Legal Implications of the Digital Economy in Malawi
Explore the legal implications of the digital economy in Malawi as discussed at the ICAM Annual Lakeshore Conference. Topics include the Electronic Transactions and Cyber Security Act, principles of implementation, Malawi CERT, data privacy, and the significance of the digital economy in transforming business transactions. Discover how digital technologies are shaping economic activities and commercial interactions, and the importance of adapting to a knowledge-based digital economy for efficient, secure, and convenient transactions.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
DIGITAL ECONOMY-LEGAL IMPLICATIONS Chrispin Chimwemwe Ngunde Legal Practitioner Tamandani & Chimwemwe 2022 ICAM Annual Lakeshore Conference 17thSeptember, 2022 Sun n Sand Holiday Resort, Mangochi
Brief Outline Introduction The Electronic Transactions and Cyber Security Act Objectives Principles in Implementation and Application of the Act Malawi CERT Electronic Transactions Data Privacy Conclusion Questions and/or Comments
Introduction: Scope of a Digital Economy The digital economy is the worldwide network of economic activities, commercial transactions and professional interactions that are enabled by information and communications technologies (ICT). It can be succinctly summed digital technologies. 2063 National Agenda Enabler 5: Human Capital Development (Science, Technology and Innovation) We shall accelerate our transition to an upper middle-income economy status by creating a vibrant knowledge-based digital economy- page 36 Use of digital technologies has its down side like authenticity of documents/transactions, potential of information being accessed by unathorised persons up as the economy based on
Introduction: Significance of the Digital Economy Efficiency- time and use of resources The advancement of technology has seen the decline of paper transactions. before you print this document, email please consider the environment Electronic transactions are now the order of the day A valid contract may be executed without the requirement of the parties to the contract to physically meet and execute the relevant documents. The significance of ICT has increased with each passing day. COVID-19 has taught a lesson that we can do so much with technology. At the peak of COVID-19, there were restrictions on movements, yet business continued to take place. A lot of transactions took place and continue to take place electronically.
Introduction: Significance of the Digital Economy (Cont d) Facilitates electronic commerce electronic commerce means any economic activity provided by electronic means, including remote services and products, particularly services that consist of providing online information, commercial communications, research tools, or access to, or downloading of, online data, access to a communication network or the hosting of information;
ELECTRONIC TRANSACTIONS AND CYBER SECURITY ACT CHAPTER 74:02 OF LAWS OF MALAWI
Electronic Transactions and Cyber Security Act Chapter 74:02 of Laws of Malawi Came into force in 2017 Makes provision for, among others, electronic transactions Criminalising offences related to computer systems and ICT Investigation, collection and use of electronic evidence
Objectives Section 3 (a) to set up a responsive information and communication technology legal framework that shall facilitate information and communication technology and the participation of Mala i in the information age and economy. competition, development of Includes Balancing community and individual interests including privacy and data protection issues; Addressing ethical is issues in the use of ICT (protecting children and the under- privileged) In liaison with the MRA, to create a legal framework for favourable tax policies that promote ICT products and services that originate from within Mala i
Objectives (contd) (b) to ensure that ICT users are protected from undesirable impacts of ICT, including the spread of pornographic material, cybercrime and digital fraud; and (c) to put in place mechanisms that safeguard ICT users from fraud, breach of privacy, misuse of information and immoral behaviour brought by the use of ICT.
