An examination of the legal framework on combating data phishing in Uganda

Abstract

Lately, the world is grappling with many cybercrimes including the unprecedented rise in data phishing. International bodies and individual Countries have developed laws aimed at preserving privacy and protection of individuals’ data against external attacks. However, the relevance of the current legal framework in protecting users against the different forms of data phishing remains less explored. The present research examined Uganda’s legal framework on data phishing in comparison to the UK's legal framework, to establish the relevance of the current legal framework in addressing data phishing. The study undertook a qualitative review of literature of existing legal frameworks in Uganda and the UK and the results revealed that protection of individuals and their properties has been prioritized for generations. Uganda’s legal framework on data phishing is embedded under the Constitution of the Republic of Uganda, Cap 1 and the various Acts on data protection to wit the Data Protection and Privacy Act Cap. 97, Computer Misuse Act Cap. 96, Regulation of Interception of Communication Act Cap. 101 amongst others. The legal framework however, remains weak on grounds of: lack of clarity on the nature of consent required from a data subject; absence of a specific provision on data phishing, and non-incorporation of a provision on sensitization of the public on the legal framework and phishing attacks. Whereas both the legal frameworks of Uganda and the UK uphold the principle of data protection, more deliberate effort is seen on the side of the UK by wholly incorporating international principles of data privacy and protection- General Data Protection Regulation (GDPR), robustly defining personal data and the nature of consent required from the data subject. A recommendation is made to amend laws to clarify on data phishing as a crime, expound on the definition of personal data and nature of consent and imposition harsh sentences for perpetrators. Also, Uganda needs to put in place a mutual legal assistance law to curb cross border phishing crimes and enhance enforcement measures for the existing legal framework.