Cyber Law at Cape Verde
Cape Verde has made significant strides in developing its cyber law framework, aligning with international standards to enhance cybersecurity, data protection, and cooperation in combating cybercrime.
Cybersecurity Legal Framework
In January 2021, Cape Verde enacted a comprehensive cybersecurity regime through Decree-Law No. 9/2021. This framework mandates that critical infrastructure operators, essential service providers, digital service providers, and public administration entities implement robust cybersecurity measures. Obligations include adopting security measures, notifying significant incidents to the National Cybersecurity Agency (Centro Nacional de Cibersegurança), and conducting annual internal audits. Non-compliance can result in fines ranging from CVE 20,000 to CVE 1,000,000, depending on the severity of the breach.
Data Protection Laws
Cape Verde's data protection landscape has evolved significantly:
Convention 108 Accession (2018): Cape Verde became the 52nd party to the Council of Europe's Convention 108, marking a commitment to international data protection standards.
Amendment to the 2001 Data Protection Act: Recent amendments introduced an extraterritorial scope, requiring entities without a physical presence in Cape Verde but processing data of its residents to comply with local laws. The amendments also enforce opt-in consent for data processing, mandate breach notifications within 72 hours, and necessitate data protection impact assessments for high-risk processing activities. Additionally, companies must appoint a local representative for enforcement purposes.
Cybercrime and International Cooperation
Cape Verde has taken proactive steps in international cybercrime cooperation:
Budapest Convention (2018): The country acceded to the Council of Europe's Convention on Cybercrime, enhancing its legal framework for addressing cybercrime.
G7 24/7 Cybercrime Network (2021): Cape Verde joined this informal network, facilitating expedited communication and assistance in cybercrime investigations.
Second Additional Protocol (2023): Cape Verde signed this protocol to strengthen cooperation between states and the private sector, ensuring legal clarity for service providers regarding electronic data disclosure.
National Cybersecurity Agency (CSIRT.CV)
The establishment of CSIRT.CV, the Computer Security Incident Response Team, is central to Cape Verde's cybersecurity strategy. This entity is responsible for detecting, preventing, and responding to cybersecurity incidents, thereby enhancing the nation's resilience against cyber threats.
RELATED Blog
0 comments