Status regarding Budapest Convention
Declarations and reservations : Articles: 24, 27, 35 See legal profileCybercrime policies/strategies
The increasing availability of high-speed internet access in Senegal has created a multitude of new possibilities for citizens, public institutions and the private sector. However, the creation of new services, and the growing use of new communication channels and social networks, go hand in hand with increased exposure to global threats from cybercrime. The Senegalese authorities have stepped up initiatives in recent years to make cyberspace more secure and protect institutions, businesses and citizens against cyberthreats.
In order to cope with this evolving scenario, many efforts have been devoted to strengthening the capacities of criminal justice in matters of cybercrime and electronic evidence and, one of the main results is that Senegal has acceded to the Convention of Budapest on cybercrime in December 2016.
Senegal has put in place policies to fight cybercrime within a strategic framework formalized by various documents:
- Plan Sénégal Émergent (PSE 2035) which foresees the structural transformation of the economy by 2035;
- The adoption of the « Sénégal numérique 2025 » (SN2025) which promotes ICT as one of the key drivers of this economic transformation ;
- Development of the « Stratégie nationale de Cybersécurité 2022 » (SNC2022) in order to establish digital trust;
- A strategic vision which says that there will be « In 2022 in Senegal, a trusted, secure and resilient cyberspace for all.»
The strategic objectives pursued are:
- Strengthening the legal and institutional framework for cybersecurity in Senegal;
- Participation in regional and international cybersecurity efforts.
The country is also setting up the National Cybersecurity Institute with Regional Vocational Role, designed to provide training to officials in the areas of cybersecurity and cybercrime. The institute will also function as a regional school and has already signed cooperation agreements with a number of African countries to train police officers and judges in these areas.
Cybercrime legislation
State of cybercrime legislation
In 2008, the Senegalese government launched a major reform of the legislative arsenal in order to take into account new offenses related to digital technology in general and the Internet in particular.
This reform resulted, among other things, in the adoption of Law 2008-11 of January 25, 2008 on cybercrime. The main objective of this far-reaching reform of the penal arsenal was to remedy the situations of legal vacuum that characterized the penal structure in the field of offenses committed by cybercriminals
Since 2008, several adaptations have affected the Penal Code in order to take into account cybercriminal offenses such as, for example, breach of the confidentiality and integrity of computer systems (Article 431-8, Article 431- 9, Article 431-10, Article 431-10) and the breach of computerized data (Article 418-11, 12, 13, 14, 15, 16). Content offenses were also taken into account such as child pornography (Article 431-34, 35, 36, 37), racist and xenophobic acts, online press offenses, online fraud and data concealment.
Substantive law
New incriminations have been incorporated into Law No. 2008 - 11 relating to new forms of exploitation of children on the Internet, the main one being child pornography. It is thus possible to incriminate behaviors such as "grooming", consisting in preparing a child so that he will then accept sexual contact, or streaming, which allows adults to pay directly for children to perform, or simulate, sexual acts in front of a webcam. Anyone who violates this law is liable to imprisonment or a fine. The law on child pornography has 4 articles: art. 431-34, art. 431-35, art. 431-36, art. 431-37).
The legal framework on cybercrime has been reorganized as part of the reform of the Criminal Code and the Code of Criminal Procedure. Indeed, laws n° 2016-29 and n° 2016-30 of November 8, 2016 modifying respectively the penal code and the code of penal procedure refined the system of repression of cybercrime. New offenses have been created: fraudulent copying of data, digital identity theft, cyberterrorism.
Procedural law
The legal framework for electronic evidence is mainly set by the Law No. 2008-11 of January 25, 2008 on Cybercrime, which is directly inspired by many provisions of the Budapest Convention on Cybercrime. Thus, the code of criminal procedure has also been amended in order to incorporate provisions on the conduct of digital investigations :
- Article 677-35 of the Criminal Procedure Code (CrPC) empowered the investigating judge to order any person to preserve and protect the integrity of data in his possession or under his control, for a period of two years maximum, when there is reason to believe that computerized data archived in a computer system is particularly susceptible to loss or modification. The data custodian is also bound by professional secrecy and may incur penalties for breach of professional secrecy.
- The law n° 2008-11 of January 25, 2008 also empowered magistrates and judicial police officers to use NICTs for probationary purposes. Article 677-36 of the CrPC extended the prerogatives of the examining magistrate, by empowering him to carry out a search in a computer system or in part of it, when data stored in a computer system is useful for the determination of the truth.
- Article 677-38 of the CrPC allows magistrates, if information requirements demand so, to use the appropriate technical means to collect or record in real time, data relating to the content of communications on their territory, transmitted by means of a computer system or oblige a service provider, within the framework of its technical capacities, to collect or record or provide the competent authorities with its assistance in collecting or recording such computerized data. The access provider is also required to keep the secret.
