Conflicts of Law in Privacy, Data Protection, and Defamation Disputes: German and English Law

Chapter 11 provides a critical analysis of private international law with regard to disputes based on torts between private parties arising from infringements of privacy and data protection rights, and defamation, committed by internet communication. This is a fast-developing and changing area. It compares the private international law rules in Germany and England. The proceedings examined in this chapter are civil litigation, as opposed to judicial review of administrative action (Chapter 7). The chapter covers the harmonized rules under the Brussels Regulation and, in particular, the jurisprudence in respect of the mosaic rule established in Shevill and the rules on civil jurisdiction in the General Data Protection Regulation (GDPR). Additionally, where the Brussels Regulation does not apply, it examines in detail the national rules of jurisdiction in Germany and England, in particular the “conflicts of interest” test in Germany, and, for defamation cases in England, the new test on the most appropriate place under the Defamation Act 2013. Since the rules on applicable law for privacy, defamation, and other personality rights cases are not harmonized in the Rome II Regulation, national law prevails. The rules in Germany and England are analysed—contrasting and comparing the approaches in internet cases. It unravels the extraordinarily complicated and twisted knot of jurisdiction and applicable law in the area of personality rights infringements online and brings some clarity to this area. It concludes with some robust suggestions for improving the rules on jurisdiction and applicable law to provide a better balance of conflicting interests.

Civil and Commercial Cases in the EU: Jurisdiction, Recognition, and Enforcement, Applicable Law—Brussels Regulation, Rome I and II Regulations

Chapter 8 examines the harmonized provisions on private international law in the EU. It discusses the conflict of law rules in civil and commercial matters contained in the Brussels Regulation on Jurisdiction and the Rome I Regulation (applicable law contracts) and Rome II Regulation (non-contractual obligations). It analyses their scope of application and the general and special rules of jurisdiction for contract and torts, and the law applicable to different types of contracts and non-contractual liability. It provides a general overview of the main aspects of private international law in the EU and how this applies in internet cases.

Criminal Jurisdiction—Concurrent Jurisdiction, Sovereignty, and the Urgent Requirement for Coordination

Chapter 4 provides an incisive introduction to criminal jurisdiction and the internet, setting the scene for the chapters on jurisdiction of the criminal courts (Chapter 5) and investigative jurisdiction (Chapter 6). It explains the concurrency of criminal jurisdiction in international law and analyses the problems arising. In particular, there are two main conflicts of jurisdiction: first, the multiple, overlapping claims of jurisdiction between several states and the risk of multiple prosecutions for the same crime (or no prosecutions, as no state has sufficient evidence or motivation; second, jurisdictional overreach where conduct is lawful in one country, but a criminal offence in another country who wishes to prosecute, potentially causing jurisdictional overreach and spill-over effects. The chapter begins by setting out the grounds of jurisdiction under international law. An examination of the cross-border implications of cybercrime follows, distinguishing three discrete aspects of the cross-border nature of cybercrime and analysing the nature of jurisdictional conflicts under the lens of territoriality and connecting factors. It analyses how a better coordination of jurisdictional claims might be achieved under comity and reasonableness principles, and coordination under EU law, such as the Eurojust Guidelines and the EU Framework Decision. Finally, it critically analyses the ambit of double jeopardy and the ne bis in idem principles and their limited application. Conflicts of criminal jurisdiction, and the potential of multiple prosecutions of defendants for the same offence, call for greater international cooperation between states and coordination rules between different legal orders. However, the development of coordination rules in respect of national criminal jurisdiction is in its infancy.

Intellectual Property—Internet Jurisdiction and Applicable Law

Chapter 12 covers jurisdiction and applicable law in respect of internet cases involving intellectual property (IP). It covers both registered rights (eg trademarks, patents, design rights) and unregistered rights (eg passing off, copyright). It incisively discusses the relationship between IP and the territoriality principle, and how the English courts have moved away from the strict territoriality rule in recent years. The chapter discusses the Berne Convention and, within the EU, the Copyright Directive overcoming the strict territoriality of copyright. It includes a discussion of domain names and in rem jurisdiction at the place of registration of the domain name. The chapter then moves to an explanation of the jurisdictional rules in England, as well as the harmonized EU rules in the Brussels Regulation. The chapter analyses in rem, subject-matter jurisdiction and its interplay with personal jurisdiction under the Brussels Regulation and the English Jurisdiction rules. The chapter briefly discusses the jurisdictional provisions in the EU Trademark Regulation, Community Design Regulation, and the European Patent. Finally, it covers the rules on applicable law in the Rome II Regulation and the Berne Convention.

Jurisdiction of the Criminal Courts in Cybercrime Cases in Germany and England

Chapter 5 deals with the jurisdiction of the criminal courts and the applicable criminal law (the ambit of the criminal law) and contrasts the English common law with German law in cybercrime cases, highlighting the similarity of the challenges and the differences in approach of both countries. As a broad rule of thumb, English common law (largely) restricts criminal jurisdiction to the territoriality principle, whereas German law recognizes the active and the passive personality principle, sometimes coupled with the double criminality rule, meaning that the act must be a criminal offence in the place where it was carried out. Notably, German law has codified the universality principle for certain offences, and by so doing exceeds its obligations under international treaties; for example, in respect of child sexual exploitation and abuse materials. Both countries face the same challenges in applying the territoriality principle and connecting cybercrime offences to their respective territories (eg in respect of the question where illegal content online was published). Criminal jurisdiction (subject to specific statutory exceptions) in England has long been confined by the terminatory approach, but has now been reformed by a substantial measure test. Finally, the chapter examines inchoate offences and the specific provisions on jurisdiction contained in the Computer Misuse Act.

