Cyber Law at Western Sahara
Cyber law in Western Sahara is a complex and politically sensitive issue due to the ongoing dispute over the territory. There are two main perspectives on the legal framework:
Moroccan-administered areas: For the estimated 80-85% of Western Sahara controlled by Morocco, Moroccan cyber law applies.
Sahrawi Arab Democratic Republic (SADR)-controlled areas: For the easternmost 15-20% controlled by the Polisario Front, which claims the Sahrawi Arab Democratic Republic (SADR), the legal framework is much less developed.
Cyber Law in Moroccan-Administered Western Sahara
Morocco has been actively developing its cyber law framework, seeking to align it with international standards, including the Budapest Convention on Cybercrime, which Morocco ratified in 2018.
Key aspects of Morocco's cyber law, which would apply in the Moroccan-administered parts of Western Sahara, include:
Cybercrime Legislation: Morocco has laws that criminalize various cyber offenses.
Law N° 07-03 (supplementing the Criminal Code): This was one of the first pieces of legislation dealing with cybercrime, targeting offenses related to automated data processing systems.
Newer Legal Requirements (as of early 2022): The Moroccan Ministry of Justice has been working to introduce new legal requirements to combat cybercrimes, particularly those targeting women and children. This effort aims to ensure compatibility with international standards like the Budapest Convention.
Specific offenses would likely include:
Unauthorized access to computer systems (hacking).
Data interference or sabotage.
Misuse of devices.
Computer-related fraud and forgery.
Child pornography and online exploitation.
Cyberstalking and online harassment.
Online defamation.
Data Protection:
Act No. 09-08 on the Protection of Individuals with regard to the Processing of Personal Data: This law defines personal data protection standards, the prerogatives of the National Commission for Control and Protection of Personal Data (CNDP), and mechanisms for cross-border data transfers, along with penalties for non-compliance.
Act 53-03 on the electronic exchange of legal data: Strengthens data protection in official electronic exchanges.
Cybersecurity:
Act 05-20 on cybersecurity: Establishes security rules for state, public, and private entities, defining concepts like cybersecurity, cyber threats, and vital infrastructures.
Institutional Framework: Morocco has established bodies like the Moroccan Computer Emergency Response Team (MACERT) and the General Directorate for Information Systems Security (DGSSI) to address cybersecurity.
Freedom of Speech and Internet Control:
Internet access in Moroccan-administered areas generally mirrors that in internationally recognized Morocco.
While generally open, Moroccan law prohibits criticizing Islam, the institution of the monarchy, or opposing the government's official position regarding territorial integrity (which includes Western Sahara).
There have been reports of self-censorship among Saharan media outlets and bloggers on these sensitive issues.
The OpenNet Initiative (ONI) in 2009 noted selective internet filtering in social, conflict/security, and internet tools areas in Morocco.
Cyber Law in SADR-Controlled Western Sahara
The Sahrawi Arab Democratic Republic (SADR) faces significant challenges in establishing a comprehensive legal framework for cyber law due to its limited recognition and control.
Limited Legal Development: Reports indicate that the SADR generally does not have specific, comprehensive data protection or cybercrime legislation in force.
The Sahrawi Constitution (1999, with revisions) does not explicitly protect the right to privacy, unlike most other constitutions on the African continent.
There is no designated Data Protection Authority (DPA).
There are no defined requirements for the collection and processing of personal data, nor for notification in case of data breaches.
No explicit provisions for civil liability or criminal/administrative penalties related to data protection.
International Conventions: The SADR is unlikely to be a signatory to major international cybercrime or data protection conventions like the Budapest Convention or the African Union's Malabo Convention, given its limited international recognition.
Internet Access and Infrastructure: Internet penetration in the SADR-controlled areas is significantly limited due to infrastructure constraints and the political situation. USSD (Unstructured Supplementary Service Data) and SMS are more common than internet-based services.
Digital Rights: Sahrawi activists, particularly those in Moroccan-controlled areas and refugee camps, utilize digital media to highlight human rights issues and political dissension, indicating that the internet serves as a crucial platform for communication and advocacy, despite potential monitoring or restrictions by Moroccan authorities in their controlled territories.
Conclusion:
For practical purposes, cyber law in Western Sahara is largely determined by the entity exercising de facto control. This means that Moroccan cyber laws apply in the majority of the territory. In the areas controlled by the SADR, a formal and comprehensive cyber law framework is largely absent, with legal principles likely being rudimentary or adapted on a case-by-case basis based on broader constitutional or human rights principles, if any.
Anyone operating digitally in Western Sahara, particularly in Moroccan-administered zones, should be aware of Moroccan cybercrime, data protection, and content regulation laws.
RELATED Blog
0 comments