The Pegasus Project and Azerbaijan – what does domestic legislation tell us about privacy of users in Azerbaijan

This is part four in a series of detailed legal reports and analyses on existing legal amendments, and new legislation affecting privacy, freedom of expression, media, and online rights in Azerbaijan and their compliance with international standards for freedom of expression.  We dedicate this report to the recent Pegasus Project investigations.  

Background

Members of opposition political parties, independent journalists, political and human rights activists have long faced systematic pressure and persecution orchestrated by the government of Azerbaijan. The unprecedented crackdown against civil society that began in 2013, marked a new chapter, in the history of Azerbaijan’s civil society. One, marred by arrests and prosecution of high-profile activists, rights defenders, and journalists.

This systematic pressure and harassment were not only offline. It was only a matter of time, that the internet too would become a place to target activists, journalists, and human rights defenders, holding them accountable for their online criticisms on bogus accusations that often ended with lengthy jail sentences, forced apologies on public televisions (see The State of Internet Freedom in Azerbaijan report), detentions and further forms of persecution.

In a country where almost all avenues for freedom of expression and activism were eliminated, the internet, specifically online media platforms, and social media networks became new targets. To monitor discussions online, prevent citizens from accessing independent news online, or social media platforms, and to further curb freedoms online, the government of Azerbaijan embarked on a shopping spree, becoming a client of companies selling sophisticated surveillance equipment and technology.[1]

By 2021, the government of Azerbaijan has successfully deployed a Remote Control System (RCS), Deep Packet Inspection (DPI), phishing, and spear-phishing attacks often with homegrown malware. The most recent addition to a wide variety of authoritarian technology deployed in Azerbaijan is Pegasus spyware.  

The Pegasus Project

On July 18, 2021, an international consortium of more than 80 journalists from 17 media outlets revealed the Pegasus Project. Spearheaded by Forbidden Stories, a Paris-based journalism non-for-profit, with technical support of Amnesty International Security Lab, the Pegasus Project is a global investigation into an Israeli surveillance company, the NSO Group, and it’s most sought after hacking software called Pegasus.

According to the investigation, the NSO Group sold Pegasus to at least ten government clients including in Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Azerbaijan, Rwanda, Saudi Arabia, and the UAE. Among the targets were journalists, human rights defenders, political opponents, business people, and heads of state.

“Forbidden Stories and Amnesty International had access to a leak of more than 50,000 records of phone numbers that NSO clients selected for surveillance,” wrote Forbidden Stories sharing the findings of the investigation.

On the leaked phone records, at least 1000 were identified as belonging to users from Azerbaijan. One of the media partners in the investigation, the Organized Crime and Corruption Reporting Project (OCCRP) took on to investigate numbers that belonged to users in Azerbaijan, Kazakhstan, and Rwanda.

So far, OCCRP was able to identify 250 phone numbers targeted, which belonged to reporters, [2] editors, media company owners, activists, human rights defenders, and their family members. As of July 27, OCCRP confirmed at least 80 cases of the alleged surveillance.[3]

Following the release of the investigations, international organizations, such as Reporters Without Borders, said they will pursue legal action against those responsible for this massive surveillance.[4] In Azerbaijan, some of the targeted individuals intend to appeal to local courts and then to the European Court of Human Rights, on the grounds of infringements of their right to private life.[5]

While law enforcement authorities in Hungary[6], Israel[7], France[8], the USA[9], and Algeria[10] have launched probes into suspected unlawful surveillance via Pegasus spyware, the Azerbaijani law enforcement agencies are yet to respond.

What chance do those targeted in Azerbaijan stand in pursuing legal action against the government of Azerbaijan? To answer this question, we look at the national legislation enabling the government to carry out surveillance en masse and citizens’ rights to privacy. Read the PDF report here.

Domestic framework

The right to private life is under the protection of comprehensive constitutional provisions, namely Article 32 of the Azerbaijani Constitution which guarantees that everyone has the right to the inviolability of private[11] and family life, including with respect to correspondence, telephone communications, post, telegraph messages and information sent by other means of communication. Article 32 further states that gaining, storing, using, and spreading information about the person’s private life without his/her consent is not permitted. These rights may be restricted, as prescribed by law, in order to prevent crime or to determine the truth in the course of the investigation of a criminal case. Section eight of article 32 also indicates that the scope of the personal information, as well as the conditions of their processing, collection, sharing, use, and protection, is prescribed by law.

In addition, there are normative legal acts recognizing the right to private life, including regulating the restrictions of private life in telecommunications networks.

While mentioning a catalog of rights for individuals in respect to the right to privacy[12], article 3 of the basic law on private data – the Law on Private Information,[13] stipulates that the rules for the collection and processing of personal data, concerning intelligence and counterintelligence, and operation-search activities are regulated by other respective legal acts (discussed below).

The Law on Private Information obligates the operators, to create necessary conditions for intelligence, counterintelligence, and search operations in accordance with the legislation, to guarantee relevant organizational and technical issues, and comply with the confidentiality of the methods used to conduct these activities.[14]

Along with the Law on Personal Data, the Law on Telecommunication also determines the powers of state bodies, notably subjects of intelligence and counterintelligence search operations, to collect or intercept personal data from the telecommunication channels and networks.[15]

In Azerbaijan there are two types of oversight over citizens:

  1. Extraction of information from telecom channels, i.e., interception; and
  2. Surveillance

The Law on Operation-Search Activity overseas phone tapping and information extraction from communication channels.[16]  Further, the third section of article 10 of the Law on Operation-Search Activity does not require a judicial act or supervision of higher authority while wiretapping and extracting information from technical communication channels unless there is a need to install technical devices such as voice, video, or photo recorders at the place of residence of the individuals.  

In other words, anyone in Azerbaijan can be subject to such a form of oversight.

The Law on Telecommunication obligates network operators to install special equipment, provided by the State Security Service, Ministry of Internal Affairs, and Special State Protection Service onto the telecommunication networks[17] enabling the Government to extract (intercept) data on anyone regardless of whether that person(s) is part of an investigation process or not.

The installment of special equipment within communication networks is regulated by the “Rules for equipping telecommunications operators and providers with additional technical means for conducting search operations, reconnaissance and counter-intelligence activities” issued by the Ministry of Transport, Communications, and High Technologies on  June 14, 2016.[18] The Rule obligates telecommunication operators and providers to create technical conditions for the conduct of relevant activities within the communication networks.

