Kategori international issues

Upcoming Seminar: Norms as Agents in the Information Society

Title: Norms as Agents in the Information Society
Speaker: Luciano Floridi
Date: Wednesday 15 May, 4-6pm
Location: Faculty Room, 8th floor C house, Södra Huset, Frescati, Stockholm University (subway: Universitetet)

Luciano Floridi is Professor of Philosophy at the University of Hertfordshire – where he holds the Research Chair in Philosophy of Information and the UNESCO Chair of Information and Computer Ethics – and Fellow of St Cross College, University of Oxford, where he is the founder and director of the IEG, Oxford University Information Ethics research Group.

His most recent books are Information: A Very Short Introduction (OUP, 2010), The Philosophy of Information (OUP, 2011),  and The Cambridge Handbook of Information and Computer Ethics (CUP 2010).

The territorial scope of the proposed EU Data Protection Regulation

As is well known, the European Union is currently seeking to reform its data protection framework through the introduction of a Regulation to replace the 1995 Directive. The Regulation has come under significant scrutiny from various quarters. However, one Article – Article 3 determining the proposed Regulation’s territorial scope – has received limited attention. This is surprising since, for any non-EU party, Article 3 is the single most important provision in the entire proposed Regulation; after all, nothing can be of a more fundamental importance than a provision that determines whether the substantive rules of the Regulation apply or not. This fact could scarcely have escaped the attention of the drafters.

In its current form, Article 3 reads as follows:

Article 3:

1. This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union.
2. This Regulation applies to the processing of personal data of data subjects residing in the Union by a controller not established in the Union, where the processing activities are related to:
(a) the offering of goods or services to such data subjects in the Union; or
(b) the monitoring of their behaviour.
3. This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where the national law of a Member State applies by virtue of public international law. (emphasis added)

Anyone attempting to get clarification as to the exact meaning of this Article, and the underlying principles that has guided the drafters, will logically turn to the Explanatory Memorandum. Unfortunately, doing so is an utter waste of time. Depending on one’s personal disposition one will be either amused, dumbfounded or feel great despair in finding that under the heading “3.4 Detailed explanation of the proposal”, all that the Explanatory Memorandum states about Article 3 is that: “Article 3 determines the territorial scope of the Regulation.” If this is the “detailed explanation of the proposal” we need the drafters to provide a ‘super-extended director’s cut’ version as well.

This lacking attention to a key provision, that more than any other needs to be discussed in detail, is puzzling. What is worse, even on a charitable interpretation of the situation, the failure to provide reasonable guidance as to Article 3 is negligent, arguably suggesting that inadequate attention has been given to the territorial scope of the Regulation. At worst, it seems the drafters are seeking to avoid attention being directed at the enormously important effect of Article 3.

Interestingly, and no doubt controversially, whichever version of Article 3 is finally entering into force, this provision seems likely to bring all providers of Internet services such as websites, social networking services and app providers under the scope of the EU Regulation as soon as they interact with data subjects residing in the European Union. While this can be said to be the case already under the current EU approach to extraterritoriality, it is submitted that the new approach, as found in the proposed Regulation, goes even further.

In more detail, the rule articulated in Article 3(2)(a) contains a double requirement; that is, (1) the data subject must reside in the European Union (similar to passive nationality), and (2) the conduct must take place in the EU (similar to objective territoriality). However, Article 3(2)(b), which must be read independent from Article 3(2)(a), only contains the first requirement – it only focuses on whether the data subject resides in the European Union.

If this is correct, then Article 3(2)(b) suggests that EU residents enjoy the protection of the Regulation simply by residing in the European Union. In the absence of further restrictions, this protection would then seem to attach to the very person of EU residents so as to enable them to rely on this protection also when travelling outside the EU. For example, an EU resident on holiday in New York would be protected by the EU data protection Regulation by virtue of the EU residence if a US controller, not established in the Union, processes personal data of the EU resident as part of monitoring the EU resident’s behaviour in New York.

This result is so absurd, and so clearly inappropriate, that it cannot have been the drafters’ intention. Thus, the proposed Regulation must be amended to address this issue, and indeed, all that is required to depart from this unfortunate situation is to include, in Article 3(2)(b), the words “in the Union” in the manner done in Article 3(2)(a).

Indeed, some experts seem to take such an amendment to Article 3(2)(b) for granted. In expressing his views on the proposed Regulation, the European Data Protection Supervisor stated that:

“He considers that the offering of goods and services or the monitoring of the behaviour of data subjects in the Union makes much more sense and is more in line with the reality of global exchanges of information than the existing criterion of the use of equipment in the EU, under Article 4(1)(c) of Directive 95/46/EC.” (emphasis added) (Opinion of the European Data Protection Supervisor on the data protection reform package, 7 March 2012, at 17.)

