Remarks by Bjørn Berge, Deputy Secretary General of the Council of Europe

A very good afternoon to all of you.

Ambassador of Spain to Austria, Dear Cristina,

Distinguished guests,

Ladies and gentlemen,

Thank you, Claudia, for your kind introduction.

As participants of this important and International Digital Security Forum –

I know you are very aware of the staggering speed of our global digital transition –

The benefits this promises in speed, accuracy and insight for the work that we do and the lives that we live –

But also the risks and challenges that it poses for our privacy, autonomy and job security.

Indeed, the motto of this Forum reflects these wide-spread concerns.

“Digital resilience” is something that concerns us and people from all walks of life.

We all want to feel “safe, secure and free”.

But when an opinion poll published just this month shows that 94% of business leaders are suffering from “tech anxiety” –

Fuelled by the rate of technological disruption –

We need to find ways of addressing the legal, ethical and practical issues that are causing such concern –

And do so quickly.

We – in the Council of Europe – are trying to take a leading role here –

And we are ready to do more.

As our Organisation was established to protect and promote common standards in human rights, democracy and the rule of law and across our 46 member states.

The European Convention on Human Rights is at the core of those efforts.

Ratified by all 46 of our member states –

And applied and interpreted by the European Court of Human Rights –

Its judgments are binding and must be implemented and executed by all.

On top of this, we have a range of specific instruments –

Which draw from the European Convention –

And which are designed to tackle the many, specific, and evolving challenges that face our societies.

Because we are a multilateral organisation, we can find and apply cross-border solutions to cross-border problems that no country alone can fix.

The challenges raised by new technology are a prime example of this.

To keep up with the pace of change, we certainly need guidelines that are highly relevant, effective and comprehensive, and cross-border enforcement schemes.

The Council of Europe’s Digital Agenda aims to achieve exactly that:

Consolidating existing digital regulation –

Developing new instruments where required –

And accompanying member states on the path to values-based digital standards –

But also of great importance are our concrete co-operation activities.

So that the opportunities of the global digital transition can be realised –

And the risks addressed.

Today, dear friends, I want to map out three specific areas in which we are helping governments to apply this approach through international legal tools:

First of all, countering cybercrime. Secondly providing data protection, and thirdly addressing the development and use of Artificial Intelligence.

On cybercrime, the rapid advance of technology has led to the equally rapid rise in offences.

Scams, extortion and hate speech online are, for example, fuelled by the ever-wider reach of social media –

And events such as the Covid-19 pandemic and the Russian Federation’s appalling war of aggression against Ukraine open-up new avenues for these kinds of abuse.

It is predicted that by 2025, cybercrime will cost the world an astonishing $10 trillion a year.

But despite governments’ obligation to protect people against crime, fewer than one-in-a-thousand offences in cyberspace leads to prosecution and conviction.

I repeat – fewer than one in a thousand offenses.

We need to change this – but we can only do that together.

Ensure access to e-evidence –

And enable a criminal justice response that provides security while upholding rights.

That is precisely the purpose of the Council of Europe’s Budapest Convention on Cybercrime and its Additional Protocols.

Adopted in 2001, the Budapest Convention’s role in this field remains crucial.

With concrete measures designed to help national authorities counter crime, protect victims and prosecute the perpetrators.

Its broad participation – 66 parties from Europe and the wider world –

And its substantive criminal law provisions –

Applied both to current and future technology.

Building on this, its First Additional Protocol criminalises acts of racism and xenophobia online –

While striking the right balance between fighting hate and respecting freedom of expression –

And the Second Additional Protocol –

Opened for signature in May this year –

Addresses the challenges posed by obtaining e-evidence between jurisdictions –

For all crimes, whether or not they are committed online

This Protocol will no doubt make cross-border co-operation on electronic evidence easier and more effective –

With a system of safeguards in place too.

This Second Additional Protocol requires 5 ratifications to come into force –

And with 40 signatures and 2 ratifications already, I hope that it will happen very soon.

When operational, it will extend the hand of justice further into cyberspace and further support governments in dealing with cybercrime fairly and effectively.

Also, on data protection, we have been active over several years – if not decades.

The advance of big data, machine learning and other innovations is generating ever larger amounts of personal data.

