By Deng Ghai Deng
Concern is growing among South Sudanese citizens, legal experts, and cybersecurity practitioners as the country continues to operate without effective cybercrime or data protection laws—leaving millions vulnerable to hacking, surveillance, online harassment, and unchecked misuse of personal data.
Across communities, people say the lack of legislation has created a digital vacuum where cyberattacks are rising, accountability is murky, and constitutional rights exist largely on paper.
In Bor, Jonglei State, resident Peter Ajak Ayom said the absence of cyber legislation has left citizens exposed.
“Governments can establish and enforce cybersecurity laws, implement policies to combat online harassment, and promote digital literacy among citizens,” Ayom said. “Ultimately, the protection against cyber threats requires collaboration among various stakeholders. It’s essential for citizens to advocate for their rights and for the establishment of adequate protections in the digital space.”
His warning mirrors concerns from other parts of the country.
In Aweil, Northern Bahr el Ghazal, Butrus Bol Ngong recalled how his Facebook account was hacked in 2020, resulting in scammers gaining access to his personal information and using his identity to spread harmful content.
“I don’t know the reason behind the hacking. I have tried to reclaim the account, but it was difficult to do so,” Ngong said, stressing the lack of safety on social media platforms and the absence of local mechanisms to help victims.
Although Article 22 of South Sudan’s Constitution guarantees the right to privacy, no comprehensive data protection law exists to safeguard that right in the digital sphere.
Emmanuel Bida Thomas, Program Manager at Excellence Foundation for South Sudan, said the gap between constitutional promises and actual protections remains vast.
“South Sudan has ratified international instruments such as the ICCPR and the African Charter on Human and People’s Rights, but the absence of a Data Protection Act leaves significant loopholes,” Bida explained.
He noted that a draft Data Protection Bill introduced in 2021 remains unpassed, while the ongoing Cyber Crimes and Computer Misuse Bill provides only partial protection and introduces data retention requirements that raise new privacy questions.
From a technical perspective, cybersecurity professionals argue that the lack of regulation leaves both individuals and organizations dangerously exposed.
Cyber security engineer Robert Ariik, from the South Sudan Incident Response Team, said the problem is structural.
“In principle, South Sudanese have the constitutional right to privacy—but in practice, it remains largely unprotected,” Ariik said. “Until a proper legal framework is put in place, the right to privacy remains theoretical.”
Human rights lawyer Bol Gabriel Diing described the pending Cybercrime and Computer Misuse Bill as an important move toward combating online abuse, misinformation, and data manipulation. He said the bill aligns with the African Union’s Malabo Convention on Cyber Security and Personal Data Protection.
However, Diing warned that any law must be implemented responsibly.
“Agencies should be cautioned not to overstretch their powers to avoid arbitrary arrest for those who constructively criticize and point out flaws within the government,” he said.
For civil society leaders, the stakes are far greater than individual cases—they involve the future of free expression and democratic participation in the world’s youngest nation.
Bol Deng Bol, Executive Director of Intrepid South Sudan and Chairperson of the Jonglei Civil Society Network, said the vacuum in cyber regulation is already harming citizens.
“South Sudanese have the right to engage online without fear of being criminalized or targeted unlawfully,” he said. He urged lawmakers to enact comprehensive legislation that protects digital rights and enhances online safety.
“A well-thought-out legal framework is essential not only to protect citizens but also to strengthen digital governance, trust, and innovation,” he added.
Efforts to address the legal gap are underway in the Transitional National Legislative Assembly (TNLA). In November, Oliver Mori Benjamin, Chairperson of the Specialized Committee on ICT, Postal Services and Telecommunications, said the Cyber Security Bill is advancing to its third reading.
During a consultative workshop organized by Journalists for Human Rights (JHR), Mori acknowledged that JHR and the Digital Rights Frontlines (DRF) flagged several areas of the bill requiring clarification or adjustment.
“We carefully listened to their inputs, shared our perspectives, and reaffirmed our commitment to ensuring that the final draft of the Cyber Security Bill is balanced, fair, and aligned with international best practices,” Mori said. “As the ICT Committee, we will thoroughly examine all the concerns presented and work collaboratively to refine the Bill where necessary.”
The Cybercrimes and Computer Misuse Bill 2024 aims to prevent crimes involving computers, digital devices, and the internet; regulate social media; and protect digital transactions. It aligns with the Constitution, the Penal Code Act of 2008, and international conventions such as the AU’s Malabo Convention and the U.N. Geneva Convention on Cybercrime and Data Protection.
But until these laws are passed and implemented, experts say South Sudan’s digital ecosystem will remain deeply vulnerable, leaving citizens to navigate an online world with limited protections and few avenues for redress.
Editor’s Note: “This story is reported with a grant from Journalists for Human Rights under the ‘Tackling Mis/Disinformation Project,’ funded by the Peace and Stabilization Program of the Government of Canada.”