The Council of Europe in the New Information Era
by Guy de VEL1, Director General of Legal Affairs, Council of Europe
The digitalisation, convergence and continuing globalisation of information networks have brought and will continue to bring about profound changes in society. Information has become the primary resource for both economic and democratic development. The world today is different from what it was twenty years ago. We know that it will continue to change in a dramatic way so that twenty years from now it will again look very different from what it is now. Nobody can tell exactly how, as changes occur at a very vivid pace and long term trends are hard to anticipate.
It is a an opportunity to live in such times ; it is also a challenge. Everybody experiences these changes and must make efforts to live up to them. Individuals, companies, governments, organisations and institutions should do what they can to follow and promote these changes; to take advantage of their opportunities and to control the risks that arise.
Role and place of the Council of Europe in the new information society
New information technologies offer opportunities to promote freedom of expression and information, political pluralism and cultural diversity, and to contribute to a more democratic and sustainable information society; they have the potential to improve openness, transparency and efficiency at all levels – international, national, regional and local - of the governance, administration and judicial systems of member states and hence to consolidate democratic stability.
There are however also potential risks involved in the use of these technologies for both individuals and society. A clear regulatory framework will help to promote the opportunities and minimise risks. Governments need to co-operate in the international arena to this end.
The Council of Europe is a pan-European organisation providing a forum for the exchange of information and of common action in economic, social, cultural, scientific, legal and administrative matters whose aim is to achieve a greater unity between its members for the purpose of safeguarding and realising ideals and principles which are their common heritage and facilitating their economic and social progress. It has an essential standard-setting role, having prepared, since 1949, 185 conventions and several hundreds recommendations addressed to its current 43 member states.
The Council of Europe’s Second Summit (10-11 October 1997) decided to develop a European policy towards new information technologies with a view to ensuring respect for human rights, promoting cultural diversity, fostering freedom of expression and information and maximising the educational and cultural potential of these technologies.
The Council of Europe as a standard-setting body
The Council of Europe has an essential standard-setting role in the field of human rights and in the development of international law through European Conventions, legally binding international treaties.
Three conventions already in existence are of utmost importance for the future of the information society : the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (and its additional protocol regarding supervisory authorities and transborder data flows), the Convention on Cyber-Crime and the Convention on Information and Legal Co-operation concerning "Information Society Services".
"Information power" brings with it a corresponding social responsibility for the data users in the private and public sector. In modern society, more and more decisions affecting individuals are based on information stored in computerised data files. It is essential that those responsible for these files should make sure that the undeniable advantages they can obtain from automatic data processing do not at the same time lead to a weakening of the position of the persons on whom data is stored. For this reason, they should maintain the good quality of the information in their care, refrain from storing information which is not necessary for the given purpose, guard against unauthorised disclosure or misuse of the information, and protect the data, hardware and software against physical hazards.
Having regard to the rapid evolution of information handling techniques and the development of international data traffic, it was considered desirable to create mechanisms at international level which enable states to keep each other informed and to consult each other on matters of data protection.
In an effort to reconcile the right to respect for private life with the free circulation of information, the Council of Europe has dealt with data protection in its Convention for the protection of individuals with regard to automatic processing of personal data, signed to date by 33 European countries and in a number of recommendations.
The convention consists of three main parts:
Substantive law provisions in the form of basic principles. The convention's point of departure is that certain rights of the individual may have to be protected vis-Ó-vis the free flow of information regardless of frontiers, the latter principle being enshrined in international and the European Human Rights Convention. It does not seem advisable, however, to rely on it solely for data protection, inter alia because it is a "closed" instrument, which does not permit the participation of non-European and non-member states.
Therefore, the convention lays down basic principles for data protection. Each party should take the necessary steps to give effect to this "common core" in its domestic legislation. It should be noted that the convention gives clear and precise indications on the purpose to be achieved by each principle, but leaves to each party, the manner of implementing it in its domestic law.
Special rules on transborder data flows. The convention aims at reconciling the simultaneous and sometimes conflicting requirements of the free flow of information and data protection, the main rule being that transborder data flows between contracting states should not be subject to any special controls. This provision should be seen in close conjunction with Chapter II which ensures that the processing of personal data is subject in all countries concerned to the same fundamental rules ("common core").
Mechanisms for mutual assistance and consultation between the parties. The convention provides mechanisms for co-operation between the contracting states, both in individual cases (mutual co-operation between authorities and assistance with data issues abroad) and with regard to the convention as a whole.
For more information on this treaty, see http://www.legal.coe.int/dataprotection.
As the world becomes increasingly dependent on global computer networks, one realises how vulnerable users, whether individuals, companies or governments, are to criminal intrusion and misuse. Computer networks need care and protection for several reasons: first, because over the past few years they have changed the world into a global information society in which there are virtually no longer any frontiers, neither for their lawful use, such as for educational, scientific or commercial purposes, nor for criminal misuse, such as for launching virus attacks against computer systems or for distributing paedophile, racist or hatred inspired materials; second, because their implications are far-reaching in that virtually any kind of electronic information is now accessible to any Internet user anywhere in the world at any time; remote access, legal or illegal, to vast quantities of both official and private data stored by computer systems, has now become completely unhindered; third, because computer networks bear the promise of a new era of online electronic commerce, offering services and goods, whose value may soon exceed hundreds of billions of euros.
