Human rights-based and people-centred Internet – a Council of Europe perspective, co-author Elvana Thaçi2

1 October 2013

 

 

Introduction

The CEO of a giant Internet company stated in a book he recently co-authored that the Internet was among the few things that humans have built that they do not truly understand. Besides an intriguing perspective on Internet’s uniqueness, mystery, role and place in our modern societies, for anyone involved in Internet policy-making, this seems to be a compelling invitation to look at the reality of Internet governance. Do we truly understand what Internet policy is about, what is driving it and what its goals are? Is Internet governance really exceptional?

In a way, governments, businesses and citizens across the globe are at the starting point in terms of understanding the far-reaching implications of living in a world connected by the Internet. The best illustration of this are the continuous attempts to revise existing rules or to write new ones on freedom of expression, privacy, child protection, intellectual property protection, trade and security. Controversy over how to balance diverging rights and interests in a balanced way characterises Internet regulation initiatives today both at the national and international level. The story and the fate of an international agreement such as the Anti-Counterfeiting Trade Agreement are remarkably telling. The European Parliament voted against this agreement following massive protests of European citizens who took to the streets fearing infringement of their privacy and free speech online.

Clearly, as the shift from the desktop era of computing to the mobile and hyperconnectivity era of computing continues at an amazingly rapid pace changes in the normative frameworks will be inevitable. A very diverse mix of stakeholders’ interests, influences and a diversity of cultural norms across the globe add to the complexity. However, the essential values that the normative framework should secure have not changed and at least in that sense the Internet should not be seen as exceptional.

The Council of Europe is working with its 47 European member states to uphold human rights, democracy and rule of law, also on the Internet. The aim of our Organisation, which covers a European space of 800 million people, is to achieve a greater unity between member states for the purpose of safeguarding and realising the ideals and principles which are their common heritage. Our vision of the Internet is that of a human rights-based and people-centred space. While we navigate some unchartered waters the star that guides us is the European Convention on Human Rights. This article will give a short overview of the Council of Europe’s Internet related standards in three key areas: freedom of expression, privacy and security, focusing notably on how they address some of the emerging challenges on the Internet.

Freedom of expression

The right to freedom of expression lies at the heart of free societies and is quintessential to the functioning of democracy. In the Council of Europe this right is guaranteed by Article 10 of the European Convention on Human Rights. Freedom of expression is a key building block in the architecture of the Internet, from its infrastructure layer to the application and content layers.  Indeed, the European Court of Human Rights recently affirmed in a case involving information blocking on the Internet that Article 10 applies not only to information but also to its means of transmission.  Any restriction imposed on the means of transmission necessarily interferes with the right to receive and impart information.

Various dimensions of the relationship between freedom of expression on the one hand and critical Internet resources on the other hand have been addressed in different Council of Europe policy documents.  Our 47 member states have acknowledged the Internet as a global public resource and agreed to protect and promote its universality, integrity and openness through commitments of co-operation, information sharing and mutual assistance when there is risk of transboundary harm to the Internet.

The Council of Europe affirmed in its policy that freedom of expression and freedom of association also apply to Internet domain names. These resources do not only have a technical addressing function but can also be imbued with free speech aspects. We promote this policy at the Internet Corporation for Assigned Names and Numbers (ICANN), the global regulator of domain names, in the context of the on-going expansion of the domain space with new generic words and expressions.

Companies which provide Internet access and services or platforms which facilitate citizens’ communications, creation and distribution of user-generated content play a key role in enabling the free flow of information on the Internet. These intermediaries are often asked by content creators, distributors, rights holders and their associations to exercise control over Internet users’ access, consumption and sharing of digital content. They are called to filter, block or take-down different types of content, including but not limited to content relating to hate speech, defamation and sometimes, subjected to political pressure, political speech.

For us in the Council of Europe, freedom of expression is at stake here and what is essential is the right balance between this freedom and other competing legitimate interests. In a case involving the criminal conviction of the co-founders of The Pirate Bay for copyright infringement the European Court of Human Rights held that sharing or allowing others to share on the Internet, even copyright-protected material and for profit-making purposes was indeed covered by the right receive and impart information under Article 10 of the European Convention on Human Rights. The Court considered that the domestic courts had rightly balanced the conflicting interests at stake in the case in question.