While this interpretation is sensible, it would be much more comfortable to have the text of Article 3(2)(b) amended so as to cement this interpretation beyond any doubt.

South Africa Update

IRI is busy in South Africa this week! Two of the highlights thus far have been meeting members of the law faculty at the University of Cape Town and Stanley Greenstein’s presentation at the Cape Law Society.  Other good experiences include visits to numerous law firms with an interest in law and technology and a tour of the tech and design hub of Woodstock.  After almost a week here, we are developing a good understanding of the South African law and ICT perspective: cloud computing, data mining, regulating ICT and the forth coming South African data protection legislation have been hot topics of discussion.

Bon voyage!

The editor of the month would like to wish the Law & ICT gang an educational study tour to South Africa.

Looking forward to running updates and reports from the trip.

Take care and bon voyage, guys!

Addressing Cyber Instability

The Cyber Conflict Studies Association (CCSA) released its full “Addressing Cyber Instability” monograph earlier this month. It is available for download at the CCSA website and will be coming out in paperback, hardback, and ePub in the future.

In addition to legal issues, the monograph covers various concerns in cyberspace such as strategy, military doctrine and organization, non-state actors, and critical infrastructure protection.

A collabortive effort from two years of research and dialogue, the monograph was authored by Matt Devost, Maeve Dion, Jason Healey, Bob Gourley, Sam Liles, James Mulvenon, Hannah Pitts, and Greg Rattray, and was edited by James Mulvenon and Greg Rattray.


In addition to the WCIT-12, which kicked off today, another ‘law and IT’ event will be held this week in Dubai. Folks from IRI, together with others in SU’s Department of International Law and the Swedish National Defence College, will be hosted by the Modern International Study center in Dubai for a seminar entitled “International Legal Aspects of Cyber Security.” We look forward to an interesting event. Information on the seminar is found on the center’s website.

Of course, the WCIT-12 may be just as interesting. For those who want a general overview to this ITU event, see Wired.co.uk’s “A simple guide to the ITU’s World Conference on International Telecommunications” article. For some European opinions, there is a zdnet article and an older EDRI newsletter article. For some American perspective, see this op-ed and ARIN’s opinion (the American Registry for Internet Numbers manages distribution of IPv4 and IPv6 addresses). And finally, the main WCIT-12 web info from ITU, and lastly, if you want to delve into some of the nitty-gritty, there is WCITleaks, which has various “leaked” documents and proposals from some of the ITU member countries.

Last chance to register for the e12 Stockholm IT Law Conference!

There are a few places remaining at the e12 Stockholm Conference Internationalisation of law in the digital information society, to be held on 22-23 November.

The main sessions of the conference will cover the following issues:

I      Data Protection in Global Networks
II     Evolving Systems for Solving Conflict of Laws on the Internet
III   Visualisation of Law

Theme: Internationalisation of Law in the Digital Information Society

Date: 21-23 November 2012 (21 Doctoral Workshop, 22-23 Conference)

Location: Stockholm, Sweden

Website & Registration: http://www.juridicum.su.se/iri/e12/

The registration deadline is Friday 28th October. We hope to see you there!


12th European Conference on Information Warfare and Security (ECIW-2013)

Recently announced was a First Call for papers for the 12th European Conference on Information Warfare and Security (ECIW-2013) which is being hosted by the University of Jyväskylä , Jyväskylä, Finland on 11-12 July 2013

This call will close on 20th December 2012.

The 12th European Conference on Information Warfare and Security (ECIW) is an opportunity for academics, practitioners and consultants from Europe and elsewhere who are involved in the study, management, development and implementation of systems and concepts to combat information warfare or to improve information systems security to come together and exchange ideas. There are several strong strands of research and interest that are developing in the area including the understanding of threats and risks to information systems, the development of a strong security culture, as well as incident detection and post incident investigation. This conference is continuing to establish itself as a key event for individuals working in the field from around the world.

For more information please go to http://academic-conferences.org/eciw/eciw2013/eciw13-call-papers.htm

Academic research, case studies and work-in-progress/posters are welcomed approaches. PhD Research, proposals for roundtable discussions, non-academic contributions and product demonstrations based on the main themes are also invited. Please feel free to circulate this message to any colleagues or contacts you think may be interested.

