Jurisdiction

Updates

Currently, Facebook users outside the United States and Canada fall under the terms of services agreed with the company’s international headquarters in Ireland. This means that around 1.9 billion Facebook Inc. users around the world would be protected by the European Union’s General Data Protection Regulation (GDPR), once it takes effect on 25 May 2018. However, Facebook is about to make changes which will decrease this number. Facebook confirmed to the Reuters its intentions to reduce its exposure to the GDPR, which allows European regulators to fine companies for collecting or using personal data without consent. These changes will directly affect Facebook users in Africa, Asia, Australia, and Latin America, who will not fall under the DGPR protection. According to Reuters, this will remove potential liability for Facebook, since the new EU law allows fines of up to 4 percent of global annual revenue for infractions. Regarding these changes, the company said: ‘We apply the same privacy protections everywhere, regardless of whether your agreement is with Facebook Inc or Facebook Ireland.’. Earlier this month, Facebook’s CEO, Mark Zuckerberg, stated the company would apply the EU law globally ‘in spirit’, but did not commit to it as the standard for Facebook across the world. Technology policy researcher at University College London, Michael Veale, said that in practice this means: ‘The 1.5 billion affected users will not be able to file complaints with Ireland’s Data Protection Commissioner or in Irish courts. Instead they will be governed by more lenient U.S. privacy laws.’.

Reuters World News reports that Malaysia outlaws 'fake news'; sets jail of up to six yearsnoting that 'The government said the law would not impinge on freedom of speech and cases under it would be handled through an independent court process.' Critics say it is aimed at restricting dissent before the forthcoming general election. Hillary Grigonis asks in Digital Trends Should fake news be illegal? Malaysia could be among the first to penalize it. Grigonis goes on to say that 'Critics, however, are voicing concern over the bill’s potential impact on free speech' and quotes Amnesty International’s director for the Southeast Asia and Pacific regions, James Gomez, as calling it a 'vaguely worded, catch-all bill that can be — and will be — used to crack down on peaceful government critics. 

Cnet's Daniel Van Boom notes that fake news is a problem, but adds that experts say that the new law is a dangerous one, quoting David Kay, clinical professor of law at the University of California: 'This legislation is problematic on so many different levels' ... 'The definition of fake news is so broad it seems like the government could decide anything could be fake news. On top of that, it has these extraordinarily harsh penalties.' Van Bloom notes that the law applies overseas, and could affect Malaysians outside the country, or foreign journalists when they visit Malaysia if they wrote or share stories categorised as fake news.

The Clarifying Lawful Overseas Use of Data (CLOUD) Act was signed into law on 22 March by President Donald Trump. The new legislation amends the 1986 Stored Communications Act to allow federal law enforcement to compel U.S.-based technology companies via warrant or subpoena to provide requested data stored on servers regardless of where in the world the data is stored. The CLOUD Act allows for requesting any data on U.S. citizens stored on any server they own or operate when an warrant exists and it introduces expedited procedures for ‘executive agreements’ with foreign governments. While many companies expressed their support for the law in a joint letter on 6 February, civil society groups and human rights organizations warned on 12 March that the CLOUD Act ‘undermines privacy and important democratic safeguards’.

Pages

Jurisdiction is the authority of the court and state organs to decide on legal cases. The relationship between jurisdiction and the Internet has been ambiguous, since jurisdiction rests predominantly on the geographical division of the globe into national territories. Each state has the sovereign right to exercise jurisdiction over its territory. However, the Internet facilitates considerable cross-border exchange, difficult (although not impossible) to monitor via traditional government mechanisms. The question of jurisdiction on the Internet highlights one of the central dilemmas associated with Internet governance: how is it possible to ‘anchor’ the Internet within existing legal and political geography?

In recent years, courts have been faced with an increasing number of cases with a strong jurisdictional element. The judgments on the right to be forgotten, cases involving authorities requesting data located in other jurisdictions, and the invalidation of the Safe Harbour Framework are notable examples. In these cases, jurisdiction’s long-arm has been put to the test.

