Jurisdiction

Updates

The US Supreme Court is scheduled to hear two cases related to a question as to whether consumers must suffer financial or physical harm before they may demand compensation for a data breach or for vulnerabilities in products allowing hacking. The first case, FCA US LLC, et al., v. Brian Flynn, et al. concerns the hacking vulnerability of Jeep Cherokee vehicles, specifically where the vehicle breaks were hacked through the entertainment system. In the second case, Zappos.com, Inc. v. Stevens, the online retailer suffered a malicious breach to its consumer database. In both cases no harm ensued to the consumers. Upon the decision of these cases, the verdict of the US Supreme Court would reshape the responsibility of the private sector over the security of internet connected products that could potentially endanger customers’ wellbeing or privacy.

The European Court of Human Rights (ECHR) decided in case of MAGYAR JETI ZRT v. HUNGARY concerning liability for hyperlinks in the domestic defamation law and its compatibility with freedom of expression. In its decision, the ECHR stated that hyperlinks can not be equated to the traditional publication, as they only direct the users to already available content. The ECHR noted that information in a hyperlink can be changed at any time and to subject publishers to liability for a hyperlink would "have foreseeable negative consequences on the flow of information on the Internet, impelling article authors and publishers to refrain altogether from hyperlinking to material over whose changeable content they have no control. This may have, directly or indirectly, a chilling effect on freedom of expression on the Internet."

The European Court of Human Rights (HCHR) ruled that publishers who share hyperlinks on the Internet cannot be held liable for the content of those hyperlinks. The HCHR found that a ruling in Hungary violated 444.hu's rights by holding it liable for the content reached through a hyperlink in a news article. Online content often uses electronic hyperlinks to substantiate or offer further information to readers. This judgement is considered a 'breakthrough for Internet freedom'.

The European Commission (EC) has referred Portugal to the Court of Justice of the EU to ensure the correct implementation of the Universal Service Directive, as regards the financing of universal service obligations. This is according to a press release dated 8 November 2018.

EU member states are allowed to introduce compensation mechanisms to balance the costs of the provision of universal services, which are not always profitable. However, according to the release Portuguese authorities have imposed an obligation on telecom operators and service providers to compensate the net costs of all universal services provided from 2007. Portugal did this in 2012 by exploring the possibilities of the Electronic Communication Law (No 5/2004), and enacting a new law that establishes an extraordinary contribution by the operators.

The EC finds this obligation levied on operators contrary to EU law. This is because it infringes on the requirements of transparency, non-discrimination, and market distortion established by the Directive 2002/22/EC) which is in force since 2002. Therefore, the EC is calling on the Court of Justice of the EU to confirm that the compensation obligation infringes this directive.

Facebook and France have reached an agreement allowing for the French government to appoint its officials in Facebook offices. For six months, starting 1 January 2019 French officials will perform assessments under French jurisdiction in order to establish ‘smart regulation’ of content and removal procedures of hate speech on Facebook.

China has passed new regulation on cybersecurity inspections to come into effect 1 November. The regulation allows Chinese police to enforce the cybersecurity law with service providers via on-site and remote premises and networks inspections to ensure compliance, leading most likely to increased inspections of service providers in the future.

Jurisdiction is the authority of the court and state organs to decide on legal cases. The relationship between jurisdiction and the Internet has been ambiguous, since jurisdiction rests predominantly on the geographical division of the globe into national territories. Each state has the sovereign right to exercise jurisdiction over its territory. However, the Internet facilitates considerable cross-border exchange, difficult (although not impossible) to monitor via traditional government mechanisms. The question of jurisdiction on the Internet highlights one of the central dilemmas associated with Internet governance: how is it possible to ‘anchor’ the Internet within existing legal and political geography?

In recent years, courts have been faced with an increasing number of cases with a strong jurisdictional element. The judgments on the right to be forgotten, cases involving authorities requesting data located in other jurisdictions, and the invalidation of the Safe Harbour Framework are notable examples. In these cases, jurisdiction’s long-arm has been put to the test.

Principles of jurisdiction

Three main considerations are important when deciding on jurisdiction:

  • Which court or state authority has the proper authority? (procedural jurisdiction)
  • Which rules should apply? (substantive jurisdiction)
  • How to implement court decisions. (enforcement jurisdiction)

The following criteria establish jurisdiction in particular cases:

  • Territorial Principle – the right of the state to rule over persons and property within its territory.
  • Personality Principle – the right of the state to rule over its citizens wherever they might be (nationality principle).
  • effects on its territory, stemming from activities conducted abroad.

