Published online by Cambridge University Press: 23 January 2020
INTRODUCTION
In a global digital economy, data pass through servers, located in different countries with diverse rules on data protection security. Different standards and requirements lead to the problem of the global system only being as strong (or weak) as cyber-security requirements in the “least trusted country”.
Encryption is oft en put forward by the crypto experts as an effective security measure. At its core, encryption transforms text-information into a seemingly random string of words and letters that can only be deciphered by using another bit of information, called the decryption key. The rules on use of encryption vary and some countries have adopted regimes that may compromise information and conversations despite use of appropriate encryption techniques. Encryption is also an important measure contributing to human rights, especially freedom of expression and the right to privacy. It keeps communications inaccessible and safe from prying eyes, enabling the sharing of opinion, accessing online information and organising with others to counter injustices. In data protection, encryption is a privacy preserving technique, that also contributes to security of processing personal data.
The data protection framework has seen two important changes in 2018 and 2019: the General Data Protection Regulation (GDPR) becoming applicable, and the modernisation of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (so-called Convention no. 108+), respectively. Both instruments are oriented toward European states. However, due to their extraterritorial effects, the two instruments can be considered as means of globalising the data protection framework to achieve a worldwide adequate level of protection of personal data.
A connected world with international data flows could therefore benefit from globalised data protection rules. However, as discussed in this paper, progress has been slow, and not all instruments explicitly contain a reference to encryption. Nevertheless, if the international community decided to push for an obligation to use encryption under international law, some potentially applicable rules are already in place. Such an obligation would apply globally.
This paper attempts to address the challenge of finding such an obligation by examining provisions, relevant to encryption, that could potentially lead to a worldwide encryption requirement, thus obviating the problem of the least trusted country.
To save this book to your Kindle, first ensure [email protected] is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.
Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.
Find out more about the Kindle Personal Document Service.
To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.
To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.