Below is a written product of my findings, rationales, considerations and contributions so that the law applies clearly and appropriately in information and communication technology (hereinafter ICT) projects.
By: Camilo Alfonso Escobar Mora
There is uncertainty about the legal regime that applies to ICTs. For many, the legal norms that exist are not coherent or applicable to this new digital reality and technological convergence. For others it is clear that there is a right applicable to ICTs because they are a means of communication and management, but not an end in itself (that is, they do not rethink the world, nor therefore the law).
To overcome this dilemma, it is pertinent to clarify how the law applies in ICT projects and then to reflect on how these standards can be complied with in a preventive, appropriate and effective manner.
ICTs have two main management models. In a first management model, ICTs have an instrumental sense according to which they serve as a transactional means, but they are not an end in themselves (which is what happens when they serve to publish or exchange information but are not fully transactional).
In a second management model, ICTs have a finalist sense based on which they provide an interface of full interaction between the subjects and objects involved in a communicative relationship. For example, iTunes is self-sufficient -finalist- because both the platform and its products are naturally digital and involve in an integral way the entire communicative process between the parties. Even creating communicative applications tailored to users, giving way to an innovation in the dynamics of a given management model, or even generating a new management model unknown in the state of the art.
For both types of management models, legal principles have been established to give full recognition and legal and evidentiary validity to ICTs. These principles (most are enshrined in Law 527 of 1999, in Colombia) are:
a). Principle of functional equivalence: Refers to the recognition of legal and evidentiary effects to digital media and media, since they are equivalent (not analogous) in their functions and effects to traditional physical media and media.
Therefore, when a standard provides that a certain requirement must be met, a requirement designed for traditional media, generating legal effects, said requirement may be satisfied using digital media, content and media (either at the instrumental or finalist level) provided that it is complied with (not identically -analogue-, but comparable) fully with the object, scope, formalities, substance and purpose pursued by that rule,
That is to say, the relevant thing is that the formalities and essential and natural elements that the rules establish for a certain act, relationship or legal business are complied with, although their way of carrying them out uses supports and logistical models different from the traditional ones.
As can be seen, ICTs must be subject to the same prerogatives, effects, formalities, functionalities, duties, rights and legal purposes as those that have been conceived (or conceived) for a legal act or business that is developed in a traditional physical way.
This allows the actions developed within information and telecommunications technologies to have security, recognition and legal validity.
So what must be done in each ICT project is to generate equivalences to comply with the formalities, functionalities, and purposes required by the legal norms created for the systems, actions, means and human relations based or achieved in atoms (that is, in physical -traditional- media) within the systems, actions, means and human relations formed, based on or achieved in bits (i.e. digital media).
This is done by designing preventive law instruments tailored to each of its variables (for example: terms and conditions of use, personal data protection policies, software licensing agreements, sales contracts, service provision contracts, contracts with advertisers, contracts with partners, contracts with suppliers, legal information security protocols, legal manuals of good practices for consumer protection in digital media, among others).
And if the above is accompanied by the use of technical security measures (such as access control to a platform) compliance with the right in ICT will be enhanced. Since it is not only about having documents but also about generating technological and human realities that allow you to live, feel and enjoy the right through technical measures that comply with the duties and rights that are applicable in a respective platform and that are enshrined in each of the instruments of preventive law that are created and incorporated (for example if the personal data protection policy establishes that the Data that is collected will be stored on secure servers, since the technical measure - that is, having a secure server - will allow this legal premise to be a greater reality. Or if in the manual of good practices of consumer protection it is established that misleading advertising cannot be projected because making a video that accompanies a graphic or textual advertisement will allow the consumer to better understand the message and thus it will be a constant and very pleasant experience of preventive law.
b). Principle of technological neutrality: Refers to the fact that rules cannot link the production of legal effects to a specific environment, context or technology.
Then there is full application, coverage and protection of the rules (substantive, procedural and evidentiary) in a legal relationship, without distinction to the technology or procedure that is used by its interveners. And in correlation to the above, all technology is subject to law because they are simply means and not ends in themselves – and will always be subject to the sovereignty and normativity of the State or States where they operate or cause effects.
In addition, this principle determines that the standards must recognize the effective result provided by the technology, and not the technological means or modus operandi that is used (that is, it must attend to the substance and not to the form. All the effects generated by a specific technology must be detected and addressed and according to this, it will be determined what is the regulations that apply to it), in order to provide an adequate application of substantive and procedural law, and a control for the alleged legal gaps, given that if the norms are technologically neutral the law does not have legal gaps in ICT, for it is a question of adapting, by means of the present principles, its application to this medium.
c). Principle of the prevalence of pre-existing substantive law: Refers to the fact that traditional law should not be modified, altered or ignored, but precisely prevail in its application in digital environments (in any kind of ICT project).