Networks may be used to spy and steal confidential information, which is often of great economic value, or to attack governments’ or private companies’ computer systems from a distance in a totally anonymous fashion, actually or potentially causing very considerable damage. Not all of this is done by young computer whiz kids testing their knowledge; it is frequently deliberately done by pirates, cyber-terrorists or cyber-spies who are professionals, acting for other individuals, companies or even governments, in return for payment. Consequently, the advantages offered by a worldwide information network can rapidly disappear if impunity is the only response to these criminal abuses.
Important public safety issues must be considered by governments in their efforts to develop the Internet's power to communicate, engage in commerce, and expand people's educational opportunities across the globe. Secure networks depend to a large extent on Governments’ ability to develop a co-ordinated response to criminal activities targeting or misusing computer systems. This response requires co-operation on three levels. First, national police and judicial authorities must have the legal tools and practices in place to provide each other prompt mutual assistance in investigating and prosecuting computer-related crimes. Second, governments must enable direct collaboration between those government agencies entrusted with advancing the growth and security of e-commerce, and those charged with protecting the safety of the public. Finally, the private sector plays a critical role in ensuring security and confidence in shared networks, and governments must work closely with industry at a variety of levels to respond to the problems associated with cyber crime.
But networked computers and other technologies permit crimes to be committed remotely, via the Internet and wireless communications. A criminal no longer needs to be at the actual scene of the crime (or within 1 000 kilometres, for that matter) to prey on his victim. However, when investigating computer crimes, national borders become a real obstacle for law enforcement: while the Internet may be borderless for criminals, law enforcement agencies must respect the sovereignty of other nations. As a result, national authorities become increasingly dependent on co-operation with foreign counterparts. Unfortunately, differing legal systems and disparities in the law often present major obstacles in mutual assistance.
The response to these criminal problems can therefore only come from concerted action by the international community, each individual state being unable to deal on its own with the offences committed transnationally, through computer networks. That said, such a concerted response has several prerequisites of a substantive nature (what offences are to be prosecuted?), of a procedural nature (what resources do the authorities responsible for ensuring that the criminal law is applied have available to them?) and relating to international co-operation (the setting up of a legal basis for co-operation).
The Convention on Cyber-Crime has three aims:
- to lay down common definitions of certain criminal offences – nine are mentioned in the convention: illegal access, illegal interception, data interference, system interference, misuse of devices, computer-related forgery, computer-related fraud, offences related to child pornography and offences related to copyright and neighbouring rights – thus enabling relevant legislation to be harmonised at national level;
The Convention on Cyber-Crime has already proven to be a real success: the very day when it was opened to signature (23 November 2001), it was signed by 30 states, including 4 non-member states of the Council of Europe : Canada, Japan, South Africa and the United States. For more information on this topic, see the specialised theme folder on the Council of Europe web portal : www.coe.int.
General information and legal co-operation
Following the example set by the Directive EC/98/48 of the European Union, the Council of Europe has developed a binding international legal instrument : the Convention on Information and Legal Co-operation concerning "Information Society Services".
The aim of this convention is to set up a legal information and co-operation system in the area of new communication services. These new services, called "Information Society Services" are in fact activities of an interactive nature provided on-line which have an economic value. They are developing rapidly and raise a considerable number of cross-border legal issues in areas such as electronic signatures, the conclusion of on-line contracts, the fight against crime, the legal liability of operators, the protection of consumers and minors, etc. Moreover, they may have a direct impact on the protection of human rights and fundamental freedoms, such as the freedom of expression and the right to respect for private life.
This convention enables the Council of Europe, its member states and the European Commission to co-operate in the rapidly evolving field of "Information Society Services". It is clear that European Community legislation and international law need to evolve in this context as far as possible together and to this end, the two legal instruments need to have similar legal scope.
For more information on this topic, see the Council of Europe Conventions database http://conventions.coe.int.
Other Council of Europe legal instruments
The three conventions mentioned above are not the only Council of Europe legal instruments dealing with new technologies related affairs. The Council of Europe has been continuously dealing with such issues for the past twenty years. Often, its efforts have lead to recommendations in related fields. Recommendations are non-binding legal instruments with a very powerful political legitimacy (they are adopted unanimously by the Council of Europe member states representatives). Here is a list of such recommendations, in reversed chronological order. Some of them have been consolidated into the binding legal instruments (conventions) mentioned above, some might be slightly out of date due to the extraordinary pace of technological innovation that we have experienced during the past two decades; however, they still represent useful texts and they testify of the constant concern and involvement of the Council of Europe in issues related to the emergence of new technologies:
- Rec(2001)8 on self-regulation concerning cyber content (self-regulation and user protection against illegal or harmful content on new communications and information services);
More information on this topic is available on the Committee of Ministers’ web site : http://www.coe.int/T/E/Committee_of_Ministers.
