JURISDICTION AND E

COMMUNICATIONS LAW AND POLICY- INTERNET AND TELE

10/2/2024

GROUP 2
Submitted To: MS. MERCY MUENDO
 LLB 403

GROUP 2 MEMBERS

1.Abbigail Omondi 21-2739

2.Shaleen Anjiro 21-2094

3.Stacy Samantha 21-2033

4.Collins Kaberia 21-2368

5. Nelly Kerei 21-1313

6. Barbara Mugambi 21-2575

7. Stacey Mugambi 21-2363

8. Hope Kilwake 21-2482

9. Keren Wasike-21-2467

10. Jelimo Simotwo 21-2468

APPLICATION OF THE DOCTRINE OF JURISDICTION

According to the Black’s Law Dictionary, Jurisdiction is ‘a court’s power to decide a case or
issue a decree.1It involves determining which legal framework applies to activities that
traverse national and international boundaries, including issues related to data privacy,
cybercrimes, and telecommunications regulations. Without jurisdiction, a court has no power
to make one more step. Where a court has no jurisdiction, there would be no basis for a
continuation of proceedings pending other evidence.
In Bloggers Association of Kenya (BAKE) v Attorney General & 3 others; Article
19 East Africa & another (Interested Parties) 2 where the constitutionality of certain sections
of an Act related to privacy and cybercrimes. It presents arguments about the legality of
police actions, the protection of privacy, and the limitations on freedom of expression. 3 The
court references specific sections of the Computer Misuse and Cyber Crime Act,4 such as
Section 53, which empowers police officers to obtain content data from electronic
communications for specific investigations.
This raises jurisdictional considerations regarding the collection and regulation of data
within telecommunication networks and digital platforms. This case also emphasizes on the
need for clear definitions and safeguards in the Act to ensure that jurisdictional boundaries
are respected. The court also referenced R. v. Vice Media Canada Inc. 5 which supports the
legality of police obtaining ex parte production orders compelling media organizations and
journalists to hand over instant messages exchanged with suspected terrorists.
This case is used as a reference point to illustrate the legal basis for such actions and their
compliance with jurisdictional principles in the context of internet and telephony law.

APPLICATION OF THE DOCTRINE OF JURISDICTION IN THE INTERNET

1. CONTEXT BY USA

The doctrine of jurisdiction is a primary concept in private international law that establishes
the power of a court to hear and determine a case involving parties with connections to
multiple countries. The application of this doctrine is more complex in the context of internet
issues due to the frontier-free nature of online activities. In the United States, application of
1
Bryan A Garner, ‘Black’s Law Dictionary’ (8th edn, Sweet & Maxwell)
2
[2020] eKLR
3
Bloggers Association of Kenya (BAKE) v Attorney General & 3 others; Article 19 East Africa & another
(Interested Parties) [2020] eKLR
4
Cap 79C
5
[2018] SCC 53
jurisdiction in internet matters is ruled by a combination of federal and state laws, as well as
precedents. It is no relevant whether the dispute is brought before a federal or a state court, as
a federal court would apply the same substantive state law in determining if it has jurisdiction
to hear the dispute as a local state court would apply6.

There are essentially two rules of law that govern a court’s determination of personal
jurisdiction over a non-resident defendant, that is, the State Long-Arm Statutes and the Due
Process clauses of the Federal Constitution7. Principally, federal courts have long-arm
jurisdiction over out-of-state defendants that have sufficient minimum contacts with the
forum states. The specific long-arm statutes vary by state, but most states have adopted some
form of long-arm jurisdiction. The US Supreme Court, in the case of International Shoe Co.
v Washington8, established the minimum contacts test. In this case, the Plaintiff, a business
situated at Missouri, had employed about a dozen salesmen in the state of Washington. The
Plaintiff failed to comply with a tax that had been enacted by the state on companies doing
business there and in response the state of Washington served a notice of assessment on one
of the resident salesmen and sent a letter to the Plaintiff’s headquarters in Missouri. The
Plaintiff moved that the case be dismissed for a lack of personal jurisdiction. The court found
that personal jurisdiction is constitutional when a defendant has minimum contacts with the
state where a lawsuit is brought such that principles of substantial justice would not be
violated.

