4 - Developing Relevant Legislation
Around the world there are about 85 countries
with legislation in this field and two main
approaches. The European approach is based on
the formation of specialized entities to uphold
the law and to review complaints and disputes,
while the American approach favors the settling
of disputes by the judiciary.
The Laws and Regulations Committee, favoring
the adoption of the European approach, formed
the Supreme Council for Data and Information
to proceed with the drafting of the Freedom of
Information Law.
This law covers regulation of access to data and
information; the measures to be taken when
access is withdrawn to information that should
be readily available or if this information is
manipulated; protection of information with the
potential to affect national and public security;
and protection of personal information and
criminalization of its use for purposes other than
that for which it was provided.
The law prohibits disclosure of data and
information that may result in: harming the
interests of the country; betrayal of trust; direst
damage to the economic interests of others;
endangering relations with a foreign country
or a regional or international organization; or
facilitating crime or obstructing its discovery.
It also protects against failure to disclose
information that should be in the public sphere;
intentional destruction of data and information
records and registries; disclosure of falsified,
incorrect or deficient data and information; and
disclosure of private information belonging to
others.
The Supreme Council for Data and Information is
mandated to regulate the disclosure, circulation
and correction of data and information. This
34
35
council is granted immunity similar to that of
judicial authorities, and its decisions are binding
unless superseded by a decision from the
Administrative Court.
The duties of the council include establishing the
necessary security classifications for data and
information; monitoring provision of data and
information; promoting a culture of disclosure
of information; and cooperating with national,
regional and international authorities concerned
with freedom of information.
The council includes seven experienced full-time
members chosen by the Shoura Council from
nominations provided by the prime minister,
the first deputy of the head of the Cassation
Court, the first deputy of the head of the State
Council, and one representative from each of the
Ministry of Defense, the Ministry of Interior and
the General Intelligence Agency. These full-time
members cannot be employees of the state’s
administrative system and are prohibited from
engaging in politics.
Outcome:
A comprehensive law was drafted in seven
chapters, containing 50 articles. It represents the
biggest response possible to the requirements
of civil society, taking into consideration national
security dimensions, and corresponding with the
most recent legislation of its kind in the world.
4.3 Cybersecurity Draft Law
The three main axes of the Cybersecurity Draft
Law relate to:
Protecting cyberspace and its contents from
any external violation
Agencies’ obligations towards protecting
their information space, and the data and
information included therein, particularly
personal information
Creating a national authority responsible for
monitoring all cybersecurity activities and
issuing licenses to operate within this domain
The law defines the obligations of those
controlling data and information and establishes
rules to ensure they secure their information
space as well as the data, systems, programs and
networks contained therein. It also establishes a
system to manage the operation of information
resources, and means of securing information
operation sites and accessing information and
networks. Additionally, the law aims to combat
crime related to information systems and
networks in order to help maintain national
security, preserve the rights of legitimate users
of computers and information networks, and
protect the public interest.
The draft law includes definitions of various
terms contained therein, including both tools of
operation and forms of criminal activity, such as
piracy, hacking, malware and infiltration.
The law establishes the National Authority for
Information Security, whose authorities and
powers include establishing an information
security strategy, promoting a culture of
information security, and registration and
licensing of information security service
providers. Also define obligations on the
controller of information, and to develop a
system to manage the operation of IT resources,
and how to secure sites and how to access
information and networks, also singled out a
special chapter for experts, and stressed may
not engage in any act of experience in the field
of information security only after enrollment
in the register national experts at the national
authority for information security.
The law stiffens penalties for those committing
information crimes, with imprisonment for
not less than six months and/or a fine of
between LE 20,000 and LE 50,000. It also
doubles the minimum and maximum penalties
in certain situations, such as for crimes
committed with intent to damage the public
interest or an individual public authority, or
the creation, duplication or possession with
the aim of distribution, publication or sale of
materials violating public decency, particularly
if they involve children. It also provides for
imprisonment and fining in case of re-offense.
In preparing and formulating the draft law, the
Laws and Regulations Committee relied on
various reference materials. These included:
International Telecommunication Union (ITU)
recommendations regarding cybersecurity;
relevant Indian law; the Legislation Management
Draft Law of the Ministry of Justice; the Decision
Support Center Draft Law; the Convention on
Cybercrime (Budapest Agreement) of the Council
of Europe; and “Cybercrime,” by information
security expert Ahmed El-Sobky.
Outcome:
A comprehensive law was drafted containing
over 70 articles. It represents the biggest
response possible to the requirements of civil
society, taking into consideration the national
security dimension, and corresponding with the
most recent legislation of its kind in the world.
4.4 E-Commerce Draft Law
The Laws and Regulations Committee will, during
the coming period, work on the preparation and
drafting of the E-Commerce Draft Law.
4.5 E-Signature Draft Law
The Laws and Regulations Committee will, during
the coming period, work on the preparation and
drafting of amendments to E-Signature Law No.
15 of 2004.