Global mapping of cyberlaws reveals significant gaps despite progress
As growing concerns over cybercrime affect the willingness of both buyers and sellers to make transactions online, new UNCTAD research shows that the enactment of laws that facilitate security and trust in online transactions varies considerably across the world, with significant gaps in many developing countries.
The findings are included in UNCTAD’s Information Economy Report 2015: Unlocking the Potential of E-commerce for Developing Countries1, which was released on 24 March.
It has been estimated that $3.5 billion was lost in supplier revenue due to online fraud in 2012, with one major hack in 2013 exposing as many as 152 million names, customer identities, encrypted passwords, debit or credit card numbers and other information relating to customer orders.
Cybercrime ranges from non-monetary offences, such as distributing viruses on computer networks or stealing confidential business information, to identity theft through such methods as “phishing”.
In terms of geography, the United States of America is by far the most targeted country, accounting for almost half of known cases. In this environment, information security is a rising concern to Governments, enterprises and consumers alike.
Developing and transition economies are increasingly being used by cybercriminals because these countries often have lax enforcement regimes, accentuating the need for the adoption of relevant laws.
Harmonization and building trust are key
The UNCTAD report underlines that compatibility and interoperability between different legal systems are essential to facilitate cross-border e-commerce. Even in developed regions with a certain degree of legal harmonization, different requirements set in national laws may hamper such transactions, and the need to align laws with international legal instruments remains.
Several Governments need to allocate sufficient resources to develop cyberlaws, while the next challenge they face is to enforce such laws, both domestically and in regard to cross-border transactions.
In addition, the UNCTAD report says, security and trust are fundamental aspects for creating an environment conducive to electronic commerce. An increased incidence of online fraud and of data breaches are growing concerns, requiring adequate legal responses at the national and international levels. The UNCTAD report presents a new global map of cyberlegislation in four areas: cybercrime, e-transactions, consumer protection, and privacy and data protection. It shows that the adoption of such laws is generally high in developed countries, but highly inadequate in many other parts of the world.
The share of countries that have adopted a law is typically highest for e-transactions and lowest for the protection of online consumers (see table). But patterns vary by region. For example, in Central America, seven out of eight countries have consumer protection legislation in place, but more than half of the countries lack laws related to data protection and cybercrime. The subregion with the weakest coverage of e-commerce legislation is Central Africa, where only two out of nine countries have
laws on e-transactions, online consumer protection and data protection, and only one country has adopted cybercrime legislation.
Laws, capacity and infrastructure are needed to respond effectively to cybercrimes
Cybercrime is a growing concern to countries at all levels of development and affects the willingness of both buyers and sellers to make transactions online. In India, for example, e-commerce fraud such as identity theft and scams is expanding. However, only a small proportion of the cases are reported, and there have been few convictions. A 2011 survey of young professionals in India revealed that one out of four were victims of identity fraud. In Europe, the most common online frauds are related to fraudulent websites, used cars and counterfeit products. Some crimes committed on the Internet have been around for years, but their use has expanded. Among the various merchant segments, mobile merchants are incurring the greatest losses through fraud as a share of revenue. This is a particular challenge for countries in which mobile phones are the key device for e-commerce and related payments.
The UNCTAD report found that cybercrime laws are spreading rapidly. As of 2014, 117 countries (of which 82 are developing and transition economies) had enacted such legislation. However, more than 30 countries had no cybercrime legislation in place (figure 1).
Ensuring international compatibility of e-transaction laws remains a challenge
A prerequisite for conducting commercial transactions online is to have e-transaction laws that recognize the legal equivalence between paper-based and electronic forms of exchange. Such laws have been adopted by 145 countries, of which 104 developing or transition economies (figure 2). While four out of five countries in Asia and in Latin America have such laws in place, Eastern and Central Africa lag behind.
Ensuring international compatibility of e-transaction laws remains a challenge. Therefore, the UNCTAD report says, the legal recognition of e-signatures, electronic contracts and evidence at a national level should ideally be extended to those originating in other jurisdictions.
Consumers buying online from other countries need better protection
Despite the importance of consumer confidence for business-to-consumer e-commerce, many developing and transition economies still lack laws to protect consumers online (figure 3). In as many as 73 countries, it was not possible to obtain data, suggesting that online consumer protection is not being fully addressed. Out of the 119 countries for which data exist, 93 (of which 58 are developing or transition economies) have adopted consumer protection legislation that relates to e-commerce. In terms of regional patterns, the incidence of consumer protection laws is particularly low in Africa.
The UNCTAD study also highlights the need to set up or strengthen consumer protection agencies in many countries. More effective information sharing among such agencies would also help to facilitate cross-border e-commerce.
Protecting data and privacy of growing importance
Personal data have become the fuel driving much commercial activity on the Internet. Each day vast amounts of information are transmitted, stored and collected online. According to Risk Based Security, more than 2,100 incidents were reported in 2013 through which some 822 million records were exposed. About 60 per cent of the incidents were the result of hacking.
As of 2014, 107 countries (of which 66 were developing or transition economies) had put in place legislation to secure the protection of data and privacy. In this area, Asia and Africa show a similar level of adoption, with less than 40 per cent of countries having a law in place (figure 4).
The results of UNCTAD's global mapping of cyberlaws are available online at unctad.org/cyberlawtracker.
Overview: http://unctad.org/en/PublicationsLibrary/ier2015overview_en.pdf http://unctad.org/fr/PublicationsLibrary/ier2015overview_fr.pdf
Table 1. Share of economies with relevant e-commerce legislation, by region, 2014
Figure 1. World map of cybercrime laws, 2014
Figure 2. World map of e-transaction laws, 2014
Figure 3. World map of laws addressing online consumer protection, 2014
Figure 4.World map of data protection/privacy laws, 2014
Legend : Dark blue – countries with legislation
Light blue – countries with draft legislation
Violet – countries with no legislation
Grey – countries with no data