Similarly, in the case of Calder v Jones9, the Respondent, a resident of California

brought a suit claiming that she had been libeled in an article written and edited by Applicants
in Florida and published in a national magazine having its largest circulation in California.
The Court of Appeal held that a valid basis for jurisdiction existed on the basis that the
Applicant intended to and did cause tortious injury to the Respondent in California.
Moreover, a Defendant’s direction of activities towards the forum state, including through
online activities such as sale of copyrighted materials, can establish minimum contacts, as
was highlighted in Pavlovich v Superior Court,10 where the Defendant had posted
confidential trade information about one of the Plaintiff’s products on his internet websites.

6
The ‘Erie Doctrine’ from Erie R. Co. v Tompkins, 304 U.S, 64 (1938)
7
Andersson, F. W, Application of American Jurisdictional Rules in the Context of the Internet (Master thesis,
University of Lund|2001)
8
International Shoe Co. v Washington, 326 U.S 310 (1945)
9
Calder v Jones, 465 U.S. 783 (1984)
10
[2002]
If the long-arm statute supports jurisdiction, the court proceeds to determine whether the
assertion of jurisdiction acts within the limits of Due Process. The Due Process Clause of the
14th Amendment provides that a Defendant ought to have minimum contacts with the forum
state such that the exercise of the jurisdiction is fair and reasonable. In the case of Zippo
Manufacturing Co. v Zippo Dot Co, Incorporation,11 the court developed a test to determine
whether a website is sufficiently interactive to establish minimum contacts. The test was in
three parts, that is, the court would have to determine: whether the website is commercial in
nature; whether the website allows for user interaction; and whether there are online contracts
or sales. In Amazon.com, Inc. v Barnesandnoble.com, Inc.12 the Court of Appeals
maintained that Amazon’s online activities, including its interactive website and online sales,
established minimum contacts with the state of Washington. However, in Yahoo! Inc. v La
Ligue Contre Le Racisme Et L’Antisemitisme,13 which was an appeal on grounds that
compliance would interfere with US constitutional free speech freedom. It was held that USA
was not required to allow foreign regulation of speech by a US resident within the USA on
the basis that internet users in such foreign nation can access such speech. The court refused
to enforce an order by a French court to remove Nazi memorabilia from Yahoo!’s auction site
due to lack of minimum contacts with France and because it would violate the First
Amendment of the United States.

In summary, in application of jurisdiction in the internet context, courts in USA consider

factors such as minimum contacts, intentional direction of activities and the effects of online
activities within the forum state.

2. CONTEXT BY AUSTRALIA

Federal Government: The Australian federal government plays a pivotal role in regulating
internet and telephony services. The Telecommunications Act 14 serves as the cornerstone of
this regulation, outlining licensing procedures, infrastructure development, and content
regulation for ISPs (internet service providers) and telecommunication carriers.

ACMA: The Australian Communications and Media Authority (ACMA)acts as the primary
federal regulator, overseeing compliance with telecommunications and internet regulations.

11
[1997]
12
[2001]
13
[2004]
14
[1997]
From licensing providers to enforcing consumer protection laws and regulating internet
content, ACMA safeguards a fair and balanced online environment.

Privacy: Protecting personal information is paramount. The Privacy Act 15 establishes how
businesses and government bodies handle data shared over the internet and phone. The
Australian Privacy Principles (APPs) ensure transparency in data collection, granting
consumers the right to access their data and mandating robust security measures.

State and Territory Laws: While federal legislation forms the core framework, states and
territories also play a crucial role. Their consumer protection laws ensure fair treatment in
the sale of internet and phone services. Additionally, their criminal and defamation laws
address activities conducted over these networks, such as fraud, harassment, and
cyberbullying.

Competition and Consumer Protection: The Competition and Consumer Act(CCA)16 along
with its associated, Australian Consumer Law (ACL) safeguards consumers by ensuring fair
competition among internet and telecommunications providers. The Australian Competition
and Consumer Commission (ACCC) enforces these laws, preventing misleading conduct by
providers and guaranteeing fair contract terms for consumers.

Cybersecurity and Cybercrime: Australia tackles cyber threats head-on. The Criminal
Code Act 1995 covers cybercrime offenses like hacking and online identity theft. The
Australian Cyber Security Centre (ACSC) plays a vital role in protecting the nation’s
telecommunication networks and ensuring adherence to cybersecurity protocols.

