International Internet Law

Agreements

Privacy is an increasingly important issue on the internet. Questions concerning anonymity on social networks have taken a back seat to concerns of whether private information stored in secured databases is really private. Scandals such as Wikileaks and the Panama Papers are becoming more common. As companies store information all over the world, information often travels through many jurisdictions before reaching an end user. Whose responsibility is it to monitor this traffic? Governments are putting pressure on ISPs to police the data that travels along their networks while ISPs and privacy organizations are pushing back. These are but some of the topics that international internet privacy legislation is attempting to regulate.

General Data Protection Regulation replacing EC No. 95/46 Directive on Data Protection in 2016

Available in multiple languages, the European Directive on Data Protection regulates the processing of personal data and limits the transmission of such data. Passed in 1995, the directive indicates that personal data should not be processed at all, except when certain conditions are met. These conditions fall into three categories: transparency, legitimate purpose, and proportionality. Later in 2016, this directive will be replaced by the General Data Protection Regulation

OECD Transborder Flow of Data (1980)

European Convention on Human Rights (ECHR)

Articles from the European Convention on Human Rights have been used by many courts to bring state jurisdictions in line with the ECHR as a whole. Article 8 (prima facie right to the protection of person information) and Article 10 ( right to the freedom of expression and the public's right to receive information) are especially important.

 

Notable Cases

Case C‑131/12 Right to Be Forgotten

A Spanish citizen lodged a complaint with the National Data Protection Agency claiming a newspaper and Google infringed on his right to privacy by producing search results of a previous legal case that had been resolved. The Spanish court referred the case to the Court of Justice of the EU. A summary of the decision decision can be found here.

Resources

Pro tip: securely browsing the internet and protecting your data is becoming more difficult as websites track our movements across the web via cookies, http referrers, and agents. You can arrest some of this tracking by using extensions like HTTPS Everywhere, Privacy Badger, and Disconnect. Even better, you can use a high quality VPN. If you think Google knows enough about you, you can use privacy oriented search engines like Duck Duck Go.

Center for Democracy & Technology

Links from the "Privacy and Data" section lead to news items along with documents of interest relating to the topic.

 

BNA's Privacy Law Watch

A subscription database available to current Columbia law students and faculty, BNA's Privacy Law Watch provides information about federal, state, and international developments affecting the privacy and accessibility of information about individuals.

 

Thomson Reuters Intellectual Property and Global Guides

While the name is a little misleading, this section of Practical Law focuses on the data protection regulations of countries. Each country listed has a profile that lists the major regulations regarding data protection, who administers the regulations, special rules, exemptions, etc. Most of the country profiles have been updated within the past year (most since November, 2015) with a minority not having been updated since 2012. The country comparison tool makes it easy to differentiate regulations between jurisdictions.

 

Privacy Exchange- Not Current (Last news post: 2004)

Despite not being updated, the site still hosts reports on privacy, personal data, and access to information up to 2003. The legal library may be a good starting point for summaries of data protection laws, and the International department contains both analysis of the laws impacting trans-border data flow, and the actual experiences of companies transferring data under these laws

Agreements

This important aspect of the international internet law may be the most sparse. Countries are hesitant to define criminal activities on the web in part because it is still unclear what a cybercrime is, but also in part because states cannot agree on uniform traditional crimes. This uncertainty means there are very few internet wide treaties addressing cybercrimes or procedural aspects of policing cybercrime.

The issue of how to define a cybercrime is complicated by the variations of the form of the crime and who the intended target is. The term "cybercrime" may be broad enough to encompass sub-crimes of personal cybercrime (crimes committed against a person), cyber terrorism (crimes committed against a state), and cyberwar (an attack by a nation-state against another nation-state for the purpose of causing disruption or damage). However, other proposed definitions to "cybercrime" state that it is a crime against computers and networks alone. This portion of the research guide will take the stance that most attacks on the internet are cybercrimes and list sources that may include personal attacks as well as attacks on nation-states.

For research purposes, try to maintain and follow one meaning of cybercrime. The lines can often be blurry as scholars and legislators use the term in many ways.

