Territoriality, jurisdiction and Internet-related laws – WS 07 2012

From EuroDIG Wiki
Jump to navigation Jump to search

15 June 2012 | 11:30-13:00
Programme overview 2012


Key Participants

  • Staffan Jonson, ISOC-SE and .SE
  • Marietje Schaake, Member European Parliament
  • Cristos Velasco, Ciberdelincuencia.org and NACPEC.org
  • Rolf H. Weber, University of Zurich


  • Bertrand de La Chapelle, International Diplomatic Academy


Provided by: Caption First, Inc., P.O. Box 3066, Monument, CO 80132, Phone: +001-719-481-9835, www.captionfirst.com

This text is being provided in a rough draft format. Communication Access Realtime Translation (CART) is provided in order to facilitate communication accessibility and may not be a totally verbatim record of the proceedings.

>> BERTRAND DE LA CHAPELLE: Is this working, yeah? Please don’t hesitate to come a little bit closer.

>> We won’t bite.

>> BERTRAND DE LA CHAPELLE: There in the back, so while you’re coming in – and there will probably be a few other people that will be coming because the room is up the stairs so some people will have trouble finding it – just as a note of introduction, my name is Bertrand De La Chapelle, as you may have heard too often in the main room. I direct a project at the International Diplomatic Academy in Paris called Internet and Jurisdiction. And Paul Fehlinger was here. Yeah, Paul Fehlinger here is working with me is distributing to you the first issue of the quarterly report that we’re doing for the monitoring of jurisdictional cases and issues internationally.

So this is a programme that was launched in January of this year. And it will expand until the next years particularly feeding into the Internet Governance Forum.

So first of all, thank you for coming here for this topic. I know that there are other certainly very interesting workshops. So I’m glad you took the time to come.

Without too much delay, I would like to briefly introduce our panelists.

As you know, the topic is an important and transversal one. And so we wanted to have something that allows the discussion to flow freely. Most of you in the room know a lot about this topic, as well. And so the goal is to have an exchange between the panelists, the room, and explore those issues.

The theme is the tension between fundamentally cross-border Internet space and platforms and the vertical geographic base jurisdictional system, the so-called Westphalian Model. And so it is a transversal issue that cuts through a certain number of other issues that we have heard in the last few days. Namely – and we’ll focus mostly on three here – copyright issues, privacy and data protection issues, and freedom of expression. All three have a dimension and a huge jurisdictional dimension.

So the goal is to address those elements. And we have here four people. One is Marietje Schaake. You have already seen in action in the previous session. She is a Parliamentarian in the European Parliament. And by the way, the bios are online on the side so I will not delve into much detail.

Stafan Jonson is working actually at the ccTLD for Sweden. And he’s also involved with the Internet Society. And he’s a reformed civil servant as he was a colleague of mine in the past in ICANN and other international processes.

Rolf Weber is a law professor at the University of Zurich and Director of the centre for information and communication law.

And finally Cristos Velasco is from Mexico but living in Europe. And he’s actually launched a certain number of initiatives dealing with online fraud or online problems in Consumer Protection and also very involved in issues related to jurisdiction, as well.

I want just to mention that in the room there are also people who are not on the panel but that will be highly welcome to come in. One is Jan Kleijssen, the Director of Information Society and Action against Crime at the Council of Europe. And also Fredric Riehl was the international Director for Ofcom, the Swiss regulator.

So without further ado I want to launch the discussion and I ask the panelists to start with fundamentally two sentences about why is this topic of jurisdiction important and why do we need to address it now? Marietje, do you want to start?

>> MARIETJE SCHAAKE: That’s a challenge. It’s a problem we’re still struggling with so I really look forward to this interactive workshop because I think I’ll learn as much as you hopefully will in this session.

The nation-state, the core tasks of Government are based on a sovereign territory and jurisdiction that applies to either that territory or citizens of that country roughly speaking. And that’s the model of law making and the legitimacy of laws that we know. And the worldwide web is fundamentally challenging this, challenging the core tasks of Government to protect the fundamental rights of citizens, to ensure security. And technologies are developing at a pace that law making and decision making doesn’t. So we’re seeing an increasing tension there. I’ll just leave it there for my two sentences. But I’ve looked mostly at the issue of intellectual property rights enforcement recently and how U.S. jurisdiction impacts Europe.

>> BERTRAND DE LA CHAPELLE: One of the things that I would like you also maybe to mention – and this is the reason for the second part of the question – is why do we need to address it now? Because there can be an argument – and I know Cristos made it in a private conversation before – that this problem has existed for a very long time and that it is going on. And afterall, why not let things settle more or less through court decisions, one after the other?

>> MARIETJE SCHAAKE: Sure that’s an option. But if we look at the role the Internet plays and the dominance of U.S.-based services and how many European citizens use these services, then we’re seeing an exponential relevance of this challenge because how many of you let’s just do a little poll here are on either Twitter, Facebook, Gmail or Hotmail? All right. So all of you by clicking yes to the terms of use have signed your rights under a U.S. system for the use of those services. And as the amount of services that are based in a different jurisdictions become more important in our lives, this issue is going to become a bigger challenge. And I personally am not an enthusiast for leaving the settlement of these issues up to the way that U.S. court decisions will work. Because we all know that proactive or activists suing and the way in which public prosecutors and lawyers can play a role in the United States is a very different one from what we know in Europe and it will impact our citizens so we have to have answers.

>> BERTRAND DE LA CHAPELLE: Okay. That’s the first argument regarding the growth of those platforms making sort of a qualitative change. Stafan.

>> STAFAN JONSON: Okay I also want to start off across in the cross-border traffic of Internet and challenge of nation-states which I guess we’ll want in one sense.

There are – I do, also, want to challenge governance per se. We discussed this morning, as well. What is it actually? What is governance? At BBC today I saw a quite interesting definition of governance per se. And what it actually means.

We are about to see suggestions in the ITU this coming December of governance by international treaties perhaps. So that’s why this is interesting right now. Because in the end there are several aspects of governance where writing laws is just the absolute let’s put it use of the nuclear weapon of governance, the utmost power. But there are several aspects of governance below the topic, that aspect.

>> BERTRAND DE LA CHAPELLE: Basically the notion that jurisdiction is connected to governance and Government and power.

>> STAFAN JONSON: Exactly.

>> BERTRAND DE LA CHAPELLE: Therefore, as there’s a shift in power –

>> STAFAN JONSON: Exactly, as being – especially being a bureaucrat, you’re a scholar, you make your living out of actually writing laws. You’re supposed to do that. But that is not the only solution to things. So I want to emphasize this aspect, as well.

>> BERTRAND DE LA CHAPELLE: Thank you. Rolf, you’re next.

>> ROLF WEBER: Well, I think for the formal point of view we could say we do have jurisdiction problems because we don’t have harmonization of subs substantive law because if you had harmonization of substantive law your jurisdiction wouldn’t play a very important role coming from the field of Consumer Protection in which is not a topic you have mentioned, be Bertrand you have at least in Europe rules for Conventions as far as jurisdictions are concerned but we still have certain substantive laws. Another aspect which I would just throw out into the room we do of course have other international treaties. For example, the WTO treaty. And if we look – the WTO treaty, if you look at different standards, you run the risk that your IP data standards can be considered as sort of quantitative restrictions under WTO law which causes of course problems with cross-border electronic services.

And finally very obviously the cross-border nature of the Internet crosses the problem – causes the problem that if we follow an international approach, nation-states might be confronted with the situation that they try to implement so-called public interest standards in brackets censorship on the communication channels which do have negative impacts.

And why do we have to deal with the topic today? We are globalizing our world on a communication level, on an electronic services level. And problems are coming.

>> BERTRAND DE LA CHAPELLE: So one point I pick from there is that harmonization is okay when you have a relatively small space. I mean even the European Union as such is a large sphere of 27 countries but if we are talking about global platforms we can’t have harmonization rules the – we cannot have the rules –

>> WOLF LUDWIG: We don’t have that harmonization and the very difficult to come to on a global level.

