Cybersecurity as a Legal and Social Pillar for Protec ting Digital Rights and Enhancing Trust in the Digital Space

RESEARCH ARTICLE Cybersecurity as a Legal and Social Pillar for Protecting Digital Rights and Enhancing Trust in the Digital Space \ Mansouri Touria / / / / / / / / Doctor (PhD) Member of the Public Utilities and Development Laboratory, Djilali Al-Yabis University - Sidi Bel Abbes Algeria Email: Doi Serial / Keywords Digital Trust, Data Protection, Privacy Rights, Cyber Threats, Cyber security, Legal Frame works. Abstract Cybersecurity constitutes a fundamental pillar within the legal and regulatory framework aimed at safeguarding digital

The digital sphere is undergoing rapid transformations that have redefined the boundaries of traditional freedoms and introduced unprecedented challenges for legal systems. These challenges revolve around how to reconcile the imperatives of security with the need to uphold fundamental rights and freedoms. In an era marked by escalating cyber threats and widespread digital practices that infringe upon personal data and freedom of expression, cybersecurity has emerged as a central theme in contemporary legal discourse not merely as a technical safeguard, but as a foundational element in rebuilding trust within the digital realm.

Recurrent cyberattacks and the growing threat of digital terrorism targeting critical infrastructure have compelled states to adopt increasingly stringent security policies, often justified by the necessity of preserving public order. However, such measures have expanded the scope of digital content surveillance and led to restrictions on key freedoms, particularly the right to privacy and freedom of expression. Still, this security-driven orientation must not be pursued in isolation from the principles of legality, proportionality, non-discrimination, and effective judicial oversight. These safeguards are essential to prevent the digital space from becoming void of rights and freedoms.

From this perspective, cybersecurity represents a vital legal entry point for redefining the relationship between individuals and the state in the digital era, thereby fostering citizens’ trust in the justice and transparency of the legal system. Legal trust is not merely built by shielding systems from cyber breaches; it is consolidated through the entrenchment of constitutional guarantees that ensure a fair balance between legitimate oversight and the protection of digital liberties.

This study, therefore, raises the following central research question:

To what extent can cybersecurity serve as a legal instrument for rebuilding trust in the digital space, in light of the inherent tension between surveillance imperatives and the protection of digital rights, particularly freedom of expression and the right to privacy?

To address this question, the study is structured around two primary axes:

• •        Chapter One: Freedom in the digital space and its

legal boundaries

• •        Chapter Tow:    Digital surveillance and

cybersecurity as foundations for rebuilding legal trust

To examine the delicate balance between liberty and control in the digital realm and its implications for legal trust, this research adopts a descriptive-analytical method. It explores the concept of digital freedom, its unique legal features, and how it diverges from traditional freedoms, with a focus on the challenges posed by the evolving digital communication environment. It also delves into the notion of cybersecurity and the technical and regulatory frameworks developed by the Algerian legislator to combat cyber threats and deter perpetrators, in light of recent legal reforms.

In addition, the study employs an inductive approach by analyzing a selection of relevant national legal texts, aiming to identify prevailing legislative trends and assess their effectiveness in achieving a sustainable balance between digital security imperatives and the protection of fundamental rights and freedoms chief among them freedom of expression and the right to privacy in the digital environment.

Chapter One: Freedom in the Digital Space and Its Legal Boundaries

Throughout history, philosophers have emphasized the role of reason in mastering desire, even in the face of natural determinism. Simone Weil, in particular, articulated this idea with clarity, arguing that while human beings are bound by necessity, they nonetheless possess an inner freedom in how they respond to it. The essential distinction between slavery and freedom lies in the ability to choose: either to submit blindly to necessity or to engage with it through conscious and deliberate reflection.

