Jurisdiction is the authority of the court and state organs to decide on legal cases. The relationship between jurisdiction and the Internet has been ambiguous, since jurisdiction rests predominantly on the geographical division of the globe into national territories. Each state has the sovereign right to exercise jurisdiction over its territory. However, the Internet facilitates considerable cross-border exchange, difficult (although not impossible) to monitor via traditional government mechanisms. The question of jurisdiction on the Internet highlights one of the central dilemmas associated with Internet governance: how is it possible to ‘anchor’ the Internet within existing legal and political geography?
In recent years, courts have been faced with an increasing number of cases with a strong jurisdictional element. The judgments on the right to be forgotten, cases involving authorities requesting data located in other jurisdictions, and the invalidation of the Safe Harbour Framework are notable examples. In these cases, jurisdiction’s long-arm has been put to the test.
Principles of jurisdiction
Three main considerations are important when deciding on jurisdiction:
- Which court or state authority has the proper authority? (procedural jurisdiction)
- Which rules should apply? (substantive jurisdiction)
- How to implement court decisions. (enforcement jurisdiction)
The following criteria establish jurisdiction in particular cases:
- Territorial Principle – the right of the state to rule over persons and property within its territory.
- Personality Principle – the right of the state to rule over its citizens wherever they might be (nationality principle).
- effects on its territory, stemming from activities conducted abroad.
Another important principle introduced by modern international law is that of universal jurisdiction. ‘The concept of universal jurisdiction in its broad sense [is] the power of a state to punish certain crimes, wherever and by whomsoever they have been committed, without any required connection to territory, nationality, or special state interest.’ Universal jurisdiction covers such crimes as piracy, war crimes, and genocide.
Conflict of jurisdiction
The conflict of jurisdiction arises when more than one state claims jurisdiction on a particular legal case. This usually happens when a legal case involves an extra-territorial component (e.g. involves individuals from different states, or international transactions). The relevant jurisdiction is established by one of the following elements: territoriality, nationality, or effect of action). When placing content or interacting on the Internet, it is difficult to know which national law, if any, might be violated. In this context, almost every Internet activity has an international aspect that could lead to multiple jurisdictions or a so-called spill-over effect.
Jurisdiction and access to content
One of the early and frequently quoted cases that exemplify the problem of multiple jurisdictions is the 2001 Yahoo! case in France. It was prompted by a breach of French law, which prohibits the exhibition and sale of Nazi objects, even though the website that provided these items – the Yahoo.com auction website – was hosted in the USA, where the display of such materials was, and still is, legal. The court case was solved through the use of a technical solution (geo-location software and filtering of access). Yahoo! was forced to identify users who accessed the site from France and block their access to the web pages showcasing Nazi materials.
Similarly, the right to be forgotten judgment (Google et al v. Mario Costeja Gonzalez et al) imposed upon search engines the obligation to consider requests from European users to remove certain results from searches.
Jurisdiction and data protection
The protection of EU citizens’ personal data stored beyond Europe’s shores has contributed to some of the most disputed cases in recent years. In 2015, Maximilian Schrems instituted proceedings against Facebook, arguing that the USA does not provide adequate protection to users’ data since the data is subject to mass surveillance under US laws. The Court of Justice of the European Union (CJEU) overturned the Safe Harbour agreement between the USA and the EU due to the fact that that public authorities in the USA were not subject to it, and that national security, public interest and law enforcement requirements in the USA prevailed over scheme. Safe Habour has been replaced with the EU-US Privacy Shield Framework.
Besides technical solutions (geo-location and filtering techniques), other approaches for solving the conflict of jurisdiction include the harmonisation of national laws and the use of arbitration and alternative dispute resolution mechanisms.