The Rule defines that Telecommunication Control System (hereinafter – TCS) – is special hardware and software that provides confidential control over the exchange of information of subjects targeted by the relevant measures (such as search and operation, intelligence, and counterintelligence activities), as well as all statistical data of the network. TNS consists of data extraction facilities, transport networks, and control centers.

The Rule also indicates that relevant measures in the communication networks are carried out in accordance with the requirements of the laws of the Republic of Azerbaijan “On Operation-Search Activity” and “On Intelligence and Counterintelligence Activity”.[19]

However, while the Law on Operation-Search Activity may allow secret surveillance and seizure of private information, there are no rules or procedures within the national legislation for secret surveillance and intercepting information by government agencies. There are also no clearly defined rules on determining the grounds for such surveillance and interception activities, their duration, and whether such activities can be stopped by a court or other higher state authority.

Further, when analyzing the national legislation, it becomes clear, that a number of rules about the organization of search operations by law enforcement agencies, as well as the placement of surveillance and tapping devices within the telecommunication infrastructure have not been published. For example, the “Rules for ensuring information security in the implementation of search operations in communications networks” approved by Presidential Decree No. 638 on October 2, 2015, is not disclosed.[20]

As mentioned, earlier, interference with the right to personal data within telecommunication networks is carried out by the representatives of the search and operation, intelligence, and counterintelligence authorities. The technical and organizational conditions for the provision of the search operation, intelligence, and counterintelligence activities within communication networks are determined by the State Security, and in cases where relevant to the Ministry of Internal Affairs, together with the Special State Protection Service of Azerbaijan.

Infringement of privacy is prohibited under the Criminal Code (Article 156). Illegal collection of information, documents containing such information, visual materials, audio recordings, as well as their sale or transfer to another person is punishable by a fine in the amount of 1,000 to 2,000 AZN (approximately 600-1200USD); by public works ranging from 240 to 480 hours; or by correctional labor for up to one year. In cases where the same offense was/is committed by an official using his/her official status, the crime is punishable by restriction of liberty for a period of up to two years or by imprisonment for a term of up to two years with or without deprivation of the right to hold a certain position or engage in certain activities for up to three years.[21]

The Criminal Procedural Code provides that the investigation of the infringement of privacy is carried out in the form of a public-private prosecution upon the complaint of the victim or by the initiative of the prosecutor when the committed crime affects the interests of the state or society.[22]

Compliance with international standards

The right to protection of personal data is not an autonomous right among various rights and freedoms covered by the Convention. The Court has nevertheless acknowledged that the protection of personal data is of fundamental importance to a person’s enjoyment of his or her right to respect for private and family life, home, and correspondence, as guaranteed by Article 8 of the Convention (Satakunnan Markkinapörssi Oy and Satamedia Oy v. Finland [GC], 2017, § 137; Z v. Finland, 1997, § 95).

According to the Court’s established case-law, the requirement that any interference must be “in accordance with the law” will only be met when three conditions are satisfied: the impugned measure must have some basis in domestic law and, with regard to the quality of the law at issue, it must be accessible to the person concerned and have foreseeable consequences.[23]

Non-availability of any official information or confirmation on the scope and form of the surveillance and interception of mobile devices through the Pegasus spyware may also raise specific issues concerning the difficulties on recognizing the victims’ status within the framework of national laws. 

However, the relevant case-law of the ECtHR is relatively flexible on the subject of recognition of the victim’s status. The ECtHR, therefore, accepts that an individual could, under certain conditions, claim to be the victim of a violation occasioned by the mere existence of secret measures or of legislation permitting secret measures, without having to allege that such measures had been in fact applied to him or her.[24]

Further, considering that domestic legislation does not require any judicial act or does not provide any independent oversight over the interferences to the right to privacy, there is little information about the form and scope of the interception and surveillance of individuals’ privacy within telecommunications networks in Azerbaijan. This is also contrary to the well-established standards of the ECtHR concerning the issue of personal data collected by means of various methods of secret surveillance. The fact that various government institutions are vested with powers and authority – as provided by domestic laws — to listen to anyone at any time on telecommunication networks, in itself does not meet the requirements of the qualitative law enshrined in the case-law of the European Court.

The ECtHR considers the requirements of the Convention, notably in regard to foreseeability, to not be exactly the same, in the special context of interception of communications for the purpose of police investigations.

According to the ECtHR case law,  the Convention’s “quality of law” concept, requires, that domestic laws – notably those allowing state interference with rights and freedoms – satisfy the requirements that domestic laws, should be sufficiently accessible and foreseeable.

The requirement of foreseeability means that the national law must be sufficiently clear in its terms, in order to give citizens an adequate indication of the circumstances and conditions for which public authorities were empowered to resort to this secret and potentially dangerous interference with the right to respect for private life and correspondence. Consequently, the law must indicate the scope of any such discretion conferred on the competent authorities and the manner of its exercise with sufficient clarity, having regard to the legitimate aim of the measure in question, and to give the individual adequate protection against arbitrary interference (Malone v. the United Kingdom, 2 August 1984, §§ 67 and 68, Series A no. 82. See also Kennedy v. the United Kingdom, op. cit., § 152).[25]

In this regard, within the framework of the European Court’s supervision function under the Convention’s standards, the ECtHR’s authority to verify the compliance of online surveillance regimes with the Convention’s standards would provide effective protection.

In recent Grand Chamber judgment in the case of Big Brother Watch and Others v. the United Kingdom (application nos. 58170/13, 62322/14 and 24969/15) the ECtHR held unanimously, that there had been a violation of Article 8 of the European Convention (right to respect for private and family life/communications) in respect of the regime for obtaining communications data from communication service providers noting that assessment of interceptions and obtaining of private information from the telecommunications networks should be made at each stage of the process of the necessity and proportionality of the measures being taken; that bulk interception should be subject to independent authorization at the outset when the object and scope of the operation were being defined; and that the operation should be subject to supervision and independent ex post facto review.

We conclude, that based on the above analysis of the loose interpretation and at times overt national legislation, it is important to take these cases of surveillance and interception to the ECtHR for the purpose of assessing the country’s legal framework and its (in)applicability with the ECtHR’s case law.  