The paradox highlighted by Weil is that rational thought traditionally regarded as the instrument of human liberation can, in the modern era, become a mechanism of domination through its technological manifestations, particularly artificial intelligence. In this sense, reason itself, once the symbol of emancipation, may transform into a threat to human freedom in the age of intelligent machines.1

The first requirement: The Legal Nature of Digital Freedom

Legal institutions and governing bodies endeavor to regulate digital freedom by establishing normative frameworks that govern its use and seek to prevent its slide into new forms of control or exclusion. However, this regulatory impulse often precedes a comprehensive understanding of the phenomenon itself. As a result, legal responses are frequently crafted hastily, lacking in-depth engagement with the inherent complexities of digital environments.

This reality renders digital freedom a fertile ground for rethinking the very notion of legal responsibility now caught between the poles of human autonomy and algorithmic governance. The tension between individual agency and automated control calls into question traditional legal categories and invites a reexamination of accountability in a landscape increasingly shaped by algorithmic decision-making.2

First branch: Freedom of Expression and Digital Privacy in International Instruments and National Legislation

In the context of rapid digital transformation, digital freedom has emerged as a subject of profound importance, sparking international debates that go far beyond technological considerations to touch upon deep cultural and anthropological differences in the understanding of freedoms across societies. Among the most prominent manifestations of this shift is artificial intelligence, which poses novel challenges to traditional conceptions of liberty and reshapes the relationship between the individual, the institution, and the law.

This evolving landscape calls for a comprehensive legal reading of digital freedom-one that acknowledges the interplay between ethical, social, and technological dimensions. Digital freedom can no longer be viewed merely as a right to access or express; rather, it is increasingly linked to new forms of responsibility that arise in an environment shaped by automation and algorithmic decision-making.

Thus, there is a growing need to reconceptualize freedom not solely as an abstract legal entitlement, but as a dynamic concept embedded within a technological system that reshapes reality and reorients human will. As philosopher Bernard Stiegler insightfully observes, technology today is no longer a passive tool at humanity’s disposal it is generative of possibility itself. It does not simply enable what we imagine; it actively configures the very horizon of our imagination from the outset.

Firstly: At the International Level

In late 2001, Budapest witnessed the adoption of the first multilateral international treaty aimed at combating cybercrime - the Budapest Convention on Cybercrime -which was opened for signature on 23 November 2001 under the auspices of the Council of Europe. The Convention seeks to harmonize national criminal laws,³strengthen investigative techniques, and foster international cooperation in the fight against information-related crimes.

Its core objective is to establish a unified legal framework that enables signatory states to define cyber offenses, adopt appropriate sanctions, and align their domestic laws with common standards. One of the landmark accessions was that of the United States , which ratified the Convention in September 2011 , thereby acknowledging its legal value in providing clear definitions of cybercrimes and facilitating cross-border enforcement.⁴

The Budapest Convention, in its Article 2 and subsequent articles, precisely defines crimes that infringe upon the confidentiality and security of information. It criminalizes unauthorized access to computer systems without legal permission. Article 3 also criminalizes the illegal interception of data transmissions using technical means with the intent to disrupt broadcasting or communication. It further includes unauthorized interference with data, such as intentional destruction, alteration, deletion, or corruption of digital data without lawful justification, considering such acts as criminal offenses subject to liability.

On the other hand, the Council of Europe Convention on Cybercrime highlights the member states' awareness of the growing and rapidly evolving threats posed by cybercrimes across computer networks. Its preamble emphasizes the urgency of adopting a unified criminal policy aimed at protecting society from these threats, through appropriate legislation and the strengthening of international cooperation. The Convention also underlines the profound transformations resulting from digitization and the globalization of networks, along with the increased potential for these networks to be used in the commission of complex criminal offenses.⁵

In order to protect commercial activities and deter crimes committed through electronic means, the Convention emphasized the necessity for State Parties to adopt legislative and other appropriate measures whenever required, to ensure the lawful and proper functioning of computer systems and the activities conducted through them.6

Secondly: At the Arab Regional Level.