Copyright and Intellectual Property in the Digital Age: The Copyright Act,17 governs the
sharing and distribution of content online, with specific provisions for digital rights and
enforcement. Additionally, the Copyright Amendment (Online Infringement) Act 18 empowers
courts to block access to websites primarily used for copyright infringement, such as file-
sharing platforms.

International Jurisdiction: The internet transcends national boundaries. Australia actively

collaborates with other countries through treaties and agreements to address cross-border
cybercrime and ensure the effective regulation of international telecommunications providers
and global content platforms.
15
1988
16
2010
17
1968
18
2015
VARIOUS ASPECTS OF JURISDICTION

Jurisdiction is a court’s general authority to hear and/or adjudicate a legal matter. It is from
Latin, juris meaning law and dicere meaning to speak. It is granted to a court system by a
statute or under Chapter 10.19

Types of Jurisdictions

1. Original Jurisdiction

Is the authority of a court to hear a case for the first time. This differs from appellate
jurisdiction that allows a court to hear a case that has already been decided on in a lower
court.20 In the context of internet and telephony law, original jurisdiction plays a critical role
in determining where legal disputes can be initiated and how they are adjudicated due to the
cross-border nature of technologies.

2. Subject matter Jurisdiction

This refers to the court's power to hear a particular type of case. A court is competent to hear
and decide only those cases whose subject matter fits within the scope of its authority. Courts
of general jurisdiction can hear almost any type of case, while courts of limited jurisdiction
are restricted to specific types of cases. 21 Courts of limited jurisdiction are competent to hear
matters such as those involving probate or juvenile cases. In the context of internet and
telephony law, understanding subject matter jurisdiction is essential due to the diverse legal
issues that arise from online activities and telecommunications.

3. Personal Jurisdiction or jurisdiction in personam

It is the power of the court to require that a party (usually a defendant) or a witness to come
before a court. The court must have jurisdiction over the subject matter and parties to the
litigation. May be established by the defendant’s consent or general appearance in court. 22
personal jurisdiction is a critical concept in internet and telephony law that determines

19
Constitution of Kenya, 2010
20
J Thompson, Jurisdiction Definition, Components and Types (2023) Available at:
<https://study.com/academy/lesson/overview-of-jurisdiction-types-application.html > last accessed 28
September 2024
21
--, Jurisdiction: Territorial, Personal & Subject matter (2013)< https://ncpro.sog.unc.edu/manual/101-1 > last
accessed 28 September 2024
22
Supra n 21
whether courts can hear cases involving specific parties based on their online activities and
interactions with residents of different states or countries.

4. Long arm Jurisdiction

Is a statutory grant of jurisdiction to local courts over foreign defendants. This jurisdiction
permits a court to hear a case against a defendant and enter a binding judgement against a
defendant residing outside the state’s jurisdiction. That is, without a long arm statute, a state’s
court may not have personal jurisdiction over a particular defendant. long-arm jurisdiction
plays a crucial role in internet and telephony law by enabling courts to assert personal
jurisdiction over non-resident defendants based on their online activities and interactions with
users across state lines.

5. Geographical / Territorial Jurisdiction

This is a requirement of a court to be able to hear a case. Venue determines a convenient

forum for trial. A court typically has territorial jurisdiction over events that occur within its
boundaries, but it can also extend its reach based on certain connections to other jurisdictions.
In the context of internet and telephony law, geographical jurisdiction presents unique
challenges due to the borderless nature of these technologies. geographical jurisdiction plays
a crucial role in internet and telephony law, influencing how courts determine their authority
over cases involving online activities and telecommunications across borders.

Applicable scenarios:

“The internet knows no physical borders; thus, its governance and jurisdiction should strive
to reflect that borderless reality.” – Marianne Franklin.

Jurisdiction refers to the legal authority of governments and courts to regulate and enforce
laws within and across borders. It is simply about figuring out which laws (between Domestic
and International) apply online, and who gets to enforce them.

At least four territorial factors can play a role in determining applicable law: the location of
the Internet user(s); the location of the servers that store the actual data; the locus of
incorporation of the Internet companies that run the service(s) in question; and, potentially,
the registrars or registries through which a domain name was registered.
The internet does not care about geographical borders. It connects people and information
from all around the world. But when something goes wrong online, like cybercrimes or
disputes, who should step in?