>> CRISTOS VELASCO: First of all I would like to thank Bertrand for letting me present on this panel as Bertrand as mentioned already, Internet and particular aspects of jurisdictional law are not new this is an area I’ve been researching through a number of years through one of the organisations that I run which is called NACPEC.org and most recently I’m doing research in the field of jurisdiction and cross-border aspects of cybercrime related loss. And as part of my research, I just had this recent –

>> BERTRAND DE LA CHAPELLE: A little bit of advertisement.

>> CRISTOS VELASCO: A new published book. Well this is the first edition of the book. This is a book with regards to the jurisdiction as it is applicable in cybercrime. And I do a comparative analysis of six different countries among those countries United Kingdom, Germany, U.S., Spain and the focus is particularly on Latin America countries. One of the specific qualities of that book is the result of having actively participated in a number of seminars and specialised conferences.

>> BERTRAND DE LA CHAPELLE: You’ll have the opportunity to talk more about your experience. At this moment can you focus just on this question of why it is important for you at the moment?

>> CRISTOS VELASCO: It’s real important because we are seeing now a new generation of individuals. And I’m so really glad to see some of the European youth representative forums, some of the – those persons. Well, they might become older and some might take a legal path. And perhaps it’s – perhaps some of them might be able to take the issues of Internet law as a serious aspect. And it’s also important that Internet law, it’s very, very diverse. It differs from one country to another. We have common law systems, civil law systems and then we have a mix of approaches with civil law and common law.

So there’s no really certainty with regards to what rules apply to the Internet.

>> BERTRAND DE LA CHAPELLE: So it’s a confusion for users, as well.


>> BERTRAND DE LA CHAPELLE: Before getting into the meat and the substance of the debate, is there anybody in the room or do you want to add maybe on this very topic of why we need to address this now instead of letting the dynamics go? Please.

>> I would just like to recommend that you include otherwise I will be addressing it in Plenary 5 the question of enforcement, jurisdiction and criminal matters which is not covered in your list. And it’s – the mutual legal assistance treaties are being bypassed these days by authorities demanding that companies pull data from service in other countries and I think that’s an increasing problem, as well.

>> BERTRAND DE LA CHAPELLE: Well noted, particularly because there’s an element of platforms becoming an enforcement arm of actors. We’ll come back to that. Thanks for raising it. Any other comment before we get – don’t hesitate. The goal is to exchange.

So if there are no further elements I would like to start with Marietje on one point that she briefly alluded to, which is the extension of the jurisdiction of one country on other territories. And to throw the words directly, most of you, how many of you are familiar with the bulldog cases? Can you please raise your hand? Okay. So Marietje, if you can briefly explain what those cases are about and the challenges for extra territoriality that they represent.

>> MARIETJE SCHAAKE: Okay. I don’t think I’m familiar with those cases but what I will mention is a few examples of what we have seen – I think one of the most controversial ones but also the most telling ones is the megaupload case where whether or not the suspects will be found guilty. We see that through the trial that’s been brought upon non-U.S. citizens have been arrested in third countries other than the United States. The services effectively – the service is effectively down and the business is probably finished. And users regardless of whether they are engaged in legal or illegal activities do not have access to the content they stored on that service anymore. And this is before a verdict has been given.

And I think anyone who cares about fair trial and due process should be concerned about this. And I think in an age of Internet and increased use of Internet services, these kinds of examples will come about more and more often.

And where I think the political level comes in is that I think it should be an issue that is raised on a political level between the EU and the United States on how we deal with existing mutual recognition schemes or how we actually find shared solutions. Because one of the key questions that also I think is essential in listening to all of the introductions, it’s not only harmonization and the role of the nation-state traditionally but it’s about oversight so if you’re a U.S. citizen and you don’t like these kinds of laws, you can try to persuade the member of Parliament that represents you or otherwise you can influence the legal system but in the EU we cannot in principle do so. However, we see an increased effort to influence law making in other jurisdictions, as well. I personally wrote a letter along with Civil Society actors and businesses to U.S. members of the House of Representatives and the Senate about SOPA and people are raising our concerns because they would have an impact on Europeans. Likewise we see American companies and citizens and NGOs lobbying us to vote against ACTA so there’s a fascinating new kind of multi-stakeholder movement on the Internet seeking to already cross these borders in impacting the law making. But if you look at the principles of how a representative of a democracy or nation-state works these days this is not aligned so people are finding creative ways to have an impact but it’s not systematic and therefore not as accountable.

>> BERTRAND DE LA CHAPELLE: Why do you think that it is on copyright that this thing is really exploding? As a matter of fact a couple of years ago the main big news was freedom of expression blocking platforms in a certain number of countries. These I’ve had doubt a little bit and we’ll talk about it later but on copyright it’s completely headline news and you alluded to one thing in your introduction which is the terms of service and the fact that they specify a foreign jurisdiction or in the case of privacy can be the Irish data privacy Commissioner. Can you develop a little bit why you think copyright has been such a trigger and secondly the impact in terms of service?

>> MARIETJE SCHAAKE: Well part of how this whole field plays out I think has to do with the interest that certain companies have in this and where they are based. That’s simple. The content suppliers are largely based in California. But also the Internet companies are. And that’s why the famous fight between Silicon Valley and Hollywood is playing out in the United States. But clearly because the U.S. has also a great dominance when it comes to content, it will be easier for these companies to bring about cases.

On the other hand, I believe – and this is manifested through the massive scale downloading that still happens despite it being qualified as illegal in many places the emergence of the Pirate Bay, I think the development of new technologies has shown the business model to a lot of people ,ore on an intuitive level.

I think people now understand the immense profits that are made through the business models of the content industry and the way in which – the – the way in which the windows used to bring about a new moment to bring about a profit with the release of the new movie cinema then on exclusive DVD then on Pay TV then on a cheaper DVD et cetera do not really match a 24-hour news cycle and access to information environment that we see on the environment. It’s not as much fun for us in Europe to watch The Bachelor if we already know who he’s going to marry. So the whole selling in different phases is just not working anymore. And people do not think it’s legitimate to pay Amount X, Y or Z for content so there’s a disbalance and therefore lack of legitimacy in how copyright is managed all together. And we see active boycotts even of academics vis-a-vis publishers. So the lack of trust in the way – the lack of trust in copyright is managed brings a massive move against it.

>> BERTRAND DE LA CHAPELLE: I was wondering whether it is now also because it’s one of the things that now affects everybody’s everyday life.

>> MARIETJE SCHAAKE: Absolutely.

>> BERTRAND DE LA CHAPELLE: Where privacy or freedom of expression it’s only if you’re a fringed activist that you really feel that you are oppressed or so. It triggers everybody.

Stafan, may I –

>> STAFAN JONSON: Let me just add to your description, of course it’s the legal processes. But it’s also end user actually turning into Information Society for real, now it’s happening right now so we’re in the middle of a process of course and that of course is an important factor, as well.

>> BERTRAND DE LA CHAPELLE: So can we add the dimension that I was alluding before, the Director and bulldog cases i.e. the fact that in a nutshell Web site or domain names can be seized by the U.S. administration Homeland Security because a domain name has been bought a foreign – bought by a foreign actor through a registrar based in the or via a registry that is based in the U.S. which means that in a nutshell, anything that is in .com, .org, .net is supposed to respect U.S. law in copyright.

My question is you have with the .se as a ccTLD does that mean that somebody that buys a domain for a registrar in the U.S. can actually be seized – the domain name seized even if he’s living in Sweden and actively having an activity in Sweden.

>> STAFAN JONSON: It depends on I would say they can be seized by many people or in many instances rather but by the registry or the registrar just to cast light on this, we recently had a shift where the quite known site the Pirate Bay shifted from one Top-Level Domain to another. So they are recently at the piratebay.se we are still waiting to see what will happen about this very concrete event actually. So there’s no –

>> BERTRAND DE LA CHAPELLE: But do you know if they bought it through a registrar based in Sweden.


>> BERTRAND DE LA CHAPELLE: So if they had done it in the U.S.


>> BERTRAND DE LA CHAPELLE: If they had bought the domain name through a registrar in the U.S. they could be been – could have been seized.