The Council of Europe as an information provider
The Council of Europe is an important European and world information provider. It decided therefore to set an example by elaborating a bold information policy based essentially on two pillars: declaring transparency as a principle (eg restricted documents are declassified just one year after issuance) and using its internet site as a spear head for disseminating information (including the creation of a common and comprehensive network for the different web sites developed over time, which will enormously simplify both the task of the users and that of the content providers: www.coe.int).
New information technologies allow a tremendous amount of information to be available and exchanged. More and more authorities, companies and individuals begin to add to this treasure; the internet has become a giant library that is increasing its content at the speed no physical library could ever have dreamt of. The real challenge of this virtual library has more and more become not to offer more content but to allow users to find the information they need. In such situation, information management becomes as important as the information itself and information management knowledge a very necessary skill.
But not all efforts must be made by users. Content providers must take the necessary steps in order to make the information they offer easily available and interfaces as user-friendly as possible. This implies the design of a good information architecture; it implies the creation of powerful search tools; it implies also, and this becomes more and more important, networking the different information content providers.
Indeed, it is up to the information offer to adapt to the demand and not the other way around. Administrative divisions should not make it necessary for the user to make multiple searches or to first study the political or administrative organisation of the different information providers. Hardware networks’ potential must be reinforced by software networking and eventually by information networks that should integrate the information available into coherent architectures; web sites need to become more and more intelligent and “communicative”.
An interesting Council of Europe experience in this field is the LOREG (LOcal and REgional Government) internet library (www.loreg.org). This database not only offers very powerful and user friendly search tools, but also assumed the difficult task of creating a real network between different information providers in the field of local and regional democracy.
This multi-level networking service of LOREG includes several features:
Of course, this is but one of the very useful Council of Europe databases: the Conventions database already mentioned which presents not only the texts and the explanatory reports of the present 185 Council of Europe conventions, but also real time information on the signatures, ratifications, declarations and reservations; the case-law database of the European Court of Human Rights (http://hudoc.echr.coe.int); the Council of Europe Web Catalogue (WebCat), offering online access to the Council of Europe documentary library...
New challenges: information technologies and e-democracy
The democracy has changed during the past two decades. The pace of change is accelerating, however transforming democracy through the use of new information technologies has just scratched the surface. Over the next few decades democracy might evolve for the better and new ways that will allow people to improve their lives will appear. People may communicate with each other and with the authorities more freely, to associate into groups of interest more easily; they will soon be able to vote online and to actively participate in all the stages of the decision-making by the authorities: evaluation of needs, gathering of information, decision taking, evaluation and correction of action...
The increased participation is to be welcomed; however, risks exist and they should be dealt with. Some say that the Internet will save the democracy, bringing it closer to citizens, empowering people, creating and reinforcing communities and making transparency effective; yet some other fear that new technologies might bring about a merciless unlimited e-voting democracy which would neglect the protection of basic human rights, where the digital divide will increase both between and within countries, where the technologically savvy will rule the world and the majority’s decision will make it impossible to protect the minorities.
Both hopes and fears might be exaggerated; however, the Council of Europe, who places human rights and democracy at the core of its interest, has launched several activities in order to examine these questions and to help to find standards, tools and means which would help to maximise the benefits of new technologies for the democracy while minimising the risks.
These activities examine the implication of new technologies in general and of the electronic democracy in particular on the role, activity and means of action of both central and local/regional governments; following the conclusions of a thorough examination of the situation in Europe, they try to put forward suggestions for governments in order to help them meet the challenges of tomorrow’s democracy.
There is a large aria of such activities, ranging from the implications of new information technologies on employment, on small and medium-sized enterprises, on social cohesion or the image of women (dealt with by the Parliamentary Assembly) but also on training, culture, creativity or freedom of cultural expression (dealt with by the Culture Committee) to racist or xenophobic acts committed through computer networks (dealt with by the European Committee on Crime Problems) and to the implications of e-government and e-democracy on local and regional governments (dealt with by the Steering Committee on Local and Regional Democracy).
One might reasonably think that the Council of Europe’s fundamental standard-setting role in the area of new technologies in general and e-democracy in particular has just begun.
New technologies offer the possibility for governments to become far more responsible to the will of the people, to work and make the democracy work better than ever before. They offer governments the opportunity to achieve a quantum leap towards tomorrow’s democracy. This is one of those exciting moments in the history when leaders and authorities are challenged to act.
New challenges ask for new co-ordinated responses. Networks are not stopped by national borders, so governments should co-operate in order to take advantage of the new opportunities and to limit the risks they make arise. Thanks to its over 50 years of international co-operation experience, the Council of Europe is ready to play its part, both as a standard setting body and as a service provider, on the international arena, to help public authorities and citizens to maximise the benefits of new technologies.
1 The views expressed hereafter are personal and do not necessarily reflect those of the Council of Europe.