Currently, Africa hosts 4 of 10 countries with the highest cybercrime levels in the world. To augment the inadequacy of municipal cyber legislations in Africa, the ‘African Union Convention on Security in Cyberspace and Personal Data Protection’ (AUCSCPDP) was signed in July 27, 2014 in Malabo, Equatorial Guinea. Basing on documentary reviews, surveillance of media coverage and observations on cybersecurity initiatives across the globe, this critical assessment concludes that the AUCSCPDP is the most comprehensive continent-wide cybersecurity convention. Unlike the Council of Europe Convention on Cybercrime (CoECC, 2001), benchmarked herein, the AUCSCPDP attunes to Africa’s context, prohibiting identity flexibility and associative anonymity in ecommerce; outlawing spam; addressing the use of encryption in cybercrime; prohibiting key forms of online discrimination, which all currently constitute Africa’s biggest vulnerability in cyber space.

The AUCSCPDP provision for independent expert vulnerability testing of Internet service introduces an essential process through which Africa’s ICT development will proactively incorporate online security measures. However, the provisions permitting non-consensual interference with private, personal and sensitive data, the interference with online traffic or content data, and the issuance of search and seizure warrants permit inappropriate and broad ongoing investigation mandates to judges will inadvertently undermine values that the AUCSCPDP is seeking to protect such as rights to privacy and freedom of expression. The provisions covering aggravation and corporate liability are crafted, albeit inadvertently, in ways that will impose unjustified legal burdens on individuals and corporations. By not providing for a model cyber law, by precluding provisions on jurisdiction and avoiding a continent-wide Computer Emergency Response Team, the feasibility of AUCSCPDP will prove difficult to harmonise municipal cyber laws and will hinder international cybercrime cooperation within Africa. This critical assessment ends by providing options that could fine tune the AUCSCPDP to accomplish the values, objectives and purpose for which it is sought.

Key Words: African Union, Cybersecurity, African Internet Governance, and “Online legislative overkill”.