>> STAFAN JONSON: Yes, they could have been. And it’s always up to the registry or the registrar so it depends on in every case and that’s what makes it even more unpredictable what will actually happen when taking down content via the DNS.

>> BERTRAND DE LA CHAPELLE: So talking about using the DNS as a tool there’s a lingering question which is the more blocking appears or the more seizures of domain names appear the more the domain – Domain Name System turns into a content control panel that is basically like actors and governments opening the doors of a magic content room with a lot of switches and feeling that you can just flip one switch and the other.

How do you see the evolution of this? Is there a way to preserve just like I think Michael Rotert yesterday said the infrastructure layer and the transport infrastructure should remain completely neutral.

Is there a way to make sure that the DNS layer remains neutral and is not becoming the nexus of pressure?

>> STAFAN JONSON: I think it will be the Nexus of pressure for quite a while. We will see a cat and mouse game going on for a while. And especially you probably know that just the other day we had news about the expansion of the top level domains in general in the world from today’s 300 top level domains to maybe 2,000. And it will not stop there even. So we will have thousands of Top-Level Domains and we will have a huge expansion of DNS of course. So the cat and mouse game can go on for eternity. And that is also my strongest argument why you can’t regulate on this level. You can’t make a difference in the DNS or in the – almost taking it very bluntly in the infrastructure per se. You have to go to end user instead.

>> BERTRAND DE LA CHAPELLE: Final question on this. As you’re talking about a cat and mouse game, if the cat and mouse game continues, do we risk seeing the emergence of the equivalent of tax havens like zones where there will be one jurisdiction that will say huh-uh I have a TLD that is based here and everything will be actually not seized, whatever. By the way, I don’t know if ALFA is there because there are discussions in –

>> STAFAN JONSON: There are.

>> BERTRAND DE LA CHAPELLE: So can you briefly . . .

>> STAFAN JONSON: Yeah, I think probably so to say tax havens in the medium-long term but there will also be other things like the possibility to anonymize the user so you can see what they are sending but you can’t see who is actually doing it.

So there’s always a new technical layer to avoid to continue the cat and mouse game. So just catching the DNS is just the first step. And there’s also cryptographics and risk minimizing people it can go on for a very long time and that’s why it’s their own way of trying to handle the problem.

>> BERTRAND DE LA CHAPELLE: One of the questions by the way is how far can you tinker with the separation of layers without harming the system itself.


>> BERTRAND DE LA CHAPELLE: Before we move to one of the other topics, are there comments from the room or from the two other panelists that we’ll come to on the other things on that specific issue of copyright? Monica and Wolfgang. Wait for the mic.

>> Monica Urmit (phonetic). I’m a journalist. On the tax havens, could those who want to intervene just go up one level in the infrastructure and for example, then ask ICANN to take a step? Because every one of the new registries, they sit where they sit, are contractually related and bound to ICANN.

>> STAFAN JONSON: That’s a good point they can go one step up to ICANN and ask and then it’s up to ICANN to politicize their own business or not because they will also take aboard a whole lot of the headache if they do so it’s a strategic decision for ICANN to make that. It would be very interesting to see if they did. I think they have had I guess people have approached ICANN to do that. And I guess they have pronounced it so far but I guess it’s – they are taking aboard political issues they are taking the integral the act so it’s the growing the political ambition at ICANN and I’m not sure if they understand what they are actually going to. They are slowly politicizing the infrastructure and that might be a headache for ICANN in the long run.

>> BERTRAND DE LA CHAPELLE: Thank you very much, Monica for asking the question. Wolfgang and Rolf want to make a comment and I’ve got two people.

>> By the way, in the U.S. GAC delegation there was an FBI guy last time so that means it continues and a good case with the havens is that probably one of the next new big player machines I think the – minds of machines I think the corporation is incorporated in the U.S. but the holding is headquarter – the whole thing is headquartered in Ireland so you mean already it’s a distributed system and then you have to decide where to go if something goes wrong. But you know, I just wanted to add if you discuss these legal issues you have to be very precise and make a distinction between contractual relationships which are based on contracting law and then general law, public law and international law. So it means you have to be very precise. What is the subject of the law? Very often we talk about these general things, jurisdiction, territory.

This doesn’t help. And this does not bring you the solution. You have to be very precise. What is the subject of the regulation? Is it rated by a bilateral contract or is this part of the general public law and then criminal law or civil law or whatever, constitutional law. And then what is the subject of international treaties. I remember the early days of ICANN when they were always confronted with the question is ICANN the regulator and she denied this and argued we are regulated by contracting so regulations by contracting and it was a safe harbor for ICANN to say if you kill ICANN then you have to deal with hundreds of bilateral contracts. And then you will have a lot of problems if somebody wants to kill ICANN. So I think this was a – was a saver for ICANN to enter into this numerous bilateral contract and I think this is an important point you have to take into consideration when you talk about these important issues.

>> BERTRAND DE LA CHAPELLE: Thank you, Wolfgang. Two people here behind you raised your hand and then finally Avri and – go ahead.

>> Hi. I’m Sara. I’m from the new media summer school. I’m a student in the UK. I don’t know if you’ve heard about the free Web site library.nu it’s recently been shut down.


>> Library.nu free books online I got lots of books on there from my papers. It’s recently been shut down. I’m not entirely sure where the registrar is based but yeah I’m a strong believer in free access to knowledge for all. And I think the shutdown of library.nu is – it’s a disaster for knowledge especially in third world countries I was wondering what you think about this.

>> BERTRAND DE LA CHAPELLE: Well I think at this stage given the dynamics of the discussion I will probably just thank you for this reference.

>> It’s just more jurisdictional issues really.

>> BERTRAND DE LA CHAPELLE: Unless there are people that are familiar I personally don’t know about that specific topic. There are interesting – okay let’s follow the trail one second. Is that on the same topic or not? Can you hold for one second and – it’s not on the same – library.nu? Very quick comment just to enlighten us a bit further.

>> I’m Stuart Hamilton from the International Federation of Library Associations. Library.nu for all of it’s huge benefits particularly for people from Developing Countries was a collection of certainly what the publishers termed illegally hosted content so it didn’t come as any surprise to us that it was shut down at all which is not to say that it wasn’t extremely useful for people who couldn’t afford to get access to that content and I believe it was hosted in Russia I’m not entirely sure.

>> BERTRAND DE LA CHAPELLE: Thanks for the reference. Because this will be added to the trail of cases that we’re following precisely following as you mentioned. Sir.

>> Yes I’m –

>> Neighbors are downloading books as we speak.

>> Yeah I’ve got it here. I could access it.

>> BERTRAND DE LA CHAPELLE: Go ahead, sorry.

>> I’m from the intellectual property office I find EuroDIG I’m sorry disbalanced towards the position of the intellectual property now I have to say I cannot disagree more from the intervention on Mrs. Schaake. If you take the case of Part bay and the case of – Pirate Bay – it takes a great amount of international cooperation to reach legally notify and shut down these criminal sites and that’s exactly what is happening now in other sites which is pcat.com (phonetic) and also registered as CATPH (phonetic). It’s in the Philippines. What’s happening? It’s happening to the Americans probably with serve, this Web site. And they will succeed in eliminating the Web site.

So there is an alternative Web site, CATPH in the Philippines and that site will be far more difficult to reach and to be I’m sorry shut down.

There are enormous difficulties in this kind of international and interstate cooperation and they will see anything that abusive should get places like Pirate Bay anyways because they are illegal it is for me at this level I don’t think that an individual student or young person downloading a file is really stealing. I would never prosecute an individual user, a young person downloading a file.

But this kind of organisation, these are criminal organisations. Full period. And for what’s concerned – for what’s concerned, excessive profits. Now, don’t tell me that excessive profit is just a problem of the copyright sector because I’ll start laughing into tomorrow. Excessive profits in the capitalist economy are a problem that concern many sectors. Like, for example, let’s get out of the economy excessive salary of the politicians. Now I just want to say that the evaluations, the evaluation of the advertising revenues of these pcat.com or CATPH are like between 8 and $10 million a year only for advertising. These are not victims.

