Parliament has officially passed the Cybercrimes Bill, with the draft legislation now set to be signed into law by president Cyril Ramaphosa.
First mooted in 2017, the bill has undergone a number of changes with the main objectives of the bill to:
- Create offences and impose penalties which have a bearing on cyber crime;
- To criminalise the distribution of data messages which are harmful;
- To provide for interim protection orders around these messages; and
- To further regulate jurisdiction in cyber crime.
The bill also imposes obligations on electronic communications service providers and financial institutions to assist in the investigation of cyber crimes. It also provides that the executive may enter into agreements with foreign states to promote cyber security.
One of the key sections of the bill deals with ‘malicious communications’ and punishments for sending certain types of messages electronically in South Africa.
Some of the ‘malicious messages’ which are covered under the bill are outlined in more detail below.
Data message which incites damage to property or violence
Any person who discloses, by means of an electronic communications service, a data message to a person, group of persons or the general public with the intention to incite:
- The causing of any damage to property belonging to; or
- Violence against a person or a group of persons is guilty of an offence.
Data message which threatens persons with damage to property or violence
A person commits an offence if they send a message which threatens a person with:
- Damage to property belonging to that person or a related person; or
- Violence against that person or a related person.
This extends to messages which threaten a group of people with damage to property or violence.
Notably, this section includes a ‘reasonable person’ test which states that a message will be considered malicious if a ‘reasonable person’ would perceive the data message as a threat.
Disclosure of intimate image
Any person (Person A) who unlawfully and intentionally discloses, by means of an electronic communications service, a data message of an intimate image of another person (Person B) without their consent is guilty of an offence.
In these cases, ‘Person B’ includes:
- The person who can be identified as being displayed in the data message;
- Any person who is described as being displayed in the data message, irrespective of the fact that the person cannot be identified as being displayed in the data message; or
- Any person who can be identified from other information as being displayed in the data message.
The bill defines an ‘‘intimate image’’ as a depiction of a person which is real or simulated, and made by any means in which:
- Person B is nude, or the genital organs or anal region of Person B is displayed, or if Person B is a female person, transgender person or intersex person, their breasts, are displayed; or
- The covered genital or anal region of Person B, or if Person B is a female person, transgender person or intersex person, their covered breasts, are displayed.
The section also includes a consideration on privacy in that the message will be considered an offence if Person B retains a reasonable expectation of privacy at the time that the data message was made in a manner that:
- Violates or offends the sexual integrity or dignity of B; or
- Amounts to sexual exploitation.