[Update] The Geneva Internet Platform team reported from the UNCTAD E-commerce week. Read the reports:
by Emanuele Sacchetto
The first day of E-Commerce Week saw a great variety of discussions, which took place during different meetings. The meetings generally focused on e-commerce, cybersecurity, data protection, and digital trade regulation.
During the Global Attitudes towards Data Protection and Privacy on the Internet session, the 2016 CIGI-Ipsos Global Survey on Internet Security and Trust was presented. From this research, it emerges that global concern about our privacy has increased in the last few years; 83% of global Internet users appear to have changed their online behaviour in an effort to be more prudent. In order to enhance trust, however, 85% of global citizens think that governments should cooperate and refuse to have a sole entity responsible for the protection of all their data online. The discussion also re-affirmed the necessary role of private corporations in protecting personal data and information. It was argued that sometimes corporations operating online collect more data than they really need, since gathering information is cheap today. However, they do not invest enough money in the protection of those data. In conclusion, the necessity to raise awareness of the risks faced when uploading information online was affirmed, particularly in developing countries, where there is still a lack of awareness about these issues.
In the G7 ICT Priorities: Technology, Innovation and the Global Economy session, the important role of ICT policy for the global economy was discussed, in particular in preparation for the G7 Meetings which will take place next May in Japan. Priorities included the necessity to regulate cross-border data flow, to enhance privacy and data protection regulation, and to increase trust and transparency through stakeholder consultations. The privacy issue is an essential element in enhancing trust and maximising the digital economy. Many concerns have arisen because of the lack of harmonisation on this topic. Regarding the cybersecurity issue, representatives of the private sector underlined the necessity of developing technologies able to prevent cyber attacks. They also stressed the necessity for governments facing these issues to consult experts. Indeed, they affirmed that private and public sectors have the same goal (security online), and so they need to cooperate. Finally, the necessity to provide for a policy framework was underlined, a framework that is clear, easy to understand, and with user protection as its focus.
During the Cybersecurity and Cybercrime: New Tools session, the necessity of developing or implementing existing policy tools for enhancing cybersecurity was discussed. These tools should serve as an inspiration for policymakers and law-makers. In particular, cybersecurity reform should affect three levels: substantive criminal law, procedural criminal law, and the harmonisation of the legal framework through international cooperation. Referring to substantive criminal law, in legislation in some countries there is an overlapping of norms against cybercrimes. In particular, when a cyber attack affects some critical infrastructure, it should be necessary to provide for explicit protection and compensation remedies instead of referring to common criminal law tools. From a procedure level, there is a need for more transparency in the way foreign governments make requests for information to private corporations (e.g. the Microsoft v. US Government case). In conclusion, it is evident that we need to enhance international cooperation, create a network to provide for mutual legal assistance, and take into account best practices and country experiences, in order to achieve more harmonisation in this field.
Finally, the New International Framework for the Protection of Consumers Online session noted that the protection of consumers represents a key element for the global online economy. It is then necessary to raise consumer awareness about the risks they can face as Internet users and buyers. According to the 2016 OECD Recommendation on Consumer Protection in E-commerce, consumers should be no less protected online than in offline transactions. First of all, there is a need for a common definition of who a consumer is. Then we should develop new strategies to enhance the protection of consumers online. The increasing presence of free products available in exchange for personal data and information asks for more transparency in the collection and use of those data. Hence, more effort is needed in developing guidelines, enhancing international cooperation, and providing for enforcement assistance to consumers.
by Laetitia Honsberger and Emanuele Sacchetto
The goal of the Ad-Hoc Meeting on Data Protection Regulation, which took place 19-20 April during the UNCTAD 2016 E-Commerce Week, was to foster communication between global multistakeholders from academia, government, business, consumer society, the tech industry, and international organisations. They discussed the question of harmonising data protection and privacy frameworks through inclusive international collaboration, with the goal of benefiting cross-border trade and innovation while protecting consumers and their fundamental rights. Additionally, the meeting allowed stakeholders to share recent developments in the field from their different perspectives.
In the High-Level Round Table on Protecting Data and Fostering Trade session, panellists and various stakeholders discussed the relation between global privacy protection, trade, and development, with the main goal of attaining a data protection regulation that addresses the risks of data sharing without restricting the benefits.