>> BERTRAND DE LA CHAPELLE: Thank you. Just one point, though, is that the whole heart director site in Spain as you certainly know were twice deemed perfectly legal. By the way, I have a comment from the remote participation.

>> MARIETJE SCHAAKE: I can’t wait to respond.

>> BERTRAND DE LA CHAPELLE: I don’t want this to turn into a debate on copyright what the topic is the leveraging of the technical infrastructure for content matters which is a different issue.

Remote participation, what is the question?

>> PAUL FEHLINGER: Yes, there’s a question from the Ukraine that concerns cloud computing. Due to the international – due to the international relation to those services what’s the role of the national law enforcement agencies and what is the restriction for cloud services.

>> BERTRAND DE LA CHAPELLE: Maybe we can develop that a bit further in the responses, if you can introduce it in some of the comments you make afterwards. I think I have to close. I just add Avri on the list and then I will come to the two panelists.

>> Thanks. Avri Doria. I’m a researcher. And I wanted to get back to sort of the technical infrastructure. And you know, we spend a lot of time talking about we’ve got the DNS and that makes it easy to take things down because you can go to the registrar, you can go to the registry. That is just a temporary thing.

If that becomes too frequent a target, too easy a target, there will be circumvention, whether it’s new DNS methods, new ways of accessing. I’m personally moving everything I can to Iceland right now.


>> And people will be doing that. Yeah, I wish I could move myself there but that’s beside the point.

So I think that you know people have to be careful. A, when they talk about what’s illegal and we will bring things down because things that may be illegal in one place aren’t or shouldn’t be illegal in others.

I think users who care will learn to put their stuff where it’s safe to put their stuff. And they will take the lead of the Pirate Bays and go to a more freedom loving you know area where they can have their Web sites and their content without interference.

>> BERTRAND DE LA CHAPELLE: So it’s a promulgation of cat and mouse type thing so Cristos and Rolf, a word of reply.

>> CRISTOS VELASCO: First of all with regards to the question with the remote participants we should talk about cybercrime. In fact last week we got in the conference regarding cybercrime I’m glad Alexander is here with regard to jurisdictional aspects with Cloud Computing there’s still not a concrete response the Council of Europe is analyzing that with a group of experts in order to come up with a concrete solution to the problem.

>> And it’s working in the ICD as well on Cloud Computing.

>> CRISTOS VELASCO: Well it’s working but it’s different here it’s at the Council of Europe it’s more at the law enforcement level.

>> BERTRAND DE LA CHAPELLE: Rolf, you wanted to make –

>> ROLF WEBER: Most has already been said at the very beginning I wanted to quickly build a bridge from our discussion on the importance of copyright to the first motion coming from the floor. In fact I do think that we are talking a lot about copyright enforcement not only because we have high economic values on copyright but also because existing regime of international treaties for legal assistance allows to get the enforcement abroad. And therefore we are back to your first question. I’m not elaborating more. But it’s much easier to proceed on the basis of a copy or a leaked copyright – an alleged copyright violation than on an alleged data violation. In fact the cloud is nowhere and therefore we don’t have national enforcement authorities and if somebody is hit by something coming from the cloud, then this person is trying to find the place where he or she can start legal action or can get enforcement.

And coming back to our traditional categories which have been nicely mentioned by Wolfgang who is not even a law professor but knows a lot about law, we have to look do we have a contract, do we have tort, do we have public law violation. And everybody who would be interested to get access to courts, et cetera, is just trying the best way to find a place where a court would eventually be willing to take on the case on an enforcement agency. But I mean we don’t have really strict rules.

>> BERTRAND DE LA CHAPELLE: But in the case of the cloud and when you say – I’m a bit provocative here when you say the cloud is nowhere, actually there’s an operator of the cloud that is a company that is incorporated somewhere. And the locus of a corporation can be one criteria for competence or the location of the servers or the location of the user.

>> ROLF WEBER: I’m not saying you don’t find a place where you can start legal action. I’m just saying you have to look for the place. And you have to analyze the legal situation.

If you entrust your data administration with an outsourcing service provider, then obviously these outsourcing – this outsource service provider has a domicile and very obviously if it’s a contractual claim if something goes wrong you can sue the outsourcing service provider at his site no doubt about that if you talk about tort you have other channels so I’m not saying there is no way but it’s may be a discretionary place if you go to the server it’s even more discretionary and it does not really make sense that we are finally getting maybe two different judgments, one from a court sitting at a place of the service provider and one maybe from a court being at a place of the server which may be in contradiction and this doesn’t really make sense so we need to have more globalized tools.

>> BERTRAND DE LA CHAPELLE: Cristos, quickly.

>> CRISTOS VELASCO: I notice there’s some tensions especially when we talk about cloud services or the terms of use and I would like to make a link to the data protection issue.

>> BERTRAND DE LA CHAPELLE: We are actually coming to this topic just right now so it will be an interesting transition if you don’t mind. I’ll finish. I’ll give one opportunity to Marietje who wanted to talk.

>> MARIETJE SCHAAKE: I’ll say one about Cloud Computing Microsoft is a company that actually wants to offer or offers these services and has said the data in the cloud will be subject to for example the Patriot Act and that any service of Cloud Computing that claims that it’s not – that it wouldn’t be the case with their company is lying. So these are words by companies themselves as a piece of information.

To the gentleman about intellectual property rights, I think it’s very important that we – whoever is not a judge doesn’t make a verdict about a case because this is very much an expert issue. And we have a separation of powers for a reason. So I wouldn’t want to put myself in the position of judging who is engaging in legal or illegal activities. What I do think is important is that we assess the reality that in the case of megaupload and there are many other examples suing renders a result in and of itself. So whether or not a court of law finds the suspect guilty or not guilty the impact on the business is huge.

And you have to ask yourself: If the verdict would be not guilty, what kind of redress does a company have et cetera, et cetera.

I don’t want to make – I mean the excessive profits issue I think is not the key issue. Sorry. It’s not the key issue. The issue is the people are no longer dependent on these monopolies so they can do it themselves. So if we just let the free market forces go ahead, then we see that actually intellectual property rights management the way it is dealt with now can be disturbing the market forces and that’s what’s going on. And as a consequence, IPR is losing it’s legitimacy. I’m not advocating this I’m just observing this and that’s something that we should be concerned about not celebrate.

>> BERTRAND DE LA CHAPELLE: I think it’s a nice conclusion and transition actually to the next. Something came to mind as you were speaking. You said we have this principle of separation of powers in this subject that we’re talking about and closing this first part on copyright. Okay. Noted. What comes to my mind is that there is a principle of the separation of layers. Separation of powers regarding the traditional democratic system on the Internet there’s this notion of a separation of layers and what is happening at the moment and I close with this is that by tinkering with the infrastructure layer we are touching this concept of the separation of layers.

I’m not sure that we should not use the infrastructure for better purposes, for instance, privacy by design is an element of tinkering. But when we tinker, we have to be extremely careful.

So as a transition and Cristos, it’s a nice way, I would like to raise the issue of data protection. And introduce it by saying that there’s a sort of battle of the horizontal versus the vertical. On the one hand you have the vertical orders of the national or regional orders that are basically on the geographic territory. And on the other side you have international commercial platforms that are establishing their own normative order.

And as I say that, I realise that I have forgotten the remote participation comment was it connected to the copyright right?

>> PAUL FEHLINGER: Not copyright in general but somehow related, yeah.

>> BERTRAND DE LA CHAPELLE: Can you mention it –

>> PAUL FEHLINGER: There’s a question from Olga from Russia and she’s wondering in the establishment of Internet laws as an enforcement arm of the national jurisdiction, how do you make sure that there’s a certain degree of fairness in developing them when they apply for citizens in other countries.

>> BERTRAND DE LA CHAPELLE: Okay. So if I understand correctly and we’ll come in this part of the discussion is what Marietje also mentioned, i.e. when a law is adopted in one country and it has an impact an extra territorial impact how do the citizens in the other countries get involved in making – apart from getting to the streets.

So platforms, developing terms of service and privacy and governments and various regions, European Union, the U.S. and others developing privacy rules.

