Cybercrime: EU position for a UN Convention on countering the use of information technology and communications technologies for criminal purposes

In January 2022 UN member states will start negotiating a new convention on "the use of information technology and communications technologies for criminal purposes." EU institutions and member states have been working towards defining their position for the first round of talks, which includes a demand that any new agreement be "focused primarily on substantive criminal and criminal procedural law, as well as associated mechanisms for cooperation."


See: NOTE from: EEAS and European Commission services to: Delegations: Position for a UN Convention on countering the use of information technology and communications technologies for criminal purposes (Council doc. 12642/21, LIMITE, 13 October 2021, pdf) and the preceding version: 11925/2/21 REV 2 (LIMITE, 11 October 2021, pdf)

The document sets out preferences on both procedural and substantive issues.

In relation to the former, it notes:

"The EU and its Member States attach great importance to the fact that the negotiation process (as well as the process leading to the substantial negotiations) must be open, inclusive and transparent and based on cooperation in good faith. In particular:

a) all relevant documents should be published on the AHC website and all States, the EU and other participants should be consulted and have the possibility to share their views and be heard. The timeline for negotiations should allow for appropriate consultations."

With regard to the latter:

"To add value from the perspective of the EU and its Member States, a new UN convention would need to usefully complement the existing framework for international cooperation, notably the Council of Europe “Budapest” Convention on Cybercrime, which harmonises definitions of cybercrimes and sets out a number of mechanisms to facilitate cooperation between its State Parties, and also the United Nations Convention against Transnational Organized Crime and other relevant instruments, in particular relating to the protection of human rights. Any new convention should therefore be compatible with the existing framework, not impair in any way the application of the above-mentioned instruments or the further accession of any country to them and, to the extent possible, avoid duplication.

To that end, the EU and its Member States should ensure that the scope of a possible future UN Convention on countering the use of information and communications technologies for criminal purposes is focused primarily on substantive criminal and criminal procedural law, as well as associated mechanisms for cooperation. In the negotiations, the EU will firmly promote its human centric vision and human rights-based approach and will strive for compliance of the future Convention with standards of international human rights."

And (emphasis in original in all quotes):

"...the EU and its Member States should:

1. promote the inclusion of certain substantive criminal law provisions linked to cybercrime that should be criminalised by all State Parties.

In general, such provisions should relate to high-tech crimes and cyber-dependent crime, such as illegally gaining access to, intercepting or interfering with computer data and systems[1]. The criminalisation of other types of behaviour that may be conducted by means of ICTs, so-called cyber-enabled crimes, could be accepted, but only if limited to certain narrowly defined and universally recognised relevant offences...

...Vague provisions criminalising behaviour that is not clearly defined in the Convention or in other universal legal instruments would risk potentially unduly and disproportionately interfering with human rights and fundamental freedoms: such provisions should therefore be opposed by the EU and its Member States.

(...)

4. Since this treaty will imply, in practice, the exchange of information among the Parties (which may constitute personal data), the possible future UN Convention should also provide for international transfers of personal data, in line with and subject to the conditions of EU law.

(...)

8. oppose any criminalisation of a broadly or vaguely defined activities, especially where such regulations may disproportionately limit legitimate speech and the expression of opinions, ideas and beliefs.

9. defend that, as an intergovernmental instrument, the convention should refrain from directly imposing obligations upon non-governmental organisations including the private sector, such as internet service providers."


Image: Christiaan Colen, CC BY-SA 2.0

 

Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error