First, emphasis was put on the necessity of international collaboration to secure data transmission in the evolution of data we are facing today, especially through e-commerce, cloud-based software, and data transfer.
The notion of trust was discussed extensively, as a question of central importance and basic currency on the Internet. On one hand, various regulations, implemented differently across the globe, need to be improved and implemented. For example, developing countries face trade problems because they cannot guarantee a secure data protection system. On the other hand, the risk of falling into data protectionism was noted, with the overall aim of achieving a balanced type of data protection. Conjointly, fundamental human rights were discussed, to protect, through data and privacy protection, the system of values on which human civilisation was built.
Three central points were mentioned: the importance of data, which represents the fuel powering the Internet in its dramatic evolution; the digital revolution and its implications for trade; and the importance of stressing data protection to achieve trade benefits from the digital revolution. UNCTAD Deputy Secretary-General Joakim Reiter reaffirmed the importance of global dialogue on data protection.
The session was followed by the presentation of the new UNCTAD study on data protection and privacy: Data protection regulations and international data flows: Implications for trade and development.
During the Data Protection and International Trade session, attention was focused on the implications of data flows. Panellists, mostly economists, discussed the interests at stake when creating and implementing privacy policies, and the consequences of legislation on cross-border trade. The informative role of economists in the data protection legislation process, including the involvement of various stakeholders, was stressed. After the presentations from the panellists, a very interactive session allowed various stakeholders to exchange their opinions with experts regarding specific situations of their countries.
During the second day, the current state of the data protection regulations worldwide was discussed in an effort to find possible solutions for the implementation of a global legal framework in this field.
In the Key Instruments and Current Practices session, many rights of data subjects were analyzed (e.g. the right to access of information, the right to be forgotten). However, the main topic under discussion was international data flow and the conditions under which it is possible. In particular, two different approaches were considered. On one hand, the recently adopted EU Commission Directive based on the high standards of protection necessary to allow trans-border data flows. The EU Commission representative also addressed the possibility to have an EU Data Protection Court, responsible for any clarifications of the interpretation of the regulation in cases of international data flow. On the other hand, there is the US approach, based on the principle of a minimum level of standards necessary. The US representative also underlined the necessity of developing core framework principles in order to elaborate a real interoperable system and avoid the creation of barriers to data flow. One practical example of an attempt to create a global framework on data protection was seen in the Council of Europe’s convention on data protection. Its potential universal nature could represent a possible way to harmonise the numerous regulations in this field.
In addition, the importance of informing people about their rights and duties over their personal data, especially in developing countries, was underlined.
During the What Works and What Doesn’t: Country Experiences session, the current situation in some countries like Sri Lanka, Japan, Brazil, Republic of Korea, and Ghana was presented. In particular, it emerged that in many of these jurisdictions, there is still no comprehensive data protection law. Instead, different sources of legislation address themes such as privacy and data protection, sometimes leaving a lot of power to the private sector’s self-regulation and due diligence principles. However, privacy is considered a fundamental right in many countries like Sri Lanka and Brazil. In Brazil, there is also a civil regulation (Marco Civil), which creates a civil framework for Internet rights, going further than a mere declaration of principles (though not without some problems of implementation). Some countries also addressed the problem of inadequate infrastructure and a lack of awareness of privacy and data protection issues among citizens. In conclusion, the necessity to cooperate and develop a real global framework legislation in this field was re-affirmed.
In the last session, some next steps for the future were taken into account. At the end of the discussion it was clear that there is a need to develop a harmonised common core of principles to avoid the risk of governmental initiatives that unduly restrict trade and e-commerce. The issue of definitions of personal and sensitive data appeared particularly relevant.
The importance of information and sensitisation was stressed, in order to encourage consumers and citizens to learn about their rights and enable them to exercise informed consent.
More in general, the importance of creating trust among users was stated, allowing them to exercise effective control over their personal data. Cooperation between governments and private companies is essential for this. Indeed, the discussion about privacy and data protection needs to invest more resources in engineering and technical research with the help of private corporations. Lawyers are no longer the only players in this regulatory field.
Emerging e-commerce topics and trends will be the focus of UNCTAD E-Commerce week. The discussions will take place at the Palais des Nations, Geneva, on 18-22 April 2016.
More details are available on the meeting website.