How do they interact? And how do we address this tension?

>> CRISTOS VELASCO: Talking about that European context and perhaps some of you have read about like the right to be forgotten and we have been very active with regards to the implementation or interpretation of how these rights should be applied to Spanish citizens. So Spain more than three months ago, the Spanish data protection authority mentioned that they have more than 250 cases on the right to be forgotten. Most of them relate to the relation to information containing what information might put the risk of an individual the self image and the reputation.

And this also comes to another important case that was raised at the – in March 2012 the international to clarify jurisdictional and applicable law issues in cases involving complaints on the protection of privacy against Google and search engines in general. According to the Spanish national court, it’s yet – it’s really yet unclear who should issue a judgement regarding complaints related to privacy of individuals who do not want their information or data published on the Internet, including information that is indexed in different search engines and this does not only applies to Google but to all search engines.

And in fact the first section of the administrative chamber of the Spanish national court issued a statement in March indicated that this has submitted a formal request to a European Court of Justice in order to obtain clarification on the rules and jurisdiction and enforcement on – of European legislation on data protection.

According to international, this is the very first time that the European court tribunal has raised this issue before the Court of Justice of the EU. I will stop there. The sentences have a level line and the order that the international established a number of different aspects that I may not be able to go into detail because of time constraints but this is raises an interesting question also with regards to as to well for instance search engines like Google are saying well then Spanish law is not applicable to us because we are established under California law. And –

>> ROLF WEBER: Well it’s a highly interesting topic. To refer to a Spanish decision, I would like to draw your attention to the fact that the Supreme Court decided last Friday a week ago that Google Inc. U.S. Street View is subject to the state data protection law and Google street views service which has been more or less shut down for the last one and a half years will be allowed to be introduced again but only under very strict conditions.

But I would rather prefer to go a little bit on a broader road and tackle the aspect of the cross-border delivery of data. Because most international legal frameworks do have special rules on cross-border data transfer. And most of these international frameworks say that data can be transferred to other countries if the other country, the receiving country does have an equal level of protection or equivalent level of protection or adequate level of protection.

And usually it comes under the question: What is adequate? What is equivalent, which is of course a very tricky issue. And since for example as we know the U.S. are not considered providing adequate level of protection. The EU and Switzerland and some other countries were jumping to this very strange notion of safe harbor agreements which are of course not at all safe.

And as I mentioned before, we do also have an issue now in respect of international trade law there’s no case pending but I’m sure that somewhere somebody will come and raise such a case. Because a high protection level country considered as a quantity of restriction according to the general notion of WTO and then the country of the high data protection level would have to justify at this level by arguing that it’s in the public interest or that it’s – it’s got consistent law. I mean there are a couple of possibilities. I do not want to go into legal details but we have a bunch of problems in this field.

>> BERTRAND DE LA CHAPELLE: In the case of the Swiss Google Street View, when we’re talking about local criteria and for instance international targeting of a specific geographic area in terms of the audience, when we talk about street view, is it not natural to – is it not natural to consider that even if the company is in a foreign country, if he deals with data that is clearly localized, it should respect more of the rules or not.

>> ROLF WEBER: Well I’m not a legal representative of Google in Switzerland.


>> ROLF WEBER: I would say it’s quite natural to have the legal representative of Google was arguing well the scales are in the United States it’s uploaded in the United States so we would rather prefer to have U.S. laws apply and not Swiss law applied. And by the way in this field Swiss law equals very much the Data Protection Directive of the EU so there’s virtually no difference. It even equals the new proposal of a revised data protection ordinance of January 2012.

So it’s not a problem on the European level. It’s really a problem between the European level including Switzerland as not being an EU country and the U.S. level.

>> BERTRAND DE LA CHAPELLE: The reason why I was asking is because on many of those issues, we are often caught between a sort of black and white type of situation. Either it’s 100% a national law that applies just because somebody is a user living there that’s the case for instance in Canada where on – on defamation cases it was deemed that the simple fact that somebody was viewing the content in Canada was sufficient to file a lawsuit on Canadian courts for information or the other extreme which says it is only dependent on where the company is processing the data, which actually the Irish court in a defamation case judged in that direction which is the opposite from Canada.

But one thing – and so I wanted to just explore the fact that in the future, there seems to be an exploration of grey areas where it is neither completely one or completely the other as we see with blocks bot.

>> MARIETJE SCHAAKE: Just another layer of tension or paradox there are a number of cases where EU Member State governments have signed away the rights or the protection of the data of their own citizens to private entities in the third world countries.

>> BERTRAND DE LA CHAPELLE: And I will come also to the terms of service. But –

>> Leyla Kayacik, facilitator lead in the EU. Well, I will offer a quite unusual twist to our discussion and my question is to Professor Weber and Stafan mostly I don’t know if everyone present we have a very interesting development which took place seller – took place several years ago when correct me if I’m wrong the Swedish Parliament passed a bill under which Sweden is a traffic in and out of Russia under which Sweden committed itself to deliver or to intercept and to deliver the results of those interceptions to the U.S. intelligence.

How would you qualify this case? And how let’s say international law or whatever, international related law might be applicable to such cases. Because I understand that you know we live in a very turbulent world and there might be well so many cases well let’s say cyber war aside there might be certain attempts to let’s say violate privacy and data protection let’s say well standards. Just on behalf and for the benefit of a third country, a third party. Thank you.

>> BERTRAND DE LA CHAPELLE: Who wants to comment?

>> STAFAN JONSON: Let me start with on a personal view I’m very concerned about the law called the FRA law, which gives Government the right to look into Internet content.

On the other hand, I’m – I do not know that it was actually an agreement to resend that information to U.S. I can’t confirm that. So I have no comment to that. It’s just – but of course, the law in itself is – is deeply disturbing. It is but there’s been a – as being a citizen within Sweden so I’m not sure I can contribute too much more about it, maybe later.

>> ROLF WEBER: I cannot contribute anything to a Swedish law very obviously but I can maybe make a channel remark and my channel remark would be that a law or a commitment of a state cannot violate constitutional rights and if the Swedish Constitution does contain a right to privacy, I wouldn’t know. But I would assume that it does. Then such kind of commitment would not stand against the Constitution and would have to be considered illegal of course. The concerned person would first have to find out, et cetera, et cetera.

But having said that and by emphasizing that the Government is also bound by constitutional right of privacy, I would like to add that this of course also applies to private entities.

And private entities are not entitled to disclose personal data just because they are interested to do certain business in a certain country. And I refer for example to a case which happened in China, the Internet address of a Chinese blogger with a Hong Kong provider has been disclosed by arguing from the side of the provider that otherwise if this person’s title would not be disclosed the shop would have to be shut down in China and this has been called the so-called justification reason in my opinion it wasn’t a justification reason so governments and businesses are bound by constitutional rights but again I’m not making any comment to the Swedish law.

>> BERTRAND DE LA CHAPELLE: If I understand correctly, you are in one of the committees in the relationship with the U.S.

>> MARIETJE SCHAAKE: The U.S. delegation.

>> BERTRAND DE LA CHAPELLE: So the question is the following: At the moment we’re seeing many initiatives around the world to update the data protection regimes. You get the initiatives of the privacy Bill of Rights in the U.S., which is first. I mean it’s really an evolution. You get the revision of the Data Protection Directive in Europe. But there are initiatives emerging there was the APEC framework in the past there have been discussions and cases in China in the Philippines in India and in a few other places.

What is the likelihood that those things will be more or less converging? And is there any kind of discussion going on among all of the actors who are dealing with those things in different spaces.

>> MARIETJE SCHAAKE: Well just before I say a few things about that, I actually have a colleague who is much more of an expert on this who sits in the legal affairs committee or – not legal affairs. I’m sorry. Home affairs committee and civil liberties committee. Her name is Sophia Esfeld (phonetic) if you want to know more about the details please contact her because she’s the one that deals with data protection data privacy, et cetera.