Principles Application of the Act Section 4 in Implementation and (a) e-transactions to benefit from a secure legal framework that recognizes the legal value of electronic transactions and electronic documents; (b) promotion of freedom of communication over electronic networks exception if there are specific reasons as provided for in the Act; (c) there shall be clear and fair specification of responsibilities of intermediaries and editors; and (d) Protection, respect and upholding of consumer rights
Malawi Computer Emergency Response Team (Malawi CERT) Established under s 6(1) of the Act A unit under MACRA To take charge of information infrastructure protection action Serve as a base for national coordination to respond to ICT security threats section 6(2) MACRA to ensure that Malawi CERT is capable of providing reactive and proactive services, Communicating timely information on recent relevant security threats To bring its assistance to bear response to incidents Section 6(3)
Electronic Signature Where a law requires a document to be signed, an electronic form of the document shall satisfy the requirement if an electronic signature is used. section 8 (1)
Definitions Digital transformation of an electronic message using an asymmetric crypto system and a hash function such that a person having the initial and transformed electronic message and the signatory s public key can accurately determine signature: means an electronic signature consisting of a (a) whether the transformation was created using the private key that corresponds with the signatory s public key; and (b) whether the initial electronic message is as it was after the transformation was made; Public key; means a key of a pair of an isometric crystal system used to verify a digital signature that the holder of a digital signature makes available to the public or intended recipients. Electronic signature: means data attached to, incorporated in, or logically associated with, other data and which is intended by the user to serve as a signature;
Definitions Signature (Black s law dictionary) (1) a person's name or mark written by that person or at the person's direction, or (2) any name, mark, or writing used with the intention of authenticating a document Signatory: means a person who holds a digital signature creation device and acts either on his own behalf or on behalf of a person he represents;
Authenticity of Electronic Signature An electronic signature shall be authentic if (a) the means of creating the electronic signature is, within the context in which it is used, linked to the signatory and not any other person (connection with the signatory); (b) the means of creating the electronic signature, was at the time of signing, under the control of the signatory and not another person and was done without duress and undue influence; and (control and free will) (c) any alteration made to the electronic signature after signing is detectable.
Proof of Authenticity of Electronic Signature May be by any lawful way/means; Hacking an ICT gadget may be unlawful Obtaining a court order to have access to an ICT gadget and extracting information thereafter. Demonstrating using experts that an electronic signature is authentic Evidence may be adduced to prove non-authenticity of an electronic signature. Primary evidence Use of experts
Means of Creating Electronic Signature section 9 There is equal treatment of electronic signature Provisions of this Act shall not exclude, restrict or affect the legality of any method of creating an electronic signature which (a) satisfies the requirements of this Act; (b) meets the requirements of other statutory provision; or (c) is provided for under a contract.
Conduct of a person relying on a digital signature- Section 10 . A person may sign an electronic record by (a) affixing a personal digital signature; or (b) using any other recognized, secure and verifiable mode of signing (i) agreed by parties or (ii) recognized by a particular industry to be safe, reliable and acceptable
Legal Consequences of Relying on Electronic signature- Section 11 . A person who relies on a digital signature shall bear the legal consequences of failure to (a) take reasonable steps to verify the authenticity of the digital signature; or (b) take reasonable steps where a digital signature is supported by a certificate, to (i) verify the validity of the certificate; or (ii) observe any limitation with respect to the certificate May verify through MACRA or Accredited Certification Authority
Authentication/Recognition of Digital Signature- section 12 Unless otherwise prescribed by law, a person may decide the use of a digital signature, digital signature certificate or any other mode of authentication, of his choice. MACRA may, by notice published in the Gazette, approve digital signatures, certification authorities offering digital certificates, or authentication of a foreign information security service provider, for use by the public. MACRA has the legal obligation to ensure that digital certificates comply with international best practices and standards. MACRA has the mandate to accredit certification authorities s51 Draft Electronic Transactions and Cyber Security (Certification Authorities, Digital Signatures and Encryption) Regulations, 2022. See also s46
Certification Authority & Its Duties (a) To issue a digital certificate with correct information; (b) To ensure that all or part of the data required for the digital certificate to be regarded as qualified is complete; (c) To check that the signatory being issued with a digital certificate is duly entitled to receive such digital certificate; or (d) To register revocation of a digital certificate; (e) To make information about revocation of a digital certificate to third parties or both. Certificate Authority is liable for damages incurred by any person who reasonably relied on a digital certificate issued by a certification authority if duties (a) to (e) are not met section 12(4), section 54
Liability: Exception Certification authority not liable for damage caused by the use of a digital certificate where conditions of certificate are breached E.g (a) exceeding fixed limits on the use or the value of transactions for which the digital certificate has been used, if this condition has been made available to the users prior to the use of the certificate. Section 12(5) NB: Digital signature certificate may be suspended or revoked Upon request by subscriber or his representative Death of subscriber On dissolution of subscriber (if legal person)
Notarisation, Acknowledgement and Certification Electronic signature may be used to notarise, acknowledge, verify document/statement/signature by affixing the electronic signature of the authorised person to perform those acts to the electronic record or the documents section 13 This includes certifying a document as true copy of the original Land transactions require notarisation Authorised persons include lawyers (Notary Public)
Requirement for Multiple Copies or Use of Corporate Seal Submission of a single electronic record of a document that is capable of being reproduced by the recipient satisfies the requirement of any written law to submit multiple copies of the document. Section 14 (1) Where a corporate seal is required to be affixed to a document, the requirement shall be satisfied if the electronic signature of the corporate body is affixed to the electronic record in accordance with the provisions relating to the use of the corporate seal. Corporate seal used as company s official signature
Determination of Originality of an Electronic Message Written law may require information to be presented in original form Requirement shall be satisfied by an electronic record if (a) there is reliable assurance of the integrity of the electronic record; and (b) the electronic record is capable of being displayed to the person to whom it is to be presented.
