Digital New Deal:

A new convention for data and cyberspace

The time has come to initiate negotiations for a new treaty – a ‘Convention for Data and Cyberspace’ – as a first step towards ushering in a rational and equitable global internet governance regime.

  • Español
  • English
  • Français
  • Deutsch
  • Português
  • Análisis
Ilustración: Fundación Karisma
-A +A
Article published in ALAI’s magazine No. 552: ¿Quién decide nuestro futuro digital? 26/04/2021

Just as the proliferation of steam power and mechanization inaugurated the industrial age three centuries ago, the growing centrality of ‘data’ and associated technologies are poised to dramatically revolutionize the nature of social and economic life today.  As in the early years of industrialization, we once again find ourselves in the midst of a frenzied race to capitalize on these new technologies and the frameworks that will organize and control them.


While numerous efforts have been made to achieve such a regulatory environment in the national context, the nature of the internet and information technology – as well as the economic activities built around them – require more broad-based interventions.  This, unfortunately, has been made difficult by the vested interests of hegemonic powers, as well as the contested terrain of international law.


To date, internet governance has evolved under the rubric of what is called ‘the multi-stakeholder model’.  Couched in a discourse that promotes egalitarian values and greater participation, this model has in reality been employed as a means to circumscribe the power of national governments (and intergovernmental organizations) vis-a-vis private, transnational corporations.  It has not only fostered a strikingly undemocratic regime, but also one that has been dominated by the geopolitical and economic interests of the United States.  Be it for the vast unilateral surveillance apparatus that it has built, or the added advantage of its Silicon Valley behemoths, the US has continually worked to ensure that the governance of internet-based technologies remains firmly in its control even as it has postured towards allowing others – but not other governments – to take charge.  Furthermore, recent developments in international negotiations point towards accelerated efforts to have large parts of the international community ‘locked in’ to agreements that mandate a liberalized regime involving little regulatory oversight and the free flow of data across borders.


The international community needs to resist acceding to these prevailing trends.  There is ample scholarship produced over the years that explores alternative modes of internet governance, which may be built upon to craft a democratic and thoughtful regulatory framework that addresses the needs and concerns of a wide variety of actors.


Moreover, many in the international community are beginning to realize the importance of regulatory provisions for the digital sphere, and are more open to discussing them in the context of trade negotiations.  While the recognition that such issues must be discussed in an intergovernmental forum is a positive sign, trade negotiations are an inherently inappropriate forum for such talks given their secretive, undemocratic nature and their susceptibility to lobbying by large private companies.


The time has come to initiate negotiations for a new treaty – a ‘Convention for Data and Cyberspace’ – as a first step towards ushering in a rational and equitable global internet governance regime.  It will contain explicit principles for extending well-accepted offline law to the online world, with specific emphasis on key domains.  Given the current international environment, there ought to be considerable support for such an initiative.  Moreover, there is sufficient consensus on fundamental legal principles in offline law to have them form a foundation for ordering the governance of the digital world, which also means that the negotiations should not need a prolonged process.


Of course, there is likely to be inertia and pushback from the powers that be.  But this is precisely because they have a lot to lose from any ‘fragmentation’ of the internet that shuts them out from access to large markets and sources of data.  If the rest of the international community can come together, it is possible to force them into a reasonable agreement.  In order for this happen however, civil society actors around the world must come together and put pressure on our respective governments to act.  There is a regular treaty-making mechanism, the ITU Plenipotentiary Conference, that takes place every four years and will convene next in 2022.  Not only is it an ideal forum to put forth this agenda, given the realities of geopolitics, it might also be one of our last opportunities for achieving what is proposed here.  We must all come to grips with the urgency of such an undertaking, which requires consolidating the research and ideas that can initiate progress in this direction.[1]


The contents of the new treaty


The proposed new treaty would contain provisions along the following lines.


1 Human rights


The Parties shall adopt a binding instrument specifying that any restrictions to freedom of speech, freedom of communication, or privacy, on grounds of security concerns or otherwise, must be for strictly defined purposes and in accordance with globally accepted principles of necessity, proportionality and judicial oversight. (See for example specific proposals by the JustNet Coalition[2]).


2 Data


  • In order to ensure the protection of personal data, thus increasing consumer trust, Parties shall accede to Convention 108 of the Council of Europe and the 2018 Protocol amending that convention (CM(2018)2 of 18 May 2018).
  • Parties shall ensure that national laws regarding personal data conform to the provisions of Convention 108 as amended in 2018, and shall apply those provisions to cross-border data flows.
  • Parties shall enact a national data policy which includes, in addition to personal data protection, provisions to ensure equitable distribution of the value derived from the monetization of data.


3 Competition


  • Parties shall enact a national competition/anti-trust law which is not restricted to preventing consumer harm.
  • Parties shall develop and accede to global anti-trust rules and an international enforcement mechanism for such rules.
  • Parties shall enact data-sharing legislation.


4 Taxation


  • Parties may impose local presence and/or data localization requirements in order to facilitate the enforcement of tax laws.
  • Parties shall develop and accede to global taxation rules and an international enforcement mechanism for such rules.
  • Parties may impose customs duties on data flows, in particular when such flows are eroding existing tax bases and/or when alternate types of tax bases are insufficient to generate required tax revenues.