A prime example is the United States v. Microsoft23 case. In 2013, the U.S. government
issued a warrant to Microsoft, requesting the disclosure of email data stored on a server in
Ireland. Microsoft challenged the warrant, arguing that the U.S. government should follow
the established legal procedures to obtain data held abroad, such as using Mutual Legal
Assistance Treaties (MLATs) to work with foreign governments. The case raised significant
questions about the reach of U.S. jurisdiction and the protection of privacy rights. Ultimately,
the legal battle was reached by the U.S. Supreme Court, which in 2018 decided the case as
legally problematic hence unresolved.

The case, also known as the Microsoft Ireland case, began in 2013 and raised crucial
questions about the extent of U.S. jurisdiction, privacy rights, and the government’s ability to
access data stored on servers in other countries. The legal battle began when the U.S.
government issued a warrant to Microsoft under the Stored Communications Act (SCA), part
of the Electronic Communications Privacy Act (ECPA) of 1986, requesting access to a
customer’s email data stored on a server in Dublin, Ireland. The U.S. government sought this
data in connection with a criminal investigation.

Microsoft complied with part of the warrant by providing non-content data stored in the U.S.,
but refused to turn over the email content stored in Ireland. The company argued that the U.S.
government did not have the authority to access data stored abroad without following
international legal procedures, such as Mutual Legal Assistance Treaties (MLATs), which
allow for cooperation between governments in cross-border criminal investigations.

The case had significant legal questions. Microsoft contended that the SCA did not have
extraterritorial reach and was meant to apply only to data stored within the U.S. The company
argued that allowing the U.S. government to access data stored overseas without using
MLATs could lead to violations of foreign sovereignty and international law. The U.S.
government, on the other hand, claimed that Microsoft, as a U.S.-based company, was
obligated to comply with the warrant regardless of where the data was physically stored.

The case progressed through the U.S. judicial system. In 2014, the U.S. District Court for the
Southern District of New York ruled in favor of the government, stating that the location of
23
United States v. Microsoft Corp., 253 F.3d
the data was irrelevant, as Microsoft controlled the data from within the U.S. Microsoft
appealed the decision, and in 2016, the U.S. Court of Appeals for the Second Circuit reversed
the ruling, siding with Microsoft. The appeals court determined that the SCA did not
authorize the government to compel the production of data stored overseas, as it lacked
extraterritorial scope. The appeals court found that the SCA did not authorize the government
to compel the production of data stored in foreign countries, as the law did not have
extraterritorial reach. The court held that if Congress had intended for the SCA to apply
outside the U.S., it would have made that explicit.

The U.S. government then escalated the case to the U.S. Supreme Court, which agreed to
hear the case in 2017. It was set to be a landmark decision on the balance between privacy,
jurisdiction, and the government’s authority in a digital world.

In March 2018, Congress passed the Clarifying Lawful Overseas Use of Data Act (CLOUD
Act), which amended the SCA to allow U.S. authorities to compel U.S.-based companies to
produce data stored abroad, provided that the data was in their possession or control. The
CLOUD Act also introduced a framework for international cooperation through agreements
with foreign governments, reducing the need for MLATs in some cases.

Following the passage of the CLOUD Act, the U.S. Department of Justice withdrew the
original warrant against Microsoft, and in April 2018, the Supreme Court dismissed the case
as moot. The legal dispute was no longer relevant under the new law, which had changed the
landscape of how data access requests would be handled.

The resolution of the Microsoft v. United States case had significant implications. The
CLOUD Act provided clearer guidelines for U.S. law enforcement to access data stored
overseas while also allowing for greater international collaboration through formal
agreements. However, the case also sparked concerns about privacy and the potential
overreach of government surveillance, especially regarding data stored outside the U.S.

Ultimately, the Microsoft v. United States case was a pivotal moment in the ongoing debates
about data privacy, government authority, and the jurisdictional complexities posed by the
internet. Though the case itself was unresolved by the Supreme Court due to legislative
changes, it played a critical role in shaping future discussions on the balance between
national security and privacy in the digital age. The passage of the CLOUD Act illustrated the
need for evolving legal frameworks to address the challenges of modern technology and
international data storage.
Google Spain SL, Google Inc. v Agencia Española de Protección de Datos (AEPD),
Mario Costeja González

The Google Spain case, also known as Google Spain SL, Google Inc. v Agencia Española de
Protección de Datos (AEPD), Mario Costeja González (C-131/12)24, is a landmark ruling
delivered by the European Court of Jusce (ECJ) on May 13, 2014. The case centered around
internet jurisdiction and the establishment of the "right to be forgotten", impacting how
search engines like Google process personal data under European Union (EU) law.