The Arab region has undertaken concerted and structured efforts to strengthen cybersecurity frameworks. A key actor in this domain is the Arab Center for Legal and Judicial Research , which played a pivotal role in establishing the Arab Observatory for Cybersecurity , in collaboration with both governmental entities and civil society organizations. These initiatives culminated in the organization of the Arab Cybersecurity Day in Beirut-an event that underscored the imperative of aligning national legal systems across the Arab world with the evolving demands of modern digital technologies.

The forum emphasized the critical importance of legal harmonization and cooperative regulatory approaches in confronting cybersecurity threats and ensuring the resilience of digital infrastructure. It called for the integration of best legislative practices across the region and advocated for the establishment of specialized regulatory bodies dedicated to the protection of personal and institutional data. Furthermore, a comprehensive public awareness campaign was launched during the event, aiming to enhance societal understanding of cybersecurity risks and the urgent need for both legal and technical safeguards.7

Third: At the National Level

Law No. 15-04 laid down foundational principles concerning documentation, integrity, and non-repudiation in the context of electronic signatures and authentication, while also criminalizing certain forms of digital forgery. These include, for instance, the submission of false information or the unauthorized use of another person's electronic signature. The law further emphasized the criminalization of acts that facilitate forgery, such as unauthorized access to information systems, as well as tampering with data that holds judicial evidentiary value.9 Nevertheless, the current legal treatment of digital forgery remains partial and calls for a more comprehensive legislative enhancement to encompass all emerging forms and modalities of such crimes.

It is also worth noting that the confidentiality of information and personal data of digital environment users has been a primary concern across all sectors. This issue prompted the International Organization for Standardization (ISO) to pay particular attention to the matter, recognizing confidentiality as the principal reason for the development of encryption systems-given that it fundamentally concerns the ethics of online interactions.

Second section: The Limits of Digital Freedom Between Liberation and Restriction Amid Security Challenges

Digital freedom is not merely the ability to access or express oneself within the digital sphere; it is intrinsically linked to the technical conditions that determine what can be done or even thought of in the first place. What we often regard as free will in the use of digital tools is, in reality, preceded by a technological infrastructure that governs the nature of our choices and sets the boundaries of what is possible and impossible.

In this context, digital freedom cannot be understood outside its relationship with technology, which functions both as a precondition and a constraint on digital practices. Our projects and desires-those we perceive as outcomes of autonomous decisions-may in fact reflect opportunities and tools pre-determined by technological systems. Thus, the digital sphere becomes a contested space where individual will collide with the logic of automation and preprogrammed systems.

Herein lies the legal challenge: How can we legislate for a genuine form of digital freedom that preserves an individual's capacity to choose within a space whose boundaries are technologically defined before they are consciously perceived?

Recovering the legal meaning of digital freedom is not solely a matter of data protection or ensuring the right to connectivity ; it requires a deeper interrogation of the very technological foundations that produce and simultaneously restrict freedom. In this sense, freedom is not only about "what we are allowed to do," but fundamentally about " what we are allowed to imagine as possible ."¹⁰

The second requirement: Challenges of Digital Freedom in Practical Reality

Amid the digital revolution that promised smarter cities and more personalized, efficient services, a fundamental paradox has emerged-one that strikes at the heart of the very concept of digital freedom. Although digitization pledges to enhance daily life and empower individuals to interact instantly with services-whether in health, mobility, or urban management—the practical reality of these transformations reveals profound challenges to individual liberties, particularly the freedom of movement, digital agency, and the right to privacy.

At the core of these challenges lies the collection and processing of personal data , a process that has become central to every digital infrastructure. While necessary for tailoring services and improving efficiency, such data practices can lead to privacy violations and the creation of “digital bubbles” , which confine individuals within predetermined digital trajectories, thus restricting their autonomy and freedom of interaction.

In this context, digital freedom shifts from a theoretical concept to a problematic field of application , raising pressing questions:

• •    To what extent can access to smart services be considered true freedom, if such access is monitored and conditional?

• •    Do algorithms genuinely enable choice, or do they predefine it?

• •    What are the limits of balance between preventive measures (in health or behavior) and individual autonomy?

