Octopus Cybercrime Community

Burkina Faso’s cybercrime and electronic evidence legislation has undergone several reforms in recent years to bring it into line with the Budapest Convention. In this regard, the Council of Europe mission carried out in March 2018 played an important role. It made possible, in collaboration with the Ministry of Justice and the Ministry of Development of digital economy, drafting a law in accordance with the Budapest Convention and respectful of fundamental rights, which was then fully taken up in the context of parliamentary work on the revision of the Criminal Code and the Code of Criminal Procedure.

The new Criminal Code was instituted by Law No. 025-2018 / AN of May 31, 2018 and contains in Book VII an extremely extensive catalog of crimes related to cybercrime. This new Penal Code contains many other provisions that criminalize behaviour when using technological or computer tools. The most notable are: child pornography (article 533-37), obtaining computer data by extortion (article 611-28), by threat (article 611-29) or by scam (article 613-1), misappropriation and concealment of computer data (articles 613-3 and 614-1), malicious use of cryptological means (article 216-10), and the manufacture, import, possession, exhibition, offer, rental or sale of technical devices or devices allowing invasion of the privacy of others (article 524-10).

The new Code of Criminal Procedure was established by Law 40-2019 / AN of May 29, 2019. Among the procedural tools created on this occasion are investigative measures specific to computer data and their objective is to facilitate the digital survey (articles 515-26 to 515-42). In addition, it should be noted that Law No. 040-2017 / AN of June 29, 2017 had also already implemented certain special investigative techniques that could serve the interests of the suppression of cybercrime. This is the case with the following mechanisms: interception of correspondence sent by telecommunications (articles 99-1 -99-7), infiltration (article 677-3-677-9), investigation under pseudonym (article 677-10), interception of correspondence sent by telecommunications (article 677-15), sound system and image fixing in certain places or vehicles (articles 677-16- 677-21) and capture of computer data (article 677-22- 677-30).

Mutual legal assistance, including extradition (Art. 675 of the Criminal procedure code) and jurisdictional aspects, is yet based on bilateral treaties and agreements.

The Constitution of Burkina Faso guarantees several fundamental human rights and freedoms.

In its Preamble it is mentioned the attachment to the Universal Declaration of Human Rights of 1948, while several articles guarantee the protection of life, safety and physical integrity (Article 2), equal protection within the law (Article 4), the inviolability of home, private life and correspondence secrecy (Article 6), freedom of speech (Article 8).

The law on the protection of personal data was adopted in 2004 (Law No. 010/2004 of April 20, 2004). This law, which aims to protect the rights of individuals in the processing of personal data in Burkina Faso, whatever its nature, mode of execution or responsible (Article 1), is currently in force, under review by the Government and a new version should soon go to Parliament. The objective of this revision is to bring Burkinabé legislation into line with international standards, in particular those arising from the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108) and the African Union Convention on Cybersecurity and Protection of Personal Data (Malabo Convention).

Electronic communication operators are subject to the Law 027-2010 / AN of 25 May 2010 on the regulation of electronic services and transactions. Under cybersecurity measures, they are required to "notify the regulatory authority of any breach of security or integrity that has had a significant impact on the functioning of networks or services", (article 45). This law is reinforced by several decrees.

Law No. 032-99 AN of December 22, 1999 protecting the right to literary and artistic property qualifies computer programs as a work of the mind; which makes it possible to penalize attacks (servile copying, imitation etc.) directed against software.

Law No. 021-2009 / AN of 12 May 2009 relating to the repression of offenses relating to checks, bankcards and other electronic payment instruments and procedures.

Decree No. 2013-149 / PRES / PM / MDENP / MEF / MJ of 21 March 2013 defining the obligations of operators of electronic communications services with regard to the storage of traffic and location data.

Decision No. 2010-000140 / ARCE / CR of September 28, 2010 prohibiting the sale of SIM cards without identifying the subscribers of mobile operators.

Decree No. 2018-1270 / PRES / PM / MDENP / MSECU of December 31, 2018 relating to the identification of subscribers to electronic communications services and customers of cybercafés.

Law No. 011-2010 / AN regulating the management of domain names under the first level domain.

Law No. 011-2014 / AN of 17 April 2014 punishing the sale of children, child prostitution and child pornography also penalizes acts related to child pornography.

International judicial cooperation is also based on a set of regional conventions on judicial cooperation, notably with Morocco, or within the framework of the Niamey agreement (May 9, 2017 with Mali, Niger and Chad). The international cooperation is expected to highly increase in the perspective of accession to Budapest Convention.

Often cooperation with :

Network of West African Central Authorities and Prosecutors against Organized Crime (WACAP)

INTERPOL, G5 SAHEL police platform

The soon operational Central Cybercrime Brigade will treat the MLA requests, with a 24/7 PoC to be established.

A PoC for National and International Service Providers to be established within the Brigade as well.

INTERPOL National Central Office (NCB) is mainly treating the International police-to-police assistance, at the moment.