PART 1- CYBER SECURITY AND DATA PROTECTION ENGAGE ATTENTION
(This is the first part of the three part series of the articles written by Pavan Duggal, internationally renowned expert and authority on Cyberlaw, as he embarks on his annual review of Important International Cyberlaw Events in 2017)Cyberlaw as a discipline is constantly evolving. Each year, the world sees new legal developments, which in their own manner, contribute to the evolving cyber legal jurisprudence. 2017 saw some remarkable cyberlaw advances taking place, at the international level.
2017 was the year that was marked by the significant legal developments in Cyber Security. Cyber Security became one of the key important parameters for various stakeholders across the world. No wonder, different Countries increasingly started looking in the direction of regulating activities concerning Cyber Security in the digital and mobile ecosystem.
China in the year 2017 came up with implementing its landmark National Cyber Security Law. This Law was potentially one of the most comprehensive pieces of legislations concerning Cyber Security that got implemented across the world. The said law was further significant as it gave a very wide legal definition of Cyber Security. Cyber Security has been defined to refer to the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. The said law further defined various rights, duties and obligations of various stakeholders.
Of particular relevance was the wide ranging applicability of the said Law. As per the said Law, the new Chinese Cyber Security Law became applicable not just to the entire of China but even beyond China's territorial boundaries. Another significant relevance of the Chinese legal approach on cyber security was the unique focus on the concept of cyber sovereignty. China came up with a very elaborate, comprehensive and constantly expanding scope of cyber sovereignty. It further upheld and underlined the basic premise that cyber sovereignty has to be an important pillar for national decisions making and for Nation Governments and hence the same has to take precedence over other conflicting international arrangements.
The year also belonged to China in the manner in which it not just went ahead and implemented its Cyber Security Law but also effectively even fined three internet giants for non-compliances the law, leaving no doubt in people’s minds that China would ensure the complete implementation of its Cyber Security Law. Various new sub-rules, and regulations are in the process or being discussed. However, this legislation has demonstrated to the World the irreversible nature of how Cyber Security law will continue to evolve in the coming times.
The growth of Cyber Security Law got further boost in other countries, as different countries increasingly started getting focused on regulating Cyber Security. Singapore came up with its draft National Cyber Security Bill for public comments. The Singapore approach was trying to adopt the good relevant features of various other legislations. By putting up its draft cyber security bill for public comment and receiving various comments, Singapore has shown that it wants to basically incorporate all the salient features of good legislative rule making in its Cyber Security Law. At the time of writing, various other Countries are in the process of discussing, drafting and negotiating new National Cyber Security Laws.
The year 2017 was without doubt the definitive year, when the law on Cyber Security started emerging as an important component of Cyberlaw jurisprudence.
The year 2017 saw more countries engaging in bilateral cyber security cooperation agreements. Countries have begun to start realizing that they cannot keep on waiting endlessly for an International Cyberlaw framework to be in place and hence, countries have started to look at negotiating bilateral cyber cooperation agreements which are a form of soft legislations, all aimed at further expanding the scope of Cyberlaw jurisprudence.
Different countries engaged in different levels of activities pertaining to bilateral arrangements. These bilateral arrangements need to be viewed as one step forward in the evolving Cyberlaw jurisprudence. However, the fact remains that there are intrinsic shortcomings of bilateral arrangements. Cyberspace and the internet are global paradigms and global phenomenon and hence the challenges emerging from global phenomenon cannot be hoped to be addressed by bilateral cyber cooperation agreements.
It is interesting to note that while different countries are engaging in bilateral cooperation agreements, there is no mechanism to find out as to how much cooperation was actually happening. It appears that countries across the world are increasingly getting clear on one broad theme. Countries across the world are increasingly wanting to expand the scope of national security and national sovereignty to include huge chunks of cyber sovereignty therein and at the same time, countries also feel that they need to work together towards bilateral Cyber Security cooperation agreements.
It is also interesting to note that a large number of these bilateral arrangements specifically provide that if any incident, information or event relates to the national security of one country, then the said information will not be shared with the other negotiating country. I have always welcomed the concept of bilateral cyber cooperation agreements, but I have been wary of the shortcomings that emerge therefrom. Countries need to increasingly realize that they cannot put their entire eggs into the bilateral Cyber Security cooperation basket, but increasingly need to diversify their thought processes. Countries need to very quickly start negotiating for an International Cyberlaw framework in place.
The year 2017 further saw, the world suddenly waking up to a new looming challenge on the horizon being the General Data Protection Regulation(GDPR) of European Parliament, the Council of the European Union and the European Commission, which is supposed to come into effect from May, 2018. The stakeholders increasingly in the year 2017 woke up to the existence, impact and ramifications of the forthcoming GDPR. Though, the GDPR is primarily a European legal instrument which is aimed the data protection, it does however, categorically stipulate that non compliance with its provisions could attract severe penalties of up to 4% of worldwide turnover. This is a very significant provision and increasingly companies and different stakeholders in different parts of the World have started worrying and have started concentrating their energies on how their operations could be seen to be compliant with the GDPR regime which comes into effect from 25th May, 2018.
All said and done, the year 2017 was an interesting year as far as growth of International Cyberlaw jurisprudence was concerned as jurisprudence started evolving in different directions. In 2017, the further evolution and development of Cyberlaw jurisprudence was shaped by newly emerging ground realities.
There are numerous other important cyberlaw developments that took place globally in the year 2017. My next article will seek to examine other important cyber legal events that engaged the attention of the world in the year 2017.
The Author Pavan Duggal, Advocate, Supreme Court of India, Internationally acclaimed Authority and Expert on Cyberlaw and Cyber Security Law, Chairman of the International Commission on Cyber Security Law and President of Cyberlaws.Net can be reached at his email address: - pavan@pavanduggal.com and pduggal@vsnl.com. More about Pavan Duggal is available at www.pavanduggal.com
Download Important Global Cyberlaw Trends In 2017