This week, the United Nations convened a meeting to finalize a new draft UN Convention that would counter the use of ICTs for cybercrime. USCIB Vice President for ICT Policy Barbara Wanner was on the ground in New York and delivered a stakeholder intervention that focused on scope of the Convention and data protection safeguards.
The negotiation for the text of this new Convention, officially called the “Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes,” aims to address the abuse of information technologies to scale and speed crimes such as terrorism, human trafficking, smuggling of migrants, drug trafficking, and illicit manufacturing and trafficking in firearms.
Wanner’s intervention reflected comments also made by the International Chamber of Commerce (ICC), USCIB member Microsoft, and the Cybersecurity Tech Accord.
“The Convention should align with existing instruments and data protection standards to avoid conflict of laws, confusion, delays, increased costs, and potential cooperation breakdown,” said Wanner. Wanner also addressed the draft’s provisions for government access to personal data, related to a wide variety of cyber-enabled crimes that are not currently defined in the draft without appropriate safeguards.
“Combined with the lack of clarity on jurisdiction for this category of crimes, data custodians will have no way of determining whether government requests for data access are reasonable and proportional,” added Wanner.
Wanner referenced the OECD Declaration on Government Access to Personal Data Held by Private Sector Entities, adopted in December 2022, as a good model.
“The OECD framework aims to clarify how national security and law enforcement agencies can access personal data under existing legal frameworks,” added Wanner.