- Article 677-40 of the CrPC established the principle of the admission of electronic evidence in criminal matters “provided that the person from whom it emanates can be duly identified and that it is established and stored under conditions of such a nature as to to guarantee its integrity ”.
From a procedural standpoint, the legislator has strengthened the investigative powers of the judicial authorities while respecting individual rights and freedoms. Thus, mechanisms have been provided for such as the judicial blocking of illegal content, the interception of correspondence sent by electronic means, the production order, etc.
Safeguards
Specialised institutions
- The State Informatics Agency (ADIE) was created in 2004. The creation of such an agency essentially aims to give more strenght and resources to the computerization activities of the Senegalese administration and provide quality service to users by providing appropriate solutions based on proximity and responsiveness.
- The Telecommunications and Posts Regulatory Authority (ARTP) is an independent administrative authority responsible for regulating the telecommunications and postal sectors. The ARTP has legal personality and financial and managerial autonomy. Law No. 2011-01 of February 24, 2011 assigns the ARTP several missions and prerogatives, in particular: advice, opinions and proposals for legislative and regulatory texts to the President of the Republic and the Government, as well as the implementation of regulatory tools.
- The Personal Data Protection Commission (CDP) plays an important role in the protection of personal data collected and processed by public and private organizations.
- Senegal does not yet have a national CERT (Computer Emergency Response Team), but the country already has everything it takes to set one up. It should be noted the existence since November 2018 of a CSIRT office within ADIE which is more of a "government CERT" and could logically serve as a basis in the process of creating a national CERT in Senegal.
- Senegal also has a Special Cybercrime Brigade which has just been set up as a Special Cybercrime Division. This division, housed at the level of the Ministry of the Interior, has national competence. It is responsible for carrying out investigative and inquiry acts in relation to cyber offenses.
On the other hand, there is no regulation requiring incidents to be reported by Senegalese OIVs (Opérateur d'importance vitale). These elements have been the subject of careful consideration by the Senegalese authorities. A decision was taken for the creation of a National Center for Cybersecurity (CNC).
Cybercrime is dealt with by the national police and gendarmerie services, each with specific structures. The first structure is the Special Cybercrime Brigade (BSLC), placed under the authority of the Criminal Investigations Division (DIC) - National Police. The second structure is attached to the National Gendarmerie. It is the research section of the National Gendarmerie.
International cooperation
Competent authorities and channels
From the point of view of the institutions or administrative structures created by the State of Senegal as part of the fight against cybercrime and the culture of cybersecurity we observe:
- The creation of a Central Technical Service for Figures and Security of Information Systems;
- The creation of the Special Division for the fight against Cybercrime (DSC), headquartered at the Judicial Police Directorate (DPJ);
- The creation of a National School of Cybersecurity with a Regional vocation (ENCVR), attached to the Presidency of Senegal, in the premises of the National School of Administration in Dakar;
- The Data Protection Commission (CDP);
Representatives of the judicial authorities (prosecution, sitting judges (investigation and judgment) as well as of the High Courts and the Courts of Appeal), of the police and gendarmerie, of the Ministry of Justice (administrative authority) and the DACG (The Criminal Matters and Pardons Directorate) are in particular in charge of the fight against cybercrime.
For the Ministry of Justice:
- Technical Adviser;
- Advisor to the Court of Appeal;
- Directorate of Judicial Services;
- High Court of Dakar;
- General Deputy;
- Public Prosecutor of the Republic.
For the Police and the Gendarmerie:
- Officer and non-commissioned officer;
The creation of cybercrime investigation structures within the law enforcement agencies of the Gendarmerie and the National Police:
- Special Cybercrime Brigade (BSLC) which has become a Special Cybersecurity Division (DSC) within the National Police;
- Digital Platform for the Fight against Cybercrime (PNLC) of the Senegalese National Gendarmerie.
Jurisprudence/case law
Sources and links
- Loi n° 2008 – 11 portant sur la Cybercriminalité
- Plan Sénégal Émergent
- Stratégie Sénégal Numérique – 2016-2025
- Commission de Protection des Données Personnelles
- Agence de l'Informatique de l'Etat
- L’Afrique et la cybercriminalité: le cas du Sénégal, SciDevNet, 04/07/2016
- Le Traitement de la Cybercriminalité devant le Juge. L’exemple du Sénégal, Papa Assane TOURÉ, Editions L'Harmattan, 2014
- Synthèse du cadre juridique de la cybercriminalité au Sénégal, OSIRIS, 14/08/2017
- L’ADIE vient de lancer le premier CSIRT du Sénégal, 30/11/2018
- Sécurité : pour une confiance numérique
These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe.
Are you aware of the latest legislative or policy developments on cybercrime and electronic evidence?
Share this information with us helping to keep this platform up to date.
- Cybercrime website
- Template: Mutual Legal Assistance Request for subscriber information (Art. 31 Budapest Convention). English and bilingual versions available.
- Template: Data Preservation Request (Articles 29 and 30 Budapest Convention). English and bilingual versions available.