Global Internet Governance - Actors, Regulations, Transactions and Strategies

2019 Abstracts of Presentations

Session 1 – Europe as a Global Normative Power

- Exporting Rule of Law on the Internet: Europe's Potential as a Norm Entrepreneur in Global Internet Governance
Matthias Kettemann (Leibniz Institut for Media Research | Hans-Bredow-Institut, Germany), Wolfgang Kleinwächter (Aarhus University, Germany) and Max Senges (Stanford University and Google Germany)
Conflicts online are on the increase. Threats to cyberstability and cybersecurity multiply. In times of a growing number of 'norms' and declarations, but uncertainty as to the normative future of the internet, Europe remains a key normative power. Its legitimacy as a force for ensuring the reign of rule of law in international relations is substantial. It also packs an economic punch. Based on an analysis of good 'normative' practice, i.e. of successful global (or quasi-global) propagation of European norms (data protection and the fight against cybercrime) the contribution discusses the potential of Europe to become a norm entrepreneur and lead the normative reform of internet governance in light of its liberal, human rights-based values, prior legal commitments and normative pedigree. As the internet governance community seems evenly divided between the two argumentative hubs centered on dogmatic interpretation of norms and those arguing for a more technology oriented reading of international law, the need for a rules-based approach is clear. The hypothesis that value-based normativity must influence technical standard-setting to ensure, inter alia, the protection of the common interest is shown to be valid. Far from being a space where only adhoc norms develop, essential elements of the internet’s architecture must be based on stable normative arrangements to be effectively secured. In this light the contribution realizes French President Macron’s vision of a more (sensitive) regulation for the Internet by proposing the establishment of a legitimate normative order of internet, based on common standards and commitments – a ‘New Deal for Internet Governance’, implemented through an reinvigorated IGF, which can exercise substantial normative pull. The contribution shows how, together with other stakeholders in their respective roles, Europe should engage in a forward-looking process of establishing the contours of ‘New Deal for Internet Governance’. This deal could take the form of a legally non-binding framework of commitments by state and non-state actors on how to stabilize and develop cyberspace to the benefit of all. Such a deal would go beyond normative precursors, such as the Global Compact proposed by the Bildt Commission, and include (based on pre-existing commitments) norms for good behavior in cyberspace for state and non-state actors (Digital Peace Plan), clear commitments to reinvigorating global trade while ensuring the realization of human development through digital SDGs (Digital Marshall Plan), a framework of interpretation for the protection and the respect of human rights in the digital age (Digital Human Rights Document) and guidelines for the development of internet protocols, codes and algorithms for the Internet of Things and for AI (Guidelines on Norms and Code).

- Between Business as Usual and Decisive Norm Promotion. The EU’s divergent reactions to the Snowden revelations in Cybersecurity and Data Protection
Wolf J. Schünemann and Stefan Steiger (Hildesheim University, Germany)
While security issues traditionally fall under state sovereignty and the security realm is particularly prone to drive a restitution of sovereign statehood in internet governance, the European Union in many respects constitutes the right level of action in internet governance, of which cybersecurity is an essential part of, given restricted scopes and leverages for national regulation, the high demands of networked security for the functioning of a digital single market, the negotiation power towards other actors on the international scene or towards private actors (given the immense relevance of the European marketplace). Recent developments in internet public policies such as data protection regulation have shown how the European Union can act as international norm entrepreneur defining comprehensive sets of rules oriented towards its normative fundaments and thereby set international standards. In the respective accounts however, security aspects stood out as contrastive or opposed elements. As soon as security issues were concerned the EU appeared rather as a norm taker instead of a norm entrepreneur, more or less willingly accepting the securitized agendas of other actors, namely the US, in security cooperation.
In recent years, especially the Snowden revelations in June 2013 considerably shook transatlantic relations and produced public expectations across many European countries to have citizen rights better protected against intrusive practices of foreign powers, especially the United States. Political actors in different European countries (with notable exceptions such as the UK) repeatedly announced regulatory efforts in the fields of cybersecurity and data protection. Three years later, it is obvious that in the field of cybersecurity cooperation almost no changes have been implemented, but we see business as usual including the exchange of foreign intelligence. In clear contrast, Snowden revelations have had catalytic effects for im-portant regulatory action in the field of privacy and data protection on the EU level. This includes not only important ECJ rulings against US American internet service and content providers but also the European General Data Protection Regulation with which the EU upholds its role as a norm entrepreneur and global leader in data protection. The increased rights of customers of digital services do have repercussions on transatlantic economic relations as much as they likely serve as a measure to calm down the public sentiment domestically

- The Role of ‘Europe’ in the Invention of Global Media Governance
Anthony Löwstedt (Webster Vienna Private University, Austria)
In “Global media governance: A beginner’s guide” (2002), a three-stage development model of the history of the subject matter is presented:
1. industry-driven trans-nationalization of the media: the economic logic of the industrial revolution, until World War II,
2. the UN system: intergovernmentalism; UNESCO; ITU; WIPO,
3. the tilt to trade: WTO; GATS; TRIPS; weakening of the UN and of societal regulation, since the 1990s (Ó Siochrú et al., 2002, pp. 120-127).
This paper asks whether the first stage is only, or even mainly, ‘industry-driven’. Secondly, is global media governance still, or again, industry-driven? Thirdly, what roles did and does ‘Europe’, itself an invention, play in industry-driven global media governance? Mass production of goods for mass markets developed almost seamlessly into mass provision of services to mass markets with the invention and spread of cyberspace. For a few decades, politicians held sway on stage 2, but now captains of industry are back in charge. The ‘-space’ in ‘cyberspace’ is a metaphor, implying that parts of the internet can be claimed, appropriated, fenced in with firewalls, with owners sometimes charging entrance fees or renting out ‘space’ at a profit. It also implies that states can claim legitimate authority, impose and enforce laws, and exercise surveillance, even covert surveillance, over parts or even all of it. The spatial metaphor may serve to empower individuals, but it may also serve the existing economic and political order. The more we treat the internet as a space, the more it will become a space, with a center, or number of centers, and with margins and fringes (Taekema, 2015).
Eurocentric tropes and ideologies of discovery, conquest, appropriation, forced conversion and labor, and taming of wilderness exist since over half a millennium. They typically and increasingly involve entrepreneurs as the rugged individualists and pioneers, the first to penetrate the wilderness, now at the forefront of the fast-expanding internet. The soldiers and the missionaries have taken the backseat, as business drives and politics sits in the other front seat. The leading internet tycoons at the frontiers of enterprise are today more powerful in the USA, but they are still very much represented by men with recent Anglo- European ancestors, and more importantly with European narratives told in European languages. As the de-nationalization of media history proceeds (Fickers, 2011), historians also need to pay attention to abstract agents, such as ideologies, metaphors and images. Europe often played exemplary roles in furthering human rights, democracy, rule of law, efficient trade and financing etc. with regard to the internet. But there is inevitably also plenty of ideological baggage involved. Especially the way the English, French and Spanish languages have been and are spreading may still be considered cultural imperialism (Phillipson, 2009). We should not forget that Chinese, Arabic, and others are also still spreading similarly, but the global image of Europe is a split one. Much of the rest of the world regards Europe in its role as a global player in internet governance with mixed feelings, and partly for good reasons.

