UNGA TAKES ON DIGITAL GOVERNANCE
For New Yorkers, the end of September brings chaos every year — traffic jams, road closures, VIP motorcades and no available tables at any decent restaurant on the east side. It’s not that easy to disrupt the operations of a city that hosts over 13 million people most workdays but it’s possible when world leaders gather at the UN Headquarters for the opening session of the UN General Assembly (UNGA). UNGA typically addresses a broad spectrum of global concerns — war, poverty, climate change, global economy and sustainability. This year was no different. Conflicts in the Middle East, Ukraine and great power conflict dominated, but as has been true in recent years, digital policy issues muscled their way onto the crowded policy agenda. Two specific initiatives were advanced: the Global Digital Compact (GDC) and the UN Convention Against Cybercrime. This article will provide a basic overview of these programs and assess their potential impact on the digital regulatory landscape in 2025 and beyond.
Global Digital Compact
The centerpiece of UNGA 2024 was the Summit of the Future, a project to adapt global cooperation to the realities of the modern world. It took place on September 22 – 23 and resulted in the adoption of the Pact for the Future, a policy document which articulates a vision for international collaboration on themes including peace and security, sustainable development, climate change, digital cooperation, human rights, gender, youth and future generations, and the transformation of global governance. The Global Digital Compact, incorporated into the Pact as an addendum, is a comprehensive framework for governance of digital technology and artificial intelligence. It charts a collaborative roadmap for harnessing the potential of digital technology and reducing digital divides based on six (6) guiding principles: Universal Connectivity, Human Rights Online, Digital Inclusion and Equity, Safe and Secure Digital Environment, Digital Innovation for Sustainable Development, and Fostering Trust in Technology.
To achieve these principles, the GDC sets objectives and actions in each of the following five categories:
- Expanding Digital Infrastructure Development, especially to underserved regions.
- Establishing global regulatory frameworks that guide the use and ethical development of AI
- Ensuring that data privacy rights are respected globally.
- Combatting misinformation, hate speech, and cybercrime through regulations, transparency mandates, and real-time monitoring systems.
- Promoting green technology initiatives and digital tools that combat climate change.
By adopting the Pact for the Future, to include the GDC, the UN is elevating data governance on the global diplomatic agenda. Nonetheless, both he Pact and the GDC are non-binding. As such, execution and enforcement of the principles contained in the GDC will only occur through national, regional and local legislation and regulation. Only time will tell whether member states will choose to take action on the objectives contained in the GDC and map their own regulatory vehicles to the GDC guidance.
UN Convention on Cybercrime:
On August 1, 2024, the UN Ad Hoc Committee on Cybercrime adopted the Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes (the “UN Convention Against Cybercrime”). This was the culmination of over five years of often contentious negotiation between two broad coalitions of nations with starkly different views of how such a treaty should be applied. Proposed by Russia in 2019, the Convention was initially opposed by signatories to the Budapest Convention on Cybercrime, the 2004 Council of Europe framework which established certain categories of cyber-crimes, established protocols of international cooperation and built safeguards to ensure civil liberties. Unable to prevent the UN convention from moving forward, Budapest signatories, such as the US, EU and others eventually joined the drafting process to ensure proper consideration of civil liberties and other provisions of concern.
The current draft outlines multiple objectives focused around controlling the use of technology that can facilitate firearm and drug trafficking, terrorism, and other transnational crimes. It stresses a need for member state coordination on legislative fronts to enforce the provisions of the convention. Critics claim, however, that the text’s scope is too broad, allowing countries to apply it to offenses beyond what were typically considered cybercrimes in the past. Opponents include human rights and privacy advocates and big tech companies. Both factions have concerns over text that says authorities investigating crimes in any nation are entitled to electronic evidence and ISP data from other nations. Privacy groups have expressed concerns of inappropriate monitoring of global information flows. Industry leaders are also concerned that it could keep security researchers from reporting vulnerabilities they detect in networks and other tech systems because they will be more likely to fear prosecution under the treaty’s language.
Though no formal action was taken on the UN Convention during High-level Week in September, it was the subject of much discussion. Despite all the controversy, the convention is expected to be adopted by the UN General Assembly in late 2024 or early 2025. Once adopted, the treaty will be open for countries to sign and will enter into force 90 days after the 40th country ratifies it. Some countries may need parliamentary approval to ratify the treaty. Nonetheless, it will remain controversial and global application and enforcement of the treaty will likely remain uneven with different countries selectively interpreting provisions that suit politically expedient purposes.