[1] Internal company documents show Azerbaijan’s Ministry of National Security purchased Hacking Team’s Remote Control System (RCS) surveillance spyware via a California-based intermediary called Horizon Global Group in 2013 for an initial payment of €320,000. https://www.occrp.org/en/daily/4136-azerbaijan-bought-hacking-team-s-surveillance-spyware-leaks-reveal

[2] Turan, Pegasus has been spying on Azerbaijani journalists and activists over years, July 19, 2021, https://www.turan.az/ext/news/2021/7/free/politics_news/en/5975.htm/001 

[3] OCCRp, People Selected for Targeting by Azerbaijan,

https://cdn.occrp.org/projects/project-p/?_gl=1*rnxzxn*_ga*MjEyNTY0MTgzMS4xNjI3NDE1OTE1*_ga_NHCZV5EYYY*MTYyNzQxNTkxMy4xLjEuMTYyNzQxNTkyNy40Ng..#/countries/AZ

[4] Turan, The organization in defense of press freedom “Reporters without Borders” is outraged by the fact that 200 journalists from 20 countries are being spied on with the help of the Israeli spy system Pegasus, July 2021, http://www.turan.az/ext/news/2021/7/free/politics_news/en/6042.htm/001

[5] Voice of America, Interview with Bakhtiyar Hajiyev, July 20, 2021, https://www.amerikaninsesi.org/a/bəxtiyar-hacıyev-avtoritar-rejimlər-hətta-ən-yaxın-çevrəsinə-güvənmir/5972455.html

[6] Al Jazeera, Hungary prosecutors open investigation into Pegasus spying claims, July 22, 2021, https://www.aljazeera.com/news/2021/7/22/hungary-prosecutors-open-investigation-into-pegasus-spying-claims

[7] Al Jazeera, Israel launches commission to probe Pegasus spyware: Legislator, July 22, 2021, https://www.aljazeera.com/news/2021/7/22/israel-launches-commission-to-probe-pegasus-spyware-legislator

[8] Euractive, France launches investigation into Pegasus spying allegations, July 22, 2021, https://www.euractiv.com/section/cybersecurity/news/france-launches-investigation-into-pegasus-spying-allegations/

[9] Reuters, FBI probes use of Israeli firm’s spyware in personal and government hacks – sources, July 22, 2021,  https://www.reuters.com/article/us-usa-cyber-nso-exclusive-idUSKBN1ZT38B

[10] The Star, Algeria launches probe into Pegasus spyware claim, July 22, 2021, https://www.thestar.com.my/tech/tech-news/2021/07/23/algeria-launches-probe-into-pegasus-spyware-claim

[11] Constitution of the Republic of Azerbaijan, https://static2.president.az/media/W1siZiIsIjIwMTgvMDMvMDkvNHQzMWNrcGppYV9Lb25zdGl0dXNpeWFfRU5HLnBkZiJdXQ?sha=c440b7c5f80d645b

[12] According to article 7 of the Law on Personal Data, individuals have the right to require a legal justification for the collection, processing, and transfer of their personal information to third parties, and information on the legal consequences for the subject of the collection, processing, and transfer of such information to third parties; to get acquainted with the content of personal information collected about himself/herself in the information system; to learn the purpose, the period and methods of collecting and processing personal information about himself/herself; to demand clarification and destruction of personal data collected and processed in the information system, except for the cases established by the legislation; to demand a ban on the collection and processing of personal data about himself/herself and etc.

[13] Law on Private Data, http://e-qanun.az/framework/19675

[14] Article 10.5, Law on Personal Data

[15] Article 39, Law on Telecommunication (article 10.5 of the Personal Data is repeated in article 39 of the Law on Telecommunication)

[16] Article 10, Law on Operation-Search Activity, http://e-qanun.az/framework/2938

[17] Under the Telecoms Law and the conditions of telecom licensing and registration, telecom operators and providers must cooperate with the law enforcement authorities and install special equipment and software programmes allowing them access to information under the undisclosed technical rules adopted by the Presidential order on October 2, 2015. The Law on Telecommunication, article 39., Paragraph 1 of the article states: “operators, providers are obliged to create conditions for conducting search operations, intelligence and counter-intelligence activities in accordance with the law; to provide telecommunications networks with additional technical means in accordance with the conditions established by the relevant executive authority; to resolve organizational issues, and to keep secret the methods used in conducting these events.” Paragraph 2 of the article states: “The operator, the provider shall be liable for the violation of these requirements in accordance with the law.”

[18] http://e-qanun.az/framework/33275

[19] Article 1.5.7. “Rules for equipping telecommunications operators and providers with additional technical means for conducting search operations, reconnaissance and counter-intelligence activities”, issued by the Ministry of Transport, Communications and High Technologies,   June 14, 2016

[20] The Presidential Decree No. 638, October 2, 2015, http://e-qanun.az/framework/30840

[21] The Criminal Code of Azerbaijan, http://e-qanun.az/framework/46947

[22] The Criminal Procedure Code of Azerbaijan, http://e-qanun.az/framework/46950

[23] Kennedy v. the United Kingdom, op. cit., § 151; Rotaru v. Romania, op. cit., §52; Amann v. Switzerland, op. cit., § 50; Iordachi and Others v. Moldova, op. cit.; Kruslin v. France, § 27; Huvig v. France, § 26; Association for European Integration and Human Rights and Ekimdzhiev v. Bulgaria, op. cit., § 71; Liberty and Others v. the United Kingdom, op. cit., § 59, etc.

[24] National security and European case-law, Council of Europe / European Court of Human Rights, 2013, para., 9., https://rm.coe.int/168067d214

[25] National security and European case-law, Council of Europe / European Court of Human Rights, 2013, page 2,  https://rm.coe.int/168067d214

Azerbaijan to license online TV channels

In January, 2021, Az-Net Watch covered the new legal development concerning media freedom environment in Azerbaijan. At the time, it was announced, that a newly established Azerbaijani Agency for Media Development will replace, marred by corruption allegations, the State Support Fund for Mass Media Development and that a new media law was drafted by the Administration of the President for the President’s review in two months. Six months down the line, the draft media law, is finally set for review, albeit much to the disappointment of freedom of the media advocates and media practitioners in Azerbaijan.

According to Azadliq Radio report, the new law, entails licensing the Internet television and radio broadcasting. The proposal spearheaded by the National Television and Radio Council (NTRC) was announced on June 17.

Specifically the draft law states that:

1) the online channel must have its own website and broadcast from this site;

2) the online channels must broadcast for not less than 6 hours as determined by the proposed new draft bill.

In addition, the Agency for the Development of Mass Media would register online news sties and news agencies.