Criteria & Standard for Assessing Integrity of Information section 15 Criteria for assessing integrity of information shall be whether it has remained complete and unaltered, Excludes the addition of any endorsement and of any change which may arise in the normal course of communication, storage and display; and (b) Standard of reliability required shall be assessed in the light of the purpose for which the information was created and in the light of all the circumstances thereof.
Storage of Electronic Messages Section 17 Written law may require that a document, record or information be retained Requirement satisfied if the document, record or information is held in electronic form and (a) is accessible; (b) is capable of retention for subsequent reference; (c) is retained in the format in which it was generated, sent or received, or in a format which can be demonstrated to represent accurately the information generated, sent or received; and (d) is retained to enable the identification of the origin and destination of the electronic record and the date and time when it was sent or received. A document, record or information shall be kept in electronic form for at least 7 years. The obligation to retain a document, record or information does not extend to information whose purpose is only to enable the message to be sent or received.
Secure Electronic Record section 18 Integrity of any record depends on sticking to the protocols Where a security procedure has been applied to an electronic record at a specific point in time, the record shall be a secure electronic record from the time the security procedure has been applied. An unauthorized alteration of a security procedure shall render the record invalid. An alteration shall be unauthorized if it is done by a person without the lawful authority of the person who originally applied a security procedure
Validity of a Contract Executed in Electronic Form Validity of a contract shall not be affected by the sole reason that it is executed in electronic form, if the contract has fulfilled all other requirements for formation of such type of contract. s19 At the bare minimum contract is formed when the following conditions are met: Offer Acceptance of offer Consideration Being an electronic transaction, there could be other formalities that may need to be satisfied like When is the offer considered sent or received by the other contract party? When is it accepted and when does the communication of the acceptance reach the offeror? governed by s20
Offer and Acceptance Unless otherwise agreed by the parties, an offer and acceptance of the offer may be wholly or partly expressed by electronic means. A contract concluded between parties by means of electronic messages shall be concluded at the time when, and place where, the acceptance of the offer was received by the recipient: However parties may agree that the contract was concluded at (a)the place of residence of one party or (b) the place of location of the legal entity, who accepted the offer. s21
Authenticity of Electronic Message An electronic message shall be considered to be that of the sender, if it was sent (a) by the sender personally; (b) by an agent of the sender; or (c) by an information system programmed by the sender or on behalf of the sender to send electronic messages automatically. Parties may agree on procedure signify that an electronic message came from the sender and if the protocols are met, the message will be considered to have been sent by the sender.
