Those attending heard Professor Dr. Thomas Hoeren of MünsterUniversity deliver a masterly analysis of the interaction between Human rightsand the increasing pressures of business globalisation in the world ofe-commerce.
Professor Dr. Hoeren is one of Europe’s leading authorities onIT law, holding the Chair of Information Technology, Telecommunication and MediaLaw at the University, and serving also as a part-time Copyright and CompetitionLaw judge in Dusseldorf and a legal advisor of the European Commission withspecial focus on IT law.
The meeting, which was the third in the series promoted jointlyby the Scottish Society of Computers and Law and the Faculty of AdvocatesInformation Technology Group, joined on this occasion by the Scottish LawyersEuropean Group, got off to an arresting start. In a tour de force of unscriptedexposition, Professor Hoeren recounted the lecture which he once gave to a classwhich contained both law students and IT students, one of whom was sitting atthe back of the class and appeared to be taking copious notes. Intrigued,Professor Hoeren went up to the back after the lecture, only to discover thatthe notes contained but a single, serially-repeated message: ‘F*** theMillennium, F*** the Lawyers!’
Once the gales of nervous laughter died down, Professor Hoerenwent on to explain that this epitomised the single most serious challenge to theinternational rule of law in the world of e-commerce regulation: thetechnologists now have the power, using technological means, to shape e-commerceaccording to the interests of themselves and of the corporations they serve,rather than necessarily the interests of the public at large. The rule of lawexists to protects the basic human rights of society as a whole. If the rule oflaw is undermined, that presents a direct challenge also to human rights. Whatshould, or even could, lawyers do about this imbalance?
He then went on to illustrate his theme by reference to threespecific areas: Data Protection, Copyright and Consumer Protection.
Data Protection
Different jurisdictions approach data protection from differentphilosophical starting-points. European jurisdictions have traditionally beenprotective of privacy, developing concepts of rights to privacy, whilst in theUS, although philosophically opposed to the collection of data by thegovernment, the public has generally had no such qualms regarding the collectionof data by commercial enterprises for business purposes. The UK has tended tofall somewhere between those poles.
The result has been the development of quite differentregulatory regimes not only as between the US and Europe, but also withinEurope, where there have been inevitable differences of emphasis, and, hence,significantly different regulatory regimes: in Germany there is a generalrestriction on the processing of personal data whilst France permittedprocessing of non-sensitive data. The UK accorded a wider freedom to undertakeprocessing subject only to registration requirements. In an attempt to ‘squarethe circle’ the European Data Protection Directive attempted to combine all ofthese different and incompatible models. The anomalous result is that personaldata relating to citizens of one member state might lawfully be processed inanother member state, when such processing might have been unlawful in the firstmember state. For example, this could well affect citizens of Germany (which hasthe strictest domestic regime) who might well find themselves the subject ofdata processing and retention which might otherwise have been prevented underthe national law. Would German nationals then feel that there had been aninfringement of their human rights?
Such very real issues arise when data is sought to betransferred out with the EU to a country not having sufficient safeguards forthe data subject. Such transfer is prohibited by the Directive, so, in anattempt to get round this, the Americans have developed the ‘safe harbour’principle, hermetically sealed enclaves in the US where European regulations areoperated. But how reliable or secure can such ‘safe harbours’ be when theenforcement is, essentially, self-enforcement by business, rather than bygovernmental agency?
But the greatest challenge is the concept of ‘code as code’– the use of software coding to produce a de facto result which becomes asubstitute for a proper legal code. For example, an individual might accept acookie because it is useful to him, but be quite unaware (and not being warned)that the cookie contains software code to enable data mining. Furthermore, theindividual is deprived of the opportunity to consent to such invasion of hisprivacy.
Copyright
Again Professor Dr Hoeren identified the differing approaches tocopyright within the EU with some member states favouring freedom of informationand others favouring the protection of creativity, even in the face of strongpublic interest in access. The EU Directive on Copyright in the InformationSociety attempts to resolve the differences in much the same way as with dataprotection by endeavouring to combine the various EU models, and such anapproach is susceptible to the same fundamental criticisms.
Further issues arise in relation to private international law.Where material is transferred to another country and a dispute arises, the issueof choice of law has to be addressed. There is a perception that the US willendeavour to apply its own law under its preference for territoriality. Thatcould have human rights repercussions.
The third and final area to be touched on in relation tocopyright was ‘code as code’. As with data protection, those businessesmaking technological ‘advances’ with their products can be affecting humanrights indirectly. Professor Hoeren looked at one company which developed aproduct using technological means to prevent in all countries what in only somecountries would be an infringement of copyright. The practical result was theuse of such technological ‘advances’ to create a potential infringement ofthe rights of the nationals in those states where the copying in question wasperfectly legal.
Consumer Protection
Different countries approach consumer protection in differentways. Contrasting ethical values are applied in the protection of the consumer.The UK assumes a buyer is sufficiently astute to make informed decisions aboutpurchases. In other countries it is felt that complete protection of theconsumer is needed. With cross-border transactions which law is to apply?
The preference in Brussels is for the ‘country of originprinciple’, the effect of which is to apply the law of the country where thecommercial enterprise targeting the consumer has its seat. That opens the doorto allowing businesses to manipulate conditions to their own advantage byrelocating their seat to a state which has the lightest regulatory touch.
