As reported in one of our earlier posts on the leaked proposal for recasting the EU control regime for dual-use items (Regulation 428/2009), the Commission specifically aims to subject cyber-surveillance technology to control. This is part of a broader move to introduce human rights as a factor for consideration when exporting dual-use items (see also our post on export controls as a toolbox for human rights policy). Given the potential for abuse of cyber-surveillance technology by repressive governments this is undoubtedly a welcome development. But there is concern that the proposal is too inarticulate in this respect such that it will also inhibit trade in technology used for legitimate purposes.
As observed by watchdog Privacy International, dual-use technologies ‘are not just used by government agencies, but across industry and other sectors, and individuals too’. Subjecting these technologies to unqualified controls is a double-edged sword. Restrictions on the export of cyber-surveillance technology may indeed curb abuse by authoritarian regimes, but if they are too broad they may also cripple legitimate activities that aim to ensure the rule of law. Excessive control of cyber-surveillance technology may be the enemy of good government, considering that such technology is widely used for the maintenance of public security, for law enforcement and the combatting of terrorism and, yes, for the protection of human rights.
Pursuant to the leaked proposal, cyber-surveillance technology is to be included in the definition of ‘dual-use items’. In its present form, however, the proposal appears to lack the precision required to strike a fair balance between combatting oppression and guaranteeing freedom. It does not provide specific types of items covered by the definition of cyber-surveillance technology, instead only referring to broad categories of such technology. In addition, the language required to determine the exact scope of control appears to be missing.
‘This lack of detail makes it difficult to fully assess the implications of the proposed rules’, according to Privacy International. To be fair, the proposal is a draft and a leaked document at that. But it is clear that in order to prevent it from backfiring at the very aims it seeks to achieve, there is still some work to be done. Stronger language will have to be included and effective risk assessment scenarios should be applied. An important task for all stakeholders lies ahead.
Authors of this post are :
Gerard is a regular speaker at international trade conferences and a guest lecturer at the University of Amsterdam and the Radboud University. He has published two treatises on international law, State, Sovereignty, and International Governance (Oxford University Press, 2002) and State Failure, Sovereignty, and Effectiveness. Legal Lessons from the Decolonization of Sub-Saharan Africa (Brill Academic Publishers - Martinus Nijhoff Publishers, 2004).
Gerard took a PhD in international law (with honours) from the University of Leiden (2003). He was educated at the University of Edinburgh (European law and legal theory) and the University of Leiden (Dutch law and public international law).
Latest posts by Gerard Kreijen (see all)
- EU to Amend Union General Export Authorization in the Event of a No Deal Brexit - January 29, 2019
- Adoption of New EU Legislation and Recent National Cases in the Fight Against Chemical Weapons - October 24, 2018
- Shipping Criminal Liability: the Difficult Position of the Transportation & Logistics Sector - January 4, 2018