Webmail and social networks

Business applications

G-cloud

E-government initiatives

E.g: the EAC

3

Sources: ITU, GSMA, UNCTAD (2014)

Signs of rapid growth of e-commerce in developing countries

B2C e-commerce sales in 2012: $1 trillion

China, India and Indonesia expected to grow fastest in 2013

China

E-commerce has grown by 120% a year since 2003

Surpassed the US in 2013 as largest e-commerce market

Requested UNCTAD to review its e-commerce legislation (2014)

Latin America: from $1.6 billion to $43 billion in past decade

Brazil accounts for largest market share (59%)

Middle East and Africa: share in global e-commerce expected to rise from 1.6% to 3.5% by 2016

4

Sources: Economist, Morgan Stanley, eMarketer

Issues to address

Cybersecurity is multi-dimensional and complex Sovereignty, freedom of expression and privacy

No international framework to address cybersecurity Security and trust of ICT users Lack of capacity: Policy and law makers preparing and enforcing laws Technical skills (security systems and CERTs) Enforcement bodies

Differences among countries Legislation, capacity, resources

Regional agreements/frameworks

5

Assessing cyberlaw status

1/3 of the world’s jurisdictions lack e-commerce legislation

101 countries (including 55 developing countries) with data privacy laws

6

Source: UNCTAD, Greenleaf, 2013

Africa (18) Asia (8) Caribbean and Americas (13)

Europe (3) Pacific (11)

Privacy Laws (16)

Ghana Mauritius Seychelles

India Malaysia Singapore

Bahamas Canada St Lucia St Vincent and The Grenadines Trinidad and Tobago

Cyprus Malta United Kingdom

Australia New Zealand

Bills (10) Kenya Nigeria South Africa Tanzania

Antigua and Barbados Barbados Dominica Grenada Jamaica St Kitts and Nevis

UNCTAD's work on cyberlaw harmonization

Provide technical assistance to more than 30 countries of which 10 Commonwealth countries building harmonized legal frameworks for e-commerce [Ghana, Kenya, Nigeria, Rwanda, Sierra Leone, Uganda, Tanzania, Brunei Darussalam, Malaysia, Singapore]

Support developing countries’ efforts towards the preparation of an enabling legal and regulatory environment for e-commerce

1. Raise awareness and build capacity of policy and law makers, including parliamentarians; eg. CTO and CPA Briefing of parliamentarians, Commonwealth Cybersecurity Forum 2013

2. UNCTAD training course on the “Legal Aspects of E-commerce” : legal validity of e-transaction, consumer protection, taxation, security, privacy, IPRs, content regulation

3. Reviews of national laws and regional agreements

4. Assistance in the preparation of regionally harmonized legal frameworks

Programme funded by Finland

7

ASEAN Frontrunner in Harmonization

Harmonization of E-Commerce Legal Infrastructure in ASEAN Project (2004-2008)

First developing region to adopt harmonized framework for e-commerce laws

ICT Master Plan 2015 sets targets for further harmonization

Recognize need for continuous improvement of framework and to ensure effective implementation at national level

Conscious of new challenges as result of evolving ICT landscape

8

UNCTAD-ASEAN Review of E-Commerce Laws Harmonization in ASEAN

Take stock of progress to date

Surveys of 10 ASEAN Member States and

of the Private Sector

Workshop in Cebu, 10-11 November 2012

25 participants from all ASEAN Member States

Country presentations

Group discussions on key issues and priority legal areas

Needs assessment

Review published in 2013 and presented to the Telecommunications and IT Senior Official and Telecommunication Regulators' Council Leaders’ in September 2013

9

Status of e-commerce law harmonization in ASEAN (March 2013)

10 Source: UNCTAD

Main goal of the EAC Treaty: regional integration

Regional e-Government Programme adopted by the EAC Council of Ministers (2006) Enabling legal framework as a critical factor: e-

transactions, cybersecurity

Harmonized regional and national legal frameworks

Creation of an EAC Task Force

Regional ICT developments Improved fiber-optic links and expansion of mobile

telephony and related services, notably mobile money

Business process outsourcing

11

UNCTAD's assistance in Africa The case of the EAC

EAC cyberlaw harmonization : Processes

12

Great progress achieved in terms of harmonization in the EAC Two Cyberlaw Frameworks endorsed Phase I: e-transactions, cybercrime, consumer protection, data protection –

adopted by the EAC Council of Ministers (2010) Phase II: IPRs, competition, taxation and information security - adopted by

the EAC Council of Ministers (2013)

Progress at the country level Computer crime : Kenya, Rwanda and Uganda - (Drafts - Burundi and

Tanzania) Data protection and privacy: Drafts in Burundi, Kenya, Rwanda and Tanzania-

A draft is being prepared by Uganda - Request from the Ministry of Information and Communications Technology for UNCTAD review (2014)

Awareness campaigns eg. Uganda: Training of ICT and legal personnel since 2012: banks, insurance,

traders, manufacturers, judges, police and other agencies and bodies

Success of the project based on: Ownership from the EAC secretariat Continuation and commitment of the EAC Task Force (TF) Members UNCTAD continued support: review of draft laws and capacity-

building workshops

13

UNCTAD's assistance in Africa The case of ECOWAS

Project started in 2013 in cooperation with the ECOWAS Commission To support the implementation at the national level of existing legal

frameworks on e-transactions (Supplementary Act A/SA.2/01/10), cybercrime (Directive 1/08/11) and personal data protection (Supplementary Act A/SA.1/01/10)

To review e-commerce law harmonization

Building capacity of policy and law makers 220 trained through distance learning Two regional workshops (Dakar, February; Accra, March, 2014) Surveys of 15 ECOWAS Member States Recommendations to further cyberlaw harmonization

"If we want to promote e-commerce in the region, we must raise consumer confidence in computer security and electronic transactions" - Dr. Raphael Koffi, Principal Programme Officer and Head of Telecommunication/ICT Division, ECOWAS Commission

14

15

Thank you for your attention!

http://unctad.org/ICT4D