Cyber Law at Togo
Togo has made significant strides in establishing a legal framework for cybersecurity and digital matters, reflecting a growing awareness of the importance of protecting its digital space. Its cyber laws are a mix of specific legislation, alignment with regional directives, and international conventions.
Here's a breakdown of the key aspects of Cyber Law in Togo:
1. Key Legislative Instruments:
Law No. 2018-026 on Cybersecurity and the Fight Against Cybercrime (2018): This is a cornerstone of Togo's cyber legal framework. It defines and criminalizes various cyber offenses, bringing Togolese law into alignment with international standards, particularly the ECOWAS Directive C/DIR. 1/08/1 on Fighting Cybercrime. Key offenses covered include:
Illegal access to computer systems (hacking).
Illegal interference with data.
Illegal interference with computer systems.
Data forgery.
System interference.
Cyber fraud.
Child pornography offenses.
It also outlines procedural powers for law enforcement, such as search and seizure of stored computer data and interception of content data.
Law No. 2019-014 Relating to the Protection of Personal Data (2019): This comprehensive data protection law regulates the collection, processing, transmission, storage, and use of personal data in Togo. Key provisions include:
Definition of Personal Data: Broadly defined as any information relating to an identified or identifiable natural person.
Principles of Data Processing: Emphasizes principles like consent, lawfulness, fairness, purpose limitation, data minimization, accuracy, confidentiality, and security.
Data Subject Rights: Grants individuals various rights, including the right to information, access, objection, rectification, and erasure of their personal data.
Data Protection Authority (IPDCP - Instance de Protection des Données à Caractère Personnel): Mandated the establishment of an independent administrative authority to ensure compliance, though its full operationalization has been a process. The IPDCP is empowered to investigate, issue warnings, formal notices, and impose administrative and criminal penalties for non-compliance.
International Data Transfers: Restricts the transfer of personal data to countries that do not ensure an adequate level of protection.
Law No. 2017-07 on Electronic Transactions: This law facilitates and regulates electronic transactions, aiming to build trust and security in the digital economy. It covers aspects like electronic signatures, electronic contracts, and the legal validity of electronic documents.
Law No. 2012-018 on Electronic Communications: This law governs the telecommunications sector, including aspects of cybersecurity. It provides for the privacy of communications but also contains provisions that allow for the interception of communications and electronic content by authorized government officials under specific circumstances.
Law No. 2020-009 relating to the Biometric Identification of Natural Persons (2020): This law establishes a system for the unique identification and authentication of natural persons through biometric and demographic data, requiring citizens and residents to obtain a Unique Identification Number (NIU). This raises important considerations for data privacy and security.
2. Key Institutions and Initiatives:
National Cybersecurity Agency (ANCy - Agence Nationale de la Cybersécurité): Created by presidential decree, ANCy is the main body responsible for implementing cybersecurity policy and strategic orientations at the national level. Its mission includes establishing cybersecurity rules, ensuring their application, and conducting annual compliance audits for essential service operators.
Personal Data Protection Authority (IPDCP): As mentioned above, this authority is responsible for overseeing data protection compliance.
African Centre for Coordination and Research in Cybersecurity: Togo, in collaboration with the United Nations Economic Commission for Africa (UNECA), is establishing this center in Lomé to promote cybersecurity and fight cybercrime across Africa, aligning with the "Lomé Declaration on cybersecurity and the fight against cybercrime" (2022).
Cyber Defense Africa (CDA): A public-private partnership aimed at protecting Togo's cyberspace and fostering skill transfer in cybersecurity.
National Cybersecurity Strategy: The Togolese government has developed a national cybersecurity strategy, demonstrating a commitment to addressing cyber threats systematically.
Ratification of Malabo Convention: Togo has notably ratified the African Union Convention on Cyber Security and Personal Data Protection (the Malabo Convention), underscoring its commitment to regional and international cooperation in cyber law.
3. Challenges and Considerations:
Implementation and Enforcement: While the legal framework is largely in place, the effective implementation and enforcement of these laws remain crucial. This includes the full operationalization of the IPDCP and ensuring adequate resources and technical expertise for law enforcement agencies.
Balancing Security and Privacy: Like many countries, Togo faces the challenge of balancing national security interests with the protection of citizens' privacy and freedom of expression. Concerns have been raised by civil society groups regarding broad powers granted to authorities for data access and communication interception, and past instances of internet shutdowns during protests.
Public Awareness: Increasing public and business awareness of cyber risks and their rights and obligations under cyber laws is an ongoing effort.
Cybercrime Capacity Building: Continued investment in capacity building for law enforcement, judiciary, and technical experts is essential to effectively investigate and prosecute cybercrimes.
Critical Infrastructure Protection: While a decree designates essential service operators and outlines their cybersecurity obligations, ongoing efforts are needed to ensure robust protection of critical national infrastructure.
Togo's cyber law landscape shows a proactive approach to regulating the digital sphere, aiming to foster a secure and trustworthy online environment while addressing the growing threats of cybercrime. However, the practical application and ongoing evolution of these laws in light of rapid technological advancements will be key to their long-term effectiveness.
RELATED Blog
0 comments