RAPPORTEUR GROUP

Legal co-operation

GR-J(2022)4

22 February 2022[1]

Convention on Cybercrime (ETS No. 185)

Request by Ecuador to be invited to accede

Item to be considered by the GR-J at its meeting on 17 March 2022

 

1.         By a Note verbale No. 4-2-070-2021 dated 29 December 2021, received and registered at the Secretariat General on 29 December 2021, the Ministry of Foreign Affairs and Human Mobility of Ecuador expressed to the Secretary General of the Council of Europe the interest of the Government of Ecuador to be invited to accede to the Convention on Cybercrime (ETS No. 185) (see Appendix 1).

2.         According to Article 37, paragraph 1, of the Convention and in line with the practice of the Council of Europe, the Secretariat proceeded to a consultation of member States of the Council of Europe and non-member States which are Contracting States to the Convention, requesting them to communicate to the Secretariat whether their authorities would object to the accession of Ecuador to the Convention on Cybercrime if the request to be invited to accede was formally submitted to the Committee of Ministers. The deadline for replying was 17 February 2022. No objection was communicated to the Secretariat.

3.         An information note of the Secretariat of the Cybercrime Convention Committee (T-CY) on co-operation with Ecuador appears in Appendix 2.

4.         The relevant provisions of the Convention on Cybercrime can be summarised as follows.

a.         Summary of the Convention

5.         TheConvention on Cybercrime (ETS No. 185) was opened for signature by the member States of the Council of Europe and by non-member States having participated in its elaboration, in Budapest, on 23 November 2001. It entered into force on 1 July 2004. The chart of signatures and ratifications appears in Appendix 3.

6.         The Convention is the first international treaty on crimes committed via the Internet and other computer networks, dealing particularly with infringements of copyright, computer-related fraud, child pornography and violations of network security. It also provides a series of procedural powers, such as the search of computer systems and the interception of data. Its main objective, set out in the preamble, is “to pursue a common criminal policy aimed at the protection of society against cybercrime, inter alia by adopting appropriate legislation and fostering international co-operation”.

7.         The Convention has been complemented by an Additional Protocol concerning the criminalisation of acts of a racist and xenophobic nature committed through computer systems (ETS No. 189), which was opened for signature on 28 January 2003 and entered into force on 1 March 2006. States having acceded to the Convention are entitled to accede to the Protocol thereto. A Second Additional Protocol to the Convention on Cybercrime on enhanced co-operation and disclosure of electronic evidence will be opened for signature on 12 May 2022.

b.         Procedure for accession

8.         Article 37, paragraph 1, of the Convention on Cybercrime provides that:

"After the entry into force of this Convention, the Committee of Ministers of the Council of Europe, after consulting with and obtaining the unanimous consent of the Contracting States to the Convention, may invite any State which is not a member of the Council and which has not participated in its elaboration to accede to this Convention. The decision shall be taken by the majority provided for in Article 20.d. of the Statute of the Council of Europe and by the unanimous vote of the representatives of the Contracting States entitled to sit on the Committee of Ministers.”

9.         Given the above, the Deputies may wish to invite Ecuador to accede to the Convention on Cybercrime.

Appendix 1

Appendix 2

www.coe.int/cybercrime

Strasbourg, 3 January 2022

T-CY (2022)1

Restricted

Cybercrime Convention Committee (T-CY)

Co-operation with Ecuador

Note by the Secretariat

 

1          Introduction

The Government of Ecuador, by Note Verbale of the Mission of Ecuador to the European Union, submitted a request for accession to the Budapest Convention on Cybercrime (ETS 185).

The purpose of the present note is to provide supplementary information on the state of co-operation with Ecuador in cybercrime matters, including an overview of implementation of the principles of the Budapest Convention.

2          Co-operation with Ecuador

The authorities of Ecuador have been co-operating with the Council of Europe in cybercrime matters on multiple occasions, starting in 2008, when the Organisation of American States and the Council of Europe co-organised a regional workshop on cybercrime for countries of Latin America held in Colombia.

More recent examples of activities (co-)organised by the Council of Europe in which representatives of Ecuador participated include:

Date

Place

Title

5-7 December 2017

Santo Domingo, Dominican Rep.

Hemispheric Forum on International Co-operation against Cybercrime

4-6 September 2018

Rio de Janeiro, Brazil

4th Americas Working Group Meeting for Heads of Cybercrime Units

5 – 6 February 2018

Lisbon, Portugal

CyberRed conference - Forum on cybercrime (GLACY+ project)

11 – 14 November 2019

Punta Cana, Dominican Rep.

