The 27th and final draft of a convention to harmonise laws on hacking, piracy, on-line fraud and child pornography has been prepared by the 43-member Council of Europe with the support of the Governments of the US and Japan.

The Draft Convention on Cybercrime has faced criticism from privacy activists and industry. US companies were concerned that police of former Soviet-bloc nations might exploit new powers it provides. They worry that all ISPs, telcos and other businesses would have to co-operate with warrants issued by foreign courts, exposing their trade secrets.

ISPs were concerned by data storage requirements, although the Convention’s terms are less burdensome than some commentators first thought. In the UK, the Regulation of Investigatory Powers Act already makes interception possible in certain circumstances and similar laws exist in other European countries. The text of the draft Cybercrime Convention provides that data should be held for at least 60 days – but it does not require all data to be held.

A request for preserving the data must specify, among other things, the offence that is the subject of a criminal investigation, the authority seeking the preservation, the stored computer data to be preserved and its relationship to the offence, together with any available information to identify the custodian of the stored computer data or the location of the computer system. The party receiving such a request must comply in accordance with its domestic law.

In response to privacy concerns, previous drafts of the Convention have been amended to provide that signatories must ensure any national laws implementing the Convention respect international human rights conventions and be subject to “judicial or other independent supervision.”

The new draft will be submitted in June to the European Committee on Crime Problems and in September to the Council’s Committee of Ministers for adoption. Ratification by member states is expected over the next year or two.

The Council describes it as “the first ever international treaty to address criminal law and procedural aspects of various types of criminal behaviour directed against computer systems, networks or data and other types of similar misuse.”

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.