But in the U.S. detailing those conversations are not – U.S. delegation those conversations are not actually held but – they are touched upon in the case of cybersecurity for example or broader international issues but I think – and the general impact of U.S. law in Europe for example Iran sanctions completely different issue but it’s not only in the area of Internet-related services that we face this problem. And as much as I believe in today’s world the United States and Europe should work together closely, I see a huge gap in the need of Europeans to deal with this in a more appropriate way and to protect the fundamental rights of European citizens and the willingness on the American side. I regret to say but it’s a very, very difficult kind of discussion. And on their side they feel like they have to give up something.

They are generally convinced that sharing of data has actually prevented terrorist acts from happening. Others may feel differently.

So this is a very difficult conversation. Do I see candidates happening because that’s your – do I see convergence happening no I wish but no.

>> BERTRAND DE LA CHAPELLE: Even the fact that a topic that was relatively hard to raise in the U.S. regarding privacy of regime is now trying to be put forward at least with a little bit of self regulation or encouragement of self regulation just in a nutshell a bit of conversion.

>> MARIETJE SCHAAKE: I do think from the grassroots level in the United States there are more people themselves who are concerned but there’s still a difference in the way citizens rights – citizens can claim their rights in the United States and third country nationals can or cannot that’s where the text comes in and I think it’s very hard for people to know what it means until it hits them. I mean my political party has just been given answers to questions about whether the U.S. authorities would have access to fingerprints of our passports. And our own minister cannot give a conclusive answer but cannot exclude the option.

So this is what I mean by the tension between the core tasks of governments. I mean our colleague here mentioned constitutional right. So what if those databases are already subject to insight of the fingerprints of our citizens? And then what can our Government do? What can a citizen do if there’s abuse, et cetera, et cetera? We saw it with the subpoena of a Dutch citizen in the WikiLeaks investigation that Twitter was asked to hand over the private data and communication.

And they informed the suspect or the source or whatever in this case. But there was nothing that our Government could do or the European Commission could do. We asked parliamentary questions and basically the answer was yes indeed there’s not much we can do.

>> BERTRAND DE LA CHAPELLE: We’ll talk about the terms of service but Cristos you had a point. And I see one hand over there.

>> CRISTOS VELASCO: It’s really important to remember this audience that the protection and retention of personal data falls within the scope of articles – Articles 7 and 8 of the European charter on human rights. And there’s like different case law that’s been issued by the European court of human rights. Some of those cases are explained in a well-written paper that was released in the previous conference in 2010. And there’s reference to some of the cases such as the Marper versus the United Kingdom and then Uston (phonetic) versus Germany where they co-founded the moratorium with the processing and the use of the data amounted with his private life as protected in Article 8. There’s case law. Well, I mean there’s cases still developing. But when we talk about the international level there’s no clear guidance. Not yet. And especially well you made a very interesting point with regards to the – well the interoperability of privacy, with privacy frameworks.

Well we have the OECD the privacy framework the Obama initiative. And also we have a number of laws in Latin America or in the American world the country I’m from came up with a law a couple of years ago and the regulation just came into place in January. And Mexico is regulating now the issue of Cloud Computing. And in fact it’s coming up with a number of obligations for Internet service and cloud service providers. So I would like to see – it’s an interesting point. Because I mean for us it talks like ten – it takes ten years to develop a data protection law but then we have on the other hand the United States who do not have actually a privacy framework for the protection of personal data and presentation of companies. And Europe where we have – where you have an overregulated or there’s a lot of regulation with regards to data protection.

>> BERTRAND DE LA CHAPELLE: So at the moment it’s neither convergence on the substance nor coordination on the well leaks. Come, please.

>> Just to add to the confusion in the United States you have the problem not just with the Patriot Act by the way but also with the FAIS Act Section 1AA specifically authorizes U.S. authorities to grab anything in the clouds they can put their hands on Section 18AA. And one particular problem in the United States is the in Europe human rights law since the Second World War has applied to everybody if you read the European – it extends human rights to everybody. The American Constitution is – is disapplied to non-U.S. citizens to a large degree. And I see one issue that we should pick up there for Civil Society it’s only just beginning. At the moment American Civil Society groups only complain if there is interference with rights of U.S. citizens. If Americans are determined if it’s a yeomen or an Arab they don’t complain about it exactly the same about data.

It’s true. All of the complaints of the American civil liberties group all they do is complain about interference about tapping wiretapping interception of communications of U.S. citizens. Every time I read that and that should be my friends statements I scream and say aren’t you bothered about the interception of European and anybody else’s communications that’s a dialogue that we should start with between Civil Society and academics and try to convince the Americans to extend the protection of their Constitution to non-U.S. citizens.


I had another question in the back.

>> Sorry. Pat Walsh, GMA. It’s a question for all the panel the proposed data protection regulation in Europe seeks to apply to entities oversees who process data of citizens in Europe. So I would like the panels views on how that would be applied extra territorially and how would it be enforced to give you some context I’m in the UK I download an app to my phone it comes from the U.S. App Store the app has code inside it that means that it’s taking certain data and sharing it with another third party in another third country the app itself comes from a developer in Timbuktu how will it be applied and enforced it’s a nice idea and a welcome idea but what does it mean to the individual? How would this process work? How would it be enforced?

>> BERTRAND DE LA CHAPELLE: Okay. Who wants to pick it? Cristos?

>> CRISTOS VELASCO: I’ll try to pick up some of the context. Because the question involves like different aspects of privacy cooperation, enforcement with regards to cooperation the OECD has a network there called the global protection enforcement network which is still on a very infant state of development. And in fact well out of the 34 OECD countries, so far only 18 Member Countries and two non-OECD countries are part of the network. The number includes 12 EU Member States, Switzerland and the EU through the European data protection supervisor. This is still developing but I don’t see the cooperation to be so efficient because we have to consider that data is – it’s so it crosses borders so rapidly and this – well this data protection network authorities are not like talking enough or are not cooperating at that level. But –

>> I think in the U.S. – the U.S. and Canada is a member of GPA it’s not there to enforce it but to share best practice you have privacy enforcement network among regulators as well as 19 learner countries that’s only one mechanism perhaps that – Latin American countries which they can share information but take enforcement. But I’m curious we have an expert a professor in the middle that can perhaps answer some of that.

>> WOLF LUDWIG: Well only one short word you are of course completely right that we don’t have the enforcement mechanisms. And indeed we have to develop and implement these mechanisms. But first, we probably need to have the sensitivity of the importance all over the world. And then we have to decide what kind of mechanisms would be appropriate. On the one hand for example we have quite a good cooperation between antitrust authorities almost all over the world. Or in the field of arbitration we do have the New York Convention since 1958. And arts are in principle enforced almost all over the world so we could consider having a similar legal framework. But I realise that we are very far away from this point.


>> MARIETJE SCHAAKE: Well I mean I would not want to claim to be an expert on these complex legal issues but a few elements that would help is the further development of the EU single digital market so at least we take away the barriers amongst ourselves and that we also leverage our economic weight in various ways vis-a-vis third countries and then you can also start thinking about licenses for example for companies when they want to enter the EU market but there is no such thing at the moment. So that makes it very difficult to do sort of collective bargaining or collective licensing scheme or whatever.

Yeah. Do you want to respond?

>> I mean I’m aware that other people want to speak but only it’s not just the license but the fact that the entity themselves might have no equipment no establishment whatsoever in Europe and I access their services –

>> MARIETJE SCHAAKE: No, I understand and that’s the same problem that we have now. But it will also depend on – it depends also what are the consequences for citizens. You know is it about extra addition is it about enforcing the punishment.

>> Data protection.

>> MARIETJE SCHAAKE: It all depends on what the verdicts are and what kind of level of cooperation is required because we are now talking about the United States which is the traditional ally but imagine what will happen in 10, 20 years when a – when certain Asian countries will produce or develop much stronger market players and what if they start saying that certain services are undesired there’s a real paradox between the way in which microblogging and Internet companies are considered as liberating to some in a country which can equally be perceived as a threat by the governments of those countries. And they can also start saying: Okay we’re just going to shut those down. Period.

And I think that’s the kind of standoff we do not want to see and that’s why I think we have to be very, very careful with what’s happening now. And I think for the political level at least we have to raise this with the Americans and develop scenarios and details that show why these kinds of extra territorial measures with a one-sided view can backfire in a way that’s unprecedented.

