Interviews

An interview with CHRISTIANA PETROU MILIS about Information Technology Law

Nov 26, 2019

As internet becomes an even more essential part of our lives than for a few years ago it’s significant to cover this aspect and enlighten our website visitors with the related legal framework in order to better safeguard our human rights and prevent crime and abuse.

Below follows an interview with lawyer Christiana Petrou Milis from the legal firm CHRISTIANA PETROU MILIS LLC in Nicosia that will answer to fundamental questions that concerns every business and individual interested to protect his work online, get a wider idea of the legal IT framework and better protect himself from fraud. Mrs Milis has obtained an LLM on Corporate Law and an LLM on IT & Telecommunications Law from the Glasgow School of Law. Here main expertise is on corporate governance, banking and finance, cross-border mergers and acquisitions, joint ventures and corporate restructurings while her special interest is on IT and IP law.

In general, it can be said that IT Law on the one hand is a tool that sets out the legal framework of how we shall act/behave online, but on the other hand it’s the legal weapon to fight against any infringement of any e-right, including our data protection etc.

1. What is Information Technology Law?
Information Technology Law or IT Law, can be named with many different titles such as computer law, internet law, software law, tech law, e-law, social/electronic law, digital and new media law, cyber law and web law.

This is because IT law does relate with various factions of rights arising in an electronic technological case. For example, Intellectual Property Rights including the copyright and the use of trade mark on line, data privacy laws, banking and finance regulations or additionally cybercrimes including economic crimes or child pornography.

2. As IT is relatively new in the Cyprus community we suppose that there is an absence of case law in this field, if such case does that complicates your job?
Yes it is a relatively new subject in Cyprus. Recently however, we had the Supremes Court decision defining “the unauthorized access at a computers data”. The Supreme Court said that the Legal framework in Cyprus did not criminalize the unauthorized access to stored information at a computer. A criminal offence occurs only if the data were protected with effective security measures. Further, Cyprus courts have dealt with cases related to the acquisition or possession of child pornography.

However, since we are a common law country and also we belong to the EU family we may call upon others countries decisions. The EU country who has the best reaction on IT and probably IP law due to its fast proceedings is Austrian. The Austrian Supreme Court of Justice has issued decisions related to various issues of IT law e.g. domain names or keyword advertisement.

3. Are people more concerned nowadays to protect any digital information or software that regards their business?
Indeed, the majority of the companies nowadays are trading online. E-commerce rules applies to all of us who have an online presence. In the past only big companies where using internet as a tool of advertisement. Nowadays even a solo company has a website or a presence at social media.

Almost all individuals have email, a social media account or is in fact tempted to order pizza without getting off the couch.

Thus the protection of our privacy, our ID, the passwords of our credit cards it has to be a priority.

4. We often hear that people have been deceived from online transaction processing or any other e-commerce actions; how do the law and other regulations protect online users from fraud.
The users have to firstly protect themselves from any possible fraud. When we buy a product from a street shop we touch the product, we try it on. However, the same rule cannot apply to the online transaction. Therefore, when we make online shopping we have to go through reputable “shops”. We have to ensure that the site is not a fake one- because there are websites with the sole purpose of capturing our information (a way to recognize this fake sites is the huge profit they promise us). Additionally, we may become victims of scams or sellers that they are not selling the product- and what we can do if the seller is in another continent? Another danger is the non-encrypted sites i.e. sites that have no protection to our information including our credit cards numbers. Finally, the online consumer shall ensure that there are not any hidden charges or extra shipping and that the product is in line with EU requirements.

Additionally, internet fraud may occur via spam emails. I believe that nowadays internet users are more sophisticated and may recognize spam emails. On the other hand, hackers are becoming more sophisticated too and therefore what we advise is to ignore, delete immediately and report any emails who offer us huge amount of moneys or requesting sensitive information. It is also very important to never follow (click on) a URL link contained in an email unless we are 100% sure that is secure. What we should do is to type the link at google from the results we will understand if it was a spam or not. Finally, the use of an anti-spam software protects our computers in a more advanced way.