Another important principle introduced by modern international law is that of universal jurisdiction. ‘The concept of universal jurisdiction in its broad sense [is] the power of a state to punish certain crimes, wherever and by whomsoever they have been committed, without any required connection to territory, nationality, or special state interest.’ Universal jurisdiction covers such crimes as piracy, war crimes, and genocide.

Conflict of jurisdiction

The conflict of jurisdiction arises when more than one state claims jurisdiction on a particular legal case. This usually happens when a legal case involves an extra-territorial component (e.g. involves individuals from different states, or international transactions). The relevant jurisdiction is established by one of the following elements: territoriality, nationality, or effect of action). When placing content or interacting on the Internet, it is difficult to know which national law, if any, might be violated. In this context, almost every Internet activity has an international aspect that could lead to multiple jurisdictions or a so-called spill-over effect.

Jurisdiction and access to content

One of the early and frequently quoted cases that exemplify the problem of multiple jurisdictions is the 2001 Yahoo! case in France. It was prompted by a breach of French law, which prohibits the exhibition and sale of Nazi objects, even though the website that provided these items – the Yahoo.com auction website – was hosted in the USA, where the display of such materials was, and still is, legal. The court case was solved through the use of a technical solution (geo-location software and filtering of access). Yahoo! was forced to identify users who accessed the site from France and block their access to the web pages showcasing Nazi materials.

Similarly, the right to be forgotten judgment (Google et al v. Mario Costeja Gonzalez et al) imposed upon search engines the obligation to consider requests from European users to remove certain results from searches.

Jurisdiction and data protection

The protection of EU citizens’ personal data stored beyond Europe’s shores has contributed to some of the most disputed cases in recent years. In 2015, Maximilian Schrems instituted proceedings against Facebook, arguing that the USA does not provide adequate protection to users’ data since the data is subject to mass surveillance under US laws. The Court of Justice of the European Union (CJEU) overturned the Safe Harbour agreement between the USA and the EU due to the fact that that public authorities in the USA were not subject to it, and that national security, public interest and law enforcement requirements in the USA prevailed over scheme. Safe Habour has been replaced with the EU-US Privacy Shield Framework.

Jurisdiction and terms of use

The jurisdiction provision in companies’ terms of use has also been in focus in many court rulings, with many court cases involving Facebook. One prominent case involved a French teacher whose Facebook account was suspended after posting images of a nude painting which hangs at the Musee d’Orsee. The French Court of Appeal ruled that Facebook can be sued in France, rejecting the social network’s argument that its terms of use state that California has jurisdiction. The French court paved the way for other lawsuits against the company outside US jurisdiction. More recently, an Israeli court set the jurisdiction clause in Facebook’s terms of use and approved a class action case against Facebook. The case argued that the network violated users’ privacy by using private posts to determine which advertisements users should see, without obtaining their prior consent.

Besides technical solutions (geo-location and filtering techniques), other approaches for solving the conflict of jurisdiction include the harmonisation of national laws and the use of arbitration and alternative dispute resolution mechanisms.

Events

Actors

(I&J)

The Internet & Jurisdiction Policy Network aims at facilitating discussions between relevant stakeholder g

...

The Internet & Jurisdiction Policy Network aims at facilitating discussions between relevant stakeholder groups on issues related to the tension between the cross-border Internet and national jurisdictions. Its work revolves around three main thematic programmes: Content and jurisdictionData and jurisdiction, and Domains and jurisdiction. The organisation runs an Observatory, which observes legislative and administrative developments, as well as court decisions around the world, regarding the tension between the Internet and national jurisdictions. In addition, the I&J has issued various publications (papers, articles, etc.) on jurisdiction-related policy developments. It also organises a Global Internet and Jurisdiction Conference.

(CJEU)

In recent years, the CJUE has adopted important rulings on Internet intermediary liabilities.

...

In recent years, the CJUE has adopted important rulings on Internet intermediary liabilities. In particular, CJUE’s case law focused for instance on the liability of a service provider in an online marketplace (McFadden v Sony Music Entertainment Germany, 2016), the liability of operators of internet marketplaces (L'Oréal v eBay, 2011), the liability of search engine operators (Google Spain case, 2014) and on the tension between data protection and online enforcement (Promusicae v Telefonica, 2008).

(HccH)

The Hague Conference on Private International Law works for the ‘progressive unification of the rules of priva

...

The Hague Conference on Private International Law works for the ‘progressive unification of the rules of private international law’. As part of its Judgments Project, the HccH focuses on two key aspects of private international law in cross-border litigation in civil and commercial matters: the international jurisdiction of courts and the recognition and enforcement of their judgments abroad. The HccH’s work has legal implications for e-commerce and other Internet-related dispute resolution processes.

