“Global principles” – an idea that was raised during two different workshops taking place during the first day at IGF 2011: “Human rights come first: a constitutional moment for Internet Governance” and “Strengthening the protection of cross-border Internet personal data”.
On a general note, it was argued, during the first workshop, that there is a need for an international agreement on Internet Governance principles, and, more specifically, on human rights in the online world, so that they would apply everywhere in the world, to every stakeholder, going beyond the traditional national boundaries, just as the Internet goes beyond these boundaries. However, this “international” term would not mean that the principles have to be agreed between governments and imposed as such to others Internet stakeholders: in order to be not only applicable, but also efficient, these principles would have to be decided upon and accepted by all stakeholders: governments, civil society, businesses and so on.
Once agreed that the world needs universal/global standards with regard to the human rights in the online world, the next question would be: what would be the framework for agreeing on such principles? While some people in the workshop argued that the IGF is an excellent place to discuss such principles, it was emphasized that the forum might not be ready for representing the framework for a single, universal declaration or resolution on human rights on the Internet. At the same time, attention was drawn to the fact that the world already has the Universal Declaration of Human Rights and that the principles enshrined there should constitute the basis for whatever agreement would be reached on Internet Governance principles and that there is no need to try to build these principles once again, only because they would apply to the Internet.
One very important point that was made was related to the fact that, even if a global agreement on human rights on the Internet would be agreed, it would have little value unless it was backed by a set of implementing guidelines, so that the principles would be implemented in a similar way at different levels and in different countries around the world.
The other workshop was focused on the issue of personal data protection in the online world and the perspective of reaching a global consensus on what the data protection standards should be. At the moment there are several frameworks on data protection: the Council of Europe Convention on Data Protection (Convention 108), the OECD Guidelines, the EU Directive on data protection. The standards enshrined into these frameworks do not, however, have a global character, not being uniformly applicable at international level. Given that the Internet is a worldwide phenomenon and that personal data are being processed and transferred on a regular basis beyond the national borders, the existence of some global standards would guarantee a higher degree of protection for these data. But how feasible is the idea of an international binding framework on data protection? And what would be the basis for such a framework? The Council of Europe and EU current frameworks on data protection are being revised and there is a discussion on whether new principles should be included in these frameworks and if yes, what these principles would be: privacy by design, clearer rules on informed consent, data portability, data minimization, accountability, the right to oblivion. But how helpful would that be at an international scale, given that the new frameworks, even if they included new principles, would not be compulsory for every stakeholder in the world? Would the US, for example, ever agree to adopt the European principles on data protection? While everybody agreed that for the moment there is a lot of uncertainty for Internet users and for businesses around the world with regard to the data protection principles that are applicable in a certain situation and that some global rules would simplify things, the above questions have remained opened.