The United Nations (UN) member states on August 7, 2024, approved a convention targeting cybercrime, the body’s first such text, which will be submitted to the General Assembly for formal adoption in September 2024, despite concerns from technology and human rights groups, including Media Rights Agenda (MRA).
After three years of negotiations and a final two-week session in New York, in the United States, member states approved the UN Convention Against Cybercrime by consensus.
The Convention seeks to establish a unified framework for addressing the growing threat of cybercrime on a global scale. However, the draft text has sparked debate over potential implications for human rights, privacy, and the balance of power between governments and private entities in cyberspace.
A group of 91 civil society organisations and academics which work to protect and advance human rights online and offline, including Media Rights Agenda (MRA), had issued a joint letter expressing grave concerns about the proposed UN’s cybercrime convention and making recommendations for its revision to ensure that human rights and fundamental freedoms are prioritized
The letter addressed to H.E. Ms Faouzia Boumaiza Mebarki, Chairperson, Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communication Technologies for Criminal Purposes, pointed out that the draft text released by the committee on November 7, 2022, formally entitled “the consolidated negotiating document (CND) on the general provisions and the provisions on criminalization and on procedural measures and law enforcement of a comprehensive international convention on countering the use of information and communications technologies for criminal purposes,” risks running afoul of international human rights law.
The groups contended that the CND is overbroad in its scope and not restricted to core cybercrimes, and that it also includes provisions that are not sufficiently clear and precise, and would criminalize activity in a manner that is not fully aligned and consistent with States’ human rights obligations set forth in the Universal Declaration of Human Rights (UDHR), the International Covenant on Civil and Political Rights (ICCPR), and other international human rights standards and instruments.
They added that the CND’s criminal procedural and law enforcement chapter lacks robust human rights safeguards, while its substantive provisions expand the scope of criminal intent and conduct, threatening to criminalize legitimate activities of journalists, whistleblowers, security researchers, and others.
They warned that failing to prioritize human rights throughout all the Chapters can have dire consequences, pointing out that the protection of fundamental rights has consistently been raised by Member States throughout the sessions of the Ad Hoc Committee to elaborate the Proposed Convention. Many States and non-governmental stakeholders have called for the Proposed Convention to be fully aligned and consistent with international human rights law.
Similarly, technology groups have raised alarms about the broad and vague definitions of cybercrime included in the convention, which they believe could be exploited to criminalize legitimate activities such as journalism, whistleblowing, and online activism. The absence of clear safeguards to protect freedom of expression and the right to privacy is seen as a major flaw, particularly in an era where digital communication is a cornerstone of daily life.
They worry that without these protections, the convention could be misused to target dissidents and suppress dissent under the guise of fighting cybercrime.
Another significant concern raised by the group is the potential impact on cross-border data flows and the global digital economy. The convention includes provisions that could lead to increased government access to personal data, raising fears about the erosion of privacy rights and the potential for mass surveillance. Tech companies, particularly those operating internationally, are concerned that the convention could create a patchwork of conflicting legal requirements, complicating compliance and stifling innovation. They also warn that these measures could undermine trust in digital services and platforms, leading to broader economic repercussions.
Once ratified by 40 member states, the convention will be formally adopted by the UN General Assembly and come into force.