(OECD)

Convergence is one of the digital policy issues that the OECD is paying attention to, especially in relation t

...

Convergence is one of the digital policy issues that the OECD is paying attention to, especially in relation to the challenges this phenomenon brings on traditional markets, and the need for adequate policy and regulatory frameworks to address them. In 2008, the organisation issued a set of policy guidelines for regulators to take into account when addressing challenges posed by convergence. In 2016, a report issued in preparation for the OECD Ministerial Meeting on the Digital Economy included new recommendations for policy-makers. Digital convergence issues have been on the agenda of OECD Ministerial meetings since 2008, and are also tackled in the regular OECD Digital Economy Outlook report.

(EU)

In establishing its digital single market, the EU has progressively developed a dense 

...

In establishing its digital single market, the EU has progressively developed a dense copyright legislation corresponding to a set of ten directives, which harmonise essential rights of authors, performers, producers and broadcasters. To ensure EU copyright rules are fit for the digital age, the European Commission has recently presented legislative proposals to modernise the EU legal framework, in order to allow more cross-border access to content online and wider opportunities to use copyrighted materials in education, research and cultural heritage; and have a better functioning copyright marketplace.

(UNCITRAL)

In line with its mandate to contribute to the harmonisation of international trade law, UNCITRAL has drafted s

...

In line with its mandate to contribute to the harmonisation of international trade law, UNCITRAL has drafted several documents of relevance for matters concerning Internet and jurisdiction. Examples include the Model law on electronic commerce (1996), the Model law on electronic signatures (2001), and UN Convention on the use of electronic communications in international contracts (2005), and the Technical Notes on Online Dispute Resolution (2016). E-commerce continues to be an area of interest for the Commission, which has a dedicated working group focused on the legal dimensions of issues such as identity management, trust services, electronic transferable records, cloud computing, etc.

Instruments

Conventions

Link to: Convention on Cybercrime (Budapest Convention) - Article 22 on Jurisdiction (2001)

Judgements

Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González Case - Court of Justice of the European Union (2014)

Resolutions & Declarations

Recommendations

Other Instruments

Resources

Articles

The Impact of Internet Content Regulation (2002)

Publications

Internet Governance Acronym Glossary (2015)
An Introduction to Internet Governance (2014)

Papers

Jurisdiction on the Internet: From Legal Arms Race to Transnational Cooperation (2016)
Cloudy with a Conflict of Laws - How Cloud Computing Has Disrupted the Mutual Legal Assistance Treaty System and Why It Matters (2016)
Internet Fragmentation: An Overview (2016)
Personal Data Storage in Russia (2015)

Reports

Rule of Law and Democracy in the Digital Society: Challenges and Opportunities for Europe (2018)
One Internet (2016)
Content Removal Requests Report (2016)
2015 In Retrospect (Vol. 4) (2016)
Freedom on the Net 2015 (2015)

GIP event reports

Competition in a Data-driven World: How to Ensure Sustainable Growth? (2018)
Where and How to Protect Legal Interests in the Digital Era (2017)
Jurisdiction Issues in Focus at ICANN60 (2017)

Processes

Click on the ( + ) sign to expand each day.

13th IGF 2018

UNCTAD 2018

WSIS Forum 2018

12th IGF 2017

WTO Public Forum 2017

WSIS Forum 2017

IGF 2016

WTO Public Forum 2016

IGF 2015

IGF 2016 Report

 

IGF discussions on legal issues have evolved from the question of whether existing law applies to the Internet to the question of how it applies.

When it comes to the application of existing law online, the main issue is jurisdiction. The complex and multidisciplinary issues are addressed through a specific legal angle by judges, as they may not understand the technical implications or even more importantly, may not be aware of alternative solutions to legal disputes. The blocking of WhatsApp in Brazil was an example of a court judgement that violated the fundamental freedom of speech guaranteed under Brazilian law (The Role of Judiciary Systems and Internet Governance - WS162). Among measures to alleviate this challenge, it was suggested to introduce Internet regulation as a part of curriculum of law schools. 

Unwillingly, Internet companies are taking a juridical role. Google accepts approximately half of the requests for the right to be forgot- ten. Among other – refused – requests, there are some that could open many legal Pandora-type boxes: procedural matters, basis of judgement, right to appeal, etc. (The 'Right to Be Forgotten' and Privatized Adjudication - WS28). 

 

The GIP Digital Watch observatory is provided by

in partnership with

and members of the GIP Steering Committee



 

GIP Digital Watch is operated by

Scroll to Top