- European Perspectives on Legitimacy in ICANN
Hortense Jongen and Jan Aart Scholte (University of Gothenburg, Sweden)
What is the situation, in European eyes, of ICANN legitimacy following the IANA transition? How far are confidence in, and approval of, this instance of private global governance of (part of) the Internet now secure amongst Europeans? Is there a distinctive European perspective on legitimacy in ICANN – or do the patterns of beliefs largely parallel those found in other world regions? Are the patterns of variation mainly regional, or are other features such as stakeholder group more striking? What might account for a distinctive European outlook (or its absence) on legitimacy in ICANN?
This paper explores these issues with evidence gathered through a mixed-mode survey questionnaire with more than 300 participants in ICANN (i.e. the ICANN Board, ICANN staff members, and various stakeholder groups in the ICANN community), as well as 50 outsiders to ICANN. Conducted in 2018-19, the study is based on qualitative and quantitative data, collected through open- and closed-ended questions on legitimacy in ICANN and on its possible sources. The findings of this paper contribute to a better understanding of legitimacy in (multistakeholder) Internet governance and European perspectives thereon.

Session 2 – The Manufacture of EU Law and Policies

- When EU governments legislate on the future of the Internet: comparative study of the preferences and bargaining satisfaction of member states in the Council of the EU
Clément Perarnaud (University Pompeu Fabra, Spain)
Decisions of the European Union (EU) have a significant impact on European states, on their citizens, but also direct implications for third countries, as shown by the recent GDPR’s entry into force. The pervasiveness of EU digital policies demonstrates how essential it is to understand the processes by which they are adopted.
General research question
Within the EU system, the Council of the European Union represents the interests of national governments and is often pictured as being the most important decision-making institution in the EU, due to its executive and legislative functions. In times when the European Union and its institutions have become essential actors for shaping the future of the Internet, this research intends to unpack how and to what extent EU member states exercise their power in shaping digital policies in the Council of the EU.
Theoretical framework
If political bargaining between EU member states have been studied thoroughly in the context of high-level treaty conferences (Moravcsik, 1991, 1998), little firm knowledge actually exists on the processes and power games at play at lower levels of interstate negotiations. This gap in the literature is problematic since a great majority of Council activities takes place down the institutional ladder, at the working group and Coreper levels (Naurin and Wallace, 2008). Hence this research focuses on the lower levels of decision-making in the Council to investigate the determinants of variations in the distribution of power between member states in the field of digital policies. To do so, this research follows a vast body of literature on the EU policymaking system (Bueno de Mesquita and Stokman, 1994; Thomson and al, 2006, 2011) which have broadened our understanding on the particular types of resources and capacities allowing states to exercise power in the Council.
Approach and methodology
This research will adopt a process-tracing methodology, and cover a sample of six recently adopted legislations related to internet policies, distributed across three sectors (for “Justice”: E-privacy regulation, General data protection regulation; for “Internal market”: Copyright directive, AVMS directive; for “Telecommunications”: Free flow of nonpersonal data regulation, Electronic Communications Code directive). Between September 2017 and December 2018, 60 semi-structured interviews were conducted in Brussels with member states’ negotiators involved in these negotiations. Following the established methodology of the European Union Decides (DEU) project (Thomson et al, 2011), research respondents were asked to represent spatially on a scale the positions of every EU member states on the most controversial provisions of the negotiations under study, and explain the political dynamics leading to their outcome.
Expected findings
This research aims at providing a refined understanding of the actual power and bargaining satisfaction of member states in shaping EU digital policies, by comparing the distance between their initial political preferences with the outcome of negotiation processes. This research also intends to uncover the role of individual negotiators’ capacities and resources (understood in terms of human capital, administrative capacity, and social network capital) for explaining member states’ ability to successfully influence (or not) the outcome of EU digital policies.

- The role of experts groups and epistemic communities in EU Internet-related policy-making: an exploratory inquiry
Nicola Palladino (University of Salerno, Italy)
During the last years, in order to address the challenges and disruptive transformations related to the Internet and digital technologies, the EU institutions have been increasingly resorting to the support of ad hoc expert groups.
Several studies has shown how expertise and knowledge, far from providing objective and neutral data feeding argumentative and rational discussions, are tools of political struggle among different discourse coalitions of actors which aim at influencing the policy process by shaping problem definitions (Haas 1992, Pautz 2017, Fischer 2003, Hajer 2003, Stones 2002). Further, research has underlined that experts' influence on policy making is greater in the cases of novel and technically complex issues, and when experts share common views (Gormely 1986, Rochefort and Cobb 1994).
Recent literature has stressed the relevance of expertise for EU policy-making and has underlined how EU institutions resorting to experts group: i) perform technocratic problemsolving; ii) act strategically in order to support predefined positions or to build political consensus; iii) risk to be captured by special interests (Metz 2015, Radaelli 1999, Boswell 2009, Dreger 2014, Moodie and Holst, 2014). The relevance of experts groups and epistemic communities appear particularly relevant within the Internet policy domain, if we consider that since the beginning Internet policy-making has been strongly shaped by the shared believes and visions of a cohesive technical community (Hofmann 2007, Drake 2004) and still today the possibility for countries (and other actors) to exert influence on the development of the information policy regime in a transnational landscape relies on the capability to manage the creation and dissemination of accepted knowledge and believes (Braman 2004, Cogburn 2017).
This work aims at performing an exploratory study of the role of experts groups and epistemic communities in the field of EU Internet-related policy-making, through a two-step analysis.
First, all the EU experts groups, working groups and advisory bodies related to Internet policies will be mapped taking into account their composition, the selection and engagement procedures of their members, their scopes, mandates and outcomes. In a second phase, an in-depth analysis will be performed on two specific experts groups supporting the EU Commission: the Future Internet Forum, and the High-Level Expert Group on Artificial Intelligence. The profile of the experts will be explored resorting to their biographic notes and curricula as published in their personal or institutional websites and Linkedin pages.
The information thus obtained will be used for the analysis of groups' membership in terms of nationality and organizations, and an affiliation network analysis is performed in order to get a clearer portrayal of the constellation of actors and interest actually represented through experts groups.
The analysis is expected to provide insights about the actors influencing EU Internet-related policy-making, the eventual capture by special interest, the degree of autonomy of the EU in elaborating its views and strategies on the future and the development of the Internet.

- Power to the people? Evaluating citizen participation in EU online copyright policy
Agnieszka Vetulani Cęgiel (Adam Mickiewicz University in Poznań, Poland) and Trisha Meyer (Vrije Universiteit Brussel, Belgium)
In 2015 the European Commission issued new Guidelines on Stakeholder Participation[1] as part of its Better Regulation Package. The Better Regulation initiative aims to improve the quality of the EU’s policy input, ‘throughput’[2] and output by setting in place guidelines and a toolbox of measures to take when preparing, managing and evaluating legislation. The Better Regulation initiative fits within a long trend of European Commission efforts to improve its policy-making, starting most notably with the Lisbon process in 2001. In 2018 the European Commission received the highest score for stakeholder engagement[3] in the OECD Indicators of Regulatory Policy and Governance (iREG)[4].
In this paper we focus on EU online governance and especially on consultation patterns[5] in policy processes pertaining to EU copyright in the digital environment. Particularly interesting in our view is the rise in citizen participation in this policy area. Copyright is a topic that many citizens hold an opinion on and wish to contribute to in policy discussions. These contributions, however, have not often been in favour of European Commission proposals. Most notably, the European Parliament rejected the Anti-Counterfeiting Trade Agreement (ACTA) in 2012 after citizen protests arose across Europe[6]. In light of the backlash that the Commission has received in the past, we ask to which extent the European Commission’s stakeholder participation model takes into account the non-expert nature of citizen contributions?
In order to answer this research question, first, our empirical analysis focuses on the European Commission’s consultation processes in copyright policy since 2014/2015 (Juncker Commission) and opposes them to the processes conducted before this date (Barroso 1&2 Commissions) (comparative and longitudinal analysis). In particular we wish to document the scope and the type of stakeholder involvement in public consultations within this policy field. Second, the paper gives critical insight on the implications of the consultations on legal copyright provisions after 2014/2015, focusing in particular on the policy process surrounding the proposed Copyright in the Digital Single Market Directive (policy tracing, 2016/0280 (COD)). In this case we identify the core demands of citizens and civil society organizations and trace whether these are (being) integrated into the final policy outcome. Our paper evaluates the impact of the European Commission’s engagement efforts on citizen contributions in copyright policy, and in this manner, sheds further light on the attempts and the struggle to engage in a meaningful manner with citizens in a digital age.
[1]European Commission (2015), Better Regulation Guidelines, COM(2015)215final, Strasbourg, 19.5.2015.
[2]Schmidt, V. (2012) ‘Democracy and Legitimacy in the European union Revisited: Input, Output and ‘Throughput’’, Political Studies 61(1):2-22.
[3]Of 34 OECD member countries and the EU.
[4]OECD (2018) OECD Regulatory Policy Outlook 2018, Paris: OECD Publishing.
[5]Quittkat, C. (2011), ‘The European Commission's Online Consultations: A Success Story?’, JCMS: Journal of Common Market Studies 49/3:653–674.
[6]Meyer, T. & Vetulani-Cęgiel, A. (2017) ‘From ACTA to TTIP: Lessons Learned on Democratic Process and Balancing of Rights’ in Svantesson, D. & Kloza, D. (eds.) Trans- Atlantic Data Privacy Relations as a Challenge for Democracy, Cambridge: Intersentia,