It is also important to recognise that Internet intermediaries may exercise judgment and editorial-like functions with regard to the content that is made available through their services. The Council of Europe has recommended to its member states that these issues should be considered with fresh eyes and that the question of what is media in today’s Internet ecosystem should be considered from a new perspective. New actors should be offered a policy framework which guarantees an appropriate level of protection for their editorial functions and provides a clear indication of their duties and responsibilities. Council of Europe policy standards set out criteria and indicators that should be take into account in this connection.

There is no freedom without security

People’s security online is of equal importance to their freedom. Their trust of the Internet depends on all forms of cybercrime, which can have a very serious impact on people’s lives and carry enormous economic costs, being combatted. People need to feel safe on the Internet including from repercussions of their online activities in the offline world. In particular, children must be protected from abuse online, from grooming and bullying and must be enabled to understand and deal with harmful content and behaviour. Incitement to hatred or violence and recruitment for terrorism should have no place in our online environments.

The European Court of Human rights has ruled that it is the obligation of states to put in place legal frameworks that reconcile the confidentiality of Internet users with the prevention of disorder or crime and the protection of the rights and freedoms of others, in particular of children and other vulnerable groups. The Internet is borderless and so are the threats to online safety. Therefore, interstate co-operation and mobilisation of private sector actors and civil society organisations are essential.

The Council of Europe offers to both its member states and non-member states, through a number of international conventions, blueprints for criminalising and addressing harmful activities on the Internet as well as guidance on inter-state co-operation. Notably, the Council of Europe has elaborated several international legally-binding conventions including the Lanzarote Convention on protection of children against sexual exploitation and sexual abuse, the Council of Europe Convention on the prevention of terrorism and the Council of Europe Convention on the counterfeiting of medical products and similar crimes involving threats to public health (Medicrime Convention).

The Budapest Cybercrime Convention has become a global standard in the fight against cybercrime.  With a continuous flow of accession requests and more than 100 states aligning their national legislation with it, the Convention is an important instrument to fight cybercrime. Moreover, the Council of Europe is carrying out a number of activities in both member and non-member states to build national legislative and law enforcement capacities to fight cybercrime on the Internet.

Privacy in a hyper-connected world

During the summer of 2013, when reports about collection of large amounts of Internet users’ personal information and about monitoring of their communications by the U.S. and other secret services started to unfold, people around the globe were made aware of the risks of exposure to surveillance. These events were a convincing reminder that we must reconcile our efforts to fight terrorism with the need to ensure the protection of the right to private life, which in Council of Europe member states is guaranteed by Article 8 of the European Convention on Human Rights. This right protects individuals against arbitrary intrusion by public authorities and constitutes a cornerstone of free and democratic societies.

The European Court of Human Rights has established very important principles with respect to surveillance for the purpose of national security protection, which we must implement rather than try to re-invent. While it is clear that states have a duty to protect the lives of their citizens, the Court has said that, in view of the risk that a system of secret surveillance may undermine or even destroy democracy under the cloak of defending it, there must be adequate and effective guarantees against abuse and arbitrariness. These include accessible, clear and specific rules about the circumstances in which authorities are empowered to resort to surveillance. The rules must be prescribed by law rather than left to subsidiary regulations which often are subject to change and sometimes not accessible. The discretion of those authorities applying surveillance laws should be constrained by clear and specific conditions regarding procedures to follow and time limitations. Finally, there must be accountability, effective supervision and review of in the implementation of a surveillance system by independent and competent authorities.

Other complex challenges to the protection of the right to private life on the Internet are emerging as business models become increasingly driven by insights gained from citizens’ personal information. Personal data processing techniques, which on the basis of Internet users’ browsing activities, analyse and predict their personal preferences and attitudes in order to serve them personalised advertising or content, signal a future characterised by a strong knowledge and power dissymmetry between private companies and individuals. What is at stake here are individual’s freedom and autonomous determination that are essential underpinnings of privacy. Moreover, in addition to people, physical objects and processes are being connected to the Internet. Devices, household appliances, cars, planes, business processes and critical infrastructure are all being connected to Internet networks. As we immerse ourselves in this hyper-connected world the traditional approaches to personal data governance regimes need re-thinking.