The French legislator was early to recognize these issues, enacting the Informatics and Liberties Law of 1978 ,¹¹ which emphasized that technology must serve humanity, not control it. Yet, four decades later, with the rise of tracking technologies and artificial intelligence, it has become clear that ensuring digital freedom requires more than legal texts . It must be embodied in practical policies that uphold digital dignity and restore individuals' control over their personal data and digital pathways .¹²

First branch: Unregulated Digital Practices and Their Impact on Public Order-A Comparative Perspective

The evolution of public administration under the framework of e-government represents a fundamental transformation in the administrative landscape. The incorporation of digital mechanisms, including automation, cloud computing, and data-driven services, has redefined power structures and operational dynamics within public institutions. While these advances promise efficiency, transparency, and accessibility, they have also paved the way-in the absence of robust legal safeguards-for the rise of unregulated digital practices that challenge the core principles of public order.

Notably, the proliferation of open data initiatives and the deployment of artificial intelligence (AI) in administrative decision-making, without clear legal parameters, have generated new forms of risk:

• •    Administrative accountability becomes blurred, as decisions are increasingly delegated to opaque algorithmic systems.

• •    The principle of equality is jeopardized when automated systems replicate or reinforce bias.

• •    Privacy violations become widespread in the absence of consent mechanisms and data minimization strategies.

• •    Public trust in institutions erodes due to perceptions of surveillance, lack of transparency, and the commodification of personal data.¹³

European Union Example: The GDPR and Digital Governance

The European Union has recognized these challenges and responded with the General Data Protection Regulation (GDPR) , a comprehensive legal framework that governs the collection, processing, and storage of personal data. The GDPR enshrines key principles that are essential for maintaining public order in digital governance:

• •       Lawfulness, fairness, and transparency in data

handling (Article 5).

• •       Purpose limitation  and data minimization,

preventing excessive data collection.

• •         Data subject rights , including access, rectification,

erasure, and objection.

• •         Accountability obligations for controllers and

processors, including Data Protection Impact Assessments (DPIAs) for high-risk processing.14

Jean Regards croisés 2022 Presses de l’EHESP, 2022, p333.        Administratives 2005/2 Vol. 71 I.I.S.A, 2005, p255-256.

This regulation is further supported by the EU Digital Services Act (DSA) and Digital Governance Act , which aim to impose greater responsibility on public and private entities using digital infrastructures, especially in domains like AI-based public services and cross-border data sharing.¹⁵

The Algerian Context:  Toward Balanced DigitalGovernance

In Algeria, the absence of a fully harmonized legal framework for digital transformation in public administration has allowed digital practices to develop in a largely unregulated environment. The use of AI in administrative services, the sharing of open data without strict guidelines, and the implementation of e-services without embedded rights-protection frameworks contribute to structural risks:

• •         Inequitable access to services.

• •        Diminished legal recourse for automated

administrative decisions.

• •        Threats to individual dignity and personal data

autonomy.

The digital transformation of governance must be anchored in a normative framework that ensures legal legitimacy , proportionality , and human-centered design . Algeria and other states should:¹⁶

• 1.      Adopt comprehensive data protection laws

• 2.      Develop AI governance policies that promote

• 3.       Ensure institutional accountability in digital

• 4.       Establish independent regulatory authorities with

aligned with international best practices (e.g., GDPR).

transparency and human oversight.

service provision.

the capacity to enforce compliance and protect digital rights.

This balanced approach allows for the realization of technological benefits while preserving the foundational values of equality , justice , and public order in an increasingly digital society.

Second section: The Failure of Traditional Frameworks to Safeguard Individuals’ Digital Rights

The digital transformation of public administration has fundamentally altered the relationship between the state and the citizen, rendering the regulation of information a critical legal imperative. However, digital advancements have exposed the shortcomings of traditional legal frameworks in protecting privacy and data security.17 Paperbased laws are no longer adequate to address the complexities of the digital environment, thereby imposing new legal burdens on citizens without providing corresponding safeguards. The absence of effective protection for sensitive data threatens fundamental rights and undermines trust in state institutions, necessitating a comprehensive legal reform.