>> BERTRAND DE LA CHAPELLE: What’s interesting and I have one question and the remote participation. But what is interesting is in the relationship between Europe and the United States there’s a sort of symmetry irrespective of the validity of the positions. On copyright there’s an extremely strong pressure for an extra territorial implementation of U.S. law. And if you look at the symmetry on privacy, it’s an extremely strong European push for sort of extra territorial application of the privacy rules.

So I’m not judging the validity of the substance. What I’m just measuring and stating as a fact is the situation of an extra territorial extension.

>> MARIETJE SCHAAKE: And the market will play a big role here, too there may well be American consumers who will flock to Europe because they will be attracted by higher levels of protection and vice versa we also see a changing trend like around the discussions on SOPA in the United States where it’s actually no longer the automatic dominance of the content industry but rather a standoff between sort of Internet companies and content. So I think there’s a lot happening. And the market will play a big role in this, too.

>> BERTRAND DE LA CHAPELLE: Absolutely. I have one question here and the remote participation and I would like to move to a next item. Go ahead.

>> Yes before going to a specific case of jurisdiction, my personal impression is that the Americans do want to negotiate an international treaty setting some rules on the Internet because whether we like it or not, Internet standards are set by the American industry.

>> BERTRAND DE LA CHAPELLE: That’s actually the thing I was about to say.

>> This is something we should always remember especially when the copyright lobby is so extremely criminalized there’s a lobby today which is far more important and powerful of the Copyright Law be it search engines service providers and telecom is No. 4 in the world after maybe financial so I frankly left when the Internet people criminalized the Copyright Law but on the other side we would like to add a sort of word into the Internet organisation into the United Nations these are the two positions. Europe is in the middle doing basically nothing and why we don’t hear the voice of Europe. It’s very easy why? Because the Commission does not have full competence to negotiate on the Internet on behalf of Europe. And until the Commission doesn’t have this competency, the situation will be very difficult because 80% of the competencies on the Internet are still national in Europe. And the game to give the companies to the Commission will be an extremely difficult one.

Now, just to describe one thing that I got to know just one year ago is the limitation of for example the Italian or the German or the French jurisdiction in criminal cases. Let’s imagine an investigation for murder in Italy and the judge needs his e-mails, his Google e-mails, do you know what happens? It happens that the Italian judge there would be no difference if the judge was French or German has to make an international interrogatory to Palo Alto, California and the guy that says yes or no it’s a Google thing. Now don’t tell me we don’t need some rule or jurisdiction.

>> BERTRAND DE LA CHAPELLE: Actually it will be an interesting transition I’ll come to that there’s a remote participation question.

>> PAUL FEHLINGER: Bertrand actually this is a question I’m asking on my own behalf. We have talked a lot today about the rights of countries to exercise jurisdiction. My question has to do with the responsibility of a country to exercise jurisdiction. And as an example we all know at least most of us do the policy of Swedish neutrality and that is military. What if a third party would use the Swedish server to launch say stocks net against a third party? Does Sweden have a responsibility to exercise jurisdiction to stop the attack or will they forfeit the neutrality if they don’t.

>> Responsibility in front of who is always the answer.


>> ROLF WEBER: Well in theory I could give you a ten minute answer but that’s not asked for here. But I can only tell you the expert group of the Council of Europe has studied problem I have published to this item and we do have certain precedence about responsibility for example coming from other infrastructures such as nuclear accidents et cetera and you would have to see what analogies could be drawn I would like to leave it with that and then tell you to find my article.

>> BERTRAND DE LA CHAPELLE: Yeah and actually it’s a follow-up on with what was being said the notion of the responsibility of state in matters that have an impact outside of the country was something we discussed in the Working Group of the Council of Europe particularly because it was at the time when the stopping of the Internet happened in Egypt. And you know that in international law you have a notion that if a practice is repeatedly justifiable by a higher principle, this principle progressively becomes a principle of international law. And in the case of Egypt, it was remarkable that although they shut down the Internet on the territory, they didn’t touch at all the transient traffic so what we thought in the Working Group is there’s an emerging principle that there’s responsibility for governments to not interfere with the transit traffic.

It’s not formulated yet but that’s one example of the responsibility of states.

Now, really two sentences and – because I want to finish.

>> My name is Kristina Alexanderson. I work with .se. I think the main question with all of this data and even the other issues we had is the user of the Internet I would like to know which law is applicable to me. If I make – get into contact with Google and sign their terms of service that’s at least something I can read and agree to or disagree. But is Google going to copy my mail actually to a server hosted in Singapore? Most probably because they have a data centre there. Facebook is copying all of the data to their new data centre in Sweden and maybe all of you have to put – see after Swedish law. I mean that’s a very fair question because these companies using service in all over the world. And I as a user would like to know do I have to comply –

>> BERTRAND DE LA CHAPELLE: Is it a world law or does the world in terms of service come into play indeed.

>> It’s not only terms of services because if I go to Singapore and they find an incriminating mail that I wrote on the server in Singapore, they could prosecute me. And I write that mail in Sweden, send it with an American service.

>> BERTRAND DE LA CHAPELLE: You remember the case of those two British people who were traveling to the U.S. and who actually were refused entry because they had tweeted before that they were going to – yeah.

>> (Off microphone).

>> BERTRAND DE LA CHAPELLE: It was a joke but anyway a very quick comment. Because I want to . . . I want to follow up on your point.

>> I’m with the European External Action Service but some history in this area, just a reaction to our colleague or our friend from Italy on the competence issue. That is of course a very legalistic debate. There is no policy in the EU so you can’t do a thing if the Member States can get their act together the Member States I would say who give either a mandate to the Commission to negotiate either for foreign policy reasons or – actually foreign policy reasons, internal market reasons civil liberty reasons, you can do so the competence is not a blocking issue if you really want to go into serious negotiations and business with U.S. it’s a political willingness that might not be there. It’s beautiful to have dialogues with the U.S. but we all know that the only thing that works with the U.S. is a negotiation as equals with a clear outcome in mind.

Thank you.

>> BERTRAND DE LA CHAPELLE: One thing that I would like to finish with because we are nearing the time of the discussion is to dig a little bit deeper on this horizontal aspect versus the vertical we have talked a lot about the governments and tensions between the legal systems that the national governments establish. But I would – what I would like to touch upon as a finishing theme is the notion of terms of service as being somehow the law of a digital territory.

If you think about it, as long as you are on Facebook servers, you are bound by the terms of service of Facebook or YouTube or whatever. And those terms of service specify things that relate to your identity, whether for instance you should use your real name or not. Your privacy rules on the platform. Freedom of expression elements whether you can post or not post something. And a lot of other rules that basically as long as you are on the platform and interact with other people through that platform become somehow provocatively the law of this digital territory.

What are the consequences of this? Is this good, bad? And in particular, is there a way to go towards a different way of elaborating those terms of service? Because what’s happening right now is you get Google that unifies it’s privacy policy on all it’s services. It says it will be coming in force and within a couple of weeks at the most, all of the data privacy Commissioners in Europe say wait a minute we need to make an inquiry. This is an extremely rapid reaction and it means that the terms of service are being scrutinized from Day 1 and will be more and more scrutinized. Is there a way to make a better collaboration when those terms of services are liberated and if you look at Facebook they were forced by the German users to actually put into a sort of internal vote their changes of privacy policy.

So are we looking at a sort of new quasi jurisdictional normative layer formed by the terms of service? Rolf and then Marietje.

>> ROLF WEBER: I would like to go a little bit behind your question and I think we should be aware of the fact that we are moving towards a change of the pattern and towards a change somehow of the legal structure in international matters. And I’m really glad that Wolfgang mentioned at the beginning that we have to distinguish between public law and contract law. And we are bound into a contractual framework and all of these terms of services are going to at least partly replace traditional laws. So all of a sudden we do have contractual relations. And by the way if your data is in Singapore for a lawyer it’s quite easy to find out what is going to happen because you have a contract with Google and this contract says data can be transferred or not transferred. So all of a sudden the traditional international law is at least to a far extent replaced by so-called contractual law.

