IDP2016 (VI). Cybercrime

Notes from the 12th Internet, Law and Politics Congress: Building a European digital space, organized by the Open University of Catalonia, School of Law and Political Science, and held in Barcelona, Spain, on 7-8 July 2016. More notes on this event: idp2016.

Communications on Cybercrime
Chairs: Josep Maria Tamarit

The European Commission and security governance: the role of a policy shaper in the fight against cybercrime.
Ana Paula Brandão, Assistant Professor of International Relations, University of Minho, Portugal; Researcher of the Political Science Research Centre (CICP).

The concept of security is today quite comprehensive and wide. We have to think of ways of security governance that may even work without a government. From who governs and how, to who controls for whom.

Why is cybercrime so important for the EU?

  • Transboundary security problem.
  • EU, a key target.
  • Expansion and sophistication of the issue.
  • Public-private nexus.

We are now entering an age of “securitization”, where many issues are seen under the light of security. The concern on security is huge.

We need a common definition of cybercrime, a comprehensive approach for this multifaceted issue, horizontal coordination, public-private cooperation, a new normative dimension, etc.

New technologies applied to criminal law: the search of computer equipment.
Inmaculada López-Barajas Perea, Profesora Titular Acreditada de Derecho Procesal, Universidad Nacional de Educación a Distancia.

There is an increase of an invasion of privacy from the government, allegedly for security and criminal reasons. It is actually true that private life happens in many places, many of them virtual or digital, and which are now subject of search in case of suspicion of crime.

What the legislator is now trying is that each and every citizen right affected by a police action has to be individually authorised. That is, during a search in a house, one cannot take the personal computer as if it was just a device to storage information, because it includes much more than that: it is a gate for freedom of speech, it holds personal data, etc.

Same applies to performing searches on systems connected to the personal system. Expanding the search to other systems will require the corresponding authorisation.

Defamation in 140 characters (or less): civil liability for honour damaging in Twitter.
Albert Ruda González Profesor agregado de Derecho civil de la Universitat de Girona.

Twibel: libel by tweet.

Libel has always been a human practice, but Twitter gives it a new meaning: because it is open by default, because retweeting gives the original libel an extendend and expanded life (and without context), etc.

Usual problems:

  • Anonymity: who is liable?
  • Parodies: where is the limit?
  • Big diffusion of the publications.
  • Liability of the RT.
  • Disclaimers of non-liability: again, where are the limits?
  • How to publish the sentence on Twitter?


Q: what happens when a bot steals one’s identity and libels other users on Twitter? Ruda: impersonation is not accepted on Twitter and, when it happens, the user is blocked. In the same train of thought, this should not make anyone liable for having had their identities stolen.

Josep Maria Tamarit: what are we witnessing, a shift of platforms, where libel, or hate-speech, is moving from one place (e.g. a square) to another one (e.g. Twitter)? Or is it that libel (and other practices) is increasing due to the facilitation of new technologies, especially social networking sites?


12th Internet, Law and Politics Conference (2016)

7th Internet, Law and Politics Congress (X). Right to be forgotten, data protection and privacy

Notes from the 7th Internet, Law and Politics Congress: Net Neutrality and other challenges for the future of the Internet, organized by the Open University of Catalonia, School of Law and Political Science, and held in Barcelona, Spain, on 11-12 July 2011. More notes on this event: idp2011.

Track on the Right to be forgotten, data protection and privacy
Chairs: Mònica Vilasau Solana, Lecturer, School of Law and Political Science (UOC)

Pere Simon Castellano
The constitutional regime of the right to oblivion in the Internet

It is the principle of consent the one that gives us the legitimacy to claim for a right to privacy or data protection.

Especially related to search engines (though not only) is the legality of a given content another important factor when claiming for our privacy rights or the right to be forgotten.

Jelena Burnik
Behavioural advertising in electronic communications. A benefit to electronic communication development and an intrusion of individual’s right to privacy and data protection

Behavioural advertising tracks Internet users’ activities online and delivers only relevant advertisements, based on the data collected and analysed over a given period of time. It is normally enabled by cookies, that are placed by websites or advertisements on websites.

Behavioural advertising is defended in the name of relevance of advertisements, enhanced user experience, precise segmentation and less money spent on non-relevant audiences, support to free Internet content and a driver of innovation.

But it is a controversial practice that requires a fair balance between the interests of the industry and the rights of individuals. As cookies assign a unique ID with an IP address, there can be concerns on data protection. On the other hand, cookies are normally placed in the computer by default, while maybe a debate on opt-in vs. opt-out of cookie placing and cookie-based tracking should be considered.

A new “cookie” European directive should aim at shifting from an opt-out principle to an opt-in one, and cookies being placed only under explicit user’s concern. But how is the technological solution for an opt-in cookie principle?

In the US, though, what seems to be more acknowledged is an enhanced opt-out model.

But only true opt-in provides for transparency, and self-regulation of the industry will not suffice.

María Concepción Torres Diaz
Privacy and tracking cookies. A constitutional approach.

It is worth noting the difference between privacy, intimacy and personal data. And cookies can harm privacy. So, users should get all necessary information on cookies and tracking so they can decide whether a specific behaviour puts at stake their privacy. In case the user decides to go on, explicit consent should be provided to the service to perform its tracking activity.

We have to acknowledge that new technologies will bring with them new rights and new threats to old rights. Thus, we should be aware of the new technologies so that the law does not fall behind.

Philipp E. Fischer; Rafael Ferraz Vazquez
Data transfer from Germany or Spain to third countries – Questions of civil liability for privacy rights infringement

There are data transfers at the international level continuously. If those data got “lost”, the operator might have incurred in privacy rights infringement.

The European Directive on data transmission, it has been established that there can be data transmission within the European Union (nationally or internationally) or with 3rd countries with adequate level of data protection. There still are some issues with the US and there are other countries which are simply banned from data transmission between them and member states.

Faye Fangfei Wang
Legal Feasibility for Statistical Methods on Internet as a Source of Data Gathering in the EU

Privacy protection steps: suitable safeguards, duty to inform prior to obtaining consent (transparency), consent, and enforcement. Request for concern should be looked at as a very important step towards privacy protection. Consent must be freely given and informed.

There is an exemption clause in the UK legislation, to be used when gathering some data is strictly necessary for a service to run, or for scientific purposes, etc. But the exception clause must be used legally.

Ricardo Morte Ferrer
The ADAMS database of the Anti Doping World Agency. Data protection problems

The ADAMS database stores whereabouts, reporting where a sportsman is during 3 months, for a daily time span from 6:00 to 23:00 and including a full daily 1h detailed report of their whereabouts. Instead of presuming innocence, this database kind of presumes guiltiness.

That is a lot of information and, being the holder an international agency based in Canada, a threat on data protection as it implies a continuous traffic of personal data internationally.

Inmaculada López-Barajas Perea
Privacy in the Internet and penal research: challenges in justice in a globalized society

The possibility that personal information of citizens can be retrieved, remotely, by law enforcement institutions, is it just the digital version of the usual (and completely legal) surveillance methodologies, or is it something new and something that threatens citizens’ privacy?

More information


7th Internet, Law and Politics Conference (2011)