It may be asserted that smart cities suffer from a delay in implementing robust security strategies, due in part to the limited digital literacy of decision-makers, reliance on outdated technologies, and sluggish responsiveness to evolving cyber threats.18

Accordingly, the profound transformations brought about by e-government in the structure of public administration reveal that traditional legal and administrative frameworks are no longer sufficient to meet current - let alone future- digital challenges. As information technologies evolve and become deeply embedded in public service delivery, the protection of digital rights - such as privacy, freedom of access to information, and data security - can no longer be treated merely as extensions of classical legal norms. Rather, they require a fundamental reconfiguration of the concepts of governance, responsibility, and transparency.

While e-government does not constitute a transient phase but rather a structural transformation, the absence of a robust theoretical foundation and interdisciplinary approaches renders the formulation of an effective legal framework an urgent and complex challenge.

Thus, the development of digital infrastructure alone is insufficient. There is a pressing need to reform legal and administrative systems to ensure the protection of digital rights, and to strike a balance between administrative efficiency and the preservation of digital dignity in a constantly evolving digital landscape.

Chapter tow: Digital Oversight and Cybersecurity as Foundations for Rebuilding Legal Trust

The escalating frequency and complexity of cyber threats19 have given rise to a new digital reality that has profoundly shaken the foundations of trust in cyberspace. This evolving landscape has reignited fundamental questions concerning the capacity of states and institutions to safeguard digital rights. Within this context, digital oversight and cybersecurity have emerged as indispensable components-not only for protecting data-but also for reconstructing legal trust in the relationship between individuals and digital systems, both public and private. Cyberattacks targeting critical infrastructure or exploiting social networks, as well as health and financial data, underscore the fragility of conventional frameworks in securing the informational domain.

Thus, cybersecurity must be understood not merely as a set of technical tools, but as an integrated legal and regulatory governance structure essential for ensuring the availability, confidentiality, and integrity of data. This approach fortifies the rule of law within the digital sphere. The development of legitimate and transparent digital oversight mechanisms-grounded in principles of protection, accountability, and responsibility-is a decisive prerequisite for restoring citizen and institutional trust. Furthermore, it establishes a sustainable legal security environment that is capable of adapting to rapid technological transformations.20

Amid the escalating surge in cyber threats,21 the French legislator has undertaken a series of legal measures aimed at confronting these challenges through an expanding legislative arsenal. This includes specialized laws such as the Informatique et Libertés Act of 1978.22 and the Godfrain Law of 1988,23 as well as the adaptation of traditional criminal offenses to the digital context. However, the recurrent nature of cyberattacks-particularly those targeting critical infrastructure-has revealed the limitations of conventional legal frameworks. This has necessitated the development of modern digital oversight mechanisms and the expansion of the cybersecurity concept to constitute an integral component of national sovereignty.

The first requirement: Cyber Oversight Between Security Protection and the Threat to Liberties.

Cybersecurity, in this context, represents not merely a collection of technical measures-as previously noted-but a comprehensive legal and institutional framework designed to restore trust between the citizen and the digital state. It aims to enhance the state's capacity to safeguard both individual and collective rights within the virtual domain. The reinforcement of this trust inevitably requires multilevel cyber governance, encompassing coordination between public and private sectors, reform of digital education, and the promotion of widespread awareness regarding cyber risks. Such efforts are essential for fostering a sustainable digital legal culture grounded in principles of responsibility, prevention, and institutional integration.

Thus, rebuilding legal trust in the digital age cannot be achieved without recognizing cybersecurity and digital oversight as instruments of sovereignty, essential for the protection of fundamental rights and the preservation of public order in the networked society.

First branch: Towards an Effective Deterrence Strategy in Compliance with International Law.

classified as the "fifth domain of conflict" in national defense strategies, alongside land, sea, air, and space.

