From the Borderless Digital Chambers to Prison’s Four Walls after Committing Personal Data Unlawful Acts
Downloads
This paper represents a concise comparative presentation of how and why can imprisonment be a penalty in different legal systems when committing cybercrimes that affect personal data. Yet, since personal data is closely linked to cybersecurity (especially in cases of non-compliance with regulatory standards), the subject matter herein will focus on the subsequent relationship between personal data and cybercrimes, but from a peculiar perspective – how impactful unlawful acts can be so as to result in criminal convictions. It relies, therefore, on a symbiosis of acknowledging where personal data sits in the cybercrimes’ ecosystem and applying this to the most threatening cases identified by global regulators. In this context, the current research is contingent on mirroring the major legal models worldwide, based on which these offences are sanctioned with imprisonment. It is utterly thought-provoking to analyse how the contrasting legal provisions are driven by a common goal: preventing cybercrimes or, as the case may be, minimising their consequences. All these differences have, essentially, homogenous values at a foundational level. Particularly, that foundational level is the research core of this paper.
Downloads
Global Programme on Cybercrime, UNODC. Accessed Mar. 18, 2022. [Online]. Available: https://www.unodc.org/unodc/en/cybercrime/global-programme-cybercrime.html
Convention on Cybercrime, opened for signature 23 November 2001, ETS No 185 (entered into force 1 July 2004).
Directive 2013/40/EU of the European Parliament and of The Council of 12 August 2013 on attacks against information systems and replacing Council Framework Decision 2005/222/JHA [2013] OJ L218/8 Recital 15.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) [2016] OJ L 119/1.
D. Wicki-Birchler, “The Budapest Convention and the General Data Protection Regulation: acting in concert to curb cybercrime?,” Int. Cybersecur. Law Rev., vol. 1, no. 1-2, Sept 2020, doi: 10.1365/s43439-020-00012-5.
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) [2002] OJ L 201/37.
Proposal for a Regulation of the European Parliament and of the Council on contestable and fair markets in the digital sector (Digital Markets Act) COM(2020) 842 final.
T. Coughlin, “175 zettabytes by 2025.” Forbes.com. https://www.forbes.com/sites/tomcoughlin/2018/11/27/175-zettabytes-by-2025/?sh=3e648f075459 (accessed Mar. 21, 2022).
J. N. Las Vegas, “LETTER: Eisenhower, spending and communism,” in Las Vegas Review Journal, Sept. 2021. Accessed Mar. 12, 2022. [Online]. Available: https://www.reviewjournal.com/opinion/letters/letter-eisenhower-spending-and-communism-2438000/
Kaspersky, “Human Factor in Corporate Cybersecurity,” 2019. Accessed Mar. 28, 2022. [Online]. Available: https://media.kaspersky.com/en/enterprise-security/KL_Human%20factor_main%20threats_datasheet.pdf
ICO, “Cyber Security Breaches Survey 2021,” 2021. Accessed Mar. 28, 2022. [Online]. Available: https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2021/cyber-security-breaches-survey-2021
M. G. Porcedda, “Data Protection and the Prevention of Cybercrime: The EU as an area of security?.” 2012. Distributed by EUI Working Papers LAW 2012/25 [Online]. Available: http://hdl.handle.net/1814/23296
I. O’Donnell, “The aims of imprisonment,” in Handbook on Prisons, Y. Jewkes, B. Crewe, J. Bennett, Eds., London, U.K.: Routledge, 2016 pp. 39-54.
Federal Data Protection Act of 30 June 2017 (Federal Law Gazette I p. 2097), as last amended by Article 12 of the Act of 20 November 2019 (Federal Law Gazette I, p. 1626), Part 2, Ch. 5. Sect. 42.
Personal Data Protection Code containing provisions to adapt the national legislation to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, 2021.
Act No. 4 Of 2013, Protection of Personal Information Act (POPIA).
Convention for the Protection of Human Rights and Fundamental Freedoms (European Convention on Human Rights, as amended) (ECHR), Protocol no. 7, Art 4.
U.S. Senate, 115th Congress, 1st session (2017, Nov. 30). S.2179, Data Security and Breach Notification Act, Sect. 5 § 1041.
Prina v Romania (2020) ECHR 267.
J. Clark, S. Qureshi and A. Greaves, “UK: First prison sentence following ICO prosecution.” DLA Piper. https://blogs.dlapiper.com/privacymatters/uk-first-prison-sentence-following-ico-prosecution/ (accessed Mar. 29, 2022).
F. Fellowes and K. Barnes, “ICO Utilises the Computer Misuse Act to Impose Tougher Penalties for Unauthorised Access to Data.” Squire Patton Boggs. https://www.consumerprivacyworld.com/2021/02/ico-utilises-the-computer-misuse-act-to-impose-tougher-penalties-for-unauthorised-access-to-data/ (accessed Mar. 30, 2022).
Law n°2018-493 of 20 June 2018, on the protection of personal data.
French Criminal Code, 2005.
Law on the Protection of Personal Data No. 6698, 2016.
Turkish Criminal Code - Law Nr. 5237, 2004.
Law on the Criminal Code no. 286, 2009.
Decree-Law nº 2,848 of December 7th, 1940 (Brazilian Criminal Code).
