|Title:||Additional Protocol to the Convention on cybercrime, concerning the criminalisation of acts of a racist and xenophobic nature committed through computer systems (28 January 2003)|
|Topic:||Amendment to the Convention on Cyber Crime, integrating provisions on racist and xenophobic expressions through computer systems. However, this protocol is only binding to the signatory states of the protocol itself, which does not include all signatory states to the main Convention
|Direct / indirect relevance||Indirect. The liability and jurisdiction principles of the text indirectly imply an obligation to assess one’s risk with regard to the subject matter.|
|Scope:||Convention which is binding to the signatory states (which does not include all E.U. Member States, unlike the Convention) after the entry into force of the convention, which occurred on 1 March 2006.|
|Legal force:||Requires signatory states to provide the necessary privacy protection provisions in their national regulatory frameworks.|
|Affected sectors:||Generic; the provisions can be relevant to any entity involved with information systems and data processing, in view of the topic of the normative text.|
|Relevant provision(s):||Chapter III – Relations between the Convention and this Protocol
Article 8 – Relations between the Convention and this Protocol
1. Articles 1, 12, 13, 22, 41, 44, 45 and 46 of the Convention shall apply, mutatis mutandis, to this Protocol.
|Relevance to RM/RA:||Due to article 8, the Convention’s provisions on legal liability of legal entities and jurisdiction apply. As a result, legal liability can be imposed on legal entities for conduct in violation of the Protocol of certain natural persons of authority within the legal entity. Thus, the Convention requires that the conduct of such figures within an organisation is adequately monitored, also because the Convention states that a legal entity can be held liable for acts of omission in this regard.
Additionally, article 22 defines a series of criteria under which jurisdictional competence can be established. These include the competence of a jurisdiction when a criminal act is conducted by one of its nationals, if the offence is punishable under criminal law where it was committed or if the offence is committed outside the territorial jurisdiction of any State (art.22, 1, (d)). Thus, legal entities need to be aware of the applicable racism and xenophobia laws in any countries with which they have a formal link, even if they conduct no specific business there.