The Cybercrimes Bill has officially been passed by Parliament and the draft legislation is ready to be signed into law by President Cyril Ramaphosa.
The bill, which was first put forward in 2017, has undergone a number of changes since then, according to BusinessTech.
The main aims of the Bill seek to:
– Create offences which have a bearing on cybercrime;
– Criminalise the disclosure of data messages which are harmful and to provide for interim protection orders;
– Further regulate jurisdiction in respect of cybercrimes and the powers to investigate cybercrimes.
The bill also obliges electronic communications service providers and financial institutions to help investigate cybercrimes and allows the executive to enter into agreements with foreign powers to promote cybersecurity.
A key section of the Bill defines what “malicious communications” are and lays out what the punishment is for sending certain types of messages electronically in South Africa.
Some malicious communications are defined as follows:
Data messages which incite damage to property or violence
Any person who discloses, by means of an electronic communications service, a data message to a person, group of persons or the general public with the intention to incite:
– the causing of any damage to property belonging to a person or a group of persons; or
– the causing of violence against a person or group of persons is guilty of an offence.
Data messages which threaten persons with damage to property or violence
A person commits an offence if they send a message which threatens a person with:
– damage to property belonging to that person or a related person; or
– violence against that person or a related person.
These offences are extended to messages which threaten groups of people as well. This section of the bill includes a ‘reasonable person’ test which reads as follows:
“a reasonable person in possession of the same information, with due regard to all the circumstances, would perceive the data message… as a threat…”
Disclosure of intimate images
Any person (A) who unlawfully and intentionally discloses, by means of an electronic communications service, a data message of an intimate image of a person (B), without the consent of B, is guilty of an offence.
In this section of the bill, person B is defined as:
– the person who can be identified as being displayed in the data message;
– any person who is described as being displayed in the data message, irrespective of the fact that the person cannot be identified as being displayed in the data message; or
– any person who can be identified from other information as being displayed in the data message.
An “intimate image” is defined as a depiction of a person, real or simulated, made by any means wherein:
– person B is nude, or the genital organs or anal region of Person B is displayed, or if person B is a female person, transgender person or intersex person, their breasts are displayed; or
– the covered genital or anal region of person B, or if person B is a female person, transgender person or intersex person, their covered breasts, are displayed.
The section says that the disclosure of such an intimate message will be considered an offence if person B retains a reasonable expectation of privacy at the time the message was sent in a manner that:
– violates or offends the sexual integrity or dignity of person B; or
– amounts to sexual exploitation.
According to Cliffe Dekker Hoffmeyer, the Bill prescribes sentences with include fines and/or imprisonment which range from five to 10 years with aggravated offences possibly garnering imprisonment of up to 15 years.