- Network Neutrality in the European Union - A Policy Process Analysis
Stefan Gadringer (University of Salzburg, Austria)
When we talk about the vast potential of the Internet for innovation, inclusion and society, the critical question about openness and accessibility can hardly be avoided. Concretely, this question is often framed by the global debate about network neutrality. While the debate is global, regulation and policies are quite diverse between different geographic regions. While the origin of the network neutrality debate is rooted especially in the USA and in seminal papers like Tim Wu’s “Network Neutrality, Broadband Discrimination“ (2003), other nations/regions, policymakers, regulators and scholars also addressed and further advanced the issue from their perspective.
This paper focusses on the network neutrality debate in the European Union by framing the regulatory process of implementing network neutrality regulation, especially the Open- Internet Directive in 2015 . The guiding question is: How can the regulatory process for network neutrality in the European Union be characterized and what does the regulatory outcome of this process mean for normative values and standards in public and private communication.
For this purpose, a threefold approach based on regulation theory is applied. (1) Interest-centred approach: regulation as an instrument for certain interests (public, private) (Wilson 1980; Puppis 2010). (2) Institution-centred approach: the role of institutions respectively the structure and responsibilities of regulatory authorities (Schulz/Valcke/Irion 2013). (3) Idea-centred approach: normative goals, concepts or objectives that should be reached with regulatory measures (Baldwin/Cave 1999; Künzler 2009). The European Union is characterized by a complex institutional framework which is often problematic when fast decisions and regulatory adaptions are needed (Schmidt/Schünemann 2013). This is especially true for Internet governance where regulatory measures are often lagging behind the current developments. Additionally, for complex regulatory issues, a multi-stakeholder compromise is hard to reach, often leading to the preference of dominant and ignorance of less powerful voices.
This paper is based on empirical findings derived from an analysis of regulatory documents and statements from involved actors/stakeholders in the regulatory process (expert interviews). It shows the European Union’s performance in implementing regulatory measures for a complex and global policy issue.
The results shed light on in transparent negotiation processes ahead and during the „Connected Continent“-initiative, a hard struggle to maintain the spirit of sincere dialogue and consensus-building within the European Union’s political institutions (parliament, council, commission) and the passing of the Open-Internet Directive. In parallel, organizations like BEREC increased their involvement in the regulatory process and widened the stage for dialogue, especially between the individual national regulatory authorities. Beyond the formal network of regulatory authorities, also civil society organizations are gaining momentum in the regulatory process of network neutrality, as well as in Internet governance in general. To draw a comprehensive image for the European Union’s performance in regulating network neutrality it can be said that albeit the complex institutional setting slowed down the process, the outcome is characterized by the inclusion of multiple stakeholders and the possibility to adapt legal norms on a dynamic basis.

Multistakeholder Roundtable

- Towards a Turn to Regulation in the European Internet Governance?
Moderator: Mauro Santaniello (University of Salerno)
- Andrea Beccalli (ICANN, Director Stakeholder Engagement Europe)
- Guy Berger (UNESCO, Director Freedom of Expression and Media Development)
- Pierfrancesco Fasano (MFSD Domain Name Dispute Resolution Centre)
- Antonio Nicita (AGCOM/BEREC, Commissioner for Infrastructure and Networks)
- Max Senges (Google Germany)
- Giacomo Stucchi (COPASIR, Past President)

This multistakeholder roundtable will discuss the hypothesis of a turn to regulation in the European Internet governance, and its potential impact and consequences. Starting from some legislative initiatives, such as the General Data Protection Regulation (GDPR) and the EU Copyright Directive, and from some political events, such as Macron's speech at the Internet Governance Forum 2018 in Paris and skeptical comments of European political leaders on the recent Mark Zuckerberg's call for platforms regulation, participants will address, from different perspectives, ongoing transformations in the European approach to Internet Governance.

Session 3 – European Cybersecurity Strategies and Perspectives

- Cyber Security and the constitutive Role of Security Cultures: A Framework of Global Cyber Security Cultures
Madeleine Myatt (University of Bielefeld, Germany) and Domenico Fracchiolla (LUISS University, Italy)
The pervasion of the social, political and economic sphere by digital technologies and the reliance on the internet and information and communication technologies (ICTs) create new issues, structures, routines and at the same time, shape and redefine existing ones (Hocking/ Melissen 2015:11). In this sense, the rapid advanced development of digital technologies, their adaption and application, offer new opportunities but also challenges and risks. Against this background, it is not remarkable that cybersecurity (CS), in its diverse and complex political manifestations, rank high on national, supranational, and international agendas. The increasing ‘cyberfication’ of international affairs (Radu 2014:3) is by no means marked by simultaneity or consensus in terms of interests, concepts or ideas. Even a first analytical glance, on the global landscape of cybersecurity, defense and digital strategies uncovers the complex and diverse conceptualizations of cyberspace and cybersecurity. For example, the EU presents a hybrid governance attitude across and within the main priority areas of its cyber security strategy (Christou G. 2016). Significant barriers exist among states in terms of culture, institutions capability, resources, legal framework, as well as, a poor understanding and awareness of the potential cyber threat. Those obstacles are strictly related to several tensions restricting the construction of optimal conditions for security as resilience.
An observation which is underlined by the patchwork of cybersecurity policies and the visible contestation in the context of international cyber norm-building processes (e.g. UN GGE). Using these empirical insights as a starting point, the paper aims to develop a conceptional and theoretical frame which can be used as an analytical tool to capture the diversity and complexity of cybersecurity by emphasizing on the constitutive role of “culture”, in particular the security cultural context, to highlight respective path dependencies but also potential transformations.
Conceptualizing “security” has never been an easy task, as it serves as a projection surface for various meanings and interpretations. Until the “constructivist turn” in IR during the mid-1990s, a reference on the role of culture was marginal (Daase 2016: 82-84). A recent and valuable contribution for our research interest, was introduced by Mary Kaldor (2016, 2018). Her concept of global security cultures incorporates four ideal types, based on an understanding of the former as “a specific pattern of behavior, or constellation of socially meaningful practices, that expresses or is the expression of norms and standards embodied in a particular interpretation of security […] deeply imbricated in a specific form of political authority or set of power.” (Kaldor 2018: 1-2). Against this background, the paper aims to adapt and expand Mary Kaldors concept and typology for cybersecurity and to develop on that basis, a respective analytical tool and framework which uncovers global cybersecurity cultures and communities

