Introducing the International Encyclopaedia of Privacy and Technology Law

The explosion of the Internet, the digitalisation of all sectors of society and the generalised use of social media and other forms of electronic communications, have led to a broader focus on the protection of the privacy of individuals and the personal data processed about them. As a result, the field of privacy and data protection has de facto developed into a separate legal domain. It no longer seems justified to continue treating privacy and data protection law as one of the chapters of the International Encyclopaedia of Cyber Law. In addition, digital transformation affects nowadays all economic and societal activities and the legal aspects are much more diversified compared to the start of the current century.

Consequently, the publisher and editors have decided to split Cyber Law into two series of monographs. The new International Encyclopaedia has received  a new name; ‘International Encyclopaedia of Privacy and Technology Law’ to reflect this new vision. The titles of the two series of monographs  are ‘Information Technology Law’ and ‘Privacy and Data Protection Law’ respectively.

Information Technology Law

Today, information and communications technology is part of our daily environment. Mobile communication devices, such as laptops, tablets and smartphones, but also smart wearables in the form of watches or glasses are omnipresent. They are used for more and more purposes and in more and more contexts, not only for interpersonal communications but also for financial services, education, shopping, transportation, investment, healthcare, government services or entertainment. Essential digital products and services such as processor chips, operating systems, cloud services, search engines, social media or mobile application stores are delivered on a worldwide scale by a few number of very large international companies. Information and communications technology becomes also part of our daily environment as it is embedded in a growing number of things, such as in our homes, our means of transportation or even in our bodies.

From a legal perspective, this constantly changing environment brings about important regulatory challenges. It gives rise to new markets, rights and opportunities but it also causes new risks and innovative forms of abuse. International, regional and national policy makers and legislators have tried to cope with these challenges and have created a legal framework to tackle the most important issues.

The Encyclopedia : The national monographs of the International Encyclopaedia of Privacy and Technology Law (formerly “Cyber Law”)  dealing with “Information Technology Law” analyse the legal framework related to information and communication technology on the basis of a common standard outline. The outline contains, besides a general introduction, six  main parts:

1.      Digital Market Regulation: legal status of standards and technical specifications (non-binding self-regulation), legal status of standard terms and conditions, international private law applied to the online environment, competition law applied to the digital market, regulation of the electronic communications market (“telecommunications law”), regulation of broadcasting activities (audio-visual services), regulation of online interactive services (electronic commerce, online platforms, b2b platforms), regulation of cryptography and dual-use goods.

2.      Online public services: e-government legal framework, legal framework for e-health, ànline voting, other e-government services.

3.      Online transactions: electronic contracting (incl. smart contracts and blockchain), e-signatures, trust services (certificates, electronic mail services, etc.), online financial services, law of evidence in the digital environment (incl. rules regarding electronic archiving), consumer protection (online sales and online services), liability of online service providers.

4.      Intellectual rights (“digital rights”): patent law (applied to software, etc.), trademarks (application in the digital context), design protection (application to digital products, copyright protection in the digital context, legal protection of software, semiconductor products and databases (including issues relating to data “ownership” rights), protection of internet domain names.

5.      Cybersecurity law: institutional framework (cybersecurity agency, national CERT, etc.), general and sector-specific information security obligations, liabilities and remedies,.

6.      Cybercrime: application of international and regional agreements (including law enforcement cooperation agreements, etc.), specific computer crimes (unlawful access, identity theft, online fraud, online sabotage, forgery), traditional crimes in a digital context (offences against decency, hate speech, defamation, etc.), criminal procedural aspects  (incl. data retention, interception of electronic communications, network search, seizure of data, duties of intermediaries).

Privacy and Data Protection Law

Privacy law and data protection law have a different historical background. The protection of privacy obtained a constitutional status after the Second World War, starting with the Universal Declaration of Human Rights adopted by the United Nations in 1949 and it was subsequently included in the European Convention of Human Rights in 1950. Data protection laws, on the contrary, emerged for the first time almost twenty years later, when people started worrying about the consequences of processing personal information by means of computers. Judging whether or not the right to protection of private life has been violated, will in the first place necessitate an examination of relevant jurisprudence, rather than diving into legislative texts. This is entirely different in the domain of personal data protection. This domain became something in itself with its own laws and even its own legal institutions. These rules and institutions regulate and monitor to which extent and under which conditions information related to individual physical persons may be used. The European Union has set the tone for this, initially in the form of a Directive adopted in 1995 and, since 2016, with the entry into force of the General Data Protection Regulation, abbreviated as the GDPR.

Privacy and data protection law are, however, also very much overlapping areas. This is the reason why terms such as “data privacy” or “information privacy” are used, in order to express that the objective of protecting an individual’s personal information remains in most circumstances a privacy issue. In practice -  and certainly in the context of litigation -  privacy and data protection rules are therefore often invoked together. It is therefore appropriate to deal with both domains in one publication.

The Encyclopedia : The national monographs of the International Encyclopaedia of Privacy and Technology Law (formerly “Cyber Law”) dealing with “Privacy and Data Protection Law” analyse the legal framework related to the protection of privacy and the legal framework regarding the processing of personal data on the basis of a common standard outline. The outline contains, besides a general introduction, two main parts:

1.      Privacy protection: protection of private life by the Constitution, national implementation of relevant international and regional conventions, protection of the confidentiality of interpersonal electronic communications, sector-specific national legal provisions regarding the protection of privacy.

Personal data protection: general legal framework, data quality principles, processing of sensitive personal information, data subject rights, duties of data controllers and their subcontractors, mandatory organisational and technical security measures, international data transfers, liabilities, data protection supervisory authorities, enforcement procedures, sanctions and remedies, specific data protection regimes (journalists, religious bodies, scientific research public archives, etc.).