Authoritarians around the world increasingly use digital technology for malign purposes, and despite continuous human rights violations online, attacks on information integrity, and criminal data breaches, democratic states are still largely unable to build consensus on digital governance at the national, regional, and international levels. The international community faces widespread and complex challenges related to protecting democratic values online. Within this context, the 2022 cohort of the Open Internet for Democracy Leaders Program jointly developed the “UN Global Digital Compact submission from the 2022,” a formal set of recommendations needed actions to advance the democratic digital space.
The submission provided recommendations on how diverse stakeholder groups among government, media, civil society, and the private sector can work together to protect online digital spaces as it relates to the following topics: applying human rights online; avoiding internet fragmentation; digital commons as a public good; protecting data; and regulating artificial intelligence. According to the 2022 cohort, the protection of democracy and human rights in the digital age can only be achieved through multistakeholder dialogue and collaboration.
To that end, Marko Paloski, a systems engineer, and a 2022 Open Internet Leader representing North Macedonia, organized and led a virtual policy dialogue session on July 13, 2023, in coordination with CIPE. This session brought together professionals and experts across Southeast Europe working on the protection of democratic values for the first time. In line with CIPE’s Open Internet for Democracy Leaders Program, and the Internet Governance Forum-North Macedonia Initiative (IGF MKD), the session focused on ways to organize and advocate for the protection of internet freedom, with a particular focus on Applying Human Rights Online, Protecting Data, and Cyber Security.
Marko began the session by introducing the Open Internet for Democracy Leaders program and the UN Global Digital Compact Agenda and explaining the 2022 cohort’s submission to the GDC. Session participants then discussed the importance of safety, and discussed potential recommendations to support enforcement, and assist people in fulfilling their legal commitments regarding data protection; applying human rights online; accountability for online content; and AI regulations.
Participants agreed that there are a number of common patterns of challenges across SEE, including:
- Lack of understanding of data protection policies;
- Not enough trained personnel to work with and implement the policies;
- Better understanding and engagement of the governments with the tech sector;
- Lack of collaboration among the countries, especially neighboring countries; and
- Lack of National laws and frameworks.
In addition, session participants discussed general challenges regarding the lack of awareness among a broad spectrum of stakeholders; the lack of collective, coordinated laws and regulations governing digital rights; the lack of regulations that are tailored to the needs of specific industries; and the lack of resources needed to address these challenges.
The event highlighted the need to cooperate and collaborate between the countries in the SEE region and between the different sectors like the private sector, academia, civil societies, governments, etc. so we can better implement, adapt, and take advantage of the regulations. The organizers wanted to gather people familiar with the topic, to speak and raise awareness of the status, challenges, consequences, and more with the regulations that are set or that will be set in the future.
A call to action
Although the first of this kind in SEE, the session was successful in supporting raising awareness; sharing knowledge and different perspectives, as well as new information; and identifying key action points the group may pursue moving forward. With all session participants across the SEE region demonstrating their unity, and commitment to remaining active, Marko announced that, as coordinator of the IGF MKD initiative, he will organize additional dialogue sessions in the near future. The passion, persistence, and proactivity demonstrated by this community of industry experts reflect the collaborative spirit digital stakeholders must have to ensure that democratic digital spaces remain safe, open, and protected.
APPENDIX: Specific discussion points from the panelists
Panelist from DiploFoundation
The UN Secretary General’s initiative was quite “top-down,” but this is the agreement to create a new framework for the digital space. The plan is to adopt it in the Summit for the Future in 2024; it remains to be seen, however, whether that will occur. Importantly, the GDC does not exist in a vacuum; there are several existing mechanisms such as WSIS and the Tunis Agenda, which acted as starting points for the IGF.
Building consensus between the UN’s 100+ member states is challenging; therefore, it is important for us to manage expectations.
Cybersecurity Policy Expert - IMPETUS
- There are frameworks and policies in place that follow data protection best practices. There must be harmonization across the region, and across different sectors when it comes to implementing GDPR, and national regulatory frameworks, but the tendency of nation-states to “copy/paste” the GDPR is not an adequate solution.
- Various stakeholders protect data utilizing the framework, and understand/implement GDPR differently; therefore it is important to understand these different methodologies. The technical community says GDPR is a technical issue whereas lawyers say that it is a legal issue. For civil society organizations, it is more of a public interest and human rights issue.
- Do we need a specific working position that ensures practical enforcement of the provisions?
- Only a small-sized community is focused on technical aspects and higher-level discussions on open internet and data privacy. Going forward, IGF in North Macedonia should include more stakeholders.
“We learn only by making mistakes.”
Panelist from Digital World Summit-Greece
Greece is in a transition in terms of facing the digital reality. The country has lots of SMEs, which play an important role when it comes to data protection online. One challenge is many companies lack expertise on how to protect data—this is partly due to the financial challenges the country and the private are coping with.
To have global cybersecurity in a globalized world, a global approach is necessary. Nation-centered policies are limiting data protection standards and this “race-to-the-bottom” is a major problem. Several economies in the Balkans are trying to develop, making it hard to adhere to high standards of data protection while also trying to remain competitive. Because it is crucial to protect fundamental human rights (data privacy in this case) in the digital world.
Stakeholders from smaller countries like Greece and North Macedonia don’t always feel included in these conversations. That’s why regional or national dialogues are so important. UN/global bodies should also give more examples of how policies could be implemented. Oftentimes it is far too broad, and lacks specific policy prescriptions (i.e. cybersecurity laws will be applied very differently in Sudan vs Germany vs Greece). These implementation acts should also take into consideration countries with different levels of engagement.
Panelist from DCAF
Shared the book on Human Rights and Cybersecurity in the Western Balkans that was published last year, covering mainly the right to privacy, freedom of expression, right to assembly and association and anti-discrimination online. The book is comprehensive and sets out local and regional recommendations for each WB economy.
Faculty of Computer Science and Engineering - Skopje
- Copy/paste solutions are not the way forward. Policies need to be tailored to the needs of each country.
- Cybersecurity strategies need to align with broader regional strategies.
“Political challenges will destroy laws, regulations, and/or not having the human capacity to enforce them. All these issues are also very technical. So, when creating a strategy or framework, explaining the technical elements and enforcement procedures are essential.
Panelist from DiploFoundation
Cybersecurity and data privacy are becoming necessary to compete globally. In the Balkans, this is not understood or prioritized clearly. The Balkans need a high-level political understanding that goes hand-in-hand with cybersecurity and data protection. Serbia for example invested a lot in digitalization but didn’t invest as much in the other side of the coin at the start.
Questioned how we benefit from initiatives like GDC.
On the importance of the UN documents: that's why a UN document, endorsed by states, can be useful - it can go beyond a single government round or promise. We must think about how to use tools like GDC. Governments will endorse, and then diverse stakeholders can keep them accountable for that commitment.
Panelist from Cyber Security Excellence Centre
- We don’t have enough legal frameworks in Bosnia dealing with cybersecurity, but there are effective laws on protecting data privacy.
- It is important to have a cybersecurity framework in place to help everyone follow the procedures and protect data.