- EU Cyber Diplomacy: the EU as an emerging global Cybersecurity actor
Andrea Calderaro (Cardiff University, United Kingdom)
Cyber security is an increasingly central policy area in global politics, and discussions around how to develop sustainable internet infrastructure have become key to diplomatic strategies at the transnational and national level. New levels of connectivity are welcomed as opportunities, but also increase the vulnerability of our societies to digital threats, including that of individual users, businesses and institutions. As such, there is a growing demand to securitize connectivity, which is at the center of current demands to develop global cyber capacity.
Key actors in the field of cyber security, including the UK, the US, and the European Commission, are identifying strategies aimed at supporting countries in their efforts to develop cyber capacities, with a particular focus on newly connected countries. Existing strategies, including cyber capacity models proposed by the Global Cyber Capacity Building Centre at University of Oxford, the Global Cyber Security Forum, the EU Cyber Capacity Building Task Force, and models developed by the US, have identified similar pathways and diplomatic strategies to secure critical infrastructure against threats to defence, finance and national sovereignty as a whole, while ensuring respect for human rights. Mostly important, by playing a leading role in developing cyber capacity strategies worldwide, the European Union is fast developing its cyber diplomacy strategy.
Given that the EU is expanding its competencies in policy fields as diverse as energy, security and development, recent efforts to develop a cyber diplomacy capacity on cross-cutting issues pertaining to cybersecurity call for developing a better understanding of the relation between EU policy commitments and strategic positioning in international politics. At the same time, as with all complex political structures, the EU is facing several challenges in attempting to lead such a debate, above all how to gain legitimacy internationally and among its member states. Based on interviews conducted with key actors of the EU Parliament and the EU Commission, an analysis of the latest initiatives taken by the EU to reinforce its cyber diplomacy strategy by increasing its engagement in developing global cyber security capacities (Including the “EU Operational Guidance for the EU’s International Cooperation on Cyber Capacity Building” recently released by the EU Directorate General on Development and Cooperation, and the “EU Cyber Diplomacy Toolkit” to be released by the European External Action Services, this paper critically scrutinises the fast developing EU Cyber Diplomacy strategy, by addressing the increasing role played by the the EU in the global cyber capacity building debate.

- Grappling with Multilevel Governance & Global Idea Flow: The European Union & The Internet Governance Forum’s Best Practice Forum on Cyber-security
Nanette Levinson (American University, United States of America)
In the complex and dynamic multidimensional internet governance policy space, knowledge creation/dissemination and utilization literature can provide a powerful perspective, especially in multilevel governance settings such as the European Union. This literature has had its own research arena with little cross-fertilization with global governance literatures especially that of internet governance.
There is much opportunity now to analyze multilevel idea transfer and governance learning related to internet policy especially in the European Union regional and global context. Additionally there is a need to investigate any related ‘catalytic elements’ (elements that promote idea flow), the setting characteristics, and the ‘time’ or longitudinal elements. Ideas related to internet governance policy and related policy learning may take time to take hold—if at all- and there may be differences among bottom up, top down and mixed directional idea diffusion. Furthermore, the multistakeholder setting often present in internet governance can amplify the complexity of policy-related information or idea flow.
This paper takes advantage of the aforementioned opportunity and reports on a foundational study that poses an overall research question regarding the flow of internet governance policy ideas related to cybersecurity in the context of the European Union and addresses related ‘catalytic elements’, setting characteristics, and time dimensions. It crafts a conceptual framework that builds on communication sciences/information transfer studies as well as concepts from political science and organizational sociology.
To answer this and related research questions calls for a range of methods. This paper reports on the findings of an initial foundational study now ongoing that uses primarily document analysis from the Internet Governance Forum’s Best Practice Forum on Cybersecurity. Note that this analysis lends itself to a longitudinal dimension; the current Best Practice Forum on Cybersecurity (2016-present) can be traced back to related fora in 2014-2015, thus providing documents for analysis from a four year period.
Outcomes of this research include tracking of the name change to Best Practice Forum on Cybersecurity from related 2014-2015 fora; identifying ideas emanating from the European Union as well as ideas received and adapted by the European Union; tracing carefully idea flow especially with regard to multilevel governance, international organization, and multistakeholder settings; and crafting open-ended questions for interviews to be conducted during the subsequent round of research. An additional outcome is the conceptual framework itself- one that can apply to other internet and related global governance studies.
Select, Related Works
Radaelli, C.M. and Dunlop, C.A., 2013. Learning in the European Union: Theoretical lenses and meta-theory. Journal of European Public Policy, 20(6): 923-940.
Kamkhaji, J.C. and Radaelli, C.M., 2017. Crisis, learning and policy change in the European Union. Journal of European Public Policy, 24(5): 714-734.
Levinson, N. and Marzouki, M. 2016. . International Organizations and Global Internet Governance: Inter-Organizational Architecture. In D. Cogburn, L. Denardis, F. Musiani, and N.S. Levinson, co-editors, The Turn To Infrastructure In Internet Governance. Palgrave Macmillan.

- Networks of Cooperation and Trust: An analysis of Incident Response in the EU
Louise Marie Hurel (Igarapé Institute, United Kingdom)
The visibility, sophistication and scale of cyber attacks have served as a constant reminder of just how vulnerable and exposed complex computational systems have become. That was the case, for example, of the NotPetya 2017 ransomware attack, which took down networks such as UK’s NHS and left Maersk’s 76 ports, 800 seafaring vessels and containers adrift. However, such incidents highlight both the existence of an attack infrastructure and evoke specific responses from governments, private sector and Internet security groups alike. Most importantly, the breakdown of these networked systems “calls everything, including itself into question the moment it happens” (my emphasis, Joque, 2018:4). In other words, they introduce fundamental questions of coordination, responsibility, assessment and response to threats.
For private actors, in particular, big tech companies, such concerns may refer to the reassessment of solutions and recalculation of investments for building secure and resilient products and solutions. On the other hand, for governments, such questions focus, for example, on assessing whether they have the necessary cyber capabilities to respond; how international law might apply to cyberspace; and what kind of regulatory mechanisms are and should be in place to classify attacks. However, these responses fall short in accounting for other actors within the cybersecurity landscape, that are equally or as important to the security, stability, and resilience of networked technical systems, in particular, Computer Security Incident Response Teams (CSIRTs).
CSIRTs are primarily concerned with the monitoring, management, and reporting of threats (i.e., Distributed Denial of Service Attacks, malware and botnets) and is formed primarily by expert communities, such as information security practitioners, engineers and computer scientists. These teams also vary in organisational nature, which means they can be found in private, governmental, academic, or non-profit institutions. While such communities have largely relied on their highly technical character to operate across borders, that is no longer the case. CSIRT cooperation has gradually become a matter of policy development and a concern for states in the EU. Recent developments, such as the NIS Directive and the Digital Single Market strategy have set out explicit provisions for the operation of these communities as well as defined new institutional configurations for operational cooperation and crisis management -- which includes but is not restricted to the establishment of a European Cybersecurity Competence Network and Centre and the new mandate of the ENISA according to the so-called Cybersecurity Package. This paper (i) seeks to provide an account (non-exhaustive) of the current modalities of communication between CSIRTs in the region (i.e. TF-CSIRT; CERT-EU) and (ii) questions how current EU policy has been framing cooperation with and among CSIRTs. To do so, the paper relies on the analysis of current EU projects, legislation and initiatives. It also engages in a mapping exercise of the different modalities of CSIRTs in the region through public documents and incident response reports. The paper also draws on literature on trust-building (i.e. Luhmann, 1979) and communities of practices (Lave and Wenger, 1991; Wenger, 1998) in the attempt to characterise cooperation among CSIRTs.