5th Americas Working Group on Cybercrime for Heads of Units (GLACY+ project)

2 – 6 February 2020

Quito, Ecuador

Advisory mission on legislation on cybercrime and electronic evidence (GLACY+ project)

28 – 29 May 2020

Online

Legislative drafting workshop (organised by the Ministry of Foreign Affairs of Ecuador and supported by the GLACY+ project)

16-18 November 2021

Online

Octopus Conference 2021

26 November – 22 December 2021

Online

Legislative review and advice on the draft Regulation in the application of the data protection organic law (GLACY+ project and Data Protection Unit)

In February 2020, the Council of Europe, through the GLACY+ Project on Global Action on Cybercrime Extended, participated in an initial assessment of the state of play of cybersecurity and cybercrime in Ecuador. Further co-operation followed to review and provide advice on new draft legislation on cybercrime and electronic evidence. This led to amendments to the criminal code by the Parliament of Ecuador and their publication in the Official Gazette in August 2021.

In 2021, through GLACY+ Project and the Data Protection Unit, Council of Europe supported Ecuador in the further strengthening of the newly adopted data protection legal framework, providing advice on the soon to be approved Regulation implementing the data protection organic law. Further capacity building activities are planned for 2022 to increase awareness of both public and private sectors on these new provisions.

Ecuador is also a Party to the Convention on the Transfer of Sentenced Persons of the Council of Europe (ETS 112) and the Convention on Mutual Administrative Assistance in Tax Matters (ETS 127), and in May 2021 also signed the Council of Europe Convention on the counterfeiting of medical products and similar crimes involving threats to public health (CETS 211).

3          Cybercrime legislation

3.1       Substantive and procedural criminal law

With the amendments to the comprehensive organic penal code (Código Orgánico Integral Penal) as adopted by the Parliament in July 2021 and published in the Official Gazette in August 2021, the substantive criminal law of Ecuador is broadly in line with the Budapest Convention on Cybercrime. Recommendations made by Council of Europe experts seem to have been taken into account.

The definitions of Article 1 of the Convention, and offences such as illegal access, illegal interception, data and system interference or computer-related fraud as well as corporate criminal liability for these offences are now provided in domestic criminal law.

The reforms adopted in August 2021 also introduce a range of offences to protect in particular minors against online sexual violence and women against sexual harassment and other forms of cyberviolence.

In terms of procedural law, the Código Orgánico Integral Penal does not yet fully cover the provisions of Articles 16 to 21 of the Convention on Cybercrime. However, provisions on search and seizure, on the real time collection of traffic data and the interception of content data are available and so are rules on the treatment of digital content. Electronic evidence can be used in criminal proceedings under the principle of evidentiary freedom stipulated in the Code.

With respect to international co-operation, a few specific provisions are available. However, according to the Constitution of the Republic of Ecuador (Article 425), international treaties are directly applicable and a part of domestic law.   

In order to enforce cybercrime legislation and secure electronic evidence, a specialised department (“Unidad de Investigación de Delitos Tecnológicos”) has been established within the Judicial Police. Furthermore, a specialised unit was created for interception of communication and computer data (“Subsistema de Interceptación de Comunicaciones o Datos Informáticos”) within the General Prosecutors’ Office (“Fiscalia General del Estado”).

3.2       Safeguards and conditions

 

Article 15 of the Budapest Convention requires Parties to:

“… ensure that the establishment, implementation and application of the powers and procedures provided for in this Section are subject to conditions and safeguards provided for under its domestic law, which shall provide for the adequate protection of human rights and liberties, including rights arising pursuant to obligations it has undertaken under the 1950 Council of Europe Convention for the Protection of Human Rights and Fundamental Freedoms, the 1966 United Nations International Covenant on Civil and Political Rights, and other applicable international human rights instruments, and which shall incorporate the principle of proportionality.”

