IGF 2020 WS #204 Internet Data Protection Under Different Jurisdictions

Time
Friday, 13th November, 2020 (14:00 UTC) - Friday, 13th November, 2020 (15:00 UTC)
Room
Room 1
About this Session
The protection of Data on the Internet is today one of the most important concerns of Internet users. Repetitive breaches of the users’ data made their privacy flouted. Several attempts to put regulations for the protection of users’ data on the Internet have been done for 15+ years but still lots of efforts to be done. The panel will explore the existing regulations, and discuss the way to make the user’s data better protected wherever they are based and make recommendations thereupon.
Thematic Track

Organizer 1: NADIRA AL-ARAJ, Internet Society Palestine Chapter
Organizer 2: Tijani BEN JEMAA, AFRALO ICANN
Organizer 3: Natalia Filina, EURALO (ICANN, At-Large), Youth IGF Movement, SIG IoT (ISOC)

Speaker 1: Kulesza Joanna, Civil Society, Eastern European Group
Speaker 2: Farzaneh Badii, Civil Society, Asia-Pacific Group
Speaker 3: Leon Sanchez, Technical Community, Latin American and Caribbean Group (GRULAC)
Speaker 4: Christine Arida, Government, African Group
Speaker 5: Milton Mueller, Civil Society, Western European and Others Group (WEOG)

Additional Speakers

The FINAL COMPOSITION of SPEAKERS

Badii Farzaneh, Civil Society, Asia-Pacific Group

El Bekri Mohamed, Government, African Group

Kulesza Joanna, Civil Society, Eastern European Group

Lanfranco Sam, Private Sector, Western European and Others Group (WEOG)

Sanchez Leon, Technical Community, Latin American and Caribbean Group (GRULAC)

Second Rapporteur:
Araj Victoria, Civil Society, Intergovernmental Organization

Moderator

Tijani BEN JEMAA, Civil Society, African Group

Online Moderator

NADIRA AL-ARAJ, Technical Community, Asia-Pacific Group

Rapporteur

Natalia Filina, Private Sector, Eastern European Group

Format

Round Table - Circle - 60 Min

Policy Question(s)
  • Does the current situation allow for Data protection of all Internet end users?
  • To what extent, could the development of international norms and principles facilitate common approaches and interoperability of data protection frameworks, and also facilitate international trade and cooperation?

Personal Data Protection under different jurisdictions. Digital sovereignty, data localization, data flows, extraterritorial rules, cross border law enforcement, emergency procedures for data access, digital cooperation. The Internet is being a global good, which jurisdiction to apply for data protection.

SDGs

GOAL 5: Gender Equality
GOAL 8: Decent Work and Economic Growth
GOAL 9: Industry, Innovation and Infrastructure
GOAL 10: Reduced Inequalities
GOAL 16: Peace, Justice and Strong Institutions

Description:

The global nature of the Internet and the transfer of digital information across borders brings an international dimension to discussions around data. The generation, collection, processing, storage, retention, transfer, and discloser of data (including personal ones) have enabled new social, cultural, and economic opportunities than ever previously imagined. At the same time, the massive use of these data through the application of data-driven technologies by the public as well as private entities poses challenges around privacy, freedom of expression, and the exercise of other human rights. The protection of Data on the Internet is today one of the most important concerns of Internet users. Repetitive breaches of the users’ data made their privacy flouted. Several attempts to put regulations for the protection of users’ data on the Internet have been done since 15+ years. Today, there are some regulations in some countries/regions https://www.privacypolicies.com/blog/privacy-law-by-country/, but how can the users’ data be protected under different jurisdictions? How can any regulation be applied for the Internet which is a cross border good? Issues like data collection, processing, retention, transfer, and discloser are today subject to regulations here and there in the world, but no coordinated efforts are done to make these regulations harmonious to ease their application worldwide for questions related to the Internet. Should there be an international regulation replacing the various existing ones? The panel will explore the existing regulations, and discuss the way to make the user’s data better protected wherever they are based and make recommendations thereupon.

Expected Outcomes

The session's expected outcomes may feed into the Internet and Jurisdiction Policy Network (I&J) works, including an article on the I&J monthly newsletter

The format selected for this session is a roundtable discussion, however, with slight variation as during the discussion of the topic, the subject matter experts will briefly introduce it from their respective perspectives and answer any question. The moderator will make sure that all subject matter experts did address their issue and there were discussions and input from the attendees on it.

Relevance to Internet Governance: The use of the Internet requires that users enter their personal data. So addressing Internet Data Protection under various Jurisdictions is indeed relevant to the Internet Governance as defined in Tunis Agenda of the World Summit on Information Society.

Relevance to Theme: The session is about Internet Data Protection under various jurisdictions, so relevant to the thematic track “DATA” and will contribute to the reflection and debate about this particular aspect of the internet Data.

Online Participation

An invite for the workshop will be circulated to the following networks:  ICANN, ISOC, NRIs, RIRs, Internet & Jurisdiction Policy Network

Agenda
  • Opening and introduction of the workshop and the experts – Moderator (5 min)
  • Introduction to the topic
  • The difference in approach between GDPR and the Mexican data protection law in the differentiation of natural vs legal persons and how this has affected WHOIS - Leon Sanchez (3 min)
  • How jurisdictional differences are invoked to argue for less or more data protection for data subjects, especially in the context of WHOIS/RDAP - Farzaneh Badii (3 min)
  • The use of available personal data, and captured transactional and ambient data as inputs into AI to construct digital personas for various economic, political and other purposes, in the absence of common jurisdiction, agreed on worldwide - Sam Lanfranco (3 min) 
  • The European approach to privacy and data protection, including both: the GDPR and CoE 108+ - Joanna Kulesza (3 min)
  • Data Protection Jurisdictions in North Africa - Mohamed El-Bakri (3 min)
  • Open structured discussion - Attendees & Experts (35 min)
  • Recap and identification of the discussion outcome points. – Moderator (5 min)
1. Key Policy Questions and related issues
Does the current situation allow for Data protection of all Internet end users?
To what extent, could the development of international norms and principles facilitate common approaches and interoperability of data protection frameworks, and also facilitate international trade and cooperation?
2. Summary of Issues Discussed

There was broad support for the view that the protection of users’ Internet data is not easy under multiple different jurisdictions. Several approaches were mentioned to address this issue: Most of the interventions supported the coordination of the efforts to harmonize the existing legal frameworks and try to build on the agreed on principles while some participants argued that the only way to reach real Internet data protection is to reach an international binding regulation.

3. Key Takeaways
  • The discussion amongst policymakers, experts, and stakeholders on how to blend principles of users’ data protection is poignant in a post-CIVOD globe.
  • Yet, the ability to build a global consensus and international legislative framework on users’ data protection is extremely challenging due to the vast polity economy of the internet and the diverse policy environment of states.
  • Nonetheless, we need to activate a solution even though the probability of solving the problem through a global legal consensus is still doubtful. There are also existing frameworks that can be built on such as UNDHR, GDPR.
6. Final Speakers

Badii Farzaneh, Civil Society, Asia-Pacific Group

El Bekri Mohamed, Government, African Group

Kulesza Joanna, Civil Society, Eastern European Group

Lanfranco Sam, Private Sector, Western European and Others Group (WEOG)

Sanchez Leon, Technical Community, Latin American and Caribbean Group (GRULAC)

9. Group Photo
IGF 2020 WS #204 Internet Data Protection Under Different Jurisdictions