Authored By: Yusra Al Badawi
Middle East University
I. Introduction
The digital frontier is often framed as a borderless expanse, but the legal frameworks governing it are deeply rooted in Westphalian concepts of sovereignty. More critically, they carry the heavy weight of colonial legacies that continue to shape how post-colonial states govern their populations in the virtual realm. As cybercrime leaps across national boundaries, the international community has rushed toward harmonized legal standards, most notably the Budapest Convention on Cybercrime 2001. However, this harmonization frequently mirrors historical “civilizing missions,” where legal norms from the Global North are exported to the Global South without sufficient regard for local socio-legal contexts or digital sovereignty.
On August 12, 2023, Jordan passed Cybercrime Law No. 17 of 2023, replacing the older 2015 framework and expanding the legislation from 15 to 41 articles. While officials argue these rules are a mechanical necessity to protect online transactions and combat “fake news,” the law’s expansive nature has drawn sharp criticism from human rights groups like Amnesty International. This article argues that the current global cybercrime regime, exemplified by Jordan’s recent legislative shift, necessitates a decolonial interrogation. To truly decolonize digital sovereignty, we must move beyond descriptive compliance with Western-led treaties and toward a substantive legal framework that respects jurisdictional pluralism and the agency of the citizen over the state.
II. The Coloniality of Digital Universalism
Current cybercrime discourse is dominated by a “universalist” approach that assumes a one-size-fits-all legal solution is both possible and desirable. This perspective often overlooks the power imbalances inherent in international law-making. When international treaties like the Budapest Convention are drafted primarily by a small group of developed nations, the resulting standards prioritize the security interests and economic values of those states. For many post-colonial nations, adopting these standards is often a requirement for international legitimacy rather than a reflection of local legal utility.
This “normative extraction” mimics colonial-era legal impositions, where domestic legal traditions are marginalized in favor of “international”—essentially Western—standards. The state frames “online harm” as a threat to “national security” or “social peace,” terms left broad to allow maximum state discretion. Historically, colonial laws used physical policing to treat subjects as potential insurgents. Modern cybercrime laws use digital infrastructure as a panopticon. By requiring telecommunications companies to store data and facilitate state access, the 2023 law creates a digital continuation of the “state of exception” seen during the British Mandate (1921–1946), where the protection of the state supersedes the privacy of the citizen.
III. The History of State Control: From Mandate to Megabytes
The rules in Jordan’s 2023 Cybercrime Law did not appear out of nowhere. Many of these ideas are genealogical descendants of colonial legal architectures designed to treat the colonized subject as a threat to administrative stability. During the British Mandate, sedition and public order laws were designed to give officials “unfettered discretion” to stop local people from organizing. A major example is the 1927 Crime Prevention Law, which was updated in 1954 and remains active today. This law allows governors to detain individuals preemptively, a logic that mirrors the broad terms found in the new Cybercrime Law.
Articles 31, 32, and 33 of the 2023 law allow authorities to collect private digital information with minimal judicial oversight. This mirrors the “sweeping searches” authorized under 1945 colonial regulations. By embedding these powers into regular statutes, the state has turned “emergency” control into a normalized part of everyday digital life. Terms like “provoking strife” or “undermining national unity” in Law No. 17 are functionally identical to the old sedition laws used to punish critics of the Empire. This connection reveals that the “sovereignty” being asserted is not that of the Jordanian people over their data, but a Westphalian state sovereignty that mimics the repressive tactics of former colonial administrators.
IV. Vague Words as a Tool for Power
The hallmark of repressive legislation is the strategic use of “legal fog.” When a law is not clear, it is impossible for a citizen to know if they are breaking it, leading to inconsistent enforcement and a chilling effect on public discourse.
Article 15: The Ambiguity of “Fake News”
Article 15 criminalizes the dissemination of “fake news” that hurts “national security”. However, the law provides no definition for what constitutes “fake news.” This lack of conceptual boundaries allows the state to define “truth” and “falsehood” at its own discretion. Through a decolonial lens, this is a form of “epistemic violence,” as it delegitimizes grassroots narratives or critiques of corruption that do not align with the official state discourse.
Article 16: “Character Assassination”
Article 16 introduces the crime of “character assassination,” targeting “unjust” online statements that harm a person’s reputation. Critics note that Jordan already has laws against defamation and slander, making this addition redundant and dangerous. Because it is so vague, people now fear discussing the mistakes of public officials, worrying that legitimate criticism will be labeled as “character assassination.”
Article 17: Stirring Up Strife
Article 17 punishes content that “stirs up strife” or “threatens social peace”. These terms are subjective and have historically been used to arrest individuals involved in protests or regional advocacy. By using traditional cultural values related to “morals” and “religion” to justify surveillance, the state employs colonial-era anti-sedition logic to suppress modern nationalist or reform movements.