Keynote Speech

– Digital Platform Policy: Is EU policy leadership tackling platform power?
Robin Mansell (London School of Economics, United Kingdom)
This presentation will consider the extent to which various policy initiatives addressed to contemporary information crises are indicative of EU leadership that is likely to tackle the core problems created by digital platform power or whether these initiatives remain complicit in sustaining the dominant platform’s disproportionate power.

Session 4 – The Political Economy of Internet Governance in Europe

- Regulating the European Data-Driven Economy: A Case Study on the General Data Protection Regulation
Moritz Laurer (CARSA - Innovation and Technology Consultancy, Germany) and Timo Seidl (European University Institute, Italy)
With the rise of digital capitalism, data becomes an important driver of economic activity. Data is said to be a new “kind of capital, on par with financial and human capital in creating new digital products and services" (MIT Technology Review/Oracle: 2). This creates tensions between companies’ demand for personal data and consumers’ and employees’ right to data protection: On the one hand, competitive pressures push companies to collect and use data to become more productive, innovative and profitable. On the other hand, data protection advocates want to uphold the fundamental right to the protection of personal data and shield data from commodification (Art. 16 TFEU; Art. 8 Charta).
How does the EU react to this tension between economic interests and fundamental rights? The European political economy literature has a clear answer: given the dominance of business actors and the liberal bias in its legal and ideological structure, they would expect the EU to liberalize the economic use of personal data (e.g. Eising 2013; Höpner et al. 2008). In the case of the General Data Protection Regulation (GDPR), which came into effect in May 2018, however, this did not happen. While the GDPR does facilitate the free flow of data in the EU, it also introduces new rights for individuals, imposes new obligations on companies, strengthens the enforcement of data protection rules and threatens companies with unprecedented fines.
This puzzling observation led to our research question: why does the GDPR strengthen data protection instead of weakening it? In order to solve this puzzle, we conducted an indepth case study, using efficient process tracing (Schimmelfennig 2015; Bennet et al. 2015) to understand how different actors and structures influenced the legislative process that lead to the GDPR. We used primary sources (official documents, statements), secondary literature, media reports and NGO research to trace the policy making process of the GDPR from the early agenda-setting since the 1990s, to the drafting phase in 2009-2012, to the inter-institutional negotiations in 2012-2016.
We find that i) the constitutionalisation of data protection in the Lisbon treaty was of crucial importance as it both triggered and structured the legislative process leading to the GDPR; ii) the national data protection authorities and their Article 29 Working Party played a central role in all – but especially in the crucial early – phases of the legislative process; iii) DG JUST, a green rapporteur and the ECJ tilted the institution’s position towards more data protection; iv) while industry interests were initially successful in amending and blocking the GDPR in Parliament and the Council, the Snowden revelations dramatically increased the salience of the issue and made it much harder for industry interests to influence the negotiations.
Our paper contributes to the emerging political economy literature on data protection while also offering a comprehensive explanation of the GDPR – a legal framework that will shape data protection in Europe for years to come and serve as a model for data protection regimes globally.

- Governing Mobile Internet Communication: The EU, Private Technical Standards Making and the Pursuit of Co-Existence in Unlicensed Spectrum
Seamus Simpson (University of Salford, United Kingdom) and Imir Rashid (University of Exeter, United Kingdom)
Demand for wireless Internet services has placed pressure on the finite resource of spectrum. Wireless Internet access takes place through WiFi and licensed mobile communications. Spectrum management is a contested matter in the governance of the mobile Internet. This paper focuses on the governance of unlicensed spectrum which is free to use and something of a communications commons. This commons has become increasingly crowded. New entrants to unlicensed space (licensed mobile broadband providers) have disrupted its communication conventions through attempts to exert more control over access to capacity. This has created conflict with incumbent users (from WiFi). None of these events is particularly surprising, though they have raised the governance problem of restoring order to a successful – though now highly contested – communications environment. The picture is complicated since technical standards making undertaken in private international standards development organisations has underpinned the functioning of unlicensed communication.
A key concern of the paper is to understand the kind of communications governance developed to address the problem. The paper trains focus on the EU and provides new evidence of its role and significance as an international actor in Internet governance. Its conceptual contribution is an analysis of the relationship between the state (in our case, the EU) and international private technical standards development for the Internet. We bring together insights from literature on Europe (e.g. Levinson and Marzouki 2015) and the EU (e.g. Christou and Simpson 2007) in Internet Governance with work on technical standards making as international regulatory governance (Abbot and Snidal, 2001). The paper illustrates how licensed mobile broadband players have attempted deployment of new unlicensed wireless technical standards whose functionality has conflicted with incumbent WiFi standards and their users. It shows how subsequent private international standards development activity has failed as a form of international regulatory governance to resolve the conflict. The paper instead shows how the EU governance context has shown more promise in resolving what has become the 'co-existence problem'. Existing research on EU Internet governance has noted the EU’s preference for privately driven Internet Governance ‘but within a clearly defined public policy framework constructed by governments which sets out the principles for its operation’ (Christou and Simpson, 2011). The paper shows the ways that this has been manifest in recent EU technical standards policy for unlicensed wireless communication. The EU’s approach to Internet governance has provided what we term as an ‘incentive context’ which private SDO governance lacks. The case thus provides evidence of a specifically recognisable EU Internet governance style. The paper also makes a contribution to understanding the importance of institutional and regional coordination mechanisms (Mattli and Büthe 2011) in international technical standards development. In addition to critical analysis of the academic literature referred to above, evidence for this paper was generated from analysis of primary source documents produced by the EU, relevant SDOs and WiFi and licensed mobile industry lobbying bodies. A series of interviews was conducted with players from the WiFi, mobile broadband and unlicensed spectrum policy making constituencies.

- The Digital Single Market and the commodification of cultural policy. The case of the European copyright reform (2014-2018)
Céleste Bonnamy (Université Libre de Bruxelles, Belgium & Université Paris 1 Panthéon- Sorbonne, France)
This communication intends to look at the building of the Digital Single Market (DSM) at the EU level and its impact on cultural policy both at the EU and at national levels. The aim is to analyse it through the concept of commodification of public policy, defined as “two associated changes in the structure of public policy; firstly a shift from the use of political values to those of economics as a rationale for political choices; and secondly, a shift from concern with use-values to exchange-values in evaluating the validity of policy choices” (Gray, 2000, 15). When it comes to EU policy, and especially to its cultural competence, the text and practice of the Treaties favour a market-based vision, culture being seen above all as an economic sector (Calligaro, Vlassis, 2017, 12-13). The DSM seems to be no exception. Designed above all as an economic policy, yet, it targets issues directly related to cultural policy, reform of the European copyright legal framework being the milestone. Indeed, intellectual and literary property constitutes the core of creators’ identity (Foucault, 1969, Sapiro, 2014), and as such, is tackled as a cultural policy issue in more than a third of EU member states. Basically, copyright is framed by member states whether as an economic, a justice, or a cultural policy, the latest being the most shared (Littoz-Monnet, 2007). The huge mobilisation of the cultural sector, and more particularly of authors, on this copyright reform seems to confirm the cultural aspects of this policy. Thus, the building of the DSM bares a tension between economic and cultural political frames that echoes this process of commodification. The research question is then formulated as such: how does the building of a European Digital Single Market participates to the on-going process of commodification of cultural policy? Through a sociological lens and focusing on the European copyright reform, the communication will analyse frames and discourses in a goffmanian perspective, along with the institutions and agents involved in the drafting and negotiation of the reform from 2014 until the trilogues (September 2018). Based on semi-structured interviews with institutional actors from the Commission, the European Parliament and the Council, as well as lobbyists, and on institutional documents analysis, it will propose a qualitative analysis of the legislative procedure. From what we have seen so far in our research, we expect to produce a nuanced conclusion, showing the struggle between two competitive frames and demonstrating that commodification is not a linear and irrevocable process.

