International Journal on Criminology Volume 7, Number 1, Winter 2019/2020 | Page 21

International Journal on Criminology
23, 2018, provides that data can only be transferred in certain specific cases (prosecution
and prevention of serious offences; precise identification of the information
requested and the individual in question), it is necessary to remain vigilant.
Therefore, overlaying geopolitical competition between the most powerful
countries is a confrontation taking place in cyberspace, within a curious mixture
of defense of national sovereignty and a quest for the widest extraterritoriality.
One should not overlook the threat that an oligopoly of companies will capture
data and use their dominant position to obstruct new players. Apart from these aspects,
there are also “creeping” extraterritorialities related to digital technologies.
The most dramatic example here is the United States.
France is reacting to this phenomenon by bringing in legislation that on
the one hand protects its information systems via the Directive on the Security of
Network and Information Systems (NIS), which was transposed into French law
in February 2018, and that on the other hand protects the country’s personal data
via the General Data Protection Regulation (GDPR), which has an extraterritorial
dimension since it imposes on all companies measures to protect personal data.
European legislation falls within a sovereignty-based approach, starting with that
of each member state in relation to its personal data.
I. Progress and Perspectives
The European Union has mechanisms for police and judicial cooperation
that facilitate the fight against vulnerabilities. The European Union detected
the issues surrounding cybercrime very early on. For this reason, in January
2013, it set up the European Cybercrime Centre within Europol (European
Police Office). The main objective of this center, which is also known as EC3, is
therefore to fight cybercrime.
In terms of legislation, it should first be recalled that the Council of Europe’s
so-called Budapest Convention on cybercrime, which was signed on November
23, 2001 and ratified in France on May 19, 2005, remains the binding international
instrument of reference in the fight against cybercrime.
The drafting of a second additional protocol to this convention 8 has been
under way since September 2017. The protocol envisages measures that aim to
simplify judicial cooperation between the fifty-six countries that are parties to
the convention and to facilitate direct cooperation with internet service providers
from other member countries. Particular areas under study are greater opportunities
for cross-border access to data by investigative services, a simplified
framework for mutual legal assistance requests concerning subscriber data, and a
formalization of emergency procedures.
436 (2018).
8 Pierre Berthelet, “Aperçus de la lutte contre la cybercriminalité dans l'Union européenne,” Revue de
science criminelle et de droit pénal comparé 1 (2018): 59.
16