By Mailyn Fidler |
Two years ago, the African Union (AU) adopted its Convention on Cybersecurity and Personal Data Protection. The Convention seeks to improve how African states address cybercrime, data protection, e-commerce, and cybersecurity. However, only eight of the AU’s fifty-four members have signed the Convention, with none ratifying it. Despite this currently limited uptake, the Convention, and how the AU produced it, signals that African states value political autonomy and independence when developing cyber policy. The U.S. government should keep this in mind as it reaches out to AU member states in promoting cyber norms and capacity building efforts.
Development of the Convention
The AU’s development of the Convention reflects a desire of African states to have autonomy over their response to cyberspace challenges. The AU chose to develop its own Convention instead of promoting African participation in existing cyber treaties, most notably the Council of Europe’s Budapest Convention on Cybercrime (2001). Only one African state, South Africa, participated in the Budapest Convention negotiations, and, even then, had to ask to be included. The Council of Europe approved three other African country requests to accede, a low rate compared to other regions in the global south, and only one African state has ratified it. South Africa has refused to ratify the Budapest Convention because of sovereignty concerns.
Instead, the AU began work on its own approach in 2007. By this time, African states had already started to act as a bloc in international cyber negotiations. For instance, African countries advocated for more equitable access to the Internet and participation in Internet governance during the 2003 and 2005 World Summit on the Information Society (WSIS) – a stance that challenged prevailing Western views.
Read the full article here.