When Turan News Agency reached out to the NTRC for a comment, the Council refuted the claims that the draft bill mentioned the Internet TV. Similarly, when the agency asked the newly created Agency for Media Development, the agency said, it had no information of such requirement mentioned in the bill. And yet, it was the NTRC that told state news agency APA about the draft bill according to Azadliq Radio report.

Several independent experts, said if true, the new bill and specifically the proposal about licensing, violate Article 10 of the European Convention on Human Rights and norms enshrined in Azerbaijan’s Constitution.

Addressing the controversial new bill, a media law expert, Alasgar Mammadli, said in addition to contradicting Article 10 of the Convention the license requirement can only be applied to broadcasters using frequency transmissions which is not the case for Internet television. In another interview, Mammadli said, “Only during the broadcast, there should be compliance with the general law, which is currently regulated by the Law on Mass Media, Criminal Law, and other laws. There are no gaps, and there are even unnecessary regulations (restrictions).” 

Another legal expert, Khaled Aghaliyev, evaluating the bill in a post on social media platform Facebook said, “It was clear that the government, which promised progressive reforms in the legal regulation of the media, worked harder than ever on reactionary regulatory mechanisms.” Aghaliyev said, in all likelihood, the lawyers working on “progressive regulations” took it upon themselves to interpret one specific sentence of Article 10 word for word. That sentence, notes Aghaliyev says, “This Article shall not prevent States from requiring the licensing of broadcasting, television or cinema enterprises.” “But they [lawyers] thought wrong. The mentioning of that licensing applies only to traditional television, and radio. Therefore, the part of the new bill that we know of, is reactionary, binding freedom of expression. It does not comply with our constitutional norms or the European Convention.”

Stressing the importance of adopting a new media law, Aghaliyev instead offers a different approach. “The government should share the full text of the new draft law and let the civil society prepare an alternative. The two drafts should then go to the Council of Europe experts. Let the Council decide and adopt the one recommended instead.” [A similar initiative took place in 2017 when Azerbaijan’s civil society submitted an alternative analysis of the law on access to information as part of the Good Governance partnership]. 

Screen shot from the report “Compliance of the Republic of Azerbaijan with the International
Covenant on Civil and Political Rights”. The full report can be accessed here: https://tbinternet.ohchr.org/Treaties/CCPR/Shared%20Documents/AZE/INT_CCPR_CSS_AZE_25228_E.pdf
An attempt to license online television was previously discussed in 2010, 2011, 2012, 2016. Over the past decade, the national lawmakers suggested regulating social media platforms on several occasions as well. In March 2017, Azerbaijani lawmakers approved legislation tightening rules for Internet use. Shortly after, scores of independent and opposition news websites were blocked inside Azerbaijan for access. 
*”National Television and Radio Council (NTRC) of Azerbaijan, was established by decree № 794 of the President of Azerbaijan Republic dated October 5, 2002 to ensure the implementation and regulation of state policy in broadcasting sector. The objective of the Council is to regulate the activity of television and radio companies, protect interests of the public during the broadcast, and control the observance of legislation on broadcasting.”

Legal analysis of a COVID tracing app released last year in Azerbaijan

This is part three in a series of detailed legal reports and analyses on existing legal amendments, and new legislation affecting privacy, freedom of expression, media, and online rights in Azerbaijan and their compliance with international standards for freedom of expression.  

In July, of last year, authorities in Azerbaijan released their very own COVID tracing tracker application. Launched by Tebib (Azerbaijan Administration of Regional Medical Division) the app was quick to draw attention, especially over its privacy issues.

The mobile app is operated by the Data Processing Center (DPC), which is the main structure of the information technologies of the Ministry of Transport, Communications, and High Technologies. According to the app’s version history at App Store, the application “update” was done on 27 May 2021. 

e-Tebib is just one of the deluge of apps unveiled during the height of the COVID-19 pandemic by various governments, promising to detect COVID-19 exposure and not only.

Below, we break down the pervasiveness of the app having analyzed existing national and international legislation.

Features and concerns

According to the app’s description, “E-Tebib is designed to inform users in real-time about the number of patients (both sick and recovered) in Azerbaijan.” Since the start of the pandemic, the official data for Azerbaijan on the number of infected patients and recoveries were made available here and the numbers were updated once a day – based on the numbers reported by the Operational Headquarters set up under the Cabinet of Ministers of the Republic of Azerbaijan (the unit was established on February 27, 2020). Already from the start, it was unlikely the app was going to provide real-time indicators when the main body in charge only shared the information once a day. 

In addition, article 4.4 in the user agreement of the app, explicitly said that any information, obtained through the app, may not be precise, correct, or trusted. And yet, the app also claimed to reduce the number of infected patients by informing users of potential COVID infected patients around them via Bluetooth technology. 

Although the app claimed it did not collect any personal data aside from the user’s phone number the article 5.3 of the license agreement stated, the center [the Ministry of Communication, Transportation and High Technologies who owns the app’s license] collected users’ names, last names, phone numbers, social media accounts, emails, national ID numbers, and location.

Article 5.1 mentioned the center was sharing this information with third parties. These third parties were allowed to analyze collected information including users’ browsing history [The center did claim that it did not allow third parties, to use the obtained information for other purposes]. Article 5.5.1 stated the center may share users’ information with government bodies and/or representatives’ legal requests; court orders; or under any other legal condition. Furthermore, article 5.6 stated that users’ information may be shared with third parties in other countries for security purposes.

What the law says

According to Article 5.1 of the Law on Personal Data personal information is protected from the moment it is collected and for this purpose, it is divided into confidential and public categories according to the type of access. Article 5.2 of the Law on Personal Data stipulates that confidential personal data must be protected by the owner, operator, and users who have access to this information on a level required by law. Confidential personal information may be disclosed to third parties only with the consent of the subject, except as provided by law. Article 5.3 of the Law on Personal Data defines open personal data as information anonymously duly declared, made public by the subject, or entered into the information system with the consent of the subject. The person’s name, surname, and patronymic are permanently open personal information.

The terms of the agreement [of the app] on sharing private information with the third parties are vaguely regulated and open to wide interpretation for unlawful transmission of the private information with third parties.

Furthermore, article 5.5.1 of the app’s agreement that states information might be shared upon the government representatives’ legal requests are problematic from the human rights perspective. It fails to specify on which grounds and under what conditions the state authorities might request the private information which is necessary for terms of procedural fairness and safeguards against arbitrariness.