V. Economic Deterrence: The Barrier to Political Participation
Perhaps the most insidious feature of the 2023 Law is its shift toward massive financial penalties. Fines for many online crimes now range from 5,000 JD to 20,000 JD, reaching as high as 75,000 JD in some cases. In a country where the minimum wage is 260 JD a month, a 5,000 JD fine represents nearly two years of gross pay.
This is not merely punitive; it is an “economic deterrence” strategy that functions as a class-based barrier to political participation. In a decolonial context, this is the commodification of free speech. Only the wealthy or state-aligned elites can afford the “risk” of digital expression. For the average Jordanian, the threat of a fine that leads to lifelong debt is a more effective silencer than the threat of short-term imprisonment. This economic violence ensures that the digital sphere—once a space for marginalized voices—is reclaimed by the state and those with the capital to survive its legal machinery. It re-institutes a hierarchy where political rights are contingent upon economic status, mirroring colonial structures where rights were tied to property and loyalty.
VI. Jurisdictional Sovereignty and the Data Colonialism Challenge
“Data colonialism” describes the modern era’s extraction of social data for profit, often by multinational corporations based in the Global North. Cybercrime laws frequently facilitate this extraction by providing legal channels for cross-border data access that bypass traditional mutual legal assistance treaties (MLATs). While efficiency in investigations is important, the erosion of local judicial oversight in the Global South under the guise of “combating cybercrime” threatens the very core of jurisdictional sovereignty.
Article 37 of the 2023 law requires social media platforms with more than 100,000 users in Jordan to maintain a physical office in the country. While the government frames this as an assertion of “sovereignty,” it really helps the state control what citizens see and do online. It forces global companies to choose between their profits and the privacy of their Jordanian users. Legal frameworks must be reformed to ensure that digital evidence sharing does not become a tool for new forms of imperial overreach or state-led surveillance.
VII. Toward a Decolonial Framework: Recommendations and Reforms
To truly decolonize cybercrime law, the international community and the Jordanian state must shift from a model of “imposition” to one of “genuine partnership.” A “participatory” legislative framework is required—one that is drafted in consultation with civil society, tech experts, and legal scholars rather than through a rushed process without public debate.
Using the Constitution for Reform
A better way forward would be to utilize Article 95 of the Jordanian Constitution, which allows members of Parliament to suggest new laws. Reforms should focus on:
-
Clarifying the Rules: Combine the Cybercrime Law and the Penal Code to remove redundant and confusing articles like “character assassination.”
-
Defining Vague Terms: Replace phrases like “fake news” and “provoking strife” with specific, narrow definitions based on international human rights standards.
-
Judicial Oversight: Ensure that all data collection and searches (Articles 31-33) require a warrant from a judge, rather than just an administrative order.
-
Eliminating Mandatory Minimums: Allow judges to decide if a fine or jail time is fair based on a person’s financial situation and the nature of the act.
VIII. Conclusion
The task of decolonizing cybercrime law is an intellectual and professional necessity. Jordan’s Cybercrime Law No. 17 of 2023 represents a regressive turn, deeply rooted in a colonial logic of control rather than a democratic logic of protection. To have a better digital future, Jordan must move away from these old models of surveillance and economic suppression.
True “social peace” comes from free debate, not forced silence. By grounding future legislation in local Jordanian values of community and justice—while respecting constitutional freedoms—Jordan can create a digital space that is truly sovereign for all its citizens. Real digital sovereignty belongs to the people, not just the state.
Bibliography
Primary Sources
Convention on Cybercrime (adopted 23 November 2001, entered into force 1 July 2004) ETS 185 (Budapest Convention)
Constitution of the Hashemite Kingdom of Jordan 1952
Crime Prevention Law No 7 of 1954 (Jordan)
Cybercrime Law No 17 of 2023 (Jordan)
Electronic Crimes Act No 27 of 2015 (Jordan)
Human Rights Act 1998
Penal Code Law No 16 of 1960 (Jordan)
Secondary Sources
Amnesty International, ‘Jordan: New Cybercrimes Law Stifling Freedom of Expression One Year On’ (12 August 2024) <https://www.amnesty.org> accessed 2 May 2026
Article 19, ‘Jordan: Fresh Calls to Scrap Cybercrime Law’ (2024) <https://www.article19.org> accessed 2 May 2026
Freedom House, ‘Freedom on the Net 2024: Jordan’ (2024) <https://freedomhouse.org> accessed 2 May 2026
Human Rights Watch, ‘Jordan: Draconian Cybercrimes Bill’ (24 July 2023) <https://www.hrw.org> accessed 2 May 2026
