Privacy International's comments on the updated draft text of the UN Cybercrime Convention (May 2024)
In this briefing, Privacy International outlines its analysis of some key provisions on the Updated Draft of the United Nations Convention against Cybercrime, which will be negotiated at the reconvened concluding session of the Ad Hoc Committee in late July. While not aiming to be comprehensive, PI's comments cover the following Articles: 3, 4, 6, 7-11, 23, 24, 28, 29, 30, 35, 36, 47 and 54.
Failing to narrow the scope of the whole treaty to cyber-dependent crimes, to protect the work of security researchers, to strengthen the human rights safeguards, to limit surveillance powers, and to spell out the data protection principles will give governments’ abusive practices a veneer of international legitimacy. It will also make digital communications more vulnerable to those cybercrimes that the treaty is meant to address. Ultimately, if the draft treaty cannot be fixed, it should be rejected.
While PI recognises the threats posed by cybercrime, PI reiterates the need both for a narrow scope for the proposed Convention, focusing solely on core cyber-dependent crimes, as well as for effective safeguards throughout the entire treaty to ensure human rights are respected and protected, especially in the areas of privacy and freedom of expression. Throughout the negotiations most of proposals by Member States and other stakeholders aimed at restricting the scope of the treaty and strengthening its safeguards provisions have been ignored or watered down. As a result, the updated draft remains too broad in scope and would allow States to adopt measures that would undermine human rights protection as well as security of digital communications. This is not an abstract concern: domestic cybercrime laws have been used to violate human rights and certain provisions of the current draft would give States an opportunity to justify their abusive practices.