Where personal information is stored for the interest of the protection of health, there should be adequate and effective guarantees against abuse by the state. The law in question, which allows the storing of such information, must indicate with sufficient clarity the scope and conditions of exercise of the authorities’ discretionary power. These standards to some extent are also backed in Article 11.2.2 of the Law on Personal Data which states that when collecting personal data, the owner or operator must notify the subject about the purpose of personal data that is being processed and the legal grounds of this purpose.

In other words, it is not clear whether any state authority can have access to private information simply upon requesting it without legal justification. This is also a requirement of the Law “About operational search activities” as per Article 10. Thus, Article 10 of the Law states that the extraction of information from technical communication channels and other technical means is carried out on the basis of the decision of the court [judge].

Article 5.10., of the app’s user agreement states that all user-related data is kept for a month. But it fails to explain whether the same expiry date applies to “third parties” that may have access[ed] [to the] users’ information. This is contrary to Article 8.2., of the Law on Personal Data. Law on Personal Data requires that for the purpose of collecting and processing of personal data (specifically Article 8.2.3.,) and conditions of destruction or archiving of personal data collected in the relevant information system after the expiration of the period of storage or after the death of the subject in the manner prescribed by law must include a written consent for the processing of the subject’s personal data.

Such vagueness is also contrary to the ECtHR’s well-established case law. In Aycaguer v. France case, the ECtHR ruled, there was a violation of Article 8 (right to respect for private life) of the Convention by “determining the duration of storage of […] personal data depending on the purpose of the file stored […]”. The Court noted that, to date, no appropriate action was taken on that reservation and that there was currently no provision for differentiating the period of storage. The Court also ruled that the regulations on the storage of DNA profiles did not provide the data subjects with sufficient protection, owing to its duration and the fact that the data could not be deleted. The regulations, therefore, failed to strike a fair balance between the competing public and private interests.

Another concern was that the application was developed by A2Z Advisors LLC and the app’s privacy policy was linked to the company’s website. The landing page of A2Z Advisors LLC, however, did not provide any information on the app’s privacy policy. At the time when the app was launched, AIW reached out for comment via email as per A2Z’s recommendation but never received a response.

Similarly, in the App Store for IOs when clicking on the “App Support” tab, the page once again led to the A2Z company website and once again failed to provide any information related to the App. Instead, the privacy policy was accessible via this link that a user had access to but only after downloading and launching the app. This in itself was contrary to the several articles of the Law on Personal Data.

According to Article 11 of the law, it is required, when collecting personal data, that the owner or operator, notifies the subject about the level of protection of personal data collected and processed in the information system [11.2.3.]; the information on the existence of a certificate of conformity of information systems and state examination [11.2.4.]; and the scope of the intended uses of personal data, including the information system for which the information is to be exchanged [11.2.5.]. However, no such information was provided in the app’s agreement.

The app was also not an open-source code and was licensed under the Ministry of Communication, Transportation, and High Technologies. This is contrary to the requirement [Article 6.22.,] of the Resolution of the Cabinet of Ministers about “Requirements on creation and management of Internet information resources of state bodies”, which requires that open source content management systems should not be used in internet information resources.

FaktYoxla, a fact-checking platform in Azerbaijan concluded after a detailed legal analysis over the license agreement that e-Tebib was not designed in accordance with the national legislation on data privacy. The fact-checking platform, having analyzed the respective case-law of the European Court, the EU Data Protection Directive, and the Council of Europe Treaty 108, concluded that the e-Tebib application contradicted the obligations imposed by international standards.

On July 10, 2020, following widespread privacy concerns and questions over the app’s transparency, changes were made to the terms of the agreement.

Originally users’ information was transferred to third parties, which were not explicitly defined in the agreement. At the time, independent experts and lawyers said this was against Article 32 of Azerbaijan’s state constitution and in violation of Article 8 of the European Convention on Human Rights.  Azerbaijan’s constitution, namely, Article 8, stipulates that no one has a right to collect personal information without an individual’s permission. The convention, on the other hand, refers to respect for privacy. 

***In Copland v. the United Kingdom case (no. 62617/00, ECHR 2007-I), the Court found that it was irrelevant that the data held by the college where the applicant worked was not disclosed or used against her in disciplinary or other proceedings. Just storing the data amounted to an interference with private life.

The updated license agreement said that only under necessary circumstances, and within the normative legal framework personal information may be transferred to third parties. The revised agreement, still, fails to explicitly mention the precise list of institutions considered under third parties.

Fuad Niftaliyev – the head of the app development project later explained that the third parties referred to in the agreement are the Ministry of Health, Tebib, and the Operational Headquarters [set up under the Cabinet of Ministers of the Republic of Azerbaijan]. Niftaliyev clarified that the collected information was stored on the servers operated by the Ministry of Communication and Information, however that too was problematic, given the questionable transparency of the government institutions in Azerbaijan especially as surveillance technology is widely used by the ministries alike. 

Azerbaijan’s desire to regulate online hate speech: What problems should Azerbaijan fix first?

This is part two in a series of detailed reports and analyses on existing legal amendments and new legislation affecting freedom of expression, media, and online rights in Azerbaijan and their compliance with international standards for freedom of expression.  

Background

On September 17, 2020, Zahid Oruc, member of the parliament and the head of the Human Rights Committee at the National Parliament, suggested parliament adopts a new law on hate speech. At the time, Oruc said the main goal was to prevent hate speech in the information space, possibly with the inclusion of social media platforms [several members of the parliament and government representatives have stressed that social networks should be regulated by law in Azerbaijan in recent years]. While stressing the urgency in adopting such a law, Oruc failed to address the exact nature of this urgency. In addition, likely in response to a possible backlash from the independent lawyers and civil society in Azerbaijan the MP said, the new bill, cannot be viewed “as a document against freedom of speech and expression”. Nevertheless, much of the responses that came following this announcement, were critical of the proposal especially in light of the legal context where plenty of other existing laws and procedures already address hate speech in one form or another.

In January 2020, the discussion on adopting the bill on hate speech was back on the agenda. Speaking at the first meeting of the spring session of the Parliamentary Committee on Human Rights the chairman of the committee Zahid Oruj noted that the spring session will focus on the analysis of world experience in the field of defamation and “hate speech” legislation.

But what about the analysis of Azerbaijan’s experience in the field of defamation? 

