The Arab Treaty on Combating Cybercrime [الاتفاقية العربية لمكافحة جرائم تقنية المعلومات] was ratified by Oman earlier this month. This treaty is an Arab League international agreement that was adopted in December 2010 and entered into force in February 2014. It appears that the ratified members of this treaty at the moment are Jordan, UAE, Sudan, Iraq, Palestine, Qatar, Kuwait and Oman.
The main objectives of the treaty are to create an obligation on its members to implement in their national legislation provisions that criminalise a set of online offenses as well as put procedural rules in place to facilitate the prosecution of cybercrimes and the collection of digital evidence. The treaty also has a section for facilitating the cooperation between its members in dealing with transnational cybercrimes.
The Arab Treaty on Combating Cybercrime does not have a direct enforcement mechanism or a dispute resolution procedure that could be used against countries that fail to implement the treaty.
For Oman, this treaty does not really introduce much in the area of criminalisation of new offenses. The Omani cybercrime law [قانون مكافحة جرائم تقنية المعلومات] is extremely comprehensive and explicitly stipulates all offenses under the sun as cybercrimes. It is also easy to argue that the regular penal code is capable of capturing crimes committed on the internet without the need for special online provisions anyway.
The treaty has some controversial provisions such as the requirement in Article 21 to have stricter penalties for traditional offenses if they are committed online (why?) and of course the long list of provisions relating to tracking users and collecting private data.
All that being said, I personally found two less controversial provisions especially interesting: Article 14 on privacy and Article 17 on copyright infringement.
Even though it is easy to look at all the negative aspects of criminalising more activities on the internet and imposing regulation to track users and keep records of personal data, the treaty actually makes a positive contribution to user rights on the internet by requiring its members in Article 14 to criminalise the violation of privacy on the internet. We already have such an provision on the Omani Cybercrime Law, but it is great to have an explicit international commitment requiring the government to have such an offense. This international obligation could be used to call for greater protection of user privacy, at least against violations from private companies and individuals.
Article 17 on copyright infringement is also interesting, but in a different way. First of all, this provision is completely unnecessary because copyright law regulates copying and making a work available to the public in any medium. Oman has a provision for this in their Cybercrime Law and it is also pointless. What’s interesting is that Article 17 of the Arab Treaty on Combating Cybercrime explicitly says the criminal offense should only take place if the infringement is intention and not for private use. In Oman these two elements are not relevant when deciding if copyright infringement took place. We also do not have a private use exception under our copyright law. The obligations in this treaty are minimum standard obligations and states can certainly criminalise more activities if they wish to, so there is no obligation on Oman to carve out a defence for private use. It is just strange that the Arab League had to put the defence of “private use” explicitly here, taking into consideration that this is only one of the exceptions to copyright and “private use” isn’t necessarily a defence in all Arab countries.