Content-related resources

Additional resources include:

Digital media literacy

Data protection, jurisdiction, and intermediary liability

When a government submits a request to access data, such as for a criminal investigation, the task falls to the organization hosting the content to release it. Yet, what happens if information that is deemed important was written by an agency that is legally registered in, say, country A, hosts their website in county B, but published the story in country C? Legal jurisdiction across borders is already complicated, yet the global nature of the Internet only exacerbates its complexity. Furthermore, the promise of the Internet as a vibrant place for discussion and information sharing has been upheld thanks to the concept of intermediary liability.

It refers to legal protections that enable Internet service providers (ISPs), digital media platforms, and others to support expression without being directly responsible for the material stored on or moving across their networks. Without them, services would be much less willing to accept user-generated content for fear of potential civil and/or criminal liability. With increasing requests to access data by governments, it is key that the journalism support and media development community understands the myriad legal frameworks as well as their rights when it comes to cooperating with law enforcement agencies – particularly with regards to issues surrounding press freedom, freedom of expression, and journalists’ safety.


The European Union’s General Data Protection Regulation (GDPR) is a law on data protection and privacy that applies to all individuals within the EU and the European Economic Area (EEA), including both citizens and residents. It aims to simplify the regulatory environment for international business by unifying the regulation within the EU. Passed in 2016, GDPR went into effect on 25 May 2018, and brought with it a host of new measures that empower citizens and residents with control over their personal data, and it also addresses the export of personal data outside the EU.

GDPR has set a standard internationally for the kinds of protections and rights it enables for citizens, and mandates that private sector companies and other entities operating within the EU provide data protection services, even if their headquarters are outside of the EU (referred to as extraterritorial applicability). If an organization or company fails to comply with GDPR rules, they can be fined up to 4% of annual global turnover or €20 Million (whichever is greater).

GDPR codifies certain policies and privacy standards into law, such as but not limited to:

  • The need for clear consent and easily accessible terms and conditions.

  • Notification of privacy breaches or when data has been compromised.

  • The right of consumers (data subjects) to access and download their personal data, free of charge.

  • The right to data erasure (also known as the right to be forgotten).

  • Data portability, which is the right for a consumer to freely transfer their data from one service to another without penalty.

  • The right to privacy by design, which refers to creating and designing services handling personal data that incorporate privacy principles and provide safeguards to protect data.

Additional resources:

  • Two Years Under the EU GDPR: An Implementation Progress Report (Access Now)

Internet shutdowns and network disruptions

Network disruptions refer to any action taken to limit the ability of a user to access part of the Internet. For example, this can include blocking social media websites during an election, restrictions on over-the-top (OTT) providers like WhatsApp and Facebook Messenger, blocking content on grounds that it will disturb public order, or even simply the slowing of Internet speeds. More specifically, Internet shutdowns occur when a government or an Internet service provider (ISP) mandates that access to the Internet be completely blocked, often to stymie political dissent and opposition, or to quell social unrest.

Access Now recorded more than 116 Internet shutdowns across at least 30 countries from the period between January 2016 and September 2017, and the number of Internet shutdowns continues to increase, often citing dubious reasons. Whether it involves blocking access at a technical level or by even physically cutting the cables that deliver the Internet, Internet shutdowns stifle free expression, cut off access to information, and costs at least US$2.4 billion in lost gross domestic product (GDP) globally. For more information, see:

  • #KeepItOn campaign (AccessNow)

  • Country Legal Frameworks Resource (GNI)

  • Dialling in the Law: A comparative assessment of jurisprudence on Internet shutdowns (APC / Cyrilla)

  • Freedom Online Coalition Joint Statement on State Sponsored Network Disruptions (FOC)

  • Internet Shutdowns (APC)

  • Internet Shutdowns: An Internet Society Public Policy Briefing (ISOC)

  • Internet shutdowns: The “new normal” in government repression? (openDemocracy)

  • Internet shutdowns cost countries $2.4 billion last year (Brookings)

  • Internet Society Perspectives on Internet Content Blocking: An Overview (ISOC)

  • ISOC Insights: Internet Shutdowns (ISOC)

  • Navitating Litigation during Internet Shutdowns in Southern Africa (MISA Zimbabwe / Southern Africa Litigation Centre)

  • Netblocks: Mapping Internet freedom (observatory)

  • Network disruptions (Global Network Initiative)

  • Of Blackouts and Bandhs: The Strategy and Structure of Disconnected Protest in India (Jan Rydzak)

  • The Rise of Internet Throttling: A Hidden Threat to Media Development (CIMA)

Media sustainability and digital markets

Research and reports

Right to be Forgotten

  • Access Now Position Paper: Understanding the “Right to be Forgotten” Globally

  • Background: The Right to be Forgotten in National and Regional Contexts (IFLA)

  • EU Data Protection Law: A “Right to be Forgotten?” (UK House of Lords)

  • Europe’s top court backs Germany: Murderers have no right to be forgotten (European Centre for Press & Media Freedom – ECPMF)

  • How the “Right to be Forgotten” Challenges Journalistic Principles (PDF)

  • IFLA Statement on the Right to be Forgotten

  • Information Not Found: The “Right to be Forgotten” as an Emerging Threat to Media Freedom in the Digital Age (CIMA)

  • Media Online Archives: A Source for Historical Research or a Threat to Privacy? (Helsińska Fundacja Praw Człowieka)

  • Mission creep: The expanding scope of the “right to be forgotten” (CIMA)

  • The Internet has become the external hard drive for our memories (Scientific American)

  • The “Right to be Forgotten” and Search Engine Liability (Brussels Privacy Hub)

  • The “Right to Be Forgotten” – Negotiating Public and Private Ordering in the European Union

  • The “Right to be Forgotten” – Remembering Freedom of Expression (ARTICLE 19)

  • Communiqué by Organization for Security and Co-operation in Europe (OSCE) Representative on Freedom of the Media on ruling of the European Union Court of Justice

  • Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González (2014)

  • Internet: Case-law of the European Court of Human Rights (ECtHR)

  • P8_TA-PROV(2018)0204 – Media Pluralism and Media Freedom in the European Union (European Parliament)

  • Recommendation CM/Rec(2018)2 of the Committee of Ministers to Member States on the Roles and Responsibilities of Internet Intermediaries (Council of Europe)


    • GDPR recitals: Your essential partners to understand and apply the GDPR

    • Right to erasure (ICO)

Last updated