Principles of jurisdiction

Three main considerations are important when deciding on jurisdiction:

  • Which court or state authority has the proper authority? (procedural jurisdiction)
  • Which rules should apply? (substantive jurisdiction)
  • How to implement court decisions. (enforcement jurisdiction)

The following criteria establish jurisdiction in particular cases:

  • Territorial Principle – the right of the state to rule over persons and property within its territory.
  • Personality Principle – the right of the state to rule over its citizens wherever they might be (nationality principle).
  • effects on its territory, stemming from activities conducted abroad.

Another important principle introduced by modern international law is that of universal jurisdiction. ‘The concept of universal jurisdiction in its broad sense [is] the power of a state to punish certain crimes, wherever and by whomsoever they have been committed, without any required connection to territory, nationality, or special state interest.’ Universal jurisdiction covers such crimes as piracy, war crimes, and genocide.

Conflict of jurisdiction

The conflict of jurisdiction arises when more than one state claims jurisdiction on a particular legal case. This usually happens when a legal case involves an extra-territorial component (e.g. involves individuals from different states, or international transactions). The relevant jurisdiction is established by one of the following elements: territoriality, nationality, or effect of action). When placing content or interacting on the Internet, it is difficult to know which national law, if any, might be violated. In this context, almost every Internet activity has an international aspect that could lead to multiple jurisdictions or a so-called spill-over effect.

Jurisdiction and access to content

One of the early and frequently quoted cases that exemplify the problem of multiple jurisdictions is the 2001 Yahoo! case in France. It was prompted by a breach of French law, which prohibits the exhibition and sale of Nazi objects, even though the website that provided these items – the Yahoo.com auction website – was hosted in the USA, where the display of such materials was, and still is, legal. The court case was solved through the use of a technical solution (geo-location software and filtering of access). Yahoo! was forced to identify users who accessed the site from France and block their access to the web pages showcasing Nazi materials.

Similarly, the right to be forgotten judgment (Google et al v. Mario Costeja Gonzalez et al) imposed upon search engines the obligation to consider requests from European users to remove certain results from searches.

Jurisdiction and data protection

The protection of EU citizens’ personal data stored beyond Europe’s shores has contributed to some of the most disputed cases in recent years. In 2015, Maximilian Schrems instituted proceedings against Facebook, arguing that the USA does not provide adequate protection to users’ data since the data is subject to mass surveillance under US laws. The Court of Justice of the European Union (CJEU) overturned the Safe Harbour agreement between the USA and the EU due to the fact that that public authorities in the USA were not subject to it, and that national security, public interest and law enforcement requirements in the USA prevailed over scheme. Safe Habour has been replaced with the EU-US Privacy Shield Framework.

Jurisdiction and terms of use

The jurisdiction provision in companies’ terms of use has also been in focus in many court rulings, with many court cases involving Facebook. One prominent case involved a French teacher whose Facebook account was suspended after posting images of a nude painting which hangs at the Musee d’Orsee. The French Court of Appeal ruled that Facebook can be sued in France, rejecting the social network’s argument that its terms of use state that California has jurisdiction. The French court paved the way for other lawsuits against the company outside US jurisdiction. More recently, an Israeli court set the jurisdiction clause in Facebook’s terms of use and approved a class action case against Facebook. The case argued that the network violated users’ privacy by using private posts to determine which advertisements users should see, without obtaining their prior consent.

Besides technical solutions (geo-location and filtering techniques), other approaches for solving the conflict of jurisdiction include the harmonisation of national laws and the use of arbitration and alternative dispute resolution mechanisms.

Events

Actors

(I&J)

The Internet & Jurisdiction Policy Network aims at facilitating discussions between relevant stakeholder g

...

The Internet & Jurisdiction Policy Network aims at facilitating discussions between relevant stakeholder groups on issues related to the tension between the cross-border Internet and national jurisdictions. Its work revolves around three main thematic programmes: Content and jurisdictionData and jurisdiction, and Domains and jurisdiction. The organisation runs an Observatory, which observes legislative and administrative developments, as well as court decisions around the world, regarding the tension between the Internet and national jurisdictions. In addition, the I&J has issued various publications (papers, articles, etc.) on jurisdiction-related policy developments. It also organises a Global Internet and Jurisdiction Conference.

(CJEU)

In recent years, the CJUE has adopted important rulings on Internet intermediary liabilities.

...