- Governing political platforms, a case on the French Digital Council and a start-up
Maud Bernisson (Karlstad University, Sweden)
From 10 October 2017 to 26 November 2017, the French Digital Council (CNNum) launched an online public consultation to gather citizens’ views on "how to regulate online platforms." The CNNum asked a start-up, Cap Collectif, to develop the platform. Cap Collectif is an advocate of the “open democracy.” It claims to design platforms to strengthen transparency, participation, and collaboration for a representative democracy to function better. Platforms carried values in their design (e.g. Manovich, 2008; Badouard, 2014), which constraint users (e.g. Carpentier, 2015; Badouard, Mabi, & Sire, 2016). Also, the design of a platform might not correspond to the values carried or expressed by its owners. Thus, what matters is what the participants can or cannot do on the platforms. In this case study, the focus is on the governance of the platform. I seek to assess how political values can be embedded in a platform designed for a call for participation. In other words, the aim is to assess the capabilities offered to the users by the designers of the platform. This work offers to relate the capabilities theory, as developed by Martha Nussbaum (2003), to the concept of affordances, considered as semiotic resources (van Leeuwen, 2004).
I assume that online capabilities are offered through the affordances of the platform. To perform this assessment, I used multimodal critical discourse analysis to re-contextualise the affordances of the platform within the discourse of the owners and developers of the platform (Machin, 2016; Djonov & van Leeuwen, 2012). The dataset encompasses two websites (Cap Collectif and Démocratie Ouverte), which offer the content that defines an open democracy. Besides, the affordances to scrutinise are the features offered to the users by the platform of the CNNum .
Preliminary results show discrepancies between a discourse that promotes an "open democracy," which seeks to strengthen the voice of the citizens, and the capabilities offered to the citizens through the affordances of the platform. For example, the latter seems to reproduce the traditional power dynamics (top-down), and the lack of transparency that Cap Collectif "wishes" to tackle. Thus, the main change that this platform might have permitted is the transfer of governance (in part) from the political institutions to its company.
Badouard, R. (2014). La mise en technologie des projets politiques. Une approche « orientée design » de la participation en ligne. Participations, (8), 31–54.
Badouard, R., Mabi, C., & Sire, G. (2016). Inciter, contraindre, encadrer. Trois logiques de gouvernementalité numérique.
Carpentier, N. (2015). Differentiating between access, interaction and participation. Conjunctions: Transdisciplinary Journal of Cultural Participation, 2(2).
Djonov, E., & van Leeuwen, T. (2012). Normativity and Software: A Multimodal Social Semiotic Approach. In S. Norris (Ed.), Multimodality in practice: investigating theory-in-practicethrough- methodology (pp. 119–137). New York: Routledge.
Machin, D. (2016). The need for a social and affordance-driven multimodal critical discourse studies. Discourse & Society, 27(3), 322–334.
Manovich, L. (2008). Software takes command: extending the language of new media. New York ; London: Bloomsbury.
Nussbaum, M. (2003). Capabilities as Fundamental Entitlements: Sen and Social Justice. Feminist Economics, 9(2–3), 33–59.

Session 5 – European Democratic Values and Sovereignty

- Going Back and Forth: Re-Nationalization of Internet Governance or Further European Push for Internationalization?
Rolf H. Weber (University of Zurich, Switzerland)
Since the two World Summits on the Information Society (WSIS, 2003/05) and particularly the creation of the Internet Governance Forum (IGF, 2006), a special platform exists that enables the interested participants to influence the multidisciplinary internet governance discussions. In the meantime, another term, namely multi-stakeholderism, has become a buzzword; the multi-stakeholder concept, understood as joint efforts of governments, the private sector and civil society in pursuing shared principles, norms, rules, decisionmaking procedures and programs, should be based on a granular taxonomy encompassing manifold substantive topics such as freedom of expression, standard setting, interoperability, cybersecurity, etc.
European organizations (Council of Europe, European Union) have been early actors advocating for the enhancement of the multi-stakeholder governance model. In fact, the respective (civil society) groups increasingly gained importance for the regulation of global internet governance policy issues over the last years; they became instrumental in activities such as drafting, negotiating, adopting, and implementing standards, guidelines, and codes of conduct. Multi-stakeholderism is distinct from other regulatory approaches such as (inter-)governmentalism or supernationalism, which encompasses more hierarchical governance arrangements. But in contrast to nation states, the power of multi-stakeholderism is not rooted in democratic legitimacy. Therefore, the questions must be tackled who could be a legitimate stakeholder in a multi-layer framework (for which layer) and whether the same criteria for legitimacy apply as in a traditional regime. The democratic quality of the multi-stakeholder form of governance has already reached substantial academic attention. The democratic anchorage of multi-stakeholderism should encompass transparency, accountability, participation, and democratic procedures. Each element has its own merits and potentially justifies the legitimacy of the multistakeholder approach. This model, however, requires a high degree of flexibility offered by the traditional main actors, namely the nation states. Insofar, a backwards movement can be diagnosed in the recent past.
Indeed, national governmental flexibility has been jeopardized during the last few years since political sensitivities related to sovereignty aspects gained importance. Nation states more frequently claim the right to control the infrastructures and the data flows (under the heading of national security or public order). Thereby, state interests might often prevail over individual freedoms and human rights values. As a consequence, a certain risk cannot be overlooked that Internet Governance will become re-nationalized. In view of these political developments, European organizations are called to further push for the internationalization of basic legal and ethical principles in the online world. Data protection is an example for a broader recognition of European values in the world, related to the field of personal privacy and individual self-determination. Other areas should be addressed in a similar way, such as the topics of platform regulation or cybersecurity. European approaches to internet governance and policy-making need to be refreshed in order to overcome the present challenges of potential re-nationalizing attempts.