In the Council of Europe we have embarked on a process to modernise our Convention for the protection of individuals with regard to automatic processing of personal data. Our direction is towards a policy framework which sets out clear rules with regard to limitations of personal data collection, purpose specification and usage limitations. The revision of the Convention will also pave the way for a strengthened role of individuals and more engagement from them in making real choices and exercising control over their personal data by means of their informed consent. Technology itself can also be part of the solution. We are promoting the principle of privacy by design which requires that solutions respectful of privacy be embedded in the technology at the stage of their conception and design.

An outlook into future work

Internet governance encompasses various areas of technology and policy development and therefore strategic vision is needed. The Council of Europe’s Internet Governance Strategy 2012-2015 defines our lines of work in ensuring the rights and freedoms of Internet users, enhancing the rule of law and maximising the Internet’s potential to promote democracy and cultural diversity. In the implementation of our strategy we promote multi-stakeholder dialogue with the full participation of governments, the private sector, civil society and the technical community.

Internet users’ empowerment to exercise their human rights and fundamental freedoms online and to participate in the development of public policy regarding the Internet is among the key Internet governance principles acknowledged by the Council of Europe. As first step to implement this principle we are working on a Guide on Human Rights for Internet Users whose goal is to explain in simple language, in one place, what rights and freedoms individuals have on the Internet as well as to raise their awareness about how these rights and freedoms can be challenged and in what ways they can seek redress. We expect to launch the Guide in early 2014 and to co-operate with private sector and civil society actors to make it operational.

The Conference of Council of Europe ministers responsible for media and information society which will take place on 7 and 8 November 2013 in Belgrade will be an important milestone in our future activities.  We expect that our post-Belgrade agenda will strengthen Internet freedom by providing responses to key challenges to freedom of expression, freedom of association and privacy online. Safety of journalists, sadly, continues to be a major preoccupation for our societies in Europe and in need of stronger commitments by our member states. The debate about online news aggregation and newspapers’ copyright in Europe has brought to light the question of sustainability of the media industry. News-making and media content production have become expensive operations as more and more people consume content on their mobile devices and media organisations find themselves competing with digital company giants which by using advanced data processing techniques can offer advertisers better capabilities in targeting advertising to consumers. These matters are public policy issues which should be considered in the context of preservation of the role of media in the Internet ecosystem.

Other areas of work for the Council of Europe include protection of whistleblowers, which will be addressed in the framework of a new instrument on protecting individuals who report or disclose information on acts and omissions in the workplace that represent a serious threat or harm to the public interest. In addition, we will continue to work with our member states to reinforce the United Nations Guiding Principles on Business and Human Rights; Protect, Respect and Remedy Framework. 

Conclusion

This overview of Council of Europe’s action to tackle some of the key challenges to free speech, privacy and security on the Internet is by no means complete or exhaustive. Internet developments are incredibly dynamic and so are the policy and regulatory processes and responses. Clearly conflicting interests will continue to exist among stakeholder groups. Citizens’ will continue to demand protection of their freedom of expression, security and privacy online. Governments and policy-makers must guarantee human rights, enforce security, copyright laws and support innovation. Businesses will continue to offer products and services for a profit.  Internet regulation and policy has to find the right balance between competing legitimate interests. The mere existence of apparently conflicting rights and interests does not make the Internet an exceptional space which should be treated exceptionally. In Europe we adopted the European Convention on Human Rights in 1950, long before the Internet was born. The European Court of Human Rights continues to ensure that this Convention remains the basis for 47 European states of 800 million Europeans to protect human rights and fundamental freedoms, both offline and online.

                                                               
1 Nueva Revista de Politica, Cultura y Arte, No. 145, Nov. 2013.
2 Administrator in the Internet Governance Unit, at the Information Society and Action Against Crime Directorate.