Yet again interesting issues can stem from across the Atlantic.It is one thing to clarify the legal rights of the consumer – it is quiteanother to be able to enforce those rights. There remain difficulties in theenforcement of EU judgements in the US.
As with the topics of data protection and copyright, ‘code ascode’ rears its head. Global business can pay lip service to the particularlegal regimes in individual countries, but will always tend to locate incountries with the loosest regulatory regimes.
Solutions
Professor Hoeren then asked the question of what lawyers shoulddo about these problems. He answered his own question by suggesting that itmight very well not be appropriate to rush into hasty and ill-considered action– that only tends to lead to ill-considered and ineffective laws. Above all,we need to approach matters slowly and carefully, for if we are to preserve therule of law, we cannot afford to get things wrong.
Professor Hoeren finished by returning to the IT student seatedat the back of the class. The Professor had met the student again quite recentlyat a function at the University. Of course, he is a student no longer, but theC.E.O. of a substantial software house and he was presenting a substantialendowment to Professor Hoeren’s Institute for Information Technology,Telecommunication and Media Law.
There then followed a lively question and answer session, underthe Chairmanship of Neil Brailsford QC, Treasurer of the Faculty of Advocates.
Globalisation
Iain G Mitchell QC, proposed the vote of thanks and took theopportunity to expand on Professor Hoeren’s theme of the technologist’schallenge to the rule of law. He suggested that the inexorable pressure forglobalisation was set in a world of competing, differing and uncoordinatedregulation. The result was the creation of a free market in regulatory regimes.Though this might result in migration to the country of lightest regulation, itdid not necessarily do so.
He instanced the recent Yahoo online auction case, where theFrench Court ordered the closing down of access by French residents to onlineauctions of Nazi Memorabilia. Such a ‘fire walling’ is not technologicallypossible, leaving the closing down of the whole Nazi memorabilia auction site asthe only way in which Yahoo could comply with the French Court order. In theevent, this is what Yahoo chose to do, but it might be interesting to speculatewhat might have happened had Yahoo been faced with an injunction in the Americancourts preventing it from doing so, for example, on the ground that to closedown the site would be a breach of the plaintiff’s constitutional right tofreedom of speech. (There is ongoing litigation in the US but it seeks merely todeclare that the judgment of the French court is not binding on corporationsbased in the USA – there are no injunctions sought. It is, however,interesting to think how the French Courts might react!)
This would create a conflict between two different regulatoryregimes (interestingly, each based on conflicting human rights imperatives). Insuch a situation, what would a global business offering online auctions belikely to do? It would decide where its greatest economic interests lay, andwould seek to comply with the relevant legal regime. It would then take suchprudent steps as it could to remove itself from the physical jurisdiction of theother country’s courts, so far as that could be achieved.
This would be the result even though the regime which it chosemay not be the more benign. Thus in the example of the Thomas the Tank Enginesite, a UK site with a substantial US customer base which was operatingperfectly legally in the UK had to close down a major part of its operation whenit found that it could not economically or feasibly comply with a US regulatoryregime which had been instituted in a heavy-handed attempt to crack down onchild pornography (and which was so draconian that it swept up in its wake awhole raft of perfectly blameless sites such as that one). Again, the businessidentified its area of greatest economic interest and chose that regulatoryregime.
If the relevant market were not the EU, then the rights of theEU residents are likely to be of secondary concern – an example of thepotential infringement of human rights by developments in technology. Moreover,it introduces the notion of democratic deficit – a mother in Bristol is leftto explain to her toddler son that he cannot get his monthly e-mail from Thomasthe Tank Engine, because of regulations enacted by the US Congress, in theelection of whom British citizens have had no say.
Mr. Mitchell went on to suggest that the greatest service thatlawyers can do for both businesses and the wider public in the global market isto create a clear, consistent and universally applicable regulatory climate.Without it there will be a vacuum which technologists will attempt to fill bythe pursuit of ‘code as code’ with all its implications for the rule of law,and where that is not possible, they will continue to forum shop. The result ofsuch forum shopping is likely to see the domination of the World Wide Web by themost economically powerful player rather than by the country with the laxestregime.
This problem is more of a political and economic one than it isa purely legal one. At the moment, the market dominance is enjoyed by the US,whose regulatory regime is similarly likely to become dominant. The singlemarket of the EU has the potential to be at least as economically significant amarket, but so long as EU harmonisation continues to be nothing more than theuncoordinated amalgam of differing national regimes that it presently is, thereis no equivalent unified regulatory counterweight to US dominance.
Therefore, Mr Mitchell concluded, given the inexorable pressureto globalisation, if that globalisation is not to be in the image of the US, therepresentatives of the major economies have to meet around the table to agree auniversal regulatory regime. Of course, lax regimes are unlikely to want to cometo the table, but because of the concept of economic dominance, their presencethere is likely to be irrelevant anyway. The problem is that unless there can bethrashed out a single European regulatory regime, it is likely that the presenceof the member states of the EU will also be an irrelevance.
Iain G. Mitchell QC is the Vice-Chairman of the Scottish Societyfor Computers and Law, the Chairman of the Faculty of Advocates InformationTechnology Group and Vice-Chairman of the Scottish Lawyers’ European Group.Ewan McIntyre is a partner in and head of the IP/Technology Group of Edinburghlaw firm Robson McLean WS (www.robson-mclean.co.uk)