Digital analytics and evidence obligations in Cybercrimes Bill problematic for IAB SA members

The Department of Justice and Constitutional Development published a revised version of the Cybercrimes and Cyber security Bill. By and large the Bill was a welcomed revision of prior drafts. The Bill’s legacy challenges however, with defining electronic equipment and records, creating overreaching cybercrimes, and providing for broad powers of search and surveillance remain.

The IAB SA submitted comments and recommendations as part of the public call for consultation.

In particular, the IAB SA raised the impractical limitations on the use of digital rights management. The Bill does not recognise the use of digital tracking and analytical software as used legitimately by IABSA members to collect, monitor and analyse data traffic and digital communication channels in connection with marketing and advertising intelligence. With the current wording of the section, such legitimate uses would potentially be classified as unlawful.

Moreover, the Bill places onerous evidence preservation and disclosure obligations on persons in control of computer systems. These include taking down data messages in instances where a charge has been laid and providing information including personal information to law enforcement. Typically, co-operation of this nature is subject to court orders or directives. Excessive powers to receive confidential and personal information held by electronic service providers is a global concern and needs to be avoided in South Africa.

The next step for the Bill is in-person submissions in parliament and then we wait for hopefully a more balanced interpretation of cyber security. The Bill is available at http://www.justice.gov.za/legislation/bills/CyberCrimesBill2017.pdf