The principle of coordinated and graduated deterrence has emerged as a foundational concept in shaping state responses to cyber threats. This approach advocates for a tiered classification system for cyberattacks that aligns with both domestic and international legal frameworks most notably Article 51 of the United Nations Charter, which serves as a legal basis for determining the appropriate forms of response, whether political, economic, diplomatic, or, in extreme cases, military. Harmonization between this classification system and that of strategic allies, such as the United States, opens the possibility for coordinated collective responses within international coalitions.24

This evolving legal landscape raises critical questions: When does a cyberattack constitute an “armed attack”? And does such an attack justify the invocation of the right to self-defense under Article 51? These uncertainties underscore the urgent need for enhanced international cooperation and the modernization of international legal instruments to encompass emerging domains such as digital sovereignty, cybercrime, and human rights in cyberspace.

At the international level, France’s official point of contact for cyber incident monitoring and response is the CERT-FR (Centre gouvernemental de veille, d’alerte et de réponse aux attaques informatiques), which operates under the authority of ANSSI (Agence nationale de la sécurité des systèmes d'information).25 In addition, Article 7 of the Council of Europe Convention on Cybercrime recognizes cyber offenses as intentional unlawful acts, including the unauthorized provision of software, insertion of additional data, or the alteration, modification, or deletion of computer information without legal authorization.26

Second section: Cybersecurity Trends and Their Impact on the Right to Privacy.

In recent decades, the relationship between digital security and the protection of private life has undergone a profound transformation. This shift is largely attributed to the increasing complexity of cyber threats particularly those related to terrorism, organized crime, and the growing surveillance capabilities of states in the digital realm.

Firstly. From Data Protection to the Expansion of Surveillance Powers

During the 1980s and 1990s, initial efforts emerged to adapt legal frameworks to the realities of the emerging "information society." In 1986, the U.S. Congress amended the Electronic Communications Privacy Act (ECPA) to extend protections to digital files and email communications. Similarly, in 1995, the European Union adopted the Data Protection Directive, aiming to reconcile privacy protection with the free flow of data within the internal market.

However, this protective trajectory was paralleled by a growing body of legislation that expanded the surveillance and data interception powers of intelligence and law enforcement agencies-especially in the aftermath of the September 11, 2001 terrorist attacks. These events prompted the enactment of laws such as the USA PATRIOT Act, which significantly broadened investigative powers on the premise that counterterrorism imperatives could justify restrictions on civil liberties.

Secondly. Security vs. Privacy: The Rise of the “Securitization” of Cyberspace

A distinct trend toward the “securitization” of the digital domain has emerged-whereby technological challenges are increasingly framed as existential threats, justifying extraordinary security measures. This dynamic became particularly evident in France following the 2015 terrorist attacks, which led to the prolongation of the state of emergency and the passage of legislation granting expansive surveillance powers to security agencies. Notably, the 2017 Counter-Terrorism Law integrated emergency measures into the ordinary legal framework, often at the expense of privacy safeguards and without sufficient judicial oversight.27

engagée.                                                            respecting constitutional safeguards.

Third . The Snowden Revelations and the Crisis of Public Trust

In 2013, Edward Snowden's disclosures revealed the extensive reach of global mass surveillance programs operated by the U.S. National Security Agency (NSA). These revelations triggered international backlash and a significant erosion of public trust in digital governance. The United States responded by adopting the USA FREEDOM Act (2015), which aimed to curb certain surveillance practices. Simultaneously, the United Nations initiated global efforts to promote the right to privacy in the digital age.

Despite these efforts, the balance between privacy and security remains precarious. Following each major terrorist incident, political discourse often reverts to a heightened security narrative, resulting in a recurring pattern in which security interests systematically override privacy protections.28

Section Three: The Role of the Judiciary in Safeguarding the Principle of Proportionality and Fundamental Rights.

