New technologies and legislation: speed of developments vs. legal adaptations
From self-driving cars to AI and new forms of cybercrime: new technologies are developing faster and faster. And so are the legal challenges, particularly since the legislator is usually only able to react, and not to proactively set the course in this field.
One reason is because "good laws" require an established democratic legislative process, which is of course one of our most important achievements as a society. But as a consequence legislation in new areas often lags, so lawyers are required to advise in an ever-changing and adapting environment.
A good example of how technical developments and legal regulations deviate are cybercrimes, which have been on the rise in Austria. In 2018 alone, cybercrimes increased by around 17 % compared to 2017 and the trend is continuing. According to the latest figures from the Austrian Ministry of the Interior, internet crimes increased approximately 45 % in 2019! Cybercriminals are now also taking advantage of IT weaknesses and the COVID-19 crisis, as many companies have switched to home office and remote working without having adequate IT security standards in place. The trend will thus continue.
Protection from cybercrimes under Austrian criminal law still has room for improvement, especially when it comes to protecting digital business secrets. Oftentimes victims even have to investigate incidents without the support of the public authorities, as the most relevant offences are subject to private charges. This means that neither the prosecutors' office nor the police undertake criminal investigations but instead leave the victim to clarify the facts of the case. Victims therefore face major factual and legal hurdles, because private persons cannot apply the same investigative measures as public authorities and investigations are limited by budgets that preclude the necessary hiring of external IT experts.
Moreover, cybercriminals usually operate internationally (e.g. attacking Austrian IT systems from abroad), which raises questions about jurisdiction, i.e. is Austria competent to prosecute crimes committed in the global virtual world? Nevertheless, Austrian criminal law generally applies only if the perpetrator either acted in Austria or the effects of the crime occurred or should have occurred in Austria. As criminal acts in the virtual world (e.g. an insult on Facebook) are usually available on the global internet, the question arises as to whether the mere availably of illegal content in Austria is a sufficient link to constitute Austrian criminal jurisdiction. Hence, it is debatable if the provisions of international jurisdiction in the Austrian Criminal Code still fit such new forms of criminality.
Draft bill "Hass im Netz"
To counter the developments of cybercrime, the Austrian legislator introduced the "Hate on the Internet" initiative (Hass im Netz) and in September 2020 published a draft bill aiming to increase protection against hate speech on the internet by establishing a quick proceeding, increasing fines and providing certain investigative measures for private persons. The draft bill also requires online platforms such as Facebook to establish internal review procedures to ensure that illegal content will be swiftly deleted or blocked, which naturally requires the platforms to assess the legality of the respective content and to make a decision. The draft bill has therefore been criticised as restricting freedom of speech and for delegating responsibility to private platforms instead of public institutions. It remains to be seen when and how the draft bill will be implemented into Austrian law.
These developments show that cybercrimes do not only require the legislator but especially us as lawyers to keep up-to-date on technical developments, to find new ways to interpret and work with existing laws to cover innovations, but also to be aware of the statutory limitations of fundamental rights. This ability to adapt and be aware is one of our main challenges and requires us to think outside the box and have an in-depth understanding of clients' needs in an ever-changing environment.
"Cybercriminals usually operate internationally (e.g. attacking Austrian IT systems from abroad), which raises questions about jurisdiction, i.e. is Austria competent to prosecute crimes committed in the global virtual world?"