“The internet knows no physical borders; thus, its governance and jurisdiction should strive to reflect that borderless reality.” – Marianne Franklin
In a world without digital borders, understanding the rules that govern the internet can be a puzzle. The concept of “internet jurisdiction” is at the centre of this puzzle. Jurisdiction refers to the legal authority of governments and courts to regulate and enforce laws within and across borders. It is simply about figuring out which laws (between Domestic and International) apply online, and who gets to enforce them. In light of this, this article looks at how different countries have grappled with the borderless nature of the internet and explores some potential trends on internet jurisdiction and cross border transfer of data.
The borderless challenge: Real Cases
The internet does not care about geographical borders. It connects people and information from all around the world. But when something goes wrong online, like cybercrimes or disputes, who should step in? This is where things get tricky. A prime example is the Microsoft v. United States case. In 2013, the U.S. government issued a warrant to Microsoft, requesting the disclosure of email data stored on a server in Ireland. Microsoft challenged the warrant, arguing that the U.S. government should follow the established legal procedures to obtain data held abroad, such as using Mutual Legal Assistance Treaties (MLATs) to work with foreign governments. The case raised significant questions about the reach of U.S. jurisdiction and the protection of privacy rights. Ultimately, the legal battle was reached by the U.S. Supreme Court, which in 2018 decided the case as legally problematic hence unresolved.
Some other notable legal disputes similar to the Microsoft v. United States case include the Yahoo France Case, and the Google Spain case, all of which show how conflicts between national laws, privacy concerns, and international relations tend to clash in the digital world.
The Cross-Border Data Transfer Conundrum
When data flows across borders, it enters a legal tug-of-war. It becomes even more complex when different countries have different data protection rules. Some countries have strict data protection laws that prohibit transferring data to places with weaker regulations while others have relatively more flexible laws on cross border data transfer. This conundrum particularly raises challenges for businesses and organisations that operate across different regions.
Trending Policy and Legal solutions on Cross-Border Data Transfer
Many countries are trying to find solutions that balance data protection with the needs of businesses and innovation. For instance, after the Microsoft vs United states case, the U.S Congress passed the Clarifying Lawful Overseas Use of Data (CLOUD) Act in 2018, which created a framework for cross-border data requests and addressed some of the complexities highlighted by the case. The European Union’s General Data Protection Regulation (GDPR) has also influenced data protection laws worldwide. Some countries have even adopted GDPR-like regulations to align with global standards. In Africa, countries like Kenya enacted the Data Protection Bill in an attempt to regulate the digital space.
Alternative to country-specific laws, some regions have established international treaties and agreements to address Internet jurisdiction and cross border data transfer issues. For example, the Council of Europe’s Convention on Cybercrime (also known as the Budapest Convention) is a multilateral treaty aimed at harmonising national laws and facilitating international cooperation in combating cybercrime.
Last but not least, parties involved in Internet-related disputes have in the past agreed on the choice of jurisdiction and applicable laws through contractual arrangements and online terms of service. This approach allows parties to select a specific jurisdiction to govern their contractual relationship and resolve disputes.
Internet jurisdiction is a tough nut to crack. Finding the right balance between national laws and the internet’s global nature is a puzzle that keeps evolving. The challenges are about deciding which rules apply to online actions and how to enforce them. This article shows that existing domestic laws on e-commerce transactions, intellectual property infringement, cybercrime and data protection are not always ready for the internet age. As such, governments, tech experts, and other actors need to work together to create a progressive and effective internet jurisdiction system, especially as new technologies like Artificial Intelligence (AI) and blockchain emerge.
Miriam-Beatrice Wanjiru is the Programs Officer – East Africa at Paradigm Initiative and a MA. student of International Studies at the University of Nairobi.