The judiciary particularly the Court of Justice of the European Union (CJEU) has played a pivotal role in curbing excessive surveillance practices and reinforcing the principle of proportionality in data governance. Notable judicial interventions include:29

The annulment of the Data Retention Directive in 2014 on the grounds that it violated the principle of proportionality and failed to ensure adequate safeguards for privacy. The invalidation of the "Safe Harbor" agreement between the European Union and the United States in the landmark Schrems I judgment (2015), due to insufficient protection of EU citizens' data.

The rejection of provisions in the UK Investigatory Powers Act, which were deemed incompatible with EU law, particularly in relation to indiscriminate data collection.

As data collection becomes increasingly pervasive especially through partnerships between governments and major technology firms growing concerns have emerged regarding the use of predictive analytics and digital profiling for surveillance or discriminatory practices. The Chinese Social Credit System has become a prominent example raising global apprehensions about state-led data-driven control mechanisms.

In this evolving landscape, the judiciary has come to represent the final bastion for upholding the balance between national security imperatives and the protection of fundamental human rights. Given the expansion of security agencies' powers under new legislation, judicial oversight alongside an empowered civil society is expected to play an increasingly vital role in ensuring that security measures remain constrained within a legal framework that respects privacy, due process, and essential liberties.30

The second requirement: The Role of Modern Legislation in Ensuring an Effective Balance Between Oversight and Liberties (The Algerian Legal Framework as a Case Study).

Under the provisions of Law No. 09-04 of 5 August 2009, concerning the specific rules for the prevention and suppression of offenses related to information and communication technologies, Algeria established a national authority known as the National Authority for the Prevention of ICT-Related Crimes. This body functions as an independent administrative authority,31 endowed with legal personality and financial autonomy, and is placed directly under the authority of the President of the Republic.32

First branch: The National Cybercrime Authority: A Centralized Oversight Structure Anchored in Presidential Accountability.

The organization and composition of the Authority are determined by regulatory instruments, while its official headquarters is located in Algiers, with the possibility of relocation anywhere within the national territory by presidential decree. The Authority is structured into two main subdivisions: The Guidance Council and the General Directorate,33 both of which report directly to the President and are required to submit periodic activity reports to the Head of State.

This institutional design reflects a legislative intent to integrate cybersecurity oversight within a framework of centralized accountability, while aiming to strike a balance between the imperatives of digital crime prevention and the respect for civil liberties. As such, this model offers a notable example of how modern legal mechanisms can institutionalize digital oversight while remaining anchored in a constitutional order.34

The National Authority for the Prevention of Crimes Related to Information and Communication Technologies is entrusted, within the framework of its legal duties, with promoting and coordinating preventive measures against this type of crime. It exercises a set of key prerogatives that enable it to fulfill its objectives, which include:

• ❖    Proposing legislative and regulatory policies and mechanisms aimed at enhancing the protection of society from cyber threats.

• ❖    Promoting and coordinating operations for the prevention of ICT-related crimes.

• ❖    Assisting the judiciary and law enforcement officers in the fight against cybercrime, particularly regarding the gathering and provision of information.³⁵

• ❖    Ensuring preventive monitoring of electronic communications to detect crimes of a terrorist nature or those threatening state security, in coordination with the Ministry of Defense when matters relate to military security, and in accordance with applicable legislation.³⁶

• ❖    Contributing to the training of specialized investigators in technical investigations related to information and communication technologies.³⁷

• ❖    Additionally, the Authority is tasked with recording and preserving digital data from information systems and identifying their source and trajectory for use in judicial proceedings.³⁸

Accordingly, the initiative taken by the Algerian legislator to establish the National Authority for the Prevention of Cybercrime under Law No. 09-04 represents a positive and significant legislative step toward strengthening the institutional framework for preventing risks associated with the use of information and communication technologies.

However, despite its importance, this initiative alone remains insufficient to confront the growing and evolving challenges posed by cybercrime-particularly given the continuous advancement of the tools and methods used to commit such crimes in the digital environment. This reality necessitates a comprehensive and integrated approach, encompassing the reinforcement of the legislative framework, the development of technical competencies, and the activation of international cooperation mechanisms in this field.

