Scandinavian Perspective on IT Law
XXXI Nordic Conference on Law and Information Technology was held in Stockholm on 9-10 November 2016. Mikhail Zhuravlev, junior research fellow of the International Laboratory for Information Technology and Intellectual Property Law, took part in the Conference.
The key theme of the event was formulated as “Secured Digitalization”. The conference addressed the issues of information security, personal data protection and regulation of cyberspace, various aspects of automated legal compliance. In addition, special attention was paid to the methodology of research and teaching activities in the field of IT law.
The speakers of the conference were leading officials of European research centers for IT law - Lee Bygrave and Dag Wiese Schartum from the Norwegian Research Center for Computers and Law (Oslo), Joris van Hobroken from the Institute for Information Law (Amsterdam), Peter Wahlgren - head of the Swedish Research Institute of Law and Informatics (Stockholm), and others.
Particular interest of the participants was aimed at the discussion of responsibility principles of the state, accused of carrying out cyber attacks on information infrastructure of other states. This issue has become particularly relevant in connection with recent accusations of cyber attacks and encroachment on the states’ information sovereignty. In practice it is quite difficult to prove the guilt of a particular state upon "beyond the reasonable doubts" model. Regarding this issue, opinions of the researchers were split. Some insisted that in such situations presumption of innocence would be put in action; therefore, it would be unacceptable to charge the state with cyber attacks without serious evidence. Others adopted a more flexible approach. Since this is not the case of criminal liability, less stringent standards of proof may apply (as in private law).
Another controversial issue was related to the lawmaking techniques in the information sphere. The essence of the issue is to what extent the legislation in the IT field must be technologically deterministic. On the one hand, legislation should be technologically neutral, but for its efficient use (and for the achievement of regulatory goals) legal rules must consider the real technological possibilities. During the discussion the following thesis was supported: the laws should be technologically neutral, but they should not be separated from technology (technologically free).
A quite peculiar approach has been revealed in methodology of legal research in the digital age. In particular, it was noted that current research in the field of law and information technology are characterized by such trends as interdisciplinarity, multistakeholderism, borderless environment, technological neutrality, visualization, interactivity and others. In current technological and social conditions science has to keep pace with the constant changes, to be open and to adopt new methods.
Data protection with encryption is a matter of current importance for everyone, including Russian IT community. Legal assessment of the cryptography use in data exchange on the Internet is multidimensional. On the one hand, encryption is an important and effective means of protecting information from unauthorized access. On the other hand, encryption confronts states with new challenges related to access to the encrypted information for legitimate purposes. Some countries (Russia is not an exception) enact special laws requiring Internet services to provide keys for decrypting data. Such laws pose a lot of questions for the researchers, especially when being considered in the context of human rights protection. At the conference the publication of UNESCO report was announced, which is dedicated to cryptography and human rights.
The scope of the discussed issues raised at the conference was not limited to the above mentioned problems. No less discussion and controversy has been caused by the laws on data localization and data retention, aspects of personal data protection in the era of big data, automation of compliance with legislative requirements, etc.
Some materials of the conference, which covered the above-mentioned and other questions, can be found here: https://irilaw.org/e16/the-xxxi-nordic-conference-on-law-it-documentation/