Convention on Cybercrime

The Convention on Cybercrime is the first and only multilateral treaty to address computer-related crime and evidence gathering. The Convention entered into force in July, 2004. It imposes three necessary obligations:

• enact legislation criminalizing certain conduct related to computer systems;
• create investigative procedures and ensure their availability to domestic law enforcement authorities to investigate cybercrime offenses, including procedures to obtain electronic evidence in all of its forms; and,
• create a regime of broad international cooperation, including assistance in extradition of fugitives sought for crimes identified under the Convention

Resources

NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE)

The CCDCOE is a NATO research and policy development center focused on cyber security. The site is full of useful features, including a cyber definitions section, INCYDER (a tool that focuses on the legal and policy documents adopted by international organisations active in cyber security), and publications on International Cyber Norms: Legal, Policy and Industry Perspectives.

The CCDCOE also lists national cyber security policies, primarily focused on NATO member states, that include national security and defense strategies that address cyber, national cyber/information security strategies, and relevant legal acts.

United Nations Office for Disarmament Affairs (UNODA)

While the primary focus of the UNODA is nuclear disarmament, issues affecting disarmament, such as cyber security, are also researched and discussed as prongs of disarmament. The Information Security arm of UNODA notes the role of Information and Communications Technologies (ICTs) in acts by non-state actors.

Agreements

Community Framework for Electronic Signatures 1999/93/EC

In order to increase consumer confidence and regulate trade on the internet, the European Parliament and European Council passed the Directive on the Community Framework for Electronic Signatures.

United Nations Convention on the Use of Electronic Communications in International Contracts

UNCITRAL has been active in formulating uniform legislative standards for the use of electronic communications in trade since the 1980s. A first result of such work was the adoption of the UNCITRAL Model Law on Electronic Commerce, 1996 (MLEC), followed by the UNCITRAL Model Law on Electronic Signatures (MLES), 2001. However, as model laws may be enacted with variations in the different jurisdictions, a stronger, more predictable regulation was needed.

Resources

OECD Committee on Consumer Policy (CCP)

The OECD CCP aims to develop policies and best practices for consumer protection online. Through its Consumers in the Digital Economy Page, one can find resources related to online identity theft, digital content, mobile accessibility and payments, and copyright and digital rights management. On 24 March 2016, the OECD revised its Recommendation on Consumer Protection for Ecommerce, modernizing its approach to fair business practices, information disclosures, payment protections, unsafe products, dispute resolution, enforcement, and education.

Bloomberg’s Electronic Commerce & Law Report

As part of the Bloomberg subscription database available to current Columbia law students and faculty, this report is regularly updated and covers such topics as digital communications content, transactions, and infrastructure as well as economic trends and developments in the law.

UNCITRAL

Under the Electronic Commerce working group, UNCITRAL has grouped together its publications, along with links to bibliographies of its work, treaties, and model laws.

ICC Commission on the Digital Economy

The ICC Commission on the Digital Economy develops policy positions and practical tools for the internet and information communications technology on behalf of users, providers, and operators of information technology. Working with other regulatory groups such as the OECD, and ICANN, this commission takes on many of the same issues. The commission oversees research and policy development in emerging technologies, cyber security, data authorization, data protection and privacy, eBusiness, internet governance, and domain names and identifiers. Separate sub-pages for Internet and Telecommunications, Privacy and Personal Data Protection, and Cyber Security make the website easy to navigate and find necessary documents.

Agreements

Berne Convention for the Protection of Literary and Artistic Works

The Berne Convention enforces a requirement that countries recognize copyrights held by the citizens of all other signatory countries. The convention relies on the concept that a work does not have to be formally registered in every jurisdiction but becomes copyrighted in jurisdictions once the work is introduced to it. The means of redress for the safeguarding of rights shall be governed by the legislation of the country where protection is claimed.

Uniform Domain Name Resolution Policy

This mandatory process governs disputes over registration of domain names.

Madrid Agreement and Protocol

The Madrid System for the International Registration of Marks, now known at the Madrid Protocol, allows one-stop registration in multiple countries. To register a trademark through this process, an application noting that the trademark has been granted in the office of origin is required. An international mark, correctly registered, may then be used as a registered trademark in each of the countries designated by the applicant.

Notable Cases

Universal Music Australia v. Sharman License Holdings

An Australian court found that even though the Sharman p2p (peer-to-peer) service did not host any content on its network, the fact that many of its users were Australian led the court to conclude the service engaged in a significant amount of contact; thus purposeful availment in its jurisdiction.

Vereniging Buma and Stichting Stemra v. Kazaa B.V.