Ecuador is a Party to relevant international and regional human rights treaties, including:

 

-                    International Covenant on Civil and Political Rights, 1966 (including its Second Optional Protocol aiming to the abolition of the death penalty)

-                    International Covenant on Economic, Social and Cultural Rights, 1966

-                    International Convention on the Elimination of All Forms of Racial Discrimination, 1965

-                    Convention on the Elimination of All Forms of Discrimination Against Women, 1979

-                    Convention Against Torture and Other Cruel, Inhuman or Degrading Treatment or Punishment, 1984

-                    UN Convention on the Rights of the Child, 1989

-                    American Convention on Human Rights, 1969

Fundamental rights and freedoms are protected under the Constitution of the Republic of Ecuador, including under Article 66 (list of freedoms), Article 75 (right to justice), Article 76 (right to due process), Article 77 (defendant’s rights), Article 87 (protection of rights), Articles 89 and 90 (habeas corpus and prisoner treatment), and Article 94 (special proceedings for a violation of the rights guaranteed by the Constitution). Coercive procedural powers are subject to judicial approval and other rule of law safeguards provided for in the Código Orgánico Integral Penal (such as, the right against self-incrimination or legal privileges). Moreover, according to the Constitution (Articles 11.2 and 417) the rights and guarantees established in the Constitution and in international human rights instruments will be directly applied by any public authority, including criminal justice authorities.

In May 2021, a Law on the Protection of Personal Data was adopted. Ecuador is in process of adopting secondary legislation in its efforts to strengthen the legal framework on data protection.

Ecuador abolished the death penalty in 1906.

4          Conclusion

The authorities of Ecuador have been co-operating with the Council of Europe in cybercrime matters for several years, and in 2020/2021 this has led to reforms of criminal law that brought domestic legislation broadly in line with the substantive criminal law articles of the Budapest Convention on Cybercrime. While some specific procedural powers and some provisions for international co-operation are available, further reforms may need to be considered prior to actual accession. An invitation to accede may give impetus to such reforms.

5          Contact

In case of need for additional information please contact:

Alexander Seger

Executive Secretary Cybercrime Convention Committee

Directorate General of Human Rights and Rule of Law

Council of Europe, Strasbourg, France

Tel        +33-3-9021-4506          

Email    [email protected]


Appendix 3 – Chart of signatures and ratifications of Convention CETS No. 185

CHART OF SIGNATURES AND RATIFICATIONS OF TREATY 185

Convention on Cybercrime

Status as of 17/02/2022

Title

Convention on Cybercrime

Reference

ETS No.185

Opening of the treaty

Budapest, 23/11/2001 – Treaty open for signature by the member States and the non-member States which have participated in its elaboration and for accession by other non-member States

Entry into Force

01/07/2004 – 5 Ratifications including at least 3 member States of the Council of Europe

Members of Council of Europe

Signature

Ratification

Entry into Force

Notes

R.

D.

A.

T.

C.

O.

Albania

23/11/2001

20/06/2002 

01/07/2004

A.

Andorra

23/04/2013

16/11/2016 

01/03/2017

R.

D.

A.

Armenia

23/11/2001

12/10/2006 

01/02/2007

A.

Austria

23/11/2001

13/06/2012 

01/10/2012

R.

D.

A.

Azerbaijan

30/06/2008

15/03/2010 

01/07/2010

R.

D.

A.

T.

Belgium

23/11/2001

20/08/2012 

01/12/2012

R.

D.

A.

Bosnia and Herzegovina

09/02/2005

19/05/2006 

01/09/2006

A.

Bulgaria

23/11/2001

07/04/2005 

01/08/2005

R.

D.

A.

Croatia

23/11/2001

17/10/2002 

01/07/2004

A.

Cyprus

23/11/2001

19/01/2005 

01/05/2005

A.

Czech Republic

09/02/2005

22/08/2013 

01/12/2013

R.

D.

A.

Denmark

22/04/2003

21/06/2005 

01/10/2005

R.

A.

T.

Estonia

23/11/2001

12/05/2003 

01/07/2004

A.

Finland

23/11/2001

24/05/2007 

01/09/2007

R.

D.

A.

France

23/11/2001

10/01/2006 

01/05/2006

R.

D.

A.

Georgia

01/04/2008

06/06/2012 

01/10/2012

D.

Germany

23/11/2001

09/03/2009 

01/07/2009

R.

D.

A.

Greece

23/11/2001

25/01/2017 

01/05/2017

R.

D.

A.

Hungary

23/11/2001

04/12/2003 

01/07/2004

R.

D.

A.

Iceland

30/11/2001

29/01/2007 

01/05/2007

R.

A.

Ireland

28/02/2002

Italy

23/11/2001

05/06/2008 

01/10/2008

A.

Latvia

05/05/2004

14/02/2007 

01/06/2007

R.

A.

Liechtenstein

17/11/2008

27/01/2016 

01/05/2016

R.

D.

A.