Authenticity of Electronic Message (cont d) If no procedure of ascertaining the sender of an electronic message is agreed, the sender shall be presumed to be the person who objectively appears to be the sender. Presumption doesn t apply if Recipient is notified in good time that the message was not sent by sender Recipient receives notice that the message was sent without sender s knowledge or consent Recipient knew or should have known that message did not originate from sender (e.g. mobile money fraud)
Admissibility and evidential weight of electronic messages section 16 An electronic message shall be admissible as evidence in court proceedings Considerations by court when assessing evidential weight of an electronic message ( ) the reliability of the manner in which the electronic record was generated, displayed, stored or communicated; (b) the reliability of the manner in which the integrity of the information was maintained; (c) the manner in which the originator of the electronic message was identified; and (d) any other facts that the court may consider relevant.
Data Privacy Section 21 of the Malawi Constitution guarantees right to privacy Every person shall have the right to personal privacy, which shall include the right not to be subject to (a) searches of his or her person, home or property; (b) the seizure of private possessions; or (c) interference with private communications, including mail and all forms of telecommunications. Right to privacy is hallmark of a society founded on respect for human rights- Danwood Chirwa Others call to the right to be left alone The most comprehensive of rights and the most valued by civilized men- Brandeis J, Olmestead v US 277 US 438, 478 (1928)
Data Privacy (contd) Is not absolute. May be limited No restrictions or limitations may be placed on the exercise of any rights and freedoms provided for in this Constitution other than those prescribed by law, which are reasonable, recognized by international human rights standards and necessary in an open and democratic society. S44(1) of Constitution Right to privacy also protects one s reputation and honour and identity. (defamation) Reference to personal privacy does not mean the right is limited to one s personal life. may extend to one s family life, sexual life etc
Data Protection and Privacy A data controller shall ensure that personal data is, among others (a) processed fairly and legally; (b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes; (c) adequate, relevant and not excessive in relation to the purposes for which they are collected and processed; Any person whose data is the hands of a data controller has the right to obtain from the data controller, without contrasting or unreasonable delay and no expense, information on; how the data is being processed Source of the personal data Purpose for processing To whom it is being disclosed
Right Person, Home or Property to Privacy- Searches of the S 21(1)(a) does not prohibit all searches. They may be permitted if the meet the standard in section 44 of the Constitution Internationally, searches of the person to take into account respect for human dignity To also be done by person of same sex. CCPR General Comment no 16 Searches of property to be conducted in the presence of the owner of property- JK Khamisa v AG A court may grant a search warrant where it is suspected that a cyber crime has been committed. s83
Right to Privacy- Seizure of Private Possessions Section 21(1)(b) of Constitution prohibits seizure of private possessions as an aspect of the right to privacy. Section guarantees the right to own property and not to be arbitrarily deprived of the property Private possession may be seized in connection with criminal investigations. Greselder Jeffrey & Another v ACB MSCA Civil Appeal No. 12 of 2002
Right to Privacy- Interference with Private Communications Section 21(1)(c) guarantees communication privacy It proscribes interference with private communications including mail and all forms of telecommunications Aimed at upholding integrity and confidentiality of correspondence. CCPR General Comment No 16 Prohibited conduct includes surveillance, whether electronic or not, interceptions of telephonic, telegraphic communication, wiretapping and recording of conversations and other forms of Extends to prisoners or detained persons- s 42(1)(c ) and (d) of the Constitution allows a person to confidentially consult with his or her lawyer.
Unauthorised Access, Interception or Interference with Data & Other Offences Unauthorized access, interception or inference with data is an offence Offence punishable by a fine of MK2m and to imprisonment for 5 years. Section 84 Hacking, cracking and introduction of viruses- offence punishable by fine of MK5m and imprisonment of 7 years-s 89 Disabling a computer system- wilfully or maliciously rendering a computer system incapable of providing normal services to its legitimate users- s90 offence punishable by fine of MK5m and imprisonment of 7 years Illegal trade and commerce (use of internet for fraudulent business activities punishable by imprisonment to 10 years - s92
Remedies for Violation of Right to Privacy Action for defamation, assault or battery Damages For illegally obtained evidence Application that the evidence should not be admitted in evidence Not all illegally obtained evidence emanating from breach of right to privacy will render evidence inadmissible In some circumstances it may be admissible
CONCLUSION Digital economy has legal implications Has benefits Has risks May potentially be abused by authorities Requires users to be responsible