In Azerbaijan, a number of conceptual elements of hate speech are envisaged in the different normative legal acts, including in the Code of Administrative Offences, Criminal Code, the law on Information, informatization and protection of information and Law on Mass-Media.  In other words, several Azerbaijani laws include measures that are designed to address unacceptable online content (including hate speech), ranging from removing content, and making content temporarily inaccessible on the information-telecommunication network.

According to Article 47 of the Constitution of the Republic of Azerbaijan, everyone has the right to freedom of thought and speech. Agitation and propaganda, inciting racial, national, religious, social discord and animosity, or relying on any other criteria is inadmissible. Azerbaijan has also ratified the European Convention on Human Rights (hereinafter “ECHR”) where Article 10 provides that everyone has the right to freedom of expression.

Azerbaijan’s history is rich with examples where existing laws, were abused to restrict freedom of expression, and the national legislation so far failed to comply with international human rights standards with respect to the safety of the media workers or citizens who exercise their right to freedom of expression. That and the lack of independent judicial oversight over the restrictions to freedom of expression and thought post additional challenges in a current environment.

In 2017, when changes were made to the law on combating religious extremism, two prominent members of the Popular Front Party were arrested relying on the existing legislation, even though it was clear, it was a setup, as neither of the activists had any religious affiliation. In January 2017, a Baku court convicted senior opposition Popular Front member Fuad Gahramanli to 10 years in jail for inciting religious and ethnic hatred. Gahramanli was known for his criticisms of the government on Facebook. In July 2017 a court convicted Faig Amirli, another Popular Front member and financial director of the now-closed pro-opposition Azadlig newspaper, on bogus charges of inciting religious hatred and tax evasion. Amirli was handed a suspended sentence.

Four out of seven alerts in 2019 related to detention. Despite the March 2019 release of some wrongfully imprisoned journalists, including anti-corruption blogger Mehman Huseynov, the detention and harassment of journalists continue to this day.

During the height of the pandemic in Azerbaijan, the parliament introduced a series of amendments to existing laws that were then used to prosecute activists. Scores of activists were rounded up, including members of the opposition Popular Front [some of these arrests were captured here]. 

The government of Azerbaijan has consistently ignored the international calls, including the judgments of the European Court of Human Rights (ECtHR) requiring Azerbaijan to reform its domestic legislation with respect to freedom of expression and media rights in order to ensure that it is in line with the international standards. Instead of reforms, the government of Azerbaijan has aggravated the criminal liability for defamation and expanded the scope of the criminal liability to the online spaces (2016 amendments to the Criminal Code), adopted a criminal liability for extremist views on vague grounds, and established administrative liability for spreading false information.

These developments were contrary to the ECtHR’s findings in the Fatullayev, Mahmudov, and Agazade v. Azerbaijan cases (2008) where the Court found that application of provisions of the criminal law on defamation had been contrary to Article 10 of the Convention and the Council of Europe calls to the Member States that prison sentences for defamation should be abolished without further delay [Resolution 1577 (2007) of the Parliamentary Assembly, Towards decriminalization of defamation, to which the Strasbourg Court has referred on a number of occasions].

The country’s poor ranking on most of the rights and freedoms indexes attest to the grave reality in the country. It was also reflected in a statement issued following the Council of Europe Commissioner for Human Rights Dunja Mijatović’s visit to Azerbaijan in July 2019 where the Commissioner said, “Freedom of expression in Azerbaijan continued to be under threat”.

The key state obligations while regulating the online hate speech and general concerns for the Azerbaijani context

Despite the term “hate speech” widely used in legal, policy-making, and academic circles, there is often disagreement about its scope and about how it can best be countered [Dr. Tarlach McGonagle. The Council of Europe against online hate speech: Conundrums and challenges, p. 3.]

There is no international legal definition of hate speech, and the characterization of what is ‘hateful’ is controversial and disputed. However, in 1997 the Committee of Ministers of the Council of Europe adopted a Recommendation (No. R (97) 20) on hate speech which stated the term (non-binding) “shall be understood as covering all forms of expression which spread, incite, promote or justify racial hatred, xenophobia, anti-Semitism or other forms of hatred based on intolerance, including intolerance expressed by aggressive nationalism and ethnocentrism, discrimination and hostility against minorities, migrants and people of immigrant origin”. 

In its case law the European Court of Human Rights, without adopting a precise definition, has regularly applied this term to forms of expression that spread, incite, promote or justify hatred founded on intolerance, including religious intolerance.

Key concerns for the abusive application of the hate-speech regulations

There have been growing concerns in many countries that hate speech regulations (both online and offline) are often misused or result in a violation of freedom of thought and expression. To this end, many international human rights organizations have often emphasized raising concerns on this matter and issued general recommendations, and developed standards for the regulation of hate speech to ensure that such regulations are in line with international human rights standards.

As noted, hate speech has threatened freedom of expression in many countries. Despite the importance “to prevent all forms of expression which spread, incite, promote or justify hatred based on intolerance …,” [Erbakan v. Turkey judgment of 6 July 2006, § 56] the presence of hate speech constitutes a serious threat for the freedom of expression in the process of potentially limiting the expression as such.

On May 13, 2020, Freedom of expression organization ARTICLE 19 has warned that France’s new “Avia” Law, will threaten freedom of speech in France. When a draft bill on hate speech was discussed in France, the French government has ignored the concerns raised by digital rights and free speech groups, and the result will be a chilling effect on online freedom of expression in France”. Consequently, on June 18, 2020, the French Constitutional Council (Conseil constitutionnel) the highest constitutional authority in France, declared that the majority of the Law on Countering Online Hatred, more commonly known as the Avia Law, was unconstitutional. This declaration rendered the key provisions in the law invalid. In its decision, the Constitutional Council held that certain provisions infringe “on freedom of speech and communication, and are not necessary, appropriate and proportionate to the aim pursued”.

The international human rights law provides that states may restrict freedom of expression (only) where provided by law with the condition to meet the principles of legality or necessity and proportionality.

Alongside these principles, an effective judicial review is needed to prevent any abuses of laws capable to restrict freedom of expression. The judicial review of such a measure, based on a weighing-up of the competing interests at stake and designed to strike a balance between them, is inconceivable without a framework establishing precise and specific rules regarding the application of preventive restrictions on freedom of expression [Ahmet Yıldırım v. Turkey, § 64; Cengiz and Others v. Turkey, § 62, which concerns the freedom to receive and impart information and ideas; see also OOO Flavus and Others v. Russia, §§ 40-43]. Furthermore, in some cases, for determining the proportionality, the ECtHR assesses the quality of the parliamentary and judicial review of the necessity of the measure [Animal Defenders International v. the United Kingdom [GC], §§ 108-109].