The trajectory of legal science has established categories and principles of law that are flexible, transversal and ductile, applicable to the various stages, contexts and developments of humanity regardless of the quality of the subjects, objects (channels, media, supports, and environments) and products (goods or services) that intervene in a legal relationship. Therefore, in each ICT project it will apply the national, foreign and international regulations that are binding according to its operating model and the effects it causes.
New rules should only be created when the existing normative elements are really insufficient (and in fact even if a rule is insufficient or ambiguous in some point, aspect or subject, the general principles of law will always apply - for example the principle of good faith will apply to any development of ICT, even in teleportation if it is created. Therefore the right is not and will not fall short in the face of ICTs).
d). Principle of net neutrality: Refers to the power of intervention possessed by the providers of an ICT project (whether internet access service providers, online service providers, producers, suppliers or marketers, both public and private) in relation to the degree of control or freedom -permissiveness- that they provide to users about attitudes, access and digital content (audio, voice, image, text, or their combinations) that they store, transmit, create, broadcast, share and generally manage through their networks, infrastructures, platforms, services and / or applications.
This principle has two aspects (worldviews -postures):
- For some there must be full freedom in data traffic because no one has sovereignty in ICT and no one can alter its navigation, operation and spontaneous use (for example, for this position, the Internet was born as a project and free medium and it is not valid to limit interactivity on the data that travels through the network or on the activities that take place within it).
- For others there must be prior control over all data that travels in an ICT project or on any action that is developed by this means in order to avoid foreseeable damages and mitigate foreseeable risks (for example, for this position, the administrator of a social network must verify the content of the data and activities that a user is going to present to another and will only allow its sending if it is not illegal - that is, if there is certainty that no damage will be caused or a high risk of damage will be generated).)
Both visions are limited and adjusted in the theory of abuse of the right by means of which the exercise of the right to liberty and the exercise of the right of control cannot be abused. This is because the right of a person can only reach as far as the right of another person begins and a right can only be restricted when there is an official order of a judicial or administrative nature that so provides.
Then, in each project, a balance (proportionality) must be generated between freedom and control (restriction) according to the variables that are present in each ICT project. Based on its nature, object and effects, it will be determined how to achieve it in a valid manner; if it is, for example, if an application that projects data on minors is required, greater control must be applied or if, for example, it is a blog about the climate, there will be no greater control than the ordinary one, and therefore more freedom will be provided.
However, to achieve preventive compliance with the rules that are applicable to an ICT project, the type of platform, infrastructure, data, content, services, sector, territory, and business model involved must be determined.
It is clear that the law applies smoothly in ICTs by virtue of the principles of legal validity previously illustrated. In this way, Law 527 of 1999 is the basic norm and, in complement to it, according to each business and management model involved, it will apply its sectoral regulation.
Therefore, in each ICT project, legal instruments of preventive law must be created to measure each of its variables and the regulations that are applicable to it according to its nature, object and effects, for example (some of the instruments previously indicated when the principle of functional equivalence was illustrated are reiterated): terms and conditions of use; personal data protection policy; concrete, visible and clear legal legends on each screen that is projected to the user; contracts tailored to the businesses and participants that are present in each project; legal manuals on the protection and management of intellectual property; codes of conduct for consumer protection; legal models of information security; permanent legal training; trust seals, certification marks, etc.
So the problem of law is not of object but of subject, because the law if it is complete and applicable to any development or human issue (for example ICT), the problem is of people who do not know it, who do not apply it systematically, or who do not know how to land it to a specific case or specific variable (it is a work of creativity with quality and strategy).
In this way, legal certainty (and trust) in ICTs is achieved from the ability to design solutions and instruments of preventive law in each of its stages of interaction with users.
These preventive law inputs must be present from navigation in the tool (i.e. in an extra-contractual relationship) to the carrying out of transactions within it (i.e. in a contractual relationship in the case of platforms of private companies or in the provision of a public service in the case of platforms that perform some public function).
This allows each ICT project to comply with the duties and rights enshrined in the general and special regulations that are applicable according to each case through a precise, coherent, minimalist, suitable, creative and grounded user experience. Thus ICTs can be designed, developed, harnessed and executed with efficiency, security, trust and legal innovation.
Camilo Alfonso Escobar Mora is General Manager of Jurídia, a Preventive Law Company for all kinds of ICT Projects and Affairs. You can contact him at [email protected]
