A Common Cybersecurity Policy - Is It Practical in Africa?Legal Expert Discusses Challenges, Timelines and Alternatives to Uniform Laws
African nations have long sought common cybersecurity and privacy laws to facilitate e-commerce across the continent, but of the 55 countries that signed the convention in 2014, so far only 13 have enacted laws. Lucien Pierce, director of PPM Attorneys, explains why it's a complex, time-consuming process.
"The reality is that every country has a different approach to the way it passes its laws. South Africa, Ghana or Namibia might have a different approach on how the laws are dealt with, the public consultation process, the standards that they apply," says Pierce, a Johannesburg attorney whose firm specializes in regulatory law.
The legislative process takes time, Pierce says. For example, South African leaders first discussed the Protection of Personal Information Act in 2003. It finally became law in 2013, but it didn't go into effect until 2021. That's an extreme case, he says, but he estimates that it will take each country three to five years to pass legislation that aligns with the African Union Convention on Cybercrime. "We're probably looking at 2027-2028 before most countries in Africa have laws in place," he says.
In this video interview with Information Security Media Group, Pierce discusses:
- The political and regulatory challenges of having a common cybersecurity policy for Africa;
- Where various countries are in their levels of cybersecurity maturity;
- How mutual cooperation treaties, improved law enforcement and other measures can help fill jurisdictional gaps until more laws are passed.
Pierce focuses on the commercial and regulatory aspects of telecommunications, media and technology. He covers matters such as commercial transactions, satellite frequency-spectrum license applications, information security, data protection and fintechs.