The First and foremost among these safeguards is the guarantee of review by an impartial decision-making body that separate from the executive and other interested parties.

The UN Special Rapporteur notes that “any restriction imposed must be applied by a body that is independent of political, commercial or other unwarranted influences in a manner that is neither arbitrary nor discriminatory, and with adequate safeguards against abuse” (A/67/357, para. 42).

This is not the case in Azerbaijan. For instance, the Ministry of Communications and Information Technologies is the main body regulating the internet in Azerbaijan, something that experts have called to change and share this role with an organization that is not under state control. The ICT market is also fairly concentrated in the hands of the government.

In its report (A/74/486, 9 October 2019), the UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression evaluates the human rights law that applies to the regulation of online “hate speech” and notes that any restriction – and any action taken against speech should meet the conditions of legality, necessity, and proportionality, and legitimacy [Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, A/74/486, 9 October 2019), para. 20] and to establish or strengthen independent judicial mechanisms to ensure that individuals may have access to justice and remedies in case of restrictions. The Special Rapporteur further notes that “as a first principle, States should not use Internet companies as tools to limit expression that they themselves would be precluded from limiting under international human rights law. [para, 29]. In the meantime, the same Recommendation envisages a principle [third principle] that requires from the governments that interference with freedom of expression, in the context of combating hate speech, are narrowly circumscribed and applied in a lawful and non-arbitrary manner on the basis of objective criteria and must be subject to independent judicial control.

In addition to discussions on adopting the law on Hate Speech, there are also plans to adopt a new law on Media at the moment. The consistent view of the government to regulate social networks with the “hate speech” law poses an additional risk to the systematically undermined freedom of expression in Azerbaijan. There is no guarantee that Azerbaijan’s government will not use lex ferenda regulations as a tool of oppression against its political opponents and civil society.

Without genuine consultations with civil society organizations, independent journalists, disregarding the constant calls of the human rights organizations and ECtHR judgments to reform the domestic laws to remove irrelevant and restrictive frameworks over freedom of expression, new hate speech, and media laws should be taken into account as a serious concern [Dr. Tarlach McGonagle. The Council of Europe against online hate speech: Conundrums and challenges, p. 29].

Instead of addressing the systematic shortcomings, in particular, rendering the restrictive legal frameworks in the sphere of freedom of conscience, freedom of expression and thought, and internet freedom, the government of Azerbaijan continues to add more restrictive regulations into its legislation that is likely to undermine last remnants of the freedom of expression – the online spaces.

In addition, while in a hurry to pass restrictive legislation against freedom of expression, the government of Azerbaijan remains inactive when it comes to the effective investigation of the smear campaigns and hateful attacks against minority groups, such as LGBTQ- communities, and feminists

Finally, having reviewed the current environment of repression and crackdown, and specifically, in the absence of effective judicial oversight and a fully independent regulatory body accountable to the public, it can be concluded that there is no urgency for any new regulations at the moment in Azerbaijan.

Restrictive new bills sweep freedoms under the carpet [part 1]

This is part one in a series of detailed reports and analysis on existing legal amendments and new legislation affecting freedom of expression, media, and online rights in Azerbaijan and their compliance with international standards for freedom of expression.  

In March of last year, AIW shared an update about amendments to an existing bill on Information provisions, Informatization, and Protection of Information and Code of Administrative Offences of the Republic of Azerbaijan. Now, let’s take a closer look at these amendments and what they entail. 

Amendments to the Information Law

Amendments to an existing bill on Information provisions, Informatization, and Protection of Information extended the subjects – to users – of responsibilities for placement of prohibited information, including the “false information” on information-telecommunication networks.

This means that amendments establish the liability over the information-telecommunication network users to place prohibited content on the information-telecommunication networks; 

The amendments also added an item to the list of prohibited content, forbidding the  placement of false information: thus, prohibited information was considered “false information [yalan məlumatlar] in case it posed a threat to harm human life and health, cause significant property damage, mass violation of public safety, disrupt life support facilities, financial, transport, communications, industrial, energy and social infrastructure facilities or other socially dangerous consequences.”

In other words, if users placed content on the internet that might be considered false information capable to disrupt the functioning of state bodies or their activities it can be considered on the grounds of violating the existing law.

Amendments to the Code of Administrative Offences

During the same plenary meeting on March 17, 2020, an amendment to article 388-1 of the Code of Administrative Offenses (CAO) of Law No. 27-VIQD was also approved.

Article 388-1 of the CAO was aggravated with the penalty of up to one-month administrative detention with other sanctions against real or legal person owners of internet information resources and associated domain names as well as on users of information-telecommunication networks for the placement, or the violation of provisions of the Information Law aiming at preventing the placement, of prohibited information on such internet information resources.

With the amendments introduced to laws, users of the information-telecommunication network, owners of internet information resources, and domain names might be punished under Article 388-1 of the CAO. The penalty for the offense is a fine between 500 and 1000 manats (about US$294–$588) for real persons and 1000 to 1500 manats for officials, with an option of up to one month of administrative detention for both classes of persons depending on the circumstances and the identity of the offender.

Implementation of the Amendments (abuse of application)

Shortly after the amendments, police applied these provisions frequently against individuals, including political activists and journalists despite the call from the United Nations, Council of Europe, and OSCE expert bodies urging the authorities to address the disinformation in the first instance by relevant government institutions, providing reliable information and resorting to other restrictive measures, only where they met the standards of necessity and proportionality. This did not prevent authorities from targeting a number of activists and journalists in the following days.

On April 16, 2020, Human Rights Watch documented how Azerbaijani authorities abused quarantine restrictions allegedly to fight with disinformation while arresting opposition activists and silencing the government critics. HRW documented at least six activists and opposition journalists’ sentenced to detentions ranging from 10 to 30 days.

March 21, 2020, Ilgar Atayev was called in for questioning and charged with article 388.1 of the code of administrative offenses – sharing prohibited information on the Internet or Internet – telecommunication networks. According to Meydan TV, an independent online news platform, although Atayev informed that the charges against him were sent to court, he was not aware of the exact accusation. Authorities claimed at the time, Atayev, shared information on COVID without quoting official sources and that the shared information was false.

March 23, 2020, according to the Ministry of Internal Affairs’ press service, three people were administratively arrested for allegedly spreading misinformation about the coronavirus infection.

