Status regarding Budapest Convention
See legal profileCybercrime policies/strategies
The Ministry of the Development of Digital Economy of Burkina Faso identifies a number of priorities for the digital development of the country. One of the priorities of the Ministry is to develop appropriate cyber policies and ensure a legal environment in cyberspace, with the objective of attracting new investors and creating a competitive digital market in Burkina Faso. One of the anticipated results of this political priority in the digital economy environment is the development of cybersecurity legislation.
Therefore, the Government of Burkina Faso engaged in the digital modernisation of the country by creating and implementing two strategies: a National strategy for the development of the digital economy 2018-2027 and a National Cybersecurity Strategy 2019 – 2023, that contains within its framework a strategy on cybercrime.
Cybercrime legislation
State of cybercrime legislation
Burkina Faso’s cybercrime and electronic evidence legislation has undergone several reforms in recent years to bring it into line with the Budapest Convention. In this regard, the Council of Europe mission carried out in March 2018 played an important role. It made possible, in collaboration with the Ministry of Justice and the Ministry of Development of digital economy, drafting a law in accordance with the Budapest Convention and respectful of fundamental rights, which was then fully taken up in the context of parliamentary work on the revision of the Criminal Code and the Code of Criminal Procedure.
Substantive law
The new Criminal Code was instituted by Law No. 025-2018 / AN of May 31, 2018 and contains in Book VII an extremely extensive catalog of crimes related to cybercrime. This new Penal Code contains many other provisions that criminalize behaviour when using technological or computer tools. The most notable are: child pornography (article 533-37), obtaining computer data by extortion (article 611-28), by threat (article 611-29) or by scam (article 613-1), misappropriation and concealment of computer data (articles 613-3 and 614-1), malicious use of cryptological means (article 216-10), and the manufacture, import, possession, exhibition, offer, rental or sale of technical devices or devices allowing invasion of the privacy of others (article 524-10).
Procedural law
The new Code of Criminal Procedure was established by Law 40-2019 / AN of May 29, 2019. Among the procedural tools created on this occasion are investigative measures specific to computer data and their objective is to facilitate the digital survey (articles 515-26 to 515-42). In addition, it should be noted that Law No. 040-2017 / AN of June 29, 2017 had also already implemented certain special investigative techniques that could serve the interests of the suppression of cybercrime. This is the case with the following mechanisms: interception of correspondence sent by telecommunications (articles 99-1 -99-7), infiltration (article 677-3-677-9), investigation under pseudonym (article 677-10), interception of correspondence sent by telecommunications (article 677-15), sound system and image fixing in certain places or vehicles (articles 677-16- 677-21) and capture of computer data (article 677-22- 677-30).
Mutual legal assistance, including extradition (Art. 675 of the Criminal procedure code) and jurisdictional aspects, is yet based on bilateral treaties and agreements.
Safeguards
The Constitution of Burkina Faso guarantees several fundamental human rights and freedoms.
In its Preamble it is mentioned the attachment to the Universal Declaration of Human Rights of 1948, while several articles guarantee the protection of life, safety and physical integrity (Article 2), equal protection within the law (Article 4), the inviolability of home, private life and correspondence secrecy (Article 6), freedom of speech (Article 8).
Related laws and regulations
The law on the protection of personal data was adopted in 2004 (Law No. 010/2004 of April 20, 2004). This law, which aims to protect the rights of individuals in the processing of personal data in Burkina Faso, whatever its nature, mode of execution or responsible (Article 1), is currently in force, under review by the Government and a new version should soon go to Parliament. The objective of this revision is to bring Burkinabé legislation into line with international standards, in particular those arising from the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108) and the African Union Convention on Cybersecurity and Protection of Personal Data (Malabo Convention).
Electronic communication operators are subject to the Law 027-2010 / AN of 25 May 2010 on the regulation of electronic services and transactions. Under cybersecurity measures, they are required to "notify the regulatory authority of any breach of security or integrity that has had a significant impact on the functioning of networks or services", (article 45). This law is reinforced by several decrees.
Law No. 032-99 AN of December 22, 1999 protecting the right to literary and artistic property qualifies computer programs as a work of the mind; which makes it possible to penalize attacks (servile copying, imitation etc.) directed against software.
Law No. 021-2009 / AN of 12 May 2009 relating to the repression of offenses relating to checks, bankcards and other electronic payment instruments and procedures.
Decree No. 2013-149 / PRES / PM / MDENP / MEF / MJ of 21 March 2013 defining the obligations of operators of electronic communications services with regard to the storage of traffic and location data.
Decision No. 2010-000140 / ARCE / CR of September 28, 2010 prohibiting the sale of SIM cards without identifying the subscribers of mobile operators.
Decree No. 2018-1270 / PRES / PM / MDENP / MSECU of December 31, 2018 relating to the identification of subscribers to electronic communications services and customers of cybercafés.
Law No. 011-2010 / AN regulating the management of domain names under the first level domain.
Law No. 011-2014 / AN of 17 April 2014 punishing the sale of children, child prostitution and child pornography also penalizes acts related to child pornography.
Specialised institutions
The National Agency on the Promotion of ICTs (Agence Nationale de Promotion des TIC - ANPTIC), works to promote the use of ICTs in different sectors. The Agency also works on the questions related to cybersecurity.
The CIRT Burkina Faso (the Center on Cybersecurity in Burkina Faso) was created to deliver an appropriate response to cybercrime threats and to serve as a central body for assistance on cyberrelated incidents. In 2013 a specialised National Agency on the Security of Information Systems (ANSSI) was created. Today, ANSSI is a managing body for CIRT Burkina Faso.
Regulatory Authority for Electronic Communications and Posts (Autorité de Régulation des Communications Electroniques et des Postes - ARCEP) is the official regulatory authority. As such, it has the prerogative of accreditation of private partners.
The Data Protection Commission (la Commission de l'Informatique et des Libertés - CIL) is a independent authority and has as main mission to inform the citizens about their rights and obligations in relation to the processing of personal data.
Central Cybercrime Brigade (Brigade Centrale de Lutte Contre la Cybercriminalité - BCLCC), with preferential competence in cybercrime - to be operational soon.
International cooperation
Competent authorities and channels
International judicial cooperation is also based on a set of regional conventions on judicial cooperation, notably with Morocco, or within the framework of the Niamey agreement (May 9, 2017 with Mali, Niger and Chad). The international cooperation is expected to highly increase in the perspective of accession to Budapest Convention.
Often cooperation with :
Network of West African Central Authorities and Prosecutors against Organized Crime (WACAP)
INTERPOL, G5 SAHEL police platform
The soon operational Central Cybercrime Brigade will treat the MLA requests, with a 24/7 PoC to be established.
A PoC for National and International Service Providers to be established within the Brigade as well.
INTERPOL National Central Office (NCB) is mainly treating the International police-to-police assistance, at the moment.
Jurisprudence/case law
These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe.
Are you aware of the latest legislative or policy developments on cybercrime and electronic evidence?
Share this information with us helping to keep this platform up to date.
- Cybercrime website
- Template: Mutual Legal Assistance Request for subscriber information (Art. 31 Budapest Convention). English and bilingual versions available.
- Template: Data Preservation Request (Articles 29 and 30 Budapest Convention). English and bilingual versions available.