![]() ![]() To transfer such data to an arbitrator in a third-party country, the party may be required to put in place appropriate safeguards to protect those emails. For example, a party’s evidence may include emails between persons based in the EU and that contain personal, protected data under the GDPR. Personal data transfers can trigger a complex web of different legal regimes with strict rules on when and how data can be transferred internationally. finally, while ICSID’s recently released 2022 Arbitration Rules do not mention cybersecurity or data protection explicitly, amended Rule 29 now requires tribunals to seek views from the parties on ‘the treatment of confidential or protected information’ before the first session.īeyond the importance of protecting data for its own sake, parties and counsel should be aware that various mandatory data protection regulations may arise at different stages of an arbitration or affect certain participants but not others.yet a third group of institutions has introduced additional measures – the AAA-ICDR, for example, requires arbitrators on its panel to complete mandatory cybersecurity training, and CPR offers parties access to an encrypted email service and.a growing number of institutions, including the SCC, the AAA-ICDR, the Thai Arbitration Institute and the ICC have launched bespoke case management platforms, such as the ICC’s recently launched Case Connect, to securely centralise file sharing, thereby eliminating risks associated with the use of email.the HKIAC, LCIA, CAM-CCBC, DIFC-LCIA, CPR, DIS and the Swiss Arbitration Centre, for instance, now either require or encourage tribunals to consider appropriate measures or issue binding directions to enhance information security and protect personal data at an early stage in the proceedings (typically before or during the first procedural conference).Arbitral institutions have also taken steps to tackle cybersecurity risks:.The protocol provides sample language to address information security issues that can be incorporated into arbitration agreements, agendas for case management conferences, procedural orders and post-arbitration dispute resolution clauses, as well as a procedure to notify and deal with data breaches based on the GDPR. The ICCA-NYC Bar-CPR Protocol on Cybersecurity in International Arbitration, originally launched in 2019 and updated in 2022, provides a framework for participants to agree on reasonable cybersecurity measures for their dispute (eg access controls, encryption and security incident management).Fortunately, parties and arbitrators now have an array of instruments available to guide them. ![]() These risks highlight the importance of giving thought to how to protect data in an arbitration proceeding. ![]() Anecdotal information also suggests that there have been arbitrations where the case database was leaked or hacked into, which may have been preventable if appropriate safeguards had been put in place. Although the information was derived from hacking, the tribunal permitted the claimant to adduce non-privileged documents obtained from that leak, as no rule or guideline prohibited the tribunal from exercising its discretion to admit evidence obtained through such questionable means. That same year, in Caratube v Kazakhstan, confidential information was leaked from the Kazakh government’s IT system and the claimant eventually obtained some of the leaked documents. Malware planted on the section of the PCA’s website devoted to the China–Philippines maritime boundary dispute posed a potential risk to visitors, causing the PCA’s website to go off-line for a week. In 2015, hackers attacked the PCA’s website. The prevalence of online hearings and electronic records in the wake of COVID-19 has brought renewed awareness of cybersecurity and data protection risks, a trend that will continue into 2023 and beyond.Ī 2022 ICC survey on the use of technology in arbitration demonstrated that most arbitration users now support adopting specific measures, such as encryption, to safeguard the privacy and security of electronically stored information.ĭata breaches may pose a real risk to the integrity of arbitration as a dispute resolution mechanism. The politically and commercially sensitive nature of arbitration disputes, which are often confidential, makes them an attractive target for hackers. As we reported in our 20 Trends Reports, data protection and cybersecurity are becoming focal points in international arbitration. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |