Internet Law and Protection of Fundamental Rights

By Oreste Pollicino, Giovanni De Gregorio and Marco Bassini

The protection of fundamental rights is increasingly relevant in the digital age. The massive spread of digital and algorithmic technologies raises inherently constitutional questions. Rights and freedoms are exposed both to the opportunities and challenges of digital technologies, thus leading to different constitutional responses. This book offers an overview of the most important challenges posed by the rise of cyberspace from a legal standpoint. After some preliminary chapters on the Internet landscape, it focuses on how the advent of digital technologies has impacted content and data, thus exploring the effects in terms of protection of freedom of expression, the right to privacy and data protection. By addressing these topics, this book aims to provide readers with a background to understand the constitutional issues raised by digital technologies.

• Language: English
• Publisher: EGEA Spa - Bocconi University Press
• Release date: Jan 1, 2023
• ISBN: 9788831322720

Book preview

Introduction

The protection of fundamental rights in the digital age is increasingly at the core of Internet law. The massive spread of digital and algorithmic technologies is raising questions that are inherently constitutional. Rights and freedoms are exposed to the opportunities and challenges of digital technologies, thus leading to different constitutional responses.

We believe that developing skills and expertise in this area is critical for law students, and this idea has driven us to work on this book based on our experience in teaching courses on Internet law and constitutional law at Bocconi University, particularly the LL.M. in Law of Internet Technologies. This book is a collective enterprise that is in line not only with our research interest but also with our teaching focus.

The book is structured in three parts. It begins by providing a focus on the primary questions around the Internet, particularly the regulation and governance of the digital environment, the jurisdictional challenge and the access to the Internet. The second part of the book examines the law of online content, looking at the protection of freedom of expression in the real and the digital world, the law of online intermediaries, the challenges raised by disinformation and hate speech and specific sectors such as copyright and audiovisual media services. The third part analyzes the field of privacy and data protection by looking at their historical roots, the role of the General Data Protection Regulation and specific challenges, particularly the right to be forgotten, data retention and the transfer of data.

We believe that the first edition of this book can provide our students with a benchmark for understanding the constitutional challenges of the digital age. The book can be a valuable resource for undergraduate and graduate courses such as advanced constitutional law, Internet law, fundamental rights, privacy and data protection. We also believe that this book can provide a first overview for entering this area and address the constitutional questions that the development of digital technologies has raised in recent years.

This volume is also the result of the work of our research team. They have played an important role in this project, particularly at the editing stage. Therefore, we would like to express our gratitude to Flavia Bavetta, Pietro Dunn and Federica Paolucci for their support and commitment to this project.

Last but not least, we owe a world of gratitude to our students at Bocconi University who were the inspiration for this book over recent years in various undergraduate and postgraduate courses where we had the chance to teach these thrilling subjects in an intellectually vibrant and genuinely committed community.

Part I

The Internet Landscape

1The Law of the Internet

1.1 Introduction

The advent of the Internet has triggered global transformations. Since the end of the 20th century, this new space has led to the consolidation of the information society, which can be considered a modern society whose progress is no longer strictly related to the production and distribution of material goods and services but is also of a digital nature. Data and information are the fuel of the economy of the new century, thus making digital services key to the development of society as a whole. Such a transformation would not have been possible without a global communication channel such as the Internet which has led to the paradigm shift from the analogue to the digital dimension or, in other words, from atoms to bits.

Developed from the military project ARPANet of the US Advanced Research Projects Agency (ARPA), the Internet spread during the 1990s thanks also to the creation of an architecture capable of simplifying the use of this means of communication: the World Wide Web. From a technical point of view, the Internet is a set of interconnected networks that form the so-called network of networks. The operation of the network is made possible thanks to the use of protocols that allow the various connected devices to be identified uniquely using an Internet Protocol number. The exchange of information takes place through data packets that constitute separate units capable of traveling independently and being exchanged conventionally through the TCP/IP protocol, while the resources found on the network are instead identified by a string of characters called the domain name.

TCP/IP stands for Transmission Control Protocol/Internet Protocol and is a suite of communication protocols used to interconnect network devices on the Internet. TCP/IP specifies how data is exchanged over the Internet by providing end-to-end communications that identify how it should be broken into packets, addressed, transmitted, routed and received at the destination. The two main protocols are the TCP, which defines how applications can create channels of communication across a network, and the IP, which defines how to address and route each packet to make sure it reaches the right destination. The IP address helps determine where to forward the message. TCP/IP thus uses a client–server model of communication in which a user or machine (a client) is provided a service, such as sending a webpage, by another computer (a server) in the network. The TCP/IP model is structured into four layers of communication for the transmission of the data packages: the physical layer; the network layer; the transport layer; and the application layer.

The development of this new digital dimension has led to the questioning of the role played by public and private actors in Internet governance. If, on the one hand, states have tried, and not always succeeded, to maintain their sovereign power within their own territory in relation to this new digital space, private actors, on the other hand, in particular supranational and multinational organizations, have extended their area of influence far beyond the confines of their headquarters. The law of the Internet then results from a mix of public and private influences that shape rights and freedoms in the digital age.

This framework has raised questions about the governance of the Internet. This chapter underlines the evolution of the debate around the law of the Internet. The first part addresses the libertarian approach that characterized the debate at the end of the 20th century (1.2–1.3). The second part examines the arguments against this libertarian approach and underlines the power of states and private actors to regulate the digital environment (1.4). The third part underlines the role of architecture as a possible means to regulate the digital environment (1.5). The fourth part focuses on the rise of the constitutional dimension of the Internet, particularly looking at the rise of Internet bills of rights (1.6) and new regulatory approaches to address the exercise of online platform powers (1.7).

1.2 The regulatory conundrum

One of the most debated questions posed by the rise of the Internet was whether, in view of the unprecedented decentralized and cross-border nature of cyberspace, states were still entitled to set and enforce rules governing conducts that take place online. 1995 is perhaps the year that marked the point of no return: the advent of browsers. Browsers retrieve, present and transfer information from the Word Wide Web in a visible and user-friendly way. As the Internet became popular, it was mainly understood as a land of freedom where individuals could employ new avenues for the exercise of a variety of human activities, most notably freedom of speech. In light of this view, any attempt to claim the applicability of state law was perceived as a threat to such freedom by a large group of activists who challenged states’ ability to extend their sovereign power over cyberspace. Among others, John Perry Barlow, one of the founders of the Electronic Frontiers Foundation, is among the most influential digital rights activists. In his famous A Declaration of the Independence of Cyberspace he wrote:

Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.

It is not by coincidence that Barlow wrote the Declaration in 1996 as a reaction to the coming into force of the Communications Decency Act (CDA). The CDA is the first Act passed by the United States Congress with the specific purpose to regulate cyberspace, and most notably with a view to preventing minors from accessing indecent and patently offensive materials on the Internet. This statute was definitely seen as a threat to the unprecedented degree of freedom that cyberspace was meant to provide. The Supreme Court judgment in Reno v. ACLU (521 US 844, 1997), which one year later invalidated significant parts of the CDA, contributed to strengthening cyberlibertarians’ convictions about the need to preserve Internet freedom. They saw the judgment as an act of enforcement of the First Amendment (which protects freedom of speech in the US Constitution) to its utmost degree, as the repeal of the first attempt to regulate cyberspace. Still today, the Declaration is regarded as the most powerful manifesto of the attitude vis-à-vis state regulation of the so-called cyberlibertarians. Barlow had no legal background, and the Declaration was not shaped in legal terms; however, this manifesto also proved influential among the first scholars who approached the rise of cyberspace and the regulatory dilemma.

Today, states are usually considered as able to enforce their legal norms in the real world and likewise on the Internet. Otherwise, cyberspace would amount to a free zone where conduct prohibited in the analogue world is tolerated just because it occurs on the Internet, where no state has authority. However, in 1996, it was hard to predict the actual development of cyberspace, including of its governance. The degree of novelty and the magnitude of the transformations generated by the Internet were seen as unprecedented. Perhaps other technological developments have caused similar challenges in the past. Indeed, like the Internet, the use of traditional media could definitely give rise to conduct having extraterritorial effects, thus triggering the problem of determining which state could properly assert jurisdiction.

Yet jurisdiction constitutes only one side of the coin. The next chapter will explore how courts dealt with the jurisdictional puzzle, particularly by resorting to traditional criteria or by adapting them to the digital reality. The other side of the coin concerns the unprecedented degree of freedom inherent to the availability of the Internet. Regardless of the jurisdiction conundrum, the Internet was fashioned as a metaphor of freedom, and the fear that regulation could undermine such freedom definitely influenced some scholars.

1.3 Cyberanarchy

David Johnson and David Post are by far the most important theorists of cyberanarchy among legal scholars. In a seminal article published in 1996 they argued that the rise of cyberspace, and therefore of cross-border communication networks, undermined both the feasibility and the legitimacy of applying laws based on geographic boundaries. By implicitly establishing cyberspace as a separate place, other than the real world of atoms, they maintained that new rules and institutions needed to be set. In rejecting the application of existing territorially-based laws and institutions, they also found self-regulation to be the most fitting option for the characteristics of cyberspace. They actually proposed that

established territorial authorities … defer to the self-regulatory efforts of Cyberspace participants who care most deeply about this new digital trade in ideas, information, and services.

The assumption behind this proposal was that cyberspace could build its own institutions and rules on a purely self-regulatory basis, separated from territorial jurisdictions. Geographical boundaries in law-making, in Johnson and Post’s view, do not make sense when it comes to cyberspace:

Cyberspace radically undermines the relationship between legally significant (online) phenomena and physical location. The rise of the global computer network is destroying the link between geographical location and: (1) the power of local governments to assert control over online behavior; (2) the effects of online behavior on individuals or things; (3) the legitimacy of the efforts of a local sovereign to enforce rules applicable to global phenomena; and (4) the ability of physical location to give notice of which sets of rules apply.

In other words, cyberspace is simply a place where distinct laws apply. These rules, however, should be established by the cyberspace participants themselves. The community of online users and Internet service providers (ISPs) should take on the task of developing a self-governance system. Against this background,

governments cannot stop electronic communications coming across their borders, even if they want to do so. Nor can they credibly claim a right to regulate the Net based on supposed local harms caused by activities that originate outside their borders and that travel electronically to many different nations; one nation’s legal institutions should not, therefore, monopolize rule-making for the entire Net.

Additionally, they noted:

Even so, established authorities likely will continue to claim that they must analyze and regulate the new online phenomena in terms of some physical locations. After all, the people engaged in online communications still inhabit the material world. And, so the argument goes, local legal authorities must have authority to remedy the problems created in the physical world by those acting on the Net. The rise of responsible law-making institutions within Cyberspace, however, will weigh heavily against arguments that would claim that the Net is lawless and thus tie regulation of online trade to physical jurisdictions.

But rules should not be identical everywhere in cyberspace. In the view of Johnson and Post, cyberspace also has internal borders; dividing lines can thus be created even between different spheres within the same digital realm. Therefore, there are more territories of spheres of activity within the cyberspace. The existence of barriers of such a nature allows for the development of distinct rule sets that may not only differ but also change and evolve over time. Since different communities exist in cyberspace, each one with its own set of rules, individuals can easily cross internal borders and relocate, moving among differing online spaces.

Finally, Johnson and Post believed that the new law created in cyberspace can be reconciled with current territorially based legal systems

by treating it as a distinct doctrine, applicable to a clearly demarcated sphere, created primarily by legitimate, self-regulatory processes, and entitled to appropriate deference – but also subject to limitations when it oversteps its appropriate sphere.

1.4 Against cyberanarchy

Along with Tim Wu, Jack Goldsmith ranks among the commentators most thoroughly opposed to the cyberlibertarian (or cyberanarchic) view supported by Johnson and Post. A landmark piece by Goldsmith, published in 1999 and entitled Against Cyberanarchy, directly challenges the conclusions reached by the Johnson and Post in their 1996 article. It is worth noting that Goldsmith wrote his piece in the aftermath of the Reno v. ACLU judgment delivered by the Supreme Court, when commentators were debating the true significance of the decision. As noted above, this judgment declared some provisions of the Communications Decency Act passed by Congress in 1996 – the first specific piece of content regulation applicable to the Internet – unconstitutional based on First Amendment rights. Some cyberlibertarians even claimed that this decision supported their arguments.

Goldsmith outlined the assumptions and the conclusions of the so-called regulation skeptics as follows:

The regulation skeptics make both descriptive and normative claims. On the descriptive side, they claim that the application of geographically based conceptions of legal regulation and choice of law to a-geographical cyberspace activity either makes no sense or leads to hopeless confusion. On the normative side, they argue that because cyberspace transactions occur simultaneously and equally in all national jurisdictions, regulation of the flow of this information by any particular national jurisdiction illegitimately produces significant negative spillover effects in other jurisdictions. They also claim that the architecture of cyberspace precludes notice of governing law that is crucial to the law’s legitimacy. In contrast, they argue, cyberspace participants are much better positioned than national regulators to design comprehensive legal rules that would both internalize the costs of cyberspace activity and give proper notice to cyberspace participants. The regulation skeptics conclude from these arguments that national regulators should defer to the self-regulatory efforts of Cyberspace participants.

According to Goldsmith, the regulation skeptics make three errors. The first error is that they overstate the differences between cyberspace transactions and other transnational transactions:

both involve people in real space in one territorial jurisdiction transacting with people in real space in another territorial jurisdiction in a way that sometimes causes real-world harms. In both contexts, the state in which the harms are suffered has a legitimate interest in regulating the activity that produces the harms.

The second error made by regulation skeptics, in Goldsmith’s view, relates to the specific option of self-regulation that Johnson and Post pointed out as the most appropriate solution to govern cyberspace. In this respect,

the skeptics do not attend to the distinction between default laws and mandatory laws. Their ultimate normative claim that cyberspace should be self-regulated makes sense with respect to default laws that, by definition, private parties can modify to fit their needs. It makes much less sense with respect to mandatory or regulatory laws that, for paternalistic reasons or in order to protect third parties, place limits on private legal ordering.

Finally, Goldsmith observed that the skeptics underestimate the value of traditional legal tools and technology in respect of cross-border regulatory issues implicated by cyberspace:

Cyberspace transactions do not inherently warrant any more deference by national regulators, and are not significantly less resistant to the tools of conflict of laws, than other transnational transactions.

He argued, therefore, that regulation of cyberspace is both feasible and legitimate, as opposed to Johnson and Post’s views. It is worth noting that Goldsmith does not delve into whether regulation per se is desirable, nor does he consider which type of regulation may be more appropriate to secure goals such as protection of freedom of speech and democracy. In a nutshell, his view is that in cyberspace there is no exceptionalism justifying a rejection of traditional regulatory schemes. It is not by coincidence that in his 2002 response to Goldsmith’s article, David Post (in an article titled Against ‘Against Cyberanarchy’) specifically defined this approach as unexceptionalism.

Post, claiming to be an unrepentant exceptionalist, specifically addressed two points in Goldsmith’s article. On the one hand, he challenged the idea that cyberspace is functionally identical to transnational activity mediated by other means such as mail or telephone. On the other hand, he disputed the capability of traditional principles and legal tools to capture problems arising in cyberspace. According to Post, no matter whether something happens in cyberspace, the questions posed by cyberspace are different and more difficult than those in the analogue world and cannot be solved using solutions applicable to the latter.

Besides Johnson, Post and Goldsmith, other scholars participated in this seminal debate that flourished in the second half of the 1990s in the United States. Trotter Hardy, for instance, called for the decentralization of the mechanisms by which behavior is regulated in cyberspace. In his view, some of the problems of cyberspace are genuinely new because they are unprecedented in the physical world, while other problems are new because they occur more frequently (e.g., anonymous messages) and require proper solutions. To determine such solutions, he endorsed decentralization as the most flexible and least intrusive rule-making process, particularly fitting in light of the evolving nature of cyberspace. A decentralized private regime is supposed to be more efficient and to properly complement top-down rules.

Other commentators such as Joel Reidenberg have pointed out that, in relation to cyberspace, other sources of rule-making come into play in addition to law and government regulation. He argued that user preferences and technical choices actually create default rules. These rules, imposed by technology and communication networks, constitute the so-called Lex Informatica. Such Lex Informatica may help resolve some of the issues emerging in cyberspace that traditional legal solutions fail to properly tackle, in light of its flexible and adaptable nature. Architecture itself can embody rules that allow the preservation of public order values. For this reason, policymakers should consider and recognize the Lex Informatica as a viable tool for the definition of information policy rules.

1.5 From the law of the horse to code is law

In addition to the debate between exceptionalists and unexceptionalists on the feasibility and legitimacy of state-centered regulation of cyberspace, another remarkable and intertwined debate concerned the need for a separate branch of law for cyberspace.

This key question was first raised by Judge Frank Easterbrook in a famous speech given in 1996, when he argued that there was no more need for a distinct law for cyberspace than there was a need for a separate law of the horse. Easterbrook framed this metaphor to substantiate his view that the best way to learn the law applicable to specialized endeavours it to study general rules. In his opinion,

lots of cases deal with sales of horses; others deal with people kicked by horses; still more deal with the licensing and racing of horses, or with the care veterinarians give to horses, or with prizes at horse shows. Any effort to collect these strands into a course on The Law of the Horse is doomed to be shallow and to miss unifying principles.

According to Easterbrook, there is a risk of multidisciplinary dilettantism and no added value derives from thinking in particular about how law and cyberspace connect. Moreover, he noted that creating specific rules for cyberspace might be useless in light of the swift developments occurring in this specific field: this would likely make the rules established by lawmakers at a given time outdated and no longer fit for an environment subject to significant evolution that lawyers poorly understand. Thus, Easterbrook’s argument was to

do what is essential to permit the participants in this evolving world to make their own decisions. That means three things: make rules clear; create property rights where now there are none; and facilitate the formation of bargaining institutions. Then let the world of cyberspace evolve as it will, and enjoy the benefits.

In direct response to Easterbrook, in 1999, Lawrence Lessig wrote a detailed explanation of what cyberlaw might teach and why there are good reasons to think about law in cyberspace. First of all, Lessig rejects the view that cyberspace is unregulable. In his view, both the assumption that the nature of cyberspace is fixed and the assumption that governments can do nothing to change its architecture are wrong. This is why Lessig focuses specifically on how regulation can be conducted in cyberspace, starting from the observation of inherent differences between the analogue and the digital worlds that may frustrate the effectiveness of legal norms (for example, he points out that anonymity may to a certain degree be preserved online, thus allowing minors to engage in conduct or activities otherwise prohibited).

According to Lessig, behavior is regulated by four types of constraints in the physical world: legal norms; social norms; the market; and architecture. The latter factor consists of the physical world. The same paradigm is reproduced in cyberspace, where the architecture corresponds to the code, that is, the software and hardware that make cyberspace what it is:

The substance of these constraints may vary, but they are all experienced as conditions on one’s access to cyberspace. In some places, one must enter a password before one gains access; in other places, one can enter whether identified or not. In some places, the transactions that one engages in produce traces that link the transactions (the mouse droppings) back to the individual; in other places, this link is achieved only if the individual wants. In some places, one can select to speak a language that only the recipient can hear (through encryption); in other places, encryption is not an option. The code or software or architecture or protocols set these features; they are features selected by code writers; they constrain some behavior by making other behavior possible, or impossible. They imbed certain values, or they make certain values impossible. In this sense, they too are regulations, just as the architectures of real space code are regulations.

The four modalities operate and interact together. Each modality, according to Lessig, has both direct and indirect effects. It has indirect effects in the sense that it impacts on other modalities of regulation. Therefore, law and code (the most important constraints) can indirectly change each other and, in this way, ultimately change how behavior is regulated. Lessig believes that when it comes to cyberspace, the optimal mode of regulation is different from that applicable to the physical world. Cyberspace can be regulated through its architecture. The regulation of code is thus the most effective tool that law might use to regulate behavior online.

Murray went even further, underlining how the effectiveness of such regulation depends not only on the modality of regulation (e.g., network architecture) but also on the power that each point of the network can exercise over other points. It was already clear that the Internet would not entirely overcome state regulation. Nonetheless, public actors are no longer the only powerful regulators; they are just one piece of the fragmented framework of online governance. Even if states have not lost their power over the digital environment, there are new actors who are also expressing their influence on the digital environment. Online platforms in particular have become more influential, operating in the shadow of governments. They have developed their functions as proxies or delegated entities of public authorities to enforce public policies online or exercise autonomous functions that rely on the mix between market power and technological asymmetry.

Therefore, there are definitely good reasons to think about law and cyberspace (and therefore about Internet law): twenty-five years after the advent of cyberspace, we have witnessed countless developments that have brought to light the peculiarities of the digital environment.

1.6 From the regulatory dilemma to the rise of Internet bills of rights

The starting point for thinking about the relationship between the Internet and law has to be set at the origins of the debate on Internet regulation. The relevant literature shows a common, seminal research question, that is, whether states were entitled to claim their sovereignty over the Internet and to regulate it. Some early judgments (including the very well-known Yahoo! v. LICRA saga) dealt with the task of allocating among national courts the power to assert jurisdiction over cases involving the use of the Internet.

Yahoo! v. LICRA, as will be discussed in the next chapter, concerned the case of the sale of Nazi memorabilia through the Internet. Whereas the sale of such items is not illegal within the United States, due to the strength of First Amendment guarantees of free speech, it represented a crime in France: therefore, the Paris Tribunal de Grande Instance ordered Yahoo! to cease the provision of those goods to French citizens. Yahoo! argued that French law should not apply to it, since the servers it used were based in the United States, and that the French Tribunal’s order infringed its First Amendment rights. The US Appeals Court for the Ninth Circuit eventually held that Yahoo! had to comply with such an order.

These issues were of utmost importance at the time, since – as noted above – some commentators argued that the characteristics of the Internet were of such a nature as to make it incompatible with state regulation, and the Internet could therefore dismantle or undermine states’ powers, weakening or even setting aside sovereign claims to regulate cyberspace and the power of domestic courts to adjudicate cases.

States proved to be capable of enforcing their own laws with respect to the Internet and the activities carried out thereon. There have been some examples of governmental interference with the functioning of the Internet, thus revealing that states have managed not only to lay down certain rules and policies for the Internet, but also to require service providers to enforce the same (ISPs’ actions to arrange filtering measures in China is very telling in this respect). Digital players and most notably ISPs, whether as a long arm of public authorities or autonomously because of their growing market power, have thus become more and more influential.

In fact, once it had been ascertained that its flourishing was not going to result in a crisis for constitutional states, the Internet was no longer considered a subject deserving strong public regulation. On the contrary, private law significantly influenced the Internet and its functioning, particularly by means of the principles and rules governing the liability of online platforms. The debate thus shifted from the regulation–governance dilemma to a different one, relating to the protection of fundamental rights on the Internet.

Among others, Teubner has described the emergence of a number of civil constitutions as a real trend on a worldwide scale, where several autonomous subsystems of world society would undertake a process of constitutionalization. Teubner pointed out that an Internet constitution (different from the traditional political constitutions) would be the proper sedes materiae of digital constitutional principles and norms. In his view, these principles would have to be set forth in the process of constitutionalizing the Internet – a process which would determine, most crucially, whether

business operators, even stimulated by economic stimulation in private–public co-regulation, should be entrusted with deciding on the limits of human rights.

Teubner also predicted a debate on the horizontal effect of fundamental rights, which according to him would allow individuals to assert their claims vis-à-vis political bodies and social institutions, in particular centers of economic power.

In the wake of Teubner’s view, Internet activists, members of international fora and supporters of Internet freedom have called for the adoption of an Internet bill of rights: notably, an international covenant binding both public and private actors to secure the protection of individual rights. Many propositions have been made in this respect, even among public authorities, such as in Brazil and Italy. Behind this stance is the idea that human rights have to be effectively protected (and thus enforced) visà-vis public authorities but also private actors. As the following chapters will show, this is one of the most important issues in the current debate, which is increasingly discussed in light of the alleged public nature of the services provided by operators such as social networks and search engines.

Thus, if the original concerns were related to possible governmental interference in the sphere of freedom that the cyberspace has created, there is a now a broader focus on the role of private actors, such as ISPs, which de facto act as private powers. The recent calls for more in-depth regulation, most notably in the European Union, witnessed by the proposal for a regulation known as the Digital Services Act, reflect this renewed attitude vis-à-vis the role of traditional institutions and rule-making processes. It goes without saying that governmental regulation should be consistent with the protection of human rights such as freedom of speech, which has found new avenues for its exercise on the Internet. However, it seems that national constitutions and international human rights charters and covenants (such as the Charter of Fundamental Rights of the European Union and the European Convention on Human Rights) have proven to incorporate proper safeguards, even if they were drafted before the rise of the Internet and despite the largely unsuccessful attempts to revise the relevant wording in order to encompass the digital world.

It should not come as a surprise that Internet law is mainly made up of case law, where courts have had to tackle the difficulties of enforcing in the digital age rules and principles established in the atomic world. The remarkable degree of legislative inertia in this field has definitely contributed to making courts the true playmakers of the shift to the digital world. Not by chance, important legislative reforms have been preceded by landmark cases where courts have had the chance to interpret old-fashioned legal provisions in light of technical developments and with a view to safeguarding the protection of human rights.

1.7 The constitutional dimension of the Internet

The Internet has increasingly challenged the protection of rights and freedoms, thus raising questions for constitutionalism in the digital age. In terms of speech, the digital environment has become a primary channel for individuals to exercise their rights and freedoms, especially freedom of expression. The Internet and related services have fostered the dissemination of information, increasing the opportunities of each individual to share ideas and opinions on a global scale without the infrastructural costs and content filters of traditional media outlets.

A technological optimism characterized the early days of the digital environment. At that time, the Internet promised an emancipation of the public sphere and democracy from public controls through decentralization and anonymity. This positive trend was confirmed in countless numbers of cases. It would be enough to mention how social media and search engines have provided irreplaceable tools for exercising the two sides of freedom of expression, precisely the right to inform and that to be informed. Online speech has shown its ability to influence elections, to expand the exchange of new ideas to a global scale, and to support minorities and political movements as an instrument of emancipation, such as during the Arab Spring. While at first glance this picture would suggest that the digital environment has enhanced freedom of expression while emancipating individual freedom from the interference of public authorities, a closer look reveals that the flow of information online is not without control. In recent years, states have taken steps to regulate online speech to tackle extreme content or the spread of unauthorized copyright content. In some cases, public actors have also relied on shutting down the Internet extensively despite the economic consequences.

Nonetheless, the control of online speech is not merely related to online censorship by public authorities that are already subject to constitutional obligations. The exercise of power over information also concerns private actors. Although the Internet has enhanced access to different types of information, this positive effect is lessened by a substantial restriction in the autonomy of users that are subject to governance of online platforms. Unlike public actors, online platforms are not required to ensure the same constitutional safeguards when they take decisions over the organization or removal of speech online. These actors can enforce and balance the vast amount of online information outside any public safeguard, primarily the rule of law, as also shown by the blocking of Donald Trump’s accounts by Facebook and Twitter.

In this respect, scholars have repeatedly highlighted the significant shift from a dyadic to a triadic paradigm. Whereas 20th-century speech regulation saw an interaction between two actors (i.e., the state governing and regulating speech and individuals seeking to enjoy their freedom as fully as possible), 21st-century speech regulation has seen the rise of a third, increasingly relevant class of actors, represented by the private owners of digital infrastructures. Thus, in Balkin’s own words, today free speech is a triangle.

These considerations can also be extended to the field of data. At the end of the 20th century, the digital environment was considered a space to ensure the protection of privacy through anonymity and decentralization, which was seen as a way to protect freedoms from public interference. However, this framework of anonymity and decentralization has not been an obstacle for public actors, which have increasingly relied on the digital environment as an instrument of surveillance. The case of Snowden is just one example not only of the consolidation of a surveillance society, but also of the cooperation between the public and private sector in the field of data surveillance.

The paradigmatic idea of a public panopticon can be considered one of the primary concerns in the digital age. However, as in the case of freedom of expression, public actors have not been the only source of concerns about privacy and personal data. At the end of the 20th century, the development of new processing technologies driven by neoliberal narratives has allowed the rise of new business models based on the processing of multiple kinds of information, including personal data, which are increasingly collected, organized and processed not only by public actors for the pursuit of public tasks but also by businesses for purposes of profit. The processing of personal data has already highlighted serious constitutional challenges at the beginning of this century, especially with the evolution of profiling technologies. In this framework, online platforms play a critical role due to the vast amount of data they process and organize. Even if not exclusively, their business model is based or highly relies on the processing of data for profiling purposes to make profits from advertising revenues, targeted services or analysis of data. Like in the field of content, the value of data in the algorithmic society can be understood by focusing on artificial intelligence systems providing opportunities for extracting value from the processing of vast amounts of (personal) data.

The development and implementation of algorithmic technologies have increased concerns about the protection of fundamental rights. Furthermore, such challenges concern not only individual rights but also democratic values. For instance, the Cambridge Analytica scandal showed how these constitutional challenges also involve the collective interest and, more generally, democracy.

1.8 Conclusions

The advent of the Internet has increasingly shaped daily lives. This space has not only provided new opportunities but also raised critical challenges for the protection of rights and democratic values. This is why questions about the governance of this space have been at the center of the debate. At the end of the 20th century, the positions were primarily oriented towards allowing the Internet to follow its own path, primarily driven by self-regulation. This framework has been challenged by different public and private actors that have demonstrated how it is possible to exercise power on the Internet.

From a libertarian approach to the Internet, the debate has moved towards a different perspective on the law of the Internet by focusing on regulation of the architecture and the actors governing this space. In this case, the question is not only about whether the law applies to the Internet but also how different actors express their powers over this space. In this case, the primary concerns are related not only to the exercise of traditional public powers but also to new private interference with fundamental rights and democratic values.

Therefore, the focus has shifted towards the process of constitutionalization of the Internet, particularly looking at bills of rights. This has been just a first step that underlines the constitutional dimension of the Internet. The Internet has led to the amplification of rights and democratic values, thus raising questions about the role of constitutionalism in the digital age.

2Internet and Jurisdiction

2.1 Introduction

The first chapter of this book illustrates how scholars faced the rise of cyberspace and its impact on legal categories and, most notably, state sovereignty. In spite of some calls for cyberanarchy, the advent of the Internet did not deprive governments of the power to regulate activities and conducts taking place in the digital realm. As one can easily notice in everyday life, territorial borders still matter and make a difference. However, a key problem that arose in the late 1990s concerned the definition of criteria for states to assert jurisdiction in cyberspace. At least at the very beginning, this problem did not concern prescriptive jurisdiction (i.e., the ability of states to exercise their rule-making authority over a particular conduct or individual) but rather adjudicative jurisdiction (i.e., the power of courts to hear and adjudicate a specific matter) and enforcement jurisdiction (i.e., the ability of governments to ensure compliance with certain measures adopted by state authorities).

The ability of courts to assert their jurisdiction (and then, implicitly, the relevant national law) contributed to weakening the claim that cyberspace was a land of anarchy where states had no ability to impose their own laws and regulations. This chapter will show