Conflicts of Law and Internet Jurisdiction in the US

Chapter 9 focuses on conflicts of law and jurisdiction in internet cases before the US courts and contrasts the US approach with that found in EU states. It examines jurisdiction as emanating from the due process clause of the US Constitution and the relevant caselaw. It analyses jurisdictional due process and minimum contacts jurisprudence in general, the distinction between general and specific personal jurisdiction and the application of the jurisdictional principles to internet cases. It then continues by looking at specific doctrines and how they have evolved in respect of internet disputes, such as the effects doctrine, stream of commerce cases, and e-commerce contracts. The chapter analyses the doctrines tempering the assumption of jurisdiction and governing the interface with foreign law and, specifically forum non conveniens, comity, and reasonableness. Finally, it examines procedural jurisdiction in the context of adjudications and conflicts of law with regard to (civil litigation) evidence and draws conclusions from the subject matters examined.

The Jurisdictional Challenge Answered—Enforcement through Gatekeepers on the Internet

Chapter 3 examines the consequences of the Jurisdictional Challenge of the internet for the enforcement of public law, such as content regulation and criminal law relating to illegal content. Internet applications such as websites, mobile apps, peer-to-peer file sharing, cyberlockers, and social media have enabled the remote sharing of illegal content and criminal interaction between people globally and across national borders. This global spread of illegal activities creates challenges for the application and enforcement of national law, as perpetrators may be remote from enforcement authorities, and content is shared instantly. The imposition of liability on intermediaries such as social media platforms as gatekeepers for law enforcement as a way of overcoming the Jurisdictional Challenge is critically discussed. Enforcement takes place against entities facilitating or enabling dissemination of illegal content or the illegal activities instead of the primary perpetrators. This strategy is used to overcome the “out of reach” problem caused by decentralization and remote targeting. This chapter critically analyses in detail the provisions on intermediary liability/immunity and recent proposals to impose a duty of care, particularly in respect of child sexual exploitation and abuse, and terrorism-related materials. It examines the German Network Law Enforcement Act and other countries’ similar initiatives (including the UK White Paper “Online Harms”) and the provisions in the revised EU AVMS Directive. It critically examines regulation by platforms themselves and the human rights implications of coregulation. Both notice and take-down regimes and blocking of internet access to material are covered, and different initiatives evaluated and compared.

A Brief Introduction

Chapter 1 introduces the Jurisdictional Challenge, that is, the situation where multiple courts may be competent or no court may be competent, and briefly explains the key features of internet technologies such as remoteness, decentralization, and ubiquity, which have given rise to the Jurisdictional Challenge. It briefly explains how internet technologies such as wireless networking, ubiquitous broadband, peer-to-peer file sharing, cloud computing, and blockchain are all increasing this trend. This chapter analyses why law enforcement on the internet is difficult and provides an overview of the book chapters.

Digital Investigations in the Cloud—Criminal Enforcement Cooperation

Chapter 6 examines jurisdiction in criminal investigations where the digital evidence is stored in another country, as is likely where data is stored in the cloud. The territoriality principle and sovereignty mean that states are not allowed to carry out acts of investigations outside their territory. Internet technologies and remote cloud storage in the twenty-first century mean that much forensic evidence is likely to be physically stored in another country. If law enforcement authorities seize a computer on their territory it is increasingly likely that some of the data is stored in the cloud. Therefore, traditional investigatory powers limited to territory (such as a warrant to seize physical items) are not sufficient. This raises difficult questions of whether powers in respect of extended computer searches or disclosure orders can be implemented extraterritorially without breaching international law. This chapter provides a detailed examination of the traditional mechanisms of international cooperation through mutual legal assistance, the difficulties inherent in the traditional approach and the mechanisms to overcome these difficulties, including unilateral acts by states and new forms of international cooperation, such as the US system of bilateral agreements envisaged in the Cloud Act and, for the EU, the EU E-Evidence Proposal. The chapter critically analyses the data protection and human rights issues implicated by cross-border digital investigations and the role of private service providers who may disclose data in response to foreign law enforcement requests.

Consumer Protection and Jurisdiction

Chapter 10 examines the validity and enforceability of forum selection (jurisdiction) and choice of law (applicable law) clauses in consumer contracts in the US and in the EU, comparing two differing approaches to finding a balance between business’ interests, transactional efficiency, and consumer protection in e-commerce. The chapter explains the US jurisprudence, which has established a presumption in favour of the validity of jurisdiction and choice of law clauses in the absence of fraud, undue influence, or overweening bargaining power (US Supreme Court in Bremen and Carnival Cruise Lines v Shute). It contrasts the contractual analysis in the US, which may hold certain forms of clauses in adhesion contracts unenforceable, depending on the applicable state law with the stricter public policy approach in the EU, which implements consumer protection law through its private international law rules in the Brussels I Regulation and the Rome I Regulation. It examines the EU rules with respect to the types of consumers and consumer contracts to which the protective jurisdictional rules apply. The chapter critically analyses the jurisprudence on jurisdiction in internet and e-commerce cases and incisively conceptualizes the legal approaches and latest developments on both sides of the Atlantic. This includes the directing/targeting line of cases after Pammer/Alpenhof in the EU.