- The Power of Networks: Institutionalization and Mobilization in European and Transnational Digital Constitutionalism
Dennis Redeker (Jacobs University Bremen, Germany)
The global constitutionalization of Cyberspace can refer to the application of accepted human rights and international law to the way the Internet works. It can also refer to a host of “new rights” and governing principles that find their way into official (inter-)national legislation, treaties and governance practice. The path toward such constitutionalization requires tedious work by civil society and political actors, often against powerful state and non-state interests. The proposal for a “Charter of Digital Fundamental Rights of the European Union” is the product of a small circle of intellectuals, who – initiated by the German ZEIT Stiftung – presented the text to the public in late 2016 hoping for public support and a take-up by policymakers. The proposed EU Charter presents a European instance of “digital constitutionalism”, a form of proto-constitutionalism aiming to entrench fundamental rights and principles on the Internet.
This paper, by employing a comparative case study approach, places the development of the proposed EU Charter in a transnational perspective. The document is compared to two global, transnational cases of digital constitutionalism: The “Charter of Human Rights and Principles for the Internet” (IRPC Charter) and the “Feminist Principles of the Internet”. The former has been published in its first iteration by the IGF’s Dynamic Coalition on Internet Rights and Principles in 2010, while the latter is the outcome of an initiative by the Association for Progressive Communications, first drafted in 2014. Both are connected to institutionalized networks of actors, mostly from civil society. Their networks each span a number of countries in which members advocate to realize the normative aspirations of these documents. The proposed EU Charter, although it has contributed to the Internet policy discourse particularly in Germany, shows only limited movement building in other EU member states. Hence, the paper investigates: How do variations in the institutionalization of advocacy networks engaged in digital constitutionalism explain different outcomes with regard to political mobilization across borders – within the European Union and beyond? This paper, based on 23 semi-structured qualitative interviews between the three cases and an analysis of numerous written documents, examines the link between institutionalization and mobilization. The paper argues that transnational political mobilization is a central constituent for successful bottom-up constitutionalism for Internet rights and principles, due to the transnational nature of the Internet. Various approaches to institutionalize the advocacy networks around digital constitutionalism (e.g. relationship to the IGF and regional IGFs; embedding within an existing network; establishing a leadership and coordination structure) yield different results in terms of degree and scope of political mobilization. While not being able to explain the entire variation of transnational political mobilization, the paper provides a new comparative perspective on the importance of institutionalization of networks for the process of constitutionalizing Cyberspace.

- Populism and EU policy: the battleground of copyright
Giuseppe Micciarelli (University of Salerno, Italy) and Maria Francesca De Tullio (University of Naples Federico II, Italy)
The paper observes the EU policy on copyright, focusing on how it is influenced by the populist movements and parties, that consider this topic as central in their political discourse. Indeed, they use the founding myths of Internet’s freedom to advocate and produce the erosion of the traditional spaces of intermediation. The work uses an interdisciplinary approach, analyzing from the standpoint of political theory and constitutional law the recent EU normative acts and proposals, and particularly the proposal for a Directive on copyright in the Digital Single Market [COM(2016) 593 final].
We will analyze what positions have assumed the main European populist parties, and if there is a single populist language on such issues. Particularly, the focus is on the European Pirate Parties – which were especially involved in the issue – also in comparison with two populist parties, which have reached the parliamentary majority in Italy, i.e. Lega Nord and Movimento 5 Stelle.
Even if populism is one of the most controversial in political science, we can identifying at least one crucial element: the creation of an artificial boundary between the ‘people’ and the ‘elite’. But in the field of copyright the construction of a clear boundary, between an elite front and an antagonist one, is complex, because the interests of the users and of big IT corporation can appear surprisingly linked to each other, though in a curious heterogenesis of purposes. Does this process hinder the populist discourse or exalt it, by making its voice more influential in the European policies? Can copyright be a paradigmatic ground to differentiate the right- and left-wing approaches of populism? To answer, the research investigates on the social actors that are instrumentalised by the populist discourse, as Wikipedia Italy, with its unprecedented ‘strike’, consisting in the obscuration of its pages. For example, a significant question is whether copyleft be an answer to the aforementioned contradictions of the discourse on digital freedoms. More deeply, this topic is linked to another ontological element of both the populism and the Internet: the erosion of the ‘intermediate bodies, which appears critical, in the domain of the internet, especially from the standpoint of the construction of the truth discourse. Indeed, as made evident by the ambivalent phenomenon of ‘post truth’, Internet seems to foster a trend where the truth discourse is no longer exclusively produced by the parties or institutions, but by people themselves, either - or perhaps at the same time - through ‘filter bubbles’ or through a general intellect widespread among the web which challenge traditional expertise.

- ODR and European courts. risks and opportunities in terms of equal access to justice and due process of law
Letizia Mingardo (University of Padova, Italy)
Digitalisation has emerged even in the field of dispute resolution, where the use of ICT has eliminated geographical distance between individuals and driven down the costs and time required by justice, largely in the sphere of civil law. It is thus that, in the field of ADR (Alternative Dispute Resolution), ODR (Online Dispute Resolution) has taken on a growing theoretical, and a rising practical, importance. It is a praxis in evolution, even in Europe, where we have, for example:
• the UE ODR platform for e-commerce disputes;
• the Justice42 Project for family disputes in the Netherlands;
• Her Majesty Online Courts for small claims disputes in the UK.
In the not too distant future, as Susskind suggests, ODR will be enriched with expert systems of mediation, conciliation, negotiation, arbitration and/or by other forms of Artificial Intelligence (AI), in which the activities of the third party could be co-adjudicated by, if not substituted for, machines.
In my opinion, by virtue of the transformative power of technology, ODR is already evolving into something totally “other” in respect to ADR, as Menkel-Meadow suggested. The main innovative character is its growing institutionalisation, as the phenomenon of “ODR in Courts” shows. As Katsh demonstrated, the spread of ODR from the private to the public sector, centering on courts, is an emerging and increasing phenomenon. Citizens now expect interactions with public entities to be as accessible and convenient as they are with many private bodies. As access to the internet is becoming widespread and algorithms are being designed to tailor legal information to the circumstances of a case, court costs could be reduced, and legal language and procedures could be simplified. These changes are bringing with them a new focus on data, which is creating the basis for courts to work with other entities to detect problematic patterns and address them in ways that were never before possible. As Corbett showed, the nexus of big data and ODR has revealed new insights into how the public prioritises frames for their conflicts and their preferred resolutions. In his opinion, creative integration of traditional and previously unaligned data will change the dispute resolution field with regard to its understanding of the dispute resolution marketplace, the surfacing of opportunities to satisfy that market, and the ability to monitor the resulting impact of interventions from the personal to broad societal levels.
By examining the international scientific debate, my presentation aims to introduce the state of the art of the access to justice guaranteed by ODR in Europe. In accordance with my particular point of view, that of a scholar in the Philosophy of Law, I will try to interpret the phenomenon of ODR, its risks and opportunities, especially in terms of equal access to justice and due process of law, in a common original theoretical framework. ODR is able to show, better than anything else, the global transformation of the concept of law in the digital era, and the fall of boundaries between Common Law legal theories, on the one hand, and Civil Law legal theories, on the other hand.

Session 6 – Data Protection, Privacy and Security in Comparative Perspectives

- The Russian Cybersecurity Strategy in Comparative Perspective
Mara Morini (University of Genoa, Italy)
Since 1990 Cyber Security has become an integral part of governments national defense, foreign and security policies and doctrines, contributing to the construction of a new complex domain of policies (Adamson 2016; Amoretti-Fracchiolla 2017; Sassen 2006). Nowadays the conflicts involving cyberspace are the most serious national security threats facing nations since the development of nuclear wapons in 1940s (Cobb 1999). From 2013 to 2018 the number of countries adopting Cyber Security Strategy increased considerably with a deepening of the qualitative dimension for budget, reorganization of institutional framework, the coercion, the rules and the disciplines of citizens life, choosing the level of trade off between security and freedom (Hawkins and Nevill 2017).
In this respect, national Cyber Security Strategies has the main characteristics, notions and contents of their goals, and mechanism of a public policy.
In this theoretical perspective, this paper offers a comparative analysis of the main features of the Cyber Security Strategies (CSS) adopted by the main actors of the International Community in order to shed light on the possible consequences for the IR.
In particular, the case of the Russian federation will be presented starting from the implementation of the main Doctrines (2000, 2010, 2014, 2016), and Strategies ( 2008, 2013,2014, 2015) where the concept of “Internet Sovereignty” underlines the ability of the Russian State to have control over the information space. The Russian government presents its cyber activity as entirely a defense policy i.e. a measure for countering external threats. Russians are at the forefront of research and innovation in this area and its cyber capabilities are higly advanced. As James Wirtz wrote: “Russia, more than any other nascent actor on the cyber stage, seems to have devised a way to integrate cyber warfare into a grand strategy capable of achieving political objectives” (2015: 31).