However, this contractual law does not even have the quality which it traditionally had, namely a relation between – governs between two individuals. It governs relation between a provider – relations between providers and millions of users but comes somehow the legal quality which originally was with the legal quality of laws.

>> BERTRAND DE LA CHAPELLE: Sorry to interrupt you but when I hear that a terms of service is a contract I mean I’m sorry a contract is something I can negotiate. I want to be provocative. But to me it looks like a law. To me it says if you come you get into my territory that’s the law. I’m provocative.

>> ROLF WEBER: Usually life you don’t negotiate your terms of service or your channel of business conditions. If you buy a hair dryer, do you ever negotiate the channel of business.

>> BERTRAND DE LA CHAPELLE: Especially for a hair dryer.


>> ROLF WEBER: Of course you have consumer laws.

>> BERTRAND DE LA CHAPELLE: You’re absolutely right.

The only thing is that the difference is that if you use a consumer product, it does not impact on what you can express on what your privacy data – although it comes when we talk about SmartPhones, precisely about all of the data that it can collect.

But –

>> ROLF WEBER: You’re right. What I wanted basically to say is that we use contractual terms that is only the fact that the terms are not negotiated and therefore they are becoming a higher legal quality. But I’m not arguing with you because I’m not a representative of Google.

>> BERTRAND DE LA CHAPELLE: No. And therefore, it means that the notion that you can completely unilaterally determine the terms of service is almost a sort of balancing act. Because it gets from stronger normative function and then more scrutiny so it’s not something they develop completely on their own I guess. Stafan.

>> STAFAN JONSON: Yes. Your question was actually across a legislative layer and yes it is. And that’s a good thing. And that is actually my point. This is simulating a market mechanism.

>> BERTRAND DE LA CHAPELLE: Is it an element of solution?

>> STAFAN JONSON: Yes, I think it is. It’s a way forward actually to increase supply rather than – as long as there are alternatives for sure. And that’s not always the case. You can’t argue with Google, no. You can’t. I tried to argue with that. I actually asked them what do you do with my data and they answered we can’t give you special treatment and that’s the end of it as long as there are other –


>> STAFAN JONSON: Providers and supply. It’s a way forward. It’s a depoliticalizing on issue that maybe it shouldn’t be too political sized.

>> ROLF WEBER: That’s the problem with the market and then you have to see if competition antitrust law can intervene eventually.

>> MARIETJE SCHAAKE: I’m very hesitant to go into the legal details because I’m not a lawyer and I think it requires expert knowledge but it’s fascinating to me that so many people still choose to accept these terms. And there’s also sort of terms of service one might say or a contract or de facto legal relation between a Government and a citizen and at least that is to protect the fundamental rights of people. And I think that that is de facto under pressure that governments cannot protect these fundamental rights in new reality at all times can’t guarantee that. And that’s – I don’t know how to assess this legally or the best way to solve this but I think the fact that we have come to this point is a very, very serious one. And we have to look at how to solve this. Because it will only become more challenging. It’s not going to get better.

So –

>> BERTRAND DE LA CHAPELLE: I think it’s almost an element of conclusion that will draw –

>> CRISTOS VELASCO: I also agree with Stafan that a legislative player should be developed. I mean there’s been talk about like the different layers of the Internet. But we hardly ever hear about the legislative level. And for instance the terms of use fall under this level. And this does represent the challenges not only for countries but also for attorneys, for consultants, for Civil Society representatives. And for the new generations that are coming in order to develop this layer.

>> BERTRAND DE LA CHAPELLE: But as it was said earlier, one of the dangers is the privatization of law. So we cannot continue the discussion. But I think it’s actually the jump start of the continuation of the discussion.

The final question I would like to ask you on the panel is I think the discussion has proven beyond necessity that it’s a topic that is only going to grow. It is there to stay. And there are massive changes that are happening.

My question is: What would be a way – what is needed to facilitate discussion? Of course I’m preaching from my own choir because this is part of what we’re trying to do. But beyond putting people together, are there specific issues or specific angles? Is it good to put the platform actors with governmental representatives in a more informal manner to discuss the roles of terms of service? Is it about bringing the international organisations that are doing parallel work together? What would be a way to push this discussion further? Marietje?

>> MARIETJE SCHAAKE: I think the discussion definitely needs to continue. And perhaps some scenario studies could be done by experts or by multi-stakeholder teams just to see if we don’t do anything then where do we end, if we do this, where do we end? For example, trade – international trade organisations is an avenue because then Europe is more of a block these kinds of assessments.

I could also imagine but this is just an idea that more Civil Society organisations would start court cases to find out where jurisdiction actually lies.

>> BERTRAND DE LA CHAPELLE: That would be the diagonal in between.

>> MARIETJE SCHAAKE: Well it’s a way to test the limitations and exceptions and to build juris prudence. And I think that could be a way that is quicker than waiting for laws to be changed.

And we could all do our best I think to share knowledge with decision makers because quite frankly it’s not easy for me to really grasp the legal realities of this. And I’m learning in this process. I’m just identifying it as an urgent political issue. But it supersedes the committees we work in, the political parties we’re in, the nations we’re from. It really is a whole different level also of how this works politically.

And so if you all with an interest in this subject because otherwise you wouldn’t have spent an hour and a half in this room and with some technological knowledge or other relevant kind of knowledge please do alert politicians to the relevance of these subjects in the broadest sense but also in the narrowest sense because otherwise we will never be able to address this on a political level.

>> BERTRAND DE LA CHAPELLE: Stafan and I’m sorry I have to rush you a little bit.

>> STAFAN JONSON: Okay. The number of organisations engaging in horizontal Internet Governance is growing very rapidly. It’s new arenas coming up almost every month at least. This coming month those in Dublin in the OSC for example yet another organisation inviting themselves to take part in the development but yes arenas are necessary. One notion maybe is that Civil Society is a very heterogeneous collection of people. And maybe an organisation would need to professionalize more actually to be more elite to us because they can meet – elite us because they can meet people at the same level otherwise the organisation becomes reactive and a tool for somebody else lobbyists for example so it’s a very difficult issue but yes the platforms or the arenas are important.

>> BERTRAND DE LA CHAPELLE: Too for the role of Civil Society.


>> WOLF LUDWIG: On the nation-state level I think we should move away from the concept of sovereignty to a concept of cooperative sovereignty and on the society level again Civil Society should be better integrated in law making processes.

>> BERTRAND DE LA CHAPELLE: Thank you. And actually you certainly know Thomas Rutes (phonetic) in Geneva was working also on the notion of committee. Cristos.

>> CRISTOS VELASCO: Well, what else could I say? I’m a Civil Society actor? I’m an academic. I have various, various hats. I’ve spoken to people and it’s really, really important to – for many Civil Society members either consumer organisations, students, academics, to really raise this issue. It’s like to educate, to educate the older generations because we have also a generational gap. I’ve noticed that especially when – for instance when you talk about like how to train – how to train magistrates or judges, there’s a kind of a reluctance for those generations to change. And it’s in every one of us to really make this paradigm shift.

>> BERTRAND DE LA CHAPELLE: And raise awareness on the subject.


>> BERTRAND DE LA CHAPELLE: I want to thank you very much for your participation, your patience. One thing I would like to say is that the term jurisdiction is traditionally connected with geography because fundamentally jurisdictions are defined by geographic borders. One of the challenges that we have now is to define the geography of cyberspace i.e. the cyber jurisdictions that do not map necessarily one on one the physical jurisdictions if you’re interested in this topic as I suppose you are as you are here, you will find the document that has been distributed for those who don’t have it on the Web site of the EuroDIG on the page of the workshop. And all information about the Internet & Jurisdiction Project is available at Internetjurisdictionattach.net.

>> Excuse me I have a Public Service Announcement. They came in to ask me to let people know in terms of flashes, Flash 9 has been cancelled that was scheduled for 2:30. In it’s place is Flash 12. So I was just to let you all know that. Thank you.

>> BERTRAND DE LA CHAPELLE: Thank you, Avri. Thank you very much.