The Cybercrimes Bill, first drafted back in 2017, was officially passed by Parliament earlier this year, and now President Cyril Ramaphosa has signed the legislation into law, bringing South Africa’s cybersecurity laws in line with global standards.
The bill, which is now an act of parliament, had undergone a number of changes over the past three years, however, the objectives remain the same:
- Create offences and impose penalties which have a bearing on cybercrime
- To criminalise the distribution of data messages which are harmful
- To provide for interim protection orders around these messages; and
- To further regulate jurisdiction in cybercrime
The Cybercrimes Bill will now also enforce communication service providers and financial institutions to assist in the investigation of cybercrimes. Failure to do so may lead to a business being fined up to R50,000.
Read More | SA Gov confirms plans to impose TV license fees for streaming services and insists 30% of all Netflix shows must be local
One of the most noteworthy sections of the Cybercrimes Bill deals with malicious communication. Some of the ‘malicious messages’ which you can now face jail time for sending, are outlined below.
Messages which incites damage to property or violence
Disclosing, by means of an electronic communications service, a data message to a person, group of persons or the general public with the intention of:
- Causing any damage to property belonging to; or
- Violence against a person or a group of persons is guilty of an offence.
Messages which threatens persons with damage to property or violence
A person commits an offence if they send a message which threatens a person with:
- Damage to property belonging to that person or a related person; or
- Violence against that person or a related person.
This extends to messages which threaten a group of people with damage to property or violence.
This section of The Cybercrimes Bill also includes a ‘reasonable person’ test which states that a message will be considered malicious if a ‘reasonable person’ would perceive the content of the message as a threat.
Any person (Person A) who unlawfully and intentionally discloses, by means of an electronic communications service, a data message of an intimate image of another person (Person B) without their consent is guilty of an offence.
‘Person B’ is identified as:
- The person who can be identified as being displayed in the data message;
- Any person who is described as being displayed in the data message, irrespective of the fact that the person cannot be identified as being displayed in the data message; or
- Any person who can be identified from other information as being displayed in the data message.
The Cybercrimes Bill defines an ‘‘intimate image’’ as a depiction of a person which is real or simulated, and made by any means in which:
- Person B is nude, or the genital organs or anal region of Person B is displayed, or if Person B is a female person, transgender person or intersex person, their breasts, are displayed; or
- The covered genital or anal region of Person B, or if Person B is a female person, transgender person or intersex person, their covered breasts, are displayed.
The section also includes consideration on privacy in that the message will be considered an offence if Person B retains a reasonable expectation of privacy at the time that the data message was made in a manner that:
- Violates or offends the sexual integrity or dignity of B; or
- Amounts to sexual exploitation.