ICC warns of serious flaws in the newly adopted UN Convention against cybercrime.
Last week the United Nations adopted the first comprehensive global convention aiming to combat cybercrime. ICC has been actively participating in these negotiations since the beginning of the process in 2021 – delivering substantive input on behalf of global business with the aim of ensuring that any new international instrument is truly effective in tackling criminal activity.
But the final convention, adopted by UN member states last week, failed to address many fundamental concerns raised by the private sector — posing far-reaching implications that could compromise cybersecurity, data privacy, and online rights and freedoms.
In particular, the global private sector notes with regret the direction taken in the final stages of the negotiations, with Member States unable to find effective solutions to address the risks posed in the adopted Convention, which risks to:
- Undermine privacy and freedom of expression by allowing data collection without proper safeguards and judicial oversight, violating rights and preventing individuals from challenging arbitrary access to their data;
- Stifle economic growth, reducing potential investment and innovation in digital services at a time when digitalisation is crucial for global socio-economic development, allowing for conflicting national rules that lead to high compliance costs and discouraging or even criminalising cybersecurity research;
- Jeopardise national security by increasing vulnerability to cybercrime through unchecked data collection, exposing sensitive information and enabling compelled assistance to breach security systems and weaken defences.
ICC Secretary General John W.H. Denton AO said: “Businesses worldwide invest heavily in cybersecurity measures, collaborate with law enforcement agencies, and innovate continuously to stay ahead of cyber threats. Despite this commitment and our consistent engagement in the UN negotiations over the past two years, governments have sadly failed to deliver global rules capable to tacking cross-border cybercrime collectively.
“We are deeply concerned that the new Convention will undermine collaborative efforts to fight cybercrime — raising broad risks of compromising national security, essential privacy safeguards and key investments in cyber defences.
“As such, we urge all governments to consider these fundamental risks carefully before proceeding with ratifying what is ultimately a flawed instrument.
“The global private sector remains steadfast in its commitment to preventing, detecting, and fighting cybercrime. To be clear, that effort needs to be backed by enhanced collaboration between governments — but sadly this Convention does not provide a sound or workable basis to strengthen the fight against criminal activity online.”