Government decided to address the ongoing debate around security and technology by publishing the Cybercrimes and Cybersecurity Bill, now known as the Cybercrimes Bill (hereafter referred to as ‘the Bill’). The Bill is meant to create new offences when it comes to electronic communication and to stipulate the penalties thereof but is this Bill too far-reaching regarding its regulation?

Contents of the Bill

There are several positives and negatives when it comes to scrutinizing the contents of the Bill. Looking at the intention of the Legislature at the time of its publication, the original draft of the Bill in 2015 included a provision that sought to criminalize the act of Journalists and Whistleblowers accessing classified information.

Following a huge public backlash, this provision along with a few others were either completely deleted or extensively modified in order to pass trial in the public court of opinion.

The Bill does however carry some interesting provisions which could prove to provide the relative legal certainty needed moving forward. Unlawfully and intentionally acquiring or interfering with data and cyber extortion are now all criminal offences.

It also states that any person who unlawfully and intentionally makes available, broadcasts or distributes a data message which incites violence against another person or group of persons or incites the causing of damage to a person or group of persons’ property, is guilty of an offence. The same would apply in cases where such violence is threatened.

Furthermore, the act of unlawfully and intentionally making available, broadcasting and/or distributing intimate images of an identifiable or describable person without their consent would be punishable by a fine, imprisonment for a period not exceeding three years or both if deemed necessary. The Bill defines various forms of the qualification of an intimate image.

Jurisdictional grey areas would also be addressed, with Section 24 providing that a Court in the Republic would be able to try cases of such cybercrimes if:

  • The relevant offence was committed in the territory of the Republic;
  • The relevant offence was committed on board a vessel, ship, an off-shore installation, or a fixed platform, or an aircraft registered or required to be registered in the Republic at the time the offence was committed;
  • The relevant offence was committed against a person who is a citizen or ordinarily a resident in the Republic;
  • The relevant offence was committed against a company or body of persons registered in the Republic;
  • The relevant offence was committed against a restricted computer system or a government facility/property abroad;
  • Any act in preparation of the relevant offence took place within the Republic or aboard such property as described in bullet-point 1 above.

The Bill goes on to call for the Minister of Police to create a centralized Point of Contact operating twenty-four hours, seven days a week, with the purpose of investigating cybercrimes or aiding authorities who are investigating such crimes. Statistics as to the number of prosecutions instituted are also to be tracked by the National Director of Public Prosecutions showing the intention to create interdepartmental cooperation in the fight against cybercrime.


After three years of extensive work being done to the original Bill, a final version was put before the Portfolio Committee for Justice and Correctional Services on the 23rd of October 2018. The biggest amendment to the Bill came in the form of the removing of the provisions dealing with Cybersecurity, with the intention being that this area will be dealt with in a separate piece of legislation at a later time.

Along with this, the refinement of important clauses are clearly evident, showing that the feedback received from various stakeholders seeking to help institute substantive legislation has been taken into account. The changes made were meant to minimize the chances of any loopholes existing in terms of jurisdictions and more importantly to minimize the chances of innocent social media users being guilty of criminal offences for merely retweeting or sharing a post. Under the previous version of the Bill this would have carried a punishment of a three-year prison sentence, a fine or possibly both if such a post contained inherently false information aimed at mentally, physically or economically harming a person or group of persons. These punishments would have served as an instance of the Bill over-reaching its mandate as with the speed and uncertainty at which data is transferred these days, it would have been near impossible to ascertain whether the relevant intent to do harm was present.

Lastly, another positive aspect of the final version is the addition of interim protection orders in cases where sensitive information is compromised or alleged to be compromised. In such cases the Courts are given the authority to order that persons making the relevant data available through broadcast or otherwise refrain from doing so until the matter has been resolved. This provision could prove very helpful to those having private images or data being shared with the world.

In this form the Bill could prove to be the modern-day template of legislation needed in an ever-evolving society and although these positives and negatives have been outlined, the only true way to tell whether the Bill will be effective is to have it come into law and have its impact measured through its application; then only will we be able to tell for sure.

Contact SchoemanLaw Inc for expert advice on cyberlaw and all tech law related matters.