March 27, 2020, according to the Ministry of Internal Affairs’ press service, between March 26 and 27, 15 people were identified and summoned to the local police on the grounds of allegedly spreading misinformation about the coronavirus infection on social networks and WhatsApp instant messaging application. After the relevant investigations, police warned seven people, fined five, and sentenced three to administrative detention.

April 4, 2020, according to the Ministry of Internal Affairs’ press service, during the control measures carried out between April 1-2, one person was administratively arrested, and five people were fined for allegedly spreading false information about the coronavirus infection on social networks, including WhatsApp instant messaging application.

April 6, 2020, according to the Ministry of Internal Affairs’ press service, one person received a warning for allegedly spreading false information about the coronavirus infection on social networks, including WhatsApp instant messaging application.

Amid on-going arrests, detentions, and fines, on April 3, 2020, the Council of Europe Commissioner for Human Rights issued a statement noting that press freedom must not be undermined by measures to counter disinformation about COVID-19.

Analysis of the law

Content regulation rules and policies which presumably touch on the freedom of speech must meet the strict criteria under international and regional human rights law. According to the European Court of Human Rights jurisprudence, a strict three-part test is required for any content-based restriction.

The Court notes that the first and most crucial requirement of Article 10 of the Convention is that any interference by a public authority with the exercise of the freedom of expression should be lawful.

The second paragraph of Article 10 stipulates that any restriction on expression must be “prescribed by law”. Furthermore, any restrictions need to be necessary for a democratic society [See Sunday Times v. UK (No. 2), Series A no. 217, 26.11.1991, para. 50; Okçuoğlu v. Turkey, No. 24246/94, 8.7.1999, para. 43.] and the state interference should correspond to a “pressing social need”.[See Sürek v. Turkey (No. 1) (Application No. 26682/95), the judgment of 8 July 1999, Reports 1999; Sürek (No. 3) judgment of 8 July 1999.] The state response and the limitations provided by law should be “proportionate to the legitimate aim pursued” [See Bladet Tromsø and Stensaas v. Norway [GC], no. 21980/93, ECHR 1999-III.] Therefore, the necessity of the content-based restrictions must be convincingly established by the state [The Observer and The Guardian v. the United Kingdom, the judgment of 26 November 1991, Series A no. 216, pp. 29-30, § 59.]

The Law on Information, Informatisation, and Protection of Information (Law № 460-IQ)

In 2017, the Law (1998) was updated with a series of restrictive amendments, converting the Law from a technical regulation into a content regulation.

Primary concerns of the Law concerning content regulation:

Owner of the Internet information resource, including owners of the domain name, host, and internet providers bear a strict administrative liability to remove the content manifestly prohibited under article 13-2.3 within 8 hours of notice;

In urgent cases, [when the legally protected interests of the state and society are threatened or there is a real threat to human life and health requires to do] the internet information resource may be temporarily restricted on the basis of a decision of the regulatory body – Ministry of Transport, Communications and High Technologies [restriction is applied without a court order. Although an application is made to the court, the decision to close down the online information source remains in force until the court handles the case or the decision is annulled.]

In refusing to remove the content upon the government’s notice within the 9 hours, owners of internet information resources, owners of domain names, host, and internet providers will face a court sue with possible administrative sanctions.

Safeguards against removal and blocking procedures:

Article 13-3.1 of the law provides that the relevant executive authority (regulatory body) shall issue a warning to the owner of the Internet information resource and its domain name and the hosting provider in writing if it directly discovers cases of placement of prohibited information in the Internet information resource or identifies it based on substantiated information received from individuals, legal entities or government agencies;

Existing legislation and practice concerning content removal and blocking do not provide adequate safeguards against arbitrariness;

for instance, there is no requirement to inform the information resource owners, Internet and host providers or owners of other sites and their users before issuing the content removal warning, and failure to implement the warning leads to a penalty because the Code of Administrative Offenses provides for liability for both the posting of prohibited information and the failure to remove prohibited information posted on the Internet.

The Law on Information, Informatisation, and Protection of Information provide that warning about content removal is considered a mandatory requirement and that failure to obey is sanctioned under Article 388-1.1 of the CAO and possible court sue for block order.

Content removal and blocking procedures also lack transparency and fairness:

The law does not oblige the regulatory body to provide the information resource owners, internet and host providers, or other sites’ substantiated opinion reasoning for the content prohibited. In other words, the regulatory body and other state authorities can request to remove the content or block access to websites without any obligation to substantiate their demands.

Vague Terms and Quality Law Standards:

Sufficient clarity is the requirement of the quality law standard established by the ECHR case-law which requires that the law be both adequately accessible and foreseeable, that is, formulated with sufficient precision to enable the individual to foresee the consequences which a given action may entail, and indicate with sufficient clarity the scope of any discretion conferred on the competent authorities and the manner of its exercise [see Hasan and Chaush v. Bulgaria [GC], no. 30985/96, § 84, ECHR 2000‑XI; and Ahmet Yıldırım, cited above, §§ 57 and 59].

In the list of prohibited information envisaged in the Law on Information, Informatisation, and Protection of Information, the definition of what entails prohibited content is described with vague expressions that are open to excessive interpretations. With these terms, the state authorities “enjoy” a broad discretion power to categorize any information as prohibited (Law № 460-IQ). 

For instance, article 13-2.3.2 of the Law (№ 460-IQ) classifies the information on the promotion of violence and religious extremism and calls for the separation of territorial integrity as prohibited content. The religious extremism and calls for the separation of territorial integrity are vague terms and lack sufficient clarity.

The Law on Combat with Religious Extremism (LCRE) adopted in December 2015, in article 1.0.1.1 defines religious extremism with vague and problematic expressions. The Law refers to acts as “humiliating national dignity,” “compromising religion,”  and “preparing, storing and disseminating religious extremist material” as amounting to religious extremism. Expressions such as “national dignity” or “humiliation of national dignity” are non-legal concepts that are not defined in the domestic laws and therefore subject to broad interpretation by the authorities applying them, opening the way to misinterpretation of the concept and its application in an arbitrary manner [Furthermore, article 1.0.1.6 of the LCRE refers to “forcing someone to practice any religion (religious belief), including performing religious ceremonies and rituals as well as to religious education” as another act of religious extremism, which is equally problematic and may collide with the idea of spreading ideas of religious beliefs and inviting others to join, as a part of exercising freedom of religion, subject to the interpretation of the two concepts by the