In recent years, the CJUE has adopted important rulings on Internet intermediary liabilities. In particular, CJUE’s case law focused for instance on the liability of a service provider in an online marketplace (McFadden v Sony Music Entertainment Germany, 2016), the liability of operators of internet marketplaces (L'Oréal v eBay, 2011), the liability of search engine operators (Google Spain case, 2014) and on the tension between data protection and online enforcement (Promusicae v Telefonica, 2008).

(HccH)

The Hague Conference on Private International Law works for the ‘progressive unification of the rules of priva

...

The Hague Conference on Private International Law works for the ‘progressive unification of the rules of private international law’. As part of its Judgments Project, the HccH focuses on two key aspects of private international law in cross-border litigation in civil and commercial matters: the international jurisdiction of courts and the recognition and enforcement of their judgments abroad. The HccH’s work has legal implications for e-commerce and other Internet-related dispute resolution processes.

(OECD)

Convergence is one of the digital policy issues that the OECD is paying attention to, especially in relation t

...

Convergence is one of the digital policy issues that the OECD is paying attention to, especially in relation to the challenges this phenomenon brings on traditional markets, and the need for adequate policy and regulatory frameworks to address them. In 2008, the organisation issued a set of policy guidelines for regulators to take into account when addressing challenges posed by convergence. In 2016, a report issued in preparation for the OECD Ministerial Meeting on the Digital Economy included new recommendations for policy-makers. Digital convergence issues have been on the agenda of OECD Ministerial meetings since 2008, and are also tackled in the regular OECD Digital Economy Outlook report.

(EU)

In establishing its digital single market, the EU has progressively developed a dense 

...

In establishing its digital single market, the EU has progressively developed a dense copyright legislation corresponding to a set of ten directives, which harmonise essential rights of authors, performers, producers and broadcasters. To ensure EU copyright rules are fit for the digital age, the European Commission has recently presented legislative proposals to modernise the EU legal framework, in order to allow more cross-border access to content online and wider opportunities to use copyrighted materials in education, research and cultural heritage; and have a better functioning copyright marketplace.

(UNCITRAL)

In line with its mandate to contribute to the harmonisation of international trade law, UNCITRAL has drafted s

...

In line with its mandate to contribute to the harmonisation of international trade law, UNCITRAL has drafted several documents of relevance for matters concerning Internet and jurisdiction. Examples include the Model law on electronic commerce (1996), the Model law on electronic signatures (2001), and UN Convention on the use of electronic communications in international contracts (2005), and the Technical Notes on Online Dispute Resolution (2016). E-commerce continues to be an area of interest for the Commission, which has a dedicated working group focused on the legal dimensions of issues such as identity management, trust services, electronic transferable records, cloud computing, etc.

Instruments

Conventions

Link to: Convention on Cybercrime (Budapest Convention) - Article 22 on Jurisdiction (2001)

Judgements

Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González Case - Court of Justice of the European Union (2014)

Resolutions & Declarations

Recommendations

Other Instruments

Resources

Articles

The Impact of Internet Content Regulation (2002)

Publications

Internet Governance Acronym Glossary (2015)
An Introduction to Internet Governance (2014)

Papers

Jurisdiction on the Internet: From Legal Arms Race to Transnational Cooperation (2016)
Cloudy with a Conflict of Laws - How Cloud Computing Has Disrupted the Mutual Legal Assistance Treaty System and Why It Matters (2016)
Internet Fragmentation: An Overview (2016)
Personal Data Storage in Russia (2015)

Reports

One Internet (2016)
Content Removal Requests Report (2016)
2015 In Retrospect (Vol. 4) (2016)
Freedom on the Net 2015 (2015)

GIP event reports

Competition in a Data-driven World: How to Ensure Sustainable Growth? (2018)
Where and How to Protect Legal Interests in the Digital Era (2017)
Jurisdiction Issues in Focus at ICANN60 (2017)

Processes

Session reports

Click on the ( + ) sign to expand each day.

UNCTAD 2018

WSIS Forum 2018

12th IGF 2017

WTO Public Forum 2017

WSIS Forum 2017

IGF 2016

WTO Public Forum 2016

IGF 2015

 

The GIP Digital Watch observatory is provided by

in partnership with

and members of the GIP Steering Committee



 

GIP Digital Watch is operated by

Scroll to Top