5 Access to the internet


  • Parties shall accede to the 2012 version of the International Telecommunication Union’s International Telecommunication Regulations.
  • Parties shall transpose to national law the provisions of ITU-Recommendation D.50, International Internet connection.
  • Each Party shall administer its procedures for the allocation and use of scarce telecommunications resources, including frequencies, telephone numbers, internet protocol addresses, internet domain names, and rights-of-way, in an objective, timely, transparent, and non-discriminatory manner, in public interest.


6 Micro, Small and Medium Enterprises (MMSEs)


  • Parties shall ensure that MMSEs have affordable access to internet connectivity, international payment platforms, and international physical delivery services.
  • Parties shall establish an international clearing house to facilitate and simplify mutual recognition of national e-signatures on customs and other legally required signed documents.
  • Each Party shall ensure that retail platforms do not themselves supply goods or services offered for sale on the platform.


7 Artificial Intelligence


  • Parties shall adopt a model law or a treaty on ethical principles for Artificial Intelligence.


8 Access to Technology


  • Each Party shall ensure that enterprises around the world have access to modern technology on affordable, objective, timely, transparent, and non-discriminatory terms.
  • Parties are encouraged to procure open source software for government use.
  • No provisions of trade-related agreements shall be construed as preventing the procurement of open source software for government or private use.
  • Access to source code may be mandated under national law for specific purposes, such as verification of compliance with national laws and regulations (competition, taxation, safety, environmental, etc.).


9 Consumer Protection


  • Parties shall enact national law or regulations mandating minimum security requirements for ICTs devices, in particular those interconnected to form the Internet of Things (IoT).
  • Parties shall enact national law or regulations to prohibit unsolicited commercial emails (spam) and shall establish effective enforcement mechanisms, including at the international level.
  • Parties shall transpose to national law the provisions of ITU-Recommendation E.157, International calling party number delivery and shall have enacted national laws prohibiting the misuse of international telephone numbers (see ITU-Recommendation E.156, Guidelines for ITU-T action on reported misuse of E.164 number resources).


10 Employment and Working Conditions


  • Parties shall take appropriate measures to address the employment issues arising from e-commerce, including in particular by implementing relevant recommendations of the International Labour Organization.


11 Security


  • Parties shall refrain from hacking personal accounts or private data held by journalists and private citizens involved in electoral processes.
  • Parties shall refrain from using ICTs to steal the intellectual property of private companies, including trade secrets or other confidential business information, to provide competitive advantage to other companies or commercial sectors.
  • Parties shall refrain from inserting or requiring “backdoors” in mass-market commercial technology products.
  • Parties shall agree to a clear policy for acquiring, retaining, securing, using, and reporting of vulnerabilities that reflects a strong mandate to report them to vendors in mass-market products and services.
  • Parties shall exercise restraint in developing cyber weapons, ensure that they maintain control of their weapons in a secure environment, limit their proliferation and distribution, and report known vulnerabilities[3].
  • Parties shall limit engagement in cyber offensive operations to avoid creating mass damage to civilian infrastructure or facilities.
  • Parties shall facilitate the establishment of an international cyberattack attribution organization to strengthen trust online.
  • Parties shall, individually and in cooperation, develop and apply measures to increase stability and security of international telecommunication networks and in the use of ICTs in order to achieve effective use thereof and avoidance of technical harm thereto, as well as to maintain international peace and security, the harmonious development of ICTs, and to prevent ICT practices that may pose threats to international peace and security.[4]
  • Parties shall not knowingly to allow their territory to be used for internationally wrongful acts using ICTs.
  • Parties shall consider how best to cooperate to exchange information, assist each other, prosecute terrorist and criminal use of ICTs, and implement other cooperative measures to address such threats.
  • Parties shall not conduct or knowingly support ICT activity contrary to their obligations under international law that intentionally damages critical infrastructure or otherwise impairs the use and operation of critical infrastructure to provide services to the public.
  • Parties shall take appropriate measures to protect their critical infrastructure from ICT threats, taking into account General Assembly resolution 58/199 on the creation of a global culture of cybersecurity and the protection of critical information infrastructures, and other relevant resolutions.
  • Parties shall respond to appropriate requests for assistance by another State whose critical infrastructure is subject to malicious ICT acts; they shall also respond to appropriate requests to mitigate malicious ICT activity aimed at the critical infrastructure of another State emanating from their territory, taking into account due regard for sovereignty.
  • Parties shall take reasonable steps to ensure the integrity of the supply chain so that end users can have confidence in the security of ICT products.
  • Parties shall not conduct or knowingly support activity to harm the information systems of the authorized emergency response teams (sometimes known as computer emergency response teams or cybersecurity incident response teams) of another State; a Party shall not use authorized emergency response teams to engage in malicious international activity.


- Richard Hill is president of the Association for Proper Internet Governance (APIG -, based in Geneva.  He has worked previously with the ITU on policy issues.


This article is a synthesis Hill’s contribution to a series published by IT for Change entitled: A Digital New Deal: Visions of Justice in a Post-Covid World.



[3] A more detailed version of these provisions is found in the fuller version referenced above.

[4] This and the following provisions are based on the eleven norms of paragraph 13 of the 2015 Report of the UN Intergovernmental Group of Experts in the Field of Information and Telecommunications in the Context of International Security (UN document A/70/174), and on the 2012 International Telecommunication Regulations.

Clasificado en

Publicado en Revista: ¿Quién decide nuestro futuro digital?

Suscribirse a America Latina en Movimiento - RSS