Second section: Regulating the Digital Infrastructure: The Role of the Postal and Electronic Communications Authority in Cybersecurity

Similar to the National Authority for the Prevention of Crimes Related to Information and Communication Technologies, the Algerian legislator, under Law No. 180439 of May 10, 2018, related to postal and electronic communications, established the Regulatory Authority for Postal and Electronic Communications as an independent administrative body with legal personality and financial autonomy.

This authority is tasked with ensuring compliance with regulatory rules applicable to operators in the postal and electronic communications sector. It is also entrusted with contributing to the achievement of cybersecurity,40 through its role in combating cybercrimes and addressing the risks associated with the unlawful use of communication networks, in accordance with existing legislation.

Section Three: Law No. 18-07 on Data Protection: A Legal Guarantee for Privacy in the Digital Age.

In addition, the Algerian legislator introduced Law No. 18-07 of June 10, 2018, concerning the protection of natural persons in the context of automated processing of personal data. This legislative development represents a crucial step in enshrining the right to privacy and the protection of personal life within Algerian legislation, in line with digital and informational transformations. The law was enacted in response to international standards, particularly those found in human rights instruments and data protection agreements.

The objective of this law is to establish a comprehensive legal framework to regulate the collection, processing, storage, and transfer of personal data, while ensuring adherence to fundamental principles such as legality, transparency, and proportionality.

Furthermore, the law establishes a set of rights for individuals whose data is subject to processing, including the right to information, access, correction, deletion, and objection, and grants them the right to appeal to the National Authority for the Protection of Personal Data. This body, created by the same law, is an independent administrative authority with regulatory and supervisory powers.

The law obliges all parties involved in the automated processing of personal data to comply with data security rules and to obtain prior authorization from the Authority, especially in cases involving sensitive data or transfers of data abroad. It also introduces criminal and administrative penalties for anyone found guilty of illegal processing, disclosure, or use of data outside the declared purposes, reflecting the legislative seriousness in protecting this fundamental right.

and electronic communications (as previously mentioned), as: "A set of tools, policies, security concepts, security mechanisms, guidelines, riskmanagement approaches, operationalprocedures, training, best practices, safeguards, and technologies that may be employed to protect electronic communications against any incident that could compromise the availability, integrity, or confidentiality ofdata that is stored, processed, or transmitted.

Thus, Law No. 18-0741 constitutes a modern reference framework within Algerian legislation for personal data governance in the digital economy era.

Conclusion:

Cybersecurity has become one of the fundamental pillars for ensuring state sovereignty and internal stability, particularly in light of the rapid shift toward digitization and the growing scale of cyber threats targeting critical infrastructure, sovereign data, and individual rights. In the Algerian context, an analysis of the current legal and institutional framework reveals a notable evolution in the legislative measures combating cybercrime, as reflected in Laws No. 09-04, 18-04, and 18-07. However, this legislative progress remains partial unless it is supported by a comprehensive strategic vision that strengthens national cyber resilience and keeps pace with the ongoing transformation of the digital landscape.

Based on the study conducted, a number of key findings have been reached, summarized as follows:

• 1.    The Algerian legal framework has shown tangible progress in recognizing the seriousness of digital threats by establishing specialized bodies and clearly defining responsibilities for protecting data and combating cybercrime.

• 2.    Existing legislation suffers from certain shortcomings, particularly in adapting legal texts to the evolving technical nature of cybercrime and in the lack of coordination among relevant entities.

• 3.    The Algerian experience reveals an urgent need for a unified national cybersecurity strategy that overcomes the fragmented nature of current approaches.

• 4.    Institutional capacity to address cross-border digital crimes remains limited, alongside weak levels of international cooperation in this domain.

• 5.    There is a shortfall in the involvement of civil society and the private sector in prevention and response efforts, which hinders the achievement of collective digital resilience.

• 6.    Legal oversight over the automated processing of personal data represents a qualitative advancement, yet it

still requires stronger guarantees for the protection of rights and freedoms.