Their collection and use are driving all kinds of innovation.

Equally, this increases the likelihood and seriousness of that data falling into the wrong hands –

Whether through hacking or security breaches.

European governments acknowledge they must protect their citizens’ right to privacy.

But sometimes it is those same governments that are responsible for data protection failures.

The Council of Europe’s response is our Convention 108 and its recently modernised version, known as Convention 108+.

These uphold Article 8 of the European Convention on Human Rights –

The right to private life –

Making clear that when governments use peoples’ data, they must show legitimacy, necessity and proportionality –

And a connection to a pressing social need, as required by Article 8.

Convention 108+ specifically addresses the challenges of a digitised world –

Mapping out the route to a free data transfer area that preserves human dignity and privacy.

Conventions 108 and 108+ are the only international, multilateral and legally binding treaties on the protection of privacy and data.

Again, these are open to parties throughout the world –

And they show that standards can be developed and applied to the benefit of our societies.

As the late data protection expert – and enthusiastic European – Giovanni Buttarelli once said:

“Let’s make sure that technologies are designed to serve humankind and not the other way around.”

This sentiment applies to all digital technologies of course, including my third and final example of our work –

On Artificial Intelligence.

AI promises extraordinary benefits to our societies.

In science and healthcare, it can detect patterns, trends and problems –

And help to apply solutions and treatment, saving lives.

In business and the economy, it can root out inefficiencies, improve production, and increase innovation and profit.

And in terms of safety, it can take risk-laden tasks and entrust them to machines.

On the other side, it opens the door further to mass surveillance –

Enables unlawful discrimination such as which job adverts are shown to us – or withheld - from our view –

And it has created fears of a future in which responsibility for technical failures, and breaches of the law are unclear –

And where human decision-making is replaced by AI systems in highly sensitive contexts.

These things will have profound implications for our rights.

Once again, we should seek to find the way to ensure progress that upholds those rights, and does not undermine them –

Once again, the Council of Europe is using multilateral action as the means to achieve that.

We have already taken a number of initiatives –

But our current efforts are focused on negotiating a Framework Convention – outlining some principles – and providing a platform for increased co-operation on the design, development, and use of AI systems –

Based on existing international human rights and rule of law standards.

Experts from Europe and beyond in our Committee on Artificial Intelligence, CAI, are now working hard on this.

Our aim is to come to an agreement and adopt such a Convention in May of next year.

But CAI does not include our European member states alone.

It also features our Observer states, Canada, Japan, Mexico, the United States and the Holy See –

Plus, Israel –

The European Union, the OECD and UNESCO –

And crucially – 61 representatives from civil society on one hand, and industry on the other –

While several other countries from outside Europe have also applied for observer status.

We see this as a recognition of the relevance of our work, and it is our wish to have strong stakeholder engagement.

I will not pre-conclude on anything – as discussion and negotiations are ongoing – but the Framework Convention will be horizontal in nature – applying across all aspects of life where AI is in use.

Its aim is to ensure legal certainty, including in human rights sensitive contexts:

In public administration and democratic processes –

And justice system and police investigations, for example.

Of course, the role of AI will only grow in the years ahead.

We also aim to apply this ethos to another AI-related initiative – the Metaverse.

The Metaverse also raises questions about personal data protection, user safety and what, if any, regulation is required.

On this we are working closely with the Institute of Electrical and Electronics Engineers.

The Institute will produce an analytical report on the impact of the Metaverse –

And virtual reality in general –

On human rights, democracy and the rule of law.

The report will also consider whether existing tools are enough to tackle the challenges at hand –

With its preliminary findings to be discussed at several major events, including the Internet Governance Forum in Kyoto in October –

And I understand a final version will be ready for distribution at the beginning of next year.

Dear friends,

Regulation for its own sake is never a good thing.

But regulation that help us protect our fundamental rights certainly is.

The Council of Europe was established more than 70 years ago to protect those rights for all people and from all walks of life.

In applying key principles to the challenges of today, we can indeed secure greater safety, security and freedom in the use of modern technology –

Upholding the rule of law – both on and offline.

Thereafter it is for governments to ratify them, use them, and support further measures where these are required.

This is multilateralism in action in the digital era –

A force for good.

Thank you for your attention.