In order to understand the numbers of infringements we need to look at some USA data. Sixteen (16) years ago FBI created the Crime Complaint Center (IC3) to provide the public with a reliable and convenient reporting mechanism to submit information to the FBI concerning suspected Internet-facilitated criminal activity. On 2015 the IC3 received 288,012 complaints and since its Inception received 3,463,620.

5. Do you believe that the IT field is widely regulated or is there a lack of adequate legislation and how is the case in other European countries in comparison to Cyprus?
The legislation is there for example, the framework for electronic signatures. The law was enacted in Cyprus based on the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures on 2004[Ν.34(Ι)/2009] and [Ν.86(Ι)/2012].

Cyprus Securities and Exchange Commission has done a very important step due to this law. CySEC in order to secure transmission of the electronic data via the TRS system, altered its policy regarding the submission of specific forms, and introduces the certified digital signature according to the electronic signature law.

I strongly believe however that the Case law will play the most important role on the formation of the legal framework that will protect us.

For example, the EU-U.S. Privacy Shield that was adopted by the Commission on 12 July 2016 reflects the requirements set out by the European Court of Justice in its ruling on 6 October 2015, which declared the old Safe Harbour framework invalid.

And the decision of Spain Courts on 2015 where the Criminal Court of Appeal of Castellon has given a first judicial implementation criminalizing linking activities (before that decision “the passive neutral acts by intermediary liability safe harbours” ) In particular the webmaster of www.bajatetodo.com was found guilty and was sentence to 1,5 year prison term, and was imposed with a fine of 21,000 euro, for providing clickable links to protected copyright works - movies, music, software and games.

6. Several companies such as Google and FB are collecting data from online users and this information is mostly noted in very small letters which is very often bypassed by the users. Are there any legal actions the users can take in order to avoid to unwittingly provide such information but continue to use such social networks or search engines?
It is actually something that can happened without us to understand it but it is also something that helps us. For example, when you have all the info you want on your monitor is not because you are lucky but it is because google knows what you want to see from your previous searches. When you have a new phone and you do not need to personalize it again, it is another function you have because of this invasion in your privacy. If this invasion makes our life easier I want it. For example, the Taxi Beat in Athens: Every time you open the app, Taxibeat receives your location and with a few taps you can request a driver. The app notifies you when your driver is at your door. If you decide that the application will not use your GPS then you cannot have this convenience.

However, both Google and Facebook give you the right to modify these terms, Facebook (https://www.facebook.com/terms.php) and Google privacy policy :

Review and update your Google activity controls to decide what types of data, such as videos you’ve watched on YouTube or past searches, you would like saved with your account when you use Google services. You can also visit these controls to manage whether certain activity is stored in a cookie or similar technology on your device when you use our services while signed-out of your account.

Review and control certain types of information tied to your Google Account by using Google Dashboard.

View and edit your preferences about the Google ads shown to you on Google and across the web, such as which categories might interest you, using Ads Settings. You can also visit that page to opt out of certain Google advertising services.

Adjust how the Profile associated with your Google Account appears to others.

Control who you share information with through your Google Account.

Take information associated with your Google Account out of many of our services.

Choose whether your Profile name and Profile photo appear in shared endorsements that appear in ads.

So my opinion is that be carefully of the information you are giving online, don’t upload kids photos, do not check in whenever you are going, and the GPS will not harm an ordinary person. Use Google, GPS, FB in order to make our life easier.

7. What have your firm been taught from your experience in practicing IT law in Cyprus and what would you like to advice businesses and online users to think about once using the internet or various soft wares’?
Internet, computers, online transactions are in our lives and we want them to be. Our live is easier, we make faster transactions and we have a huge market out there. Protect your PCs with antispam and antivirus software, don’t open emails you do not trust- you have not won the lottery, and ask for legal advice prior any big transaction, before entering into an agreement or for drafting your websites Terms and Conditions. The real protection comes from us.