Selected papers presented at the Conference will be considered for publication in a special issue of both the Journal of Information Warfare: http://www.jinfowar.com and the International Journal of Cyber Warfare and Terrorism (IJCWT) published by Information Resources Management Association, USA.( DOI: 10.4018/IJCWT, ISSN: 1947-3435, EISSN: 1947-3443). Additionally, selected papers from the conference will be considered for publication in the International Journal of Electronic Security and Digital Forensics published by Inderscience UK (ISSN:1751-1911X)

e-Stockholm ’12 Legal Conference: Internationalisation of law in the digital information society

The Swedish Law and Informatics Research Institute (IRI) – in cooperation with the Trust for Legal Information and ADBJ – The Swedish Society for IT and Law - is hosting the XXVII Nordic Conference on Law and IT.

Theme: Internationalisation of Law in the Digital Information Society

Date: 21-23 November 2012 (21 Doctoral Workshop, 22-23 Conference)

Location: Stockholm, Sweden

Website & Registration: http://www.juridicum.su.se/iri/e12/


I      Data Protection in Global Networks

With regulatory reform and other initiatives on the horizon in several different parts of the world, few areas of law are as topical as data protection. This is so not least with respect to Europe with a proposed Regulation. The first topic area is devoted to a discussion of data protection in global networks; a particularly complex and interesting area of data protection.

II     Evolving Systems for Solving Conflict of Laws on the Internet

Over the years, conflict of laws issues have proven to be one of the most controversial topics in Internet regulation. The second topic area focuses on jurisdiction, choice of law, and enforcement of foreign judgments in the Internet context. Particular emphasis is placed on recent developments in this field.

III   Visualisation of Law

”Visualisation of law” is a third topic area we intend to address during the Conference. Given the digital context, visualisation could have quite a few different meanings. Just to mention a few; formalised representations of legal texts as a basis for automatic legal decision making, digital persons (avatars) guiding the general public using e-government services in order to enhance user friendliness, graphical illustrations of what the law says as a means for multi cultural understanding in different languages.

Hope to see you there!

Shedding Light on Internet Regulation in Belarus

By Aleksey Ponomarev, LL.M in Law and Information Technology from Stockholm University

Since the beginning of January 2012 a new Belarusian Internet regulation has been at the center of attention of various online media resources. However, it appears that the rules of the previously enacted President Edict N 60 have been interpreted in a wrong way, which has caused serious confusion in the world media. The sensation from Belarus named “Belarus Bans Browsing of All Foreign Websites” is being widely discussed and has been republished by various online media resources (BBC, Washington Post, Forbes, La Stampa, ZDNet, The Next Web, Mashable, TorrentFreak, etc.) The initial source of incorrect assumptions surprisingly seems to be the reputable resource of the US Library of Congress, which published the article “Belarus: Browsing Foreign Websites a Misdemeanor”[1] referring to Belarusian “yellow pages” Interfax news agency as source. The speed with which the misleading story filled the mainstream media was truly remarkable and in a few days more than 50 resources from different states have republished the incorrect information without being properly checked.

The confusion can be explained by the lack of objective and qualified information on the Belarusian Internet regulation, on the one hand, and the ambiguity of the provisions of law regulating the Internet, on the other hand. It is important to understand that the Presidential Edict No 60 on Measures to Improve the Use of the National Segment of the Internet Network (hereinafter referred to as the Edict) entered into force on 1 July, 2010, and its provisions have been in force for the past year and a half. Since entering into force the Edict, being supported by subordinate legislation, has neither brought any radical changes to the Belarusian online market nor heavy limitations of human rights and freedoms. Contrary to media reports neither is visiting foreign websites is considered as a violation of the law nor has any of foreign websites been blocked, as both these measures are not prescribed by the Edict.

Meanwhile the Edict was left without reasonable attention of the foreign media; the enforcement of sanctions for violation of provisions of the Edict became the subject of hot discussions in January 2012. The Law Amending the Administrative Offences Code (hereinafter mentioned as the Law) which entered into force on 6 January, 2012, enacted the sanctions for violation of the provisions of the Edict in the form of a fine (approx EUR 32 to EUR 96) as the only possible legal sanctions applicable for violation of the rules prescribed by the Edict. Any kind of other sanctions in the form of blockage of access to foreign websites or other measures are prescribed neither by the Edict nor by the Law.

The full version of this article is available at the pages of the blog on Information Technology law and Internet regulation in Belarus available at www.ITlaw.by.

[1] Roudik, Peter, Belarus: Browsing Foreign Websites a Misdemeanor, available at: http://www.loc.gov/lawweb/servlet/lloc_news?disp3_l205402929_text

Copyright © blawblaw
Nyheter om, från och kring institutet för rättsinformatik

Byggt på Notes Blog Core
Powered by WordPress