Egypt: Anti-Cyber & Information Technology Crimes-Youssry Saleh Law Firm

Anti-Cyber and Information Technology Crimes law in Egypt

Youssry Saleh & Partners   2 Jul 2018   290 Views
Anti-Cyber and Information Technology Crimes law in Egypt

Egypt used to govern technology crimes and cybercrimes by some provisions in Civil and Criminal laws. Finally, a new Law No. 175 of the year 2018 regarding anti-cyber and information technology crimes was published on Saturday 18/8/2018 by the official Egyptian Gazette following its ratification.

The Law consists of four Parts, the first part consists of general provisions, the second one is provisions and the rules of procedures, the third part is crimes and penalties and the last one is concluding provisions.

Part One: General Provisions

Article One consists of definitions: personal data, service provider, website, personal account, email, infringement, digital guide, as well as other definitions newly introduced to the Egyptian legislation framework, which play an important role within judicial system in terms of determination of the legitimacy of the characterization of the case or the crime.

The law states in Article Two the duties and obligations of service provider and mentioned their penalties in the part related to crimes and penalties. According to Article 33 every service provider shall be punished by a fine of five million pounds to twenty million pounds in case he failed to save and store the data of the user of the service for 180 days, the data related to the content of the informational system and any information the Board of Directors of National Telecom Regulatory Agency requires.

And as stipulated in the Article 31 every service provider shall be liable to imprisonment for a period not less than one year and a fine of 5,000 to 20,000 or by one of these penalties if he didn’t keep the privacy of the conidial data that has been saved and stored.

The Service provider is obliged to save and store the information as the date of end-user, the data the end-user uses and any other data the Board of Directors needs.

Also, the service provider is obliged to provide the service easily, direct and continuous to the user or any governmental authority. The service provider shall provide the National Security Council any technical support they need.

The service provider, distributor and their agents shall obtain the users data and it’s forbidden for others to do so.

Part Two: Provisions and the Rules of Procedures

According to Article 7, the investigative authority is granted the power to order a website blocked whenever it deems the content to constitute a crime or a threat to security, or a danger to national security or the economy. The investigative authority submits its blocking order to a competent court within 24 hours, and the court issues its decision within a period not exceeding 72 hours, either accepting or rejecting the order. According to Article 30, every service provider refusing to fulfill the court’s decision shall be liable to imprisonment for a period not less than a year and a fine of 50,000 to 1,000,000 Egyptian Pounds or by one of these penalties.

Also grants security authorities this power, with the ability to order the National Telecom Regulatory Agency (NTRA) to implement the decision by requesting internet service providers to block the website or the link. The Article obliges Internet service providers to execute an order as soon as it is received.

Article 8 grants the right to appeal the decision regarding blocking of the website within 7 days.

Blocking websites is not something new, in 2017 more than 429 websites were blocked, but, legalizing such act provides website owners the right to appeal according to Article 8 of the new law.

Part Three: Crimes and Penalties

Crimes and penalties section of the law consists of nine chapters addressing different crimes that occur in the virtual space of the internet. Each chapter tackles different topics and crimes, such topics are infringement of networks, systems and information technologies, crimes committed through information system and technologies, fraud and infringement in bank cards and e-payment methods, crimes related to fake accounts and emails, crimes related to privacy of private life and the illegal content, crimes committed by webmaster, service provider, related criminal responsibility, offences aggravating factors, juridical personal criminal responsibility, subsidiary penalties, and mitigating factors.

Anyone who intentionally and illegally accesses a website or informational system and continued after being aware of his access shall be punished by imprisonment for a period not less than one year and a fine not less than 50 thousand Egyptian pounds and not more than 100 thousand or by one of these penalties. And if resulted deletion or change or amendment or copying or reproduction of the data, the infringer shall be imprisonment for a period not less than two years and subject to a fine not less than 100 thousand Egyptian pounds and not exceeding 200 thousand or by either penalty.

There are two crimes the law stipulates related to the email account, websites and private accounts. The first crime is if someone infringes the private account or email owned by a natural person or a juridical person. The second crime is if someone made a fake account using the data of a natural person or a juridical person and pretended to be him. Also, there is a penalty for the person who keeps sending many messages to someone in specific without his approval.

A crime of credit card data collected or infringed for the purpose of taking the others’ money or any other illegal purpose. The law divided this crime in two parts, the first one is the collection of the data of credit card and its penalty is less than the penalty of the second part which is the infringement of data for the purpose of taking the others’ money.

Also the law states the liability of the internet service provider if he provides someone’s data for advertising companies or to any agency for the purpose of advertising, selling personal data or any other illegal purpose or legal but without permission or authorization from the owner of the data.

Part Four: Concluding Provisions

The service provider and the addressees abide by the regulations of this law and its obligations to take the necessary measurements to legalize their status within one year.

The executive regulations shall be published by the Prime Minister within three months.