The case began when Mario Costeja González, a Spanish citizen, found that a Google search
of his name returned links to a 1998 newspaper article about the auction of his repossessed
home due to social security debts. Although the financial issue was resolved years ago, the
old article remained easily accessible, which Costeja claimed violated his privacy. Costeja
filed a complaint with the Spanish Data Protection Agency (AEPD), seeking the removal of
the links to the article from Google's search results. The AEPD ruled in favor of Costeja
regarding Google, while allowing the newspaper, La Vanguardia, to keep the article
published. Google Spain challenged the decision, leading the Spanish courts to refer the
matter to the ECJ for clarification on key points about data protection, privacy, and the role of
search engines.

The primary legal questions addressed in the case were:

Whether EU data protection laws applied to Google, a U.S.-based company, operating

through its subsidiary, Google Spain.

Whether a search engine like Google could be classified as a data controller under the EU
Data Protection Directive (Directive 95/46/EC).

Whether individuals had a right to request that search engines remove links to outdated or
irrelevant personal data—i.e., the right to be forgotten.

ECJ Judgment:

The ECJ ruled in favour of Mario Costeja González, with several important conclusions:

Applicability of EU Data Protection Laws: The court held that EU data protection laws
applied to Google because its subsidiary, Google Spain, conducted advertising operations that

24
Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja
González.
were closely connected to Google’s search engine activities. Therefore, even though Google
Inc. is based in the U.S., its activities in the EU fall under EU law.

Google as a Data Controller: The ECJ found that Google acted as a "data controller" by
processing and indexing personal data when it managed its search engine. As a result, it was
responsible for ensuring that its activities complied with EU data protection rules.

Right to Be Forgotten: The ruling established that individuals had a "right to be forgotten",
meaning they could request the removal of links from search engine results if the personal
data was "inadequate, irrelevant, or no longer relevant" in light of the passage of time. The
right to be forgotten is not absolute, however; search engines must weigh this right against
the public's interest in accessing the information, especially if it concerns public figures or
issues of ongoing public interest.

Responsibility to Remove Links: Google was required to remove links to personal data from
its search results upon request, provided that the data no longer served a legitimate public
interest and disproportionately affected the individual's privacy. Importantly, this ruling
applied only to search engine results and did not require the original source, such as La
Vanguardia, to delete or alter the content.

Outcome for Mario Costeja González: In this specific case, the ECJ ruled that Google had to
remove the links to the outdated newspaper article about Costeja’s financial issues, as the
information was deemed no longer relevant and was harming his privacy.

Implications:

Right to Be Forgotten: The ruling established the legal basis for the right to be forgotten
within the EU, which was later incorporated into the General Data Protection Regulation
(GDPR) (Article 17).

Search Engine Responsibility: The case imposed a duty on search engines to assess requests
for the removal of personal data and determine whether continued access to that data is
justified by public interest.

Global Precedent: The decision set a significant precedent for privacy rights, prompting
global discussions about data protection, privacy, and the tension between these rights and
freedom of expression.
This ruling profoundly shaped the regulatory landscape for data protection, search engine
operations, and the privacy rights of individuals across the European Union. It also clarified
that multinational companies operating in the EU must comply with local data protection
laws even if their headquarters are outside the EU.

LICRA and UEJF v. Yahoo! Inc.

The Yahoo! France case, officially known as LICRA and UEJF v. Yahoo! Inc 25. and Yahoo!
France, was a significant legal battle in 2000 that addressed internet jurisdiction, freedom of
speech, and the enforcement of national laws on global online platforms. The case revolved
around the sale of Nazi memorabilia on Yahoo!'s U.S. website, which could be accessed in
France, violating French laws that prohibited the display and sale of such items.