Lithuania

23/06/2003

18/03/2004 

01/07/2004

R.

D.

A.

Luxembourg

28/01/2003

16/10/2014 

01/02/2015

A.

Malta

17/01/2002

12/04/2012 

01/08/2012

D.

Monaco

02/05/2013

17/03/2017 

01/07/2017

A.

Montenegro

07/04/2005

03/03/2010 

01/07/2010

55

R.

A.

Netherlands

23/11/2001

16/11/2006 

01/03/2007

A.

T.

North Macedonia

23/11/2001

15/09/2004 

01/01/2005

A.

Norway

23/11/2001

30/06/2006 

01/10/2006

R.

D.

A.

Poland

23/11/2001

20/02/2015 

01/06/2015

R.

A.

Portugal

23/11/2001

24/03/2010 

01/07/2010

D.

A.

Republic of Moldova

23/11/2001

12/05/2009 

01/09/2009

D.

A.

T.

Romania

23/11/2001

12/05/2004 

01/09/2004

A.

Russian Federation

San Marino

17/03/2017

 08/03/2019

01/07/2019 

A.

Serbia

07/04/2005

14/04/2009 

01/08/2009

55

A.

Slovak Republic

04/02/2005

08/01/2008 

01/05/2008

R.

D.

A.

Slovenia

24/07/2002

08/09/2004 

01/01/2005

A.

Spain

23/11/2001

03/06/2010 

01/10/2010

D.

A.

Sweden

23/11/2001

 28/04/2021

01/08/2021 

R.

A.

Switzerland

23/11/2001

21/09/2011 

01/01/2012

R.

D.

A.

Turkey

10/11/2010

29/09/2014 

01/01/2015

Ukraine

23/11/2001

10/03/2006 

01/07/2006

R.

D.

A.

United Kingdom

23/11/2001

25/05/2011 

01/09/2011

R.

A.

Non-Members of Council of Europe

Signature

Ratification

Entry into Force

Notes

R.

D.

A.

T.

C.

O.

Argentina

 05/06/2018 a

01/10/2018 

R.

A.

Australia

30/11/2012 a

01/03/2013

R.

A.

Benin

4

Brazil

4

Burkina Faso

4

Cabo Verde

 19/06/2018 a

01/10/2018 

A.

Canada

23/11/2001

08/07/2015 

01/11/2015

R.

D.

A.

Chile

20/04/2017 a

01/08/2017

R.

D.

A.

Colombia

 16/03/2020

01/07/2020 

R

A

Costa Rica

22/09/2017 a

01/01/2018

D.

A.

Dominican Republic

07/02/2013 a

01/06/2013

D.

A.

Fiji

4

Ghana

 03/12/2018 a

01/04/2019 

A.

Guatemala

4

Israel

09/05/2016 a

01/09/2016

R.

A.

Japan

23/11/2001

03/07/2012 

01/11/2012

R.

D.

A.

Mauritius

15/11/2013 a

01/03/2014

A.

Mexico

Morocco

 29/06/2018 a

01/10/2018 

A

New Zealand

4

Niger

4

Nigeria

4

Panama

05/03/2014 a

01/07/2014

A.

Paraguay

30/07/2018 a

 01/11/2018

A

Peru

 26/08/2019 a

01/12/2019 

R.

D.

A.

Philippines

 28/03/2018 a

01/07/2018 

A

Senegal

16/12/2016 a

01/04/2017

A.

South Africa

23/11/2001

Sri Lanka

29/05/2015 a

01/09/2015

R.

A.

Tonga

09/05/2017 a

01/09/2017

A.

Trinidad and Tobago

4

Tunisia

4

United States of America

23/11/2001

29/09/2006 

01/01/2007

R.

D.

A.

Vanuatu

4

Total number of signatures not followed by ratifications

2

Total number of ratifications/accessions

66

Notes

(55) Date of signature by the state union of Serbia and Montenegro.

(4) Since 2013 the decision to invite a non-member State to accede to the treaty is valid five years as from its adoption. See the chart on https://rm.coe.int/16806cac22.

a: Accession s: Signature without reservation as to ratification su: Succession r: Signature "ad referendum".
R.: Reservations D.: Declarations, Denunciations, Derogations A.: Authorities T.: Territorial Application C.: Communication O.: Objection.

Source: Treaty Office on https://conventions.coe.int - * Disclaimer.


[1] This document has been classified restricted at the date of issue; it will be declassified in accordance with Resolution Res(2001)6 on access to Council of Europe documents.