The increasingly interconnected world in which we live has brought many benefits to business and society. Unfortunately it has also provided opportunities for criminals to exploit and abuse children over the internet.
Non-governmental organisation Missing Children Europe asked Allen & Overy (A&O) to produce a report showing how the laws in 11 EU member states, as well as the Russian Federation (researched by White & Case Moscow), the EU and the Council of Europe, can enable the tracking of payments to child pornography websites without breaching criminal, contract, data protection and privacy laws or banking secrecy rules. These have long been seen by banks as an impediment to combating online commercial sexual exploitation of children because they were seen as preventing them from helping authorities track payments to these illegal websites.
It is clear that the prime responsibility and means to effectively combat, deter and prosecute criminals lie firmly with governments and law enforcement agencies. However, the private sector can play a vital role in addition to public prosecution, and it is encouraging to see that the private sector wants to contribute actively, provided there are no legal barriers.
We understand the difficulties that banks, credit card companies and internet service providers face in complying with the complex mass of laws and regulations they are confronted with in the many different jurisdictions they operate in.
A&O’s report sought to clarify the legal position for financial institutions in developing a financial coalition aimed at sharing information about these illegal activities with the authorities and other institutions. Ultimately the coalition aims to isolate website providers through the termination of contracts that are vital to their illegal activities.
A&O identified issues with data protection and privacy laws relating to the disclosure of a website provider’s personal data by the financial institutions. We make concrete recommendations to overcome these issues, mainly by collaborating more closely with government bodies and by carefully drafted amendments of general terms and conditions. The report also points out that privacy laws generally apply to personal data and not to information about legal entities. Given that websites with child pornography content are typically run by organised criminals, this reduces the relevance of data protection rules significantly.
The report also deals with questions relating to confidentiality obligations of banks and to the termination of service contracts with the website providers in accordance with civil law. The report suggests a review and, if necessary, amendment of relevant contractual conditions to allow for contract termination in the event that the customer is using services for illegal business.
Finally, the report gives an overview of the relevant European legal framework in the area of sexual exploitation of children over the internet, cyber crime and data protection, and the status of the implementation of European legislation in each of the jurisdictions covered by the report.
The report explains that the extensive European legislation for combating child pornography and cyber crime has not been completely implemented in each European member state and calls upon the legislators to complete this task.
While there is no silver bullet in the fight against these crimes, we believe and hope that the report we have published will help bring greater clarity as to what financial institutions can do within the current legal framework and how they can assist governments to close down the legal loopholes these criminals seek to exploit.