Because Kazaa did not have a physical footprint in the Netherlands and the company was not actually storing any illegal material, the court found the company outside of its jurisdiction, despite the number of users within the state borders.

Resources

World Intellectual Property Organization (WIPO)

WIPO does not have a specific body, committee, or policy forum that deals with IP and the internet, but many treaties and agreements incorporate IP, including trademark, inventions, and copyright, limitations and expectations into the texts. The database of IP laws and treaties (here) is an excellent place to find and research international documents relating to IP.

Electronic Information System for International Law (EISIL)

The Electronic Information System for International Law, or EISIL, is a gateway for international law research on the internet. Created by the American Society of International Law, its purpose is to provide access to high quality versions of primary law, authoritative web sites, and helpful aids to researching international law. EISIL’s information is divided into 14 topics and multiple subtopics, including IP rights.

Agreements

Under Article 19 of the Universal Declaration of Human Rights, everyone has the right to "receive and impart information and ideas through any media and regardless of frontiers." The internet is a newer media that promotes freedom of information and expression of free speech. The idea that the internet is a fundamental human right is only beginning to be developed.

International Covenant on Civil and Political Rights

The International Covenant on Civil and Political Rights commits its parties to respect the civil and political rights of individuals, including the right to life, freedom of religion, freedom of speech, freedom of assembly, electoral rights, right to due process, and right to a fair trial.

• Article 17 mandates the right of privacy.
• Article 19 mandates freedom of expression.

Universal Declaration of Human Rights

The Universal Declaration of Human Rights (UDHR) is a milestone document in the history of human rights. Drafted by representatives with different legal and cultural backgrounds from all regions of the world, the Declaration was proclaimed by the United Nations General Assembly in Paris on 10 December 1948 as General Assembly resolution 217 A representing a common standard of achievements for all peoples and all nations. It sets out, for the first time, fundamental human rights to be universally protected.

Notable Cases

One of the more notable instances of this discussion was the debate over LOI n° 2009-1311 du 28 Octobre 2009 relative à la protection pénale de la propriété littéraire et artistique sur internet. Commonly referred to as the HADOPI law, the most controversial of the many deterrents to prevent the illegally sharing copyrighted material, was the suspension of internet services. This part was revoked in on 8 July 2013 by the French Government because that penalty was considered to be disproportionate and a breach of fundamental civil rights.

Ligue contre le racisme et l'antisémitisme complained that Yahoo! were allowing its online auction service to be used for the sale of memorabilia from the Nazi period, contrary to Article R645-1 of the French Criminal Code (Code pénal (French)).The court ruled that there were sufficient links with France to give it full jurisdiction to hear the complaint. In particular:

• the auctions of Nazi memorabilia were open to bidders from any country, including France;
• the display of such objects, and the viewing of such objects in France, caused a public nuisance and was forbidden under French criminal law;
• Yahoo! Inc. was aware that French residents used its auction site, as it displayed French-language advertisements on its pages when they were accessed from computers in France.

Resources

Council of Europe's Human Rights for Internet Users

The guide provides information about existing human rights for internet users to help them understand and exercise their rights when, considering their rights and freedoms have been adversely affected, they communicate with and seek effective recourse from key internet actors and government agencies. This guide is based on the European Convention on Human Rights and other Council of Europe conventions and instruments that deal with various aspects of human rights protection.

Open Net Initiative

The Open Net Initiative's goal is to investigate, expose and analyze internet filtering and surveillance practices. The country profiles give a quick overview of the status of web filtering of political, social, internet tools, and security as well as transparency about filtering. The profiles are built from a number of sources, each of which is footnoted, making it easier to expand research.

Privacy and Human Rights

Similar to Privacy Exchange above, Privacy and Human Rights does not seem to have been updated since the mid-to-late '90s. However, the information on the site is still useful as background and introductory material for a look at privacy through a human rights lens. Each of the main links (Threats to Privacy, Defining Privacy, The Right to Privacy, and Technologies of Privacy Invasion) give a very detailed explanation of the issue with abundant references through footnotes. The discussion is strictly international in nature, referencing many sources from treaties to foreign cases. Also like Privacy Exchange, this site has country profiles. While it has more countries profiled, each of the profiles is basic, explaining the status of privacy laws in a country.

Human Rights Research Guide

For further human rights research, please see Columbia Law Library's Human Rights Research Guide.