Recent years have seen a large number of cases (e.g. U.S. v. Microsoft, Google Inc. v. Equustek Solutions, CNIL V. Google Inc., Richter v. Google Inc., X v. Twitter) and controversial acts of legislation (e.g. NetzDG Law in Germany, New French Anti-Misinformation Bill) centered around conflicting jurisdictions and territorial over-reach in cyberspace. Common to these data sovereignty disputes is a challenge to the power of western democracies to control cross-border data transfers and offshore stored content either directly, or indirectly, through Internet intermediaries. Countries in the global south and east, including Russia, China, Brazil, and India, have taken a different approach, promoting policies of data localization, online monitoring, and bulk censorship. The rise of social media platforms and online service providers, and their development and deployment of cloud computing, virtual server hosting, and anonymized and encrypted communication software pose the most recent disruptive assault on the power and legitimacy of sovereigns to assert their legislative control and enforcement jurisdiction.
In Conflict of Laws and the Information Society, I make the argument that part of the reason for the failure to resolve the internet jurisdiction puzzle to date lies in the compartmentalization of the discourse. Internet intermediary liability scholars don’t engage mutual legal assistance scholars; intellectual property practitioners avoid their eDiscovery counterparts, who in turn ignore data protection specialists; Freedom of Expression professionals interested in content blocking and de-indexing find few opportunities to bridge the gap with their colleagues interested in access to user data by law enforcement. The result is a conversation conducted in isolation, each group of thinkers operating within their pre-defined silos. The concern is that, in the process, first order rules are conflated with second order rules, to a point where one is not able to think of private international law solutions separate from the subject matter being addressed. I thus try to argue that we have been barking up the wrong city: instead of a Digital Geneva Convention for cyberspace (which will inevitably fail), we need a Hague Convention on Jurisdiction, Applicable Law, Recognition and Enforcement in Respect of Data held with an Intermediary. Relying on the structure of existing Hague Conventions and the work of the Hague Conference on Private International Law, I attempt to sketch the contours of such a treaty to move the conversation further. In doing so I hope to further reconceptualize the meaning of the comity doctrine in the 21st century as well shed light on the presumption against extraterritoriality in cyberspace.