On the Computer Misuse Bill 2022
Andrew Wandera
What you need to know:
- Although in his request for leave to introduce a private member’s Bill MP Mohammed Nsereko justified the fact that the world continues to experience rapid advancement in the use of technology, leading to the adoption of social media platforms as a means of communication and interaction, the objects of the Bill he has since introduced suggest otherwise.
Primarily the purpose of legislation is to cure mischief. In its object clause, the Computer Misuse (Amendment) Bill 2022 seeks to enhance the provisions on unauthorised access to data, and prohibit the sharing of data relating to children without authorisation from their parents or guardians.
The Bill further seeks to prohibit sending or sharing false, malicious, and unsolicited information.
Although in his request for leave to introduce a private member’s Bill MP Mohammed Nsereko justified the fact that the world continues to experience rapid advancement in the use of technology, leading to the adoption of social media platforms as a means of communication and interaction, the objects of the Bill he has since introduced suggest otherwise.
Other than the Bill seeking to ‘cure a mischief’ that is already cured by the existing legal framework, it also seeks to unjustifiably and disproportionately curtail digital freedoms and rights such as, the freedom of expression on social media platforms.
In 2019, the Data Protection and Privacy Act was enacted to protect privacy, regulate the collection and processing of personal information and regulate the use or disclosure of personal information.
The enabling regulations to support enforcement are already in place and the respective institutions to enforce the Data Protection and Privacy Act are operational, that is to say, the Personal Data Protection Office.
The redundancy of the Computer Misuse (Amendment) Bill 2022 lies in the fact that the Data Protection and Privacy Act already cures the mischief that the Bill purports to cure.
The Data Protection and Privacy Act already bars unauthorised access to personal information, provides for lawful means for collecting, storing, and the obligation to put in place security measures against unauthorised access to personal information.
The Data Protection and Privacy Act further provides for offences for such unauthorised access to personal information and the penalty thereto.
Concerning the sharing of data relating to children without authorisation from their parents or guardians, the Data Protection and Privacy Act regulates the collection, access, and sharing of personal data relating to children and the Computer Misuse (Amendment) Bill is only duplicating what is provided for under the Act.
The Data Protection and Privacy Act establishes the Personal Data Protection Office which is responsible for personal data protection and is already established and making efforts to collaborate with other enforcement agencies like the Police and Director of Public Prosecution Office to enhance enforcement of the Data Protection and Privacy Act.
With most of the prosecutions so far based on the Computer Misuse Act, 2011 having been mostly politically motivated prosecutions, a further criminalisation of speech on social media platforms would only entrench the violation of freedom of expression and speech on digital spaces.
This is not to condone sending or sharing false, malicious, and unsolicited information but our legal framework already provides for legal recourse where such malicious, false and unsolicited information is shared with the inspecting public.
Technology as an enabler has, among other things, enhanced the way we communicate and we cannot continue leveraging on its benefits through draconian and redundant legislation.
We can only benefit from technology if our approach to legislation is progressive while remembering that it is not the limitation to enjoyment of a right that is fundamental but the right / freedom.
Andrew Wandera, Advocate of the High Court