- Mapping the Right to be Forgotten in the territory of Freedom of Expression. A review of International and Domestic Case law
Ana Azurmendi (University of Navarra, Spain)
Last June the 8th, 2018, the European Court of Human Rights published the first resolution regarding the Right to Be Forgotten. It was based upon the case of two convicted murderers who finished their time in prison in 2008. Both of them asked Wikipedia and online versions of some German and American newspapers to clear their names related to the crimes they had committed for the sake of their newfound need for a good reputation.
The quick increase of cases concerning the Right to Be Forgotten blatantly puts over the table the need of a more balanced argumentation concerning this right and the right of Freedom of Expression in the Internet (Azurmendi, 2017; Youm and Park, 2016). Even if the General Data Protection Regulation (GDPR) presents legitimate conditions under which the Right to Be Forgotten can be applied, the truth is that the multiplication of cases invocating this right have evidenced a great deal of insufficiency about this regulation, especially because the actual cases present a very diverse range of situations (Cook, 2015; Balkin, 2016) which are not being contemplated by this law.
The main aim of this research is to map out the different kinds of argumentations for the Right to Be Forgotten which are in conflict with the right to Freedom of Expression that emerged after the sentence of the European Court of Justice, Mario Costeja v. Google in Spain, May 14th, 2014. This will be done by taking into account, on one hand, the diversity of cases linked to the Right to Be Forgotten and, on the other, the different perspectives adopted by the variety of Courts, International and Domestic a propos of this matter. As a consequence, the paper offers a proposal of argumentation that aims for a better foundation for those cases of conflict among the Right to Be Forgotten and Freedom of Expression. In order to propose a more balanced line of argumentation when comparing the Right to Be Forgotten and Freedom of Expression, we analyze two kinds of sources. First of all, we review the existing literature of this right, mainly publications after 2014, the year of the milestone sentence of the European Court of Justice, case Mario Costeja v. Google, Spain. Secondly, we analyze the jurisprudence of both, international and domestic, versing on the Right to Be Forgotten. We selected the European Court of Human Rights as one of the main International Courts dealing with conflicts regarding fundamental rights. The main tool for this examination is the HUDOC Database of the European Court of Human Rights. In terms of domestic jurisprudence we study the main cases on the Right to be Forgotten in Spain, France, Germany and Italy. Also, similar cases –even if the Right to Be Forgotten is not recognized yet- in the US, Colombia and Chile. For this revision of domestic jurisprudence we use the Database Westlaw.

- The Common Goods of Privacy and Data Governance
Anke Obendiek, (Hertie School of Governance, Germany)
The paper analyzes practices of justification in transatlantic data governance. In the governance of privacy and data, a plurality of regimes of worth exists due to inter alia cultural, social, political and institutional differences.
Theoretically, the article uses the analytical tool of “orders of worth” (Boltanski and Thévenot 2006) to grasp how actors use background knowledge to create and contest moral hierarchies. The concept assumes that under conditions of uncertainty, actors use higher normative principles to defend their cause and define legitimate and illegitimate justifications. The justification of particularist interests with universal principles creates ties to a specific community and its common good. Orders of worth not only highlight the different strategies of framing but also the constructions of the contested subject itself. The goal is to highlight both the internal contestedness of the substance of privacy, data protection and data as such and the contestedness of its governance. While the definitions of privacy and data in particular have been widely discussed in the literature, there is still a lack of attention with regard to the normative differences as applied in the governance of these issues.
The paper draws on secondary sources, such as academic articles, and primary sources, such as bilateral agreements, to derive different orders of worth in the governance of transatlantic data transfers. The paper reconstructs five different orders of worth, security, fairness, production, cosmopolitan openness, and national closure, which all highlight different normative principles that are tied to specific communities, such as humans, liberals or rationalists are used by different actors in transatlantic data governance. The orders of cosmopolitan openness and national closure correspond to a more general trend in global governance regarding whether actors consider issues as requiring domestic or global solutions (e.g Hutter et al 2016; Zürn 2018).
The paper aims to illustrate that different actors draw on different normative resources to legitimize their demands. However, while institutional conflicts often seem to play out between the European Union and the United States, there is considerable variation within these entities. Transnational coalitions seem to form referring to the same common goods, in particular the order of fairness and the order of security. This also highlights the significant role of private actors in the formation of these orders.
Finally, I will illustrate how actors attempt reconcile these divergent normative demands. I highlight the tensions that are built into the compromises actors form in response to manifest conflicts, for example in the dispute around Passenger Name Records. This case illustrates how the oscillation between different orders of worth in the EU influences the formation of a broader regime. This also points to the fragility of agreements in an area of governance where different and often irreconcilable conceptions of worth and community clash.

- Europe’s global blockchain leadership: strategies and conceptual framework
Marco Crepaldi (University of Turin, Italy)
On October 3rd, 2018 the European Parliament adopted a resolution on blockchain and distributed ledger technology (2017/2772(RSP)), point n. 77 reads: “Emphasises that the Union has an excellent opportunity to become the global leader in the field of DLT and to be a credible actor in shaping its development and markets globally”. This essay explores possible strategies to achieve the goal of global blockchain leadership while establishing a conceptual framework for this class of technologies. First, this paper argues that, while the EU parliament uses the terms blockchain technology or distributed ledger technology, a broader definition ought to be adopted, namely peer-to-peer distributed consensus systems (also, DCS), (Glaser & Bezzenberger, 2015). Second, as this technologies impact several legal fields such as data protection (Finck, 2017), money (Weber, 2014), corporations (Yermack, 2017), and contracts (Savelyev, 2017). This contribution explores some of its legal implication in the EU legal framework. For example, it is controversial whether this class of technologies could be adapted to the European legal framework, think, for example, as the clash of digital immutability and the new right of erasure of the GDPR (Pagallo & al., 2018). Consequently, we put forward a distinction between unregulated (and unregulatable) systems and regulated (and regulable) ones. Next, this article sheds light on the governance structures and power dynamics of popular systems in order to show how, some of them, lie beyond the reach of European Institutions. As the benefits of this technological innovation do not depend on a specific implementation we argue that the focus of the Union should, consequently, be on regulable systems. Third, this essay addresses the distinction between the governance of the internet and the governance of DCS. While some authors contend that the same structures implemented in the former could be transplanted into the latter (De Filippi & Loveluck, 2016), we disagree. Hence, the DCS landscape demands a different approach. Finally, we build on these premises and identify the following strategies to reach the EU parliament objective. (a) establish a framework supportive of DCS initiatives at the European level and outline some of its desired characteristics, in particular study and promote the adoption of secondary rules of change for DCS systems (Hart & Green, 2012; Pagallo, 2017). The proposed framework should encourage governance structures to be built from the onset into DCS while still allowing room for experimentation and innovation. (b) foster the development of an ethics of DCS as infraethics (Floridi, 2017). Europe should be wary of the ethics and ethos of many systems to move beyond the techno-anarchic, rightwing libertarian, and cyberpunk ideologies. (c) implement a trusted-point-of-entry (TPoE) for DCS applications. Arguably, a TPoE addresses the last-mile problem and enables the emerging of DCS standards, while also contributing to establishing new systems to transfer physical assets. The Union should move beyond the false dichotomy of decentralized vs. centralized systems and enable the flourishing of polycentric DCS implementations to harness the true potential of this technology and establish global leadership in the next generation of DCS applications.