In France, the Gayssot Act makes it illegal to deny the Holocaust or sell Nazi-related symbols
and memorabilia. The French organizations LICRA (Ligue Contre le Racisme et
l’Antisémitisme) and UEJF (Union of Jewish Students of France) filed a lawsuit against
Yahoo! Inc. and its French subsidiary, Yahoo! France, arguing that by allowing Nazi-related
artifacts to be sold on its U.S. website, Yahoo! was in violation of French law. They
demanded that Yahoo! block access to these items for users in France. Yahoo! contested the
claim, asserting that its operations were based in the U.S., where such content was legal and
protected by the First Amendment, which guarantees freedom of speech. Yahoo! argued that
French law should not apply to its U.S.-based content.

The central issue in the case was whether ‘French law’ could be applied to a U.S. company
simply because its content was accessible in France, raising complex questions of internet
jurisdiction. Additionally, the case highlighted the tension between different national laws and
how they interact with a global platform like the Internet.

In May 2000, the Paris court ruled in favour of LICRA and UEJF, ordering Yahoo! to prevent
French users from accessing Nazi-related content on its U.S. website. The court gave Yahoo!
three months to comply with the ruling or face hefty fines of 100,000 francs per day. This
decision established that although the internet is global, companies operating online could
still be held accountable under national laws for content accessible within a specific country.

Initially, Yahoo! resisted the ruling, arguing that it was technically challenging to block
specific content based on users' locations and that the ruling violated its right to free speech

25
Yahoo!, Inc. v. La Ligue Contre Le Racisme et L'Antisemitisme
under U.S. law. Yahoo! also warned that the French decision could set a precedent allowing
any country to impose its restrictions on global platforms, leading to a fragmented internet
governed by the strictest censorship laws. In response, Yahoo! filed a lawsuit in the U.S.
District Court for Northern California in 2001, asking the court to rule that the French
judgment was unenforceable in the United States. The U.S. court sided with Yahoo!,
declaring that enforcing the French ruling in the U.S. would violate Yahoo!'s First
Amendment rights.

However, Yahoo! eventually took steps to comply with the French ruling by implementing
geo-blocking, which restricted French users from accessing the offending content. This
technical solution allowed Yahoo! to respect French law without altering its global
operations. The case introduced geo-blocking as a practical way for internet companies to
comply with local laws while maintaining their broader services.

The Yahoo! France case was a pioneering moment in defining the scope of internet
jurisdiction, illustrating the challenges of regulating the internet—a global platform—with
local laws. It underscored the difficulty in balancing the need for free speech with the
protection of local legal and cultural values. Furthermore, it highlighted the increasing
responsibility of global tech companies to navigate legal obligations across different
jurisdictions while preserving their broader operational integrity. This case set a crucial
precedent for future disputes about content moderation, hate speech regulation, and the extent
to which national governments could enforce their laws on global internet platforms.

In conclusion, these landmark cases Microsoft v. United States, Google Spain v. AEPD, and
LICRA and UEJF v. Yahoo! Inc. underscore the profound complexities of internet
governance and jurisdiction in the digital age. They reveal how legal systems are grappling
with the challenge of enforcing national laws on a global platform that inherently transcends
geographical borders. The Microsoft case illustrated the difficulties of determining
jurisdiction over data stored in foreign countries, leading to legislative change through the
CLOUD Act. The Google Spain case established the right to be forgotten in the European
Union, emphasizing the balance between privacy and the public's right to information. Lastly,
the Yahoo! France case showcased the tension between freedom of speech, as protected by
U.S. law, and France's efforts to restrict hate speech, leading to the adoption of geo-blocking
as a compromise solution. Together, these cases highlight the need for evolving legal
frameworks that can address the global nature of the internet while respecting local legal and
cultural norms. As the internet continues to grow and evolve, balancing international
cooperation, privacy rights, free expression, and legal jurisdiction will remain at the forefront
of discussions on global internet governance.

Jurisdiction in the realms of the internet and telephony presents a complex web of legal
challenges due to the inherently global nature of these technologies. One primary limitation is
geographical boundaries; the internet transcends physical borders, making it difficult for a
single country's laws to apply universally. Jurisdiction often depends on the location of
servers, users, or companies, leading to potential conflicts when different countries have
varying laws regarding internet use, privacy, and telecommunications. Moreover, issues of
conflict of laws arise as different nations possess distinct legal frameworks. For instance,
regulations like the General Data Protection Regulation (GDPR) in Europe may clash with
laws from other regions, complicating the determination of which laws should prevail in
cross-border cases. This situation is further complicated by extraterritoriality, where countries
attempt to impose their laws on foreign entities. The U.S. Cloud Act, for example, allows the
U.S. government to access data stored abroad by American companies, often resulting in
tensions with local laws in other jurisdictions.

The anonymity and pseudonymity afforded by online platforms add another layer of
difficulty. Users can hide their true locations, making it challenging for law enforcement to
assert jurisdiction over illegal activities such as cybercrime. Even when a court claims
jurisdiction, enforcement across borders can be problematic, especially when the entity in
question lacks a physical presence or assets within that jurisdiction. Additionally, many cases
involve multiple jurisdictions. For instance, if an internet service provider operates servers in
one country while a user and their data are located elsewhere, it can lead to overlapping
jurisdictional claims that may result in inconsistent legal rulings. The complexities multiply
in maritime and aviation contexts, where the jurisdiction over telephony or internet access is
influenced by various factors, including the country of registration for vessels and aircraft.

The rise of virtual private networks (VPNs) further complicates matters. By masking a user’s
true location, these technologies hinder law enforcement's ability to determine where a user is
physically located. Data localization laws, which require companies to store data within a
specific country, aim to enhance control over jurisdiction but can create friction for
international companies operating under differing legal obligations. In the domain of cloud
computing, services often span multiple data centers across various jurisdictions,
compounding the complexities of asserting jurisdiction. Different legal frameworks can apply
simultaneously, creating further challenges. Finally, while international treaties like the
Budapest Convention on Cybercrime strive to harmonize laws and facilitate cooperation
among nations, not all countries are signatories, and many have legal frameworks that diverge
significantly from those treaties.

REMEDIES AND ENFORCEMENT MECHANISMS

According to the Global Code of Enforcement 26 (which defines universal principles that
apply to all facets of digital enforcement in civil matters), the following principles apply:

1. Ensure that digital enforcement measures are proportional to the enforcement claim.
2. Provide for the use of digital tools in enforcement agents’ activities, including the use
of digital identity, in compliance with data protection and confidentiality rules.
3. Enable the employment of secured online dispute resolution systems by enforcement
agents, particularly online mediation, in the enforcement process.
4. Ensure the necessary level of digital literacy of enforcement agents through training.
5. Put in place infrastructure enabling enforcement agents to exchange information
electronically regarding the debtor with other relevant institutions (for example,
courts) and to access data from relevant electronic registers (for example, registers
held by banks or asset registers).
6. Ensure flexibility and allow the switch from digital to non-digital enforcement and
vice versa, where necessary.
7. Develop regulatory frameworks that permit the use of artificial intelligence with
minimum risks, compliance with fundamental rights and ethical principles, and that
allow enforcement agents to control and override the decisions made by artificial
intelligence.
8. Maintain a debtor’s access to offline (physical) contact with enforcement agents.
9. Ensure reasonable, transparent and well-defined costs of digital enforcement, which in
any event should not exceed the costs of non-digital enforcement.

Accordingly, the enforcement mechanisms in place by the various governments should follow
the above principles despite the challenge posed by the global nature of the internet. This can

26
Part 4
involve mutual legal assistance treaties, extradition agreements, and international law
enforcement cooperation.

The effective enforcement of court decisions is recognized as an integral part of the

fundamental human right to a fair trial established by the Universal Declaration of Human
Rights,27 the International Covenant on Civil and Political Rights 28 and the European
Convention on Human Rights.29 The European Court of Human Rights (ECHR) has linked
the enforcement of judgments to the requirements of the right to a fair trial under Article 6.

The available remedies include:

a) Damages: it compensates individuals for harm or loss suffered. In the digital context,
damages may be awarded for defamation, invasion of privacy, or intellectual property
violations as in the Dow Jones & Company Inc v Joseph Gutnick case.30 Where the
case established jurisdiction over online defamation, recognizing that damages could
be sought where the harm was felt (in this case, Australia).
b) Injunctions: Injunctions are court orders requiring a party to do or refrain from doing
a specific act. In digital matters, injunctions can be granted to stop harmful online
activities or prevent the dissemination of certain content. CFC Stanbic Bank Limited v
Consumer Federation of Kenya (COFEK) [2014] eKLR, where an injunction was
issued restraining defamatory content posted on social media platforms31.
c) Take-down orders: Court orders requiring the removal of harmful content from the
internet. Enforcement agents, in collaboration with platforms, can order the removal
of defamatory, infringing, or illegal content.
d) Domain name seizure: The seizure of a domain name associated with illegal or
harmful activity, such as fraud, hate speech, or intellectual property violations.
e) Criminal prosecution: In cases of serious offenses, criminal prosecution may be
pursued. - Minnesota v Granite Gates.32 This case is notable for its prosecution of
illegal activities conducted through online domains. The court held that placing an

27
Article 8
28
Article 14
29
Article 6
30
[2002] HCA 56 (10 December 2002) < https://www8.austlii.edu.au/au/journals/UQLJ/2003/8.pdf >
31
CFC Stanbic Bank Limited v Consumer Federation of Kenya (COFEK) Being sued through its officials namely
Stephen Mutoro & 2 others [2014] eKLR
32
(1997)
 advertisement on a web site accessible to Minnesota citizens was sufficient contact
with Minnesota to subject a non-resident web master to jurisdiction in Minnesota.

5. Dow Jones v Gutnik33

Facts of the case

The 28 October 2000 edition of Barron's Online, published by Dow Jones, contained an
article entitled "Unholy Gains" in which several references were made to the
respondent, Joseph Gutnick. Gutnick contended that part of the article defamed him. The
article] states that some of his business dealings with religious charities raise "uncomfortable
questions". The author then uses some language that the media have appropriated from the
law courts, implying that a balanced trial with equal opportunity to participate by all
concerned has taken place: that a "Barron's investigation found that several charities traded
heavily in stocks promoted by Gutnick".The article associates the respondent with Mr
Nachum Goldberg who is apparently a convicted tax evader and another person awaiting trial
for stock manipulation in New York.

In court it was proved that only five copies of the Barron's print edition were sent from New
Jersey to be circulated in Australia, but that none had actually arrived in the Jurisdiction.
Gutnick therefore resorted to the internet based publication in order to show an actionable tort
in the jurisdiction. The Internet version of the magazine had 550,000 international subscribers
and 1700 Australian-based credit cards.

The argument was on publication and jurisdiction. In a unanimous decision, all seven High
Court justices decided that Gutnick had the right to sue for defamation at his primary
residence and the place he was best known. Victoria was considered the place where damage
to his reputation occurred. The High Court decided that defamation did not occur at the time
of publishing, but as soon as a third party read the publication and thought less of the
individual who was defamed.

The High Court's ruling effectively allows defamation plaintiffs in Australia to sue for
defamation on the internet against any defendant irrespective of their location. "If people
wish to do business in, or indeed travel to, or live in, or utilize the infrastructure of different
33
https://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/HCA/2002/56.html
countries, they can hardly expect to be absolved from compliance with the laws of those
countries. The fact that publication might occur everywhere does not mean that it occurs
nowhere."

REFERENCES
1. Black’s Law Dictionary(8th edition)
2. Bloggers Association of Kenya (BAKE) v Attorney General & 3 others; Article 19
East Africa & another (Interested Parties) [2020] eKLR
3. Constitution of Kenya, 2010
4. CFC Stanbic Bank Limited v Consumer Federation of Kenya (COFEK) Being sued
through its officials namely Stephen Mutoro & 2 others [2014] eKLR
5. Cyber Crime Act, 2018
6. Google Spain SL and Google Inc. v Agencia Española de Protección de Datos
(AEPD) and Mario Costeja González.

7. [2002] HCA 56 (10 December 2002) <

https://www8.austlii.edu.au/au/journals/UQLJ/2003/8.pdf >

8. https://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/HCA/2002/56.html

9. J Thompson, Jurisdiction Definition, Components and Types (2023) Available at:

<https://study.com/academy/lesson/overview-of-jurisdiction-types-application.html >
last accessed 28 September 2024
10. --, Jurisdiction: Territorial, Personal & Subject matter (2013)<
https://ncpro.sog.unc.edu/manual/101-1 > last accessed 28 September 2024

11. R. v. Vice Media Canada Inc. [2018] SCC 53

12. United States v. Microsoft Corp., 253 F.3d
13. Yahoo!, Inc. v. La Ligue Contre Le Racisme et L'Antisemitisme