Improving user protection and security in cyberspace

1. The Committee of Ministers has carefully examined Parliamentary Assembly Recommendation 2041 (2014) entitled “Improving user protection and security in cyberspace”. It has communicated it to the relevant bodies of the Council of Europe for information and possible comments. The Committee of Ministers welcomes the efforts of the Parliamentary Assembly to strengthen human rights and the rule of law in cyberspace and the important role that it attributes to the Convention on Cybercrime (ETS No. 185) and the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No. 108, hereafter “Convention 108”) in this respect. Moreover, in respect of user protection on the Internet, the Committee of Ministers draws attention to the fact that on 16 April 2014, it adopted Recommendation CM/Rec(2014)6 to member States on a Guide to human rights for Internet users. The Committee also underlines the importance of other Council of Europe Internet governance standards that contribute to an inclusive, multi-stakeholder, collaborative and open Internet governance framework and recognises that the Internet is a global resource which should be managed in the public interest.

2. With respect to the Assembly’s proposal to consider the feasibility of drafting an additional protocol to the Convention on Cybercrime regarding serious violations of fundamental rights of users of online services (paragraph 2.1 of the recommendation), the Committee of Ministers notes that the Convention already has the objective of protecting society and individuals against cybercrime, including against offences against the confidentiality, integrity and availability of computer data and systems. The Cybercrime Convention Committee (T-CY) has, moreover, adopted a number of Guidance Notes – representing the common understanding of the Parties – aimed at applying the existing provisions of the Cybercrime Convention to new cybercrime phenomena. For these reasons, the Committee of Ministers sees no need presently to initiate work on an additional protocol. It recalls, in addition, that the fundamental right to respect for private life is protected under Article 8 of the European Convention on Human Rights, as well as under Convention 108 and its Additional Protocol.

3. On the question whether the European Convention on Mutual Assistance in Criminal Matters (ETS No. 30) needs to be updated in order to deal with mutual assistance concerning transnational cybercrime and cyber evidence (paragraph 2.2 of the recommendation), the Committee of Ministers recalls that Chapter III of the Convention on Cybercrime is aimed at international co-operation in matters related to electronic evidence. Given the transnational nature of electronic evidence, the Convention on Cybercrime would seem the most suitable instrument to deal with this matter given that Parties, signatories and States invited to accede include an increasing number of non-member States of the Council of Europe. The Committee of Ministers notes also that the T-CY, in co-operation with the Committee of Experts on the Operation of European Conventions on Co-operation in Criminal Matters (PC-OC), will continue assessing the effectiveness of the international co-operation provisions of the Convention on Cybercrime and that this assessment is expected to result in a range of proposals to render mutual legal assistance regarding electronic evidence more efficient.

4. The Parliamentary Assembly suggests that the Committee of Ministers undertake work relating to the European Convention on the Legal Protection of Services based on, or consisting of, Conditional Access (ETS No. 178) (paragraph 2.3 of the recommendation). The Committee of Ministers notes that the Steering Committee on Media and Information Society (CDMSI) is, pursuant to the decisions of the Committee of Ministers in relation to the review of Council of Europe conventions, the reference point for Convention No. 178. Therefore, the CDMSI, in accordance with its terms of reference, may in the future consider work in this regard subject to available resources and bearing in mind priorities.

5. On the issue of assistance to member States in the implementation of the Convention on Cybercrime and Convention 108 (paragraph 2.4 of the recommendation), the Committee of Ministers underlines the importance of capacity building. It notes that the Ordinary Budget resources of the Council of Europe are limited but considerable extra-budgetary resources have been mobilised by the Council of Europe for programmes on cybercrime funded by voluntary contributions and joint projects with the European Union. Furthermore, the Cybercrime Programme Office of the Council of Europe (C-PROC) in Bucharest, Romania, became operational in April 2014. It provides the Council of Europe with the infrastructure to support countries worldwide in an effective manner through capacity building programmes. With respect to Convention 108, the Secretariat General is working closely with States Parties to improve the framework of data protection at national level for member States that so request.

6. The Committee of Ministers agrees that the modernisation exercise of Convention 108 be completed (paragraph 2.5 of the recommendation) as a very important task which should be given high priority with a view to securing a high level of protection of individuals with regard to processing of personal data in the digital era. It notes that the third and final meeting of the Ad hoc Committee on Data Protection (CAHDATA), which has been given the task to update the convention, took place in December 2014. It acknowledges the importance of taking into account the ongoing revision of the data protection framework at the European Union level.

7. The Assembly recommends the Committee of Ministers to support and co-ordinate a pan-European approach to the globalisation of the Internet Corporation for Assigned Names and Numbers (ICANN) and its Internet Assigned Numbers Authority (IANA), as outlined in the Montevideo Statement on the Future of Internet Co-operation of 7 October 2013 (paragraph 2.6 of the recommendation). In this context, the Committee underlines the need for Council of Europe member States to be guided by the standards and principles of the Council of Europe, in particular the Declaration by the Committee of Ministers on Internet Governance Principles and Recommendation CM/Rec(2011)8 of the Committee of Ministers to member States on the protection and promotion of the universality, integrity and openness of the Internet. The Committee recalls also its Declaration on enhanced participation of member States in Internet governance matters – Governmental Advisory Committee (GAC) of the ICANN. In this context, it would furthermore underline the importance of the Internet Governance Strategy (2012-2015).

8. With respect to the proposal that observer States be invited to work actively with the Council of Europe towards improving user protection and security in cyberspace and to set up joint initiatives with the Council of Europe in this respect (paragraph 2.7 of the recommendation), the Committee of Minsters notes that Japan and the USA, which are already Parties to the Convention on Cybercrime, are represented in the Bureau of the T-CY, are providing voluntary contributions for capacity building programmes and have engaged in many joint activities with the Council of Europe in different regions of the world. Moreover, Canada is a signatory to the Convention and Mexico has been invited to accede to it. As for Convention 108, these States could ask to be invited to accede to the Convention. Canada and the United States already participate as observers in the Consultative Committee of Convention 108 (T-PD).

9. On the issue of a possible invitation to the European Union to accede to the Convention on Cybercrime as well as to the Convention 108 (paragraph 2.8 of the recommendation), the Committee of Ministers underlines that the European Union and the Council of Europe already enjoy excellent co-operation on cybercrime matters. Accession by the European Union to the Convention on Cybercrime is not foreseen in the treaty in its present form; an amendment to the Convention would therefore be required. The feasibility and necessity of such an amendment would require further analysis. As far as Convention 108 is concerned, accession by the European Union is one of the issues under consideration in the modernisation exercise.

10. Finally, on the question of mass violations of the right to privacy (paragraph 2.9 of the recommendation), the Committee of Ministers informs the Assembly that in the context of the follow-up to the Council of Europe Conference of Ministers responsible for Media and Information Society (Belgrade, 7-8 November 2013), it decided to instruct the CDMSI “to examine closely, in the light of the requirements of the European Convention on Human Rights, the question of gathering and processing of electronic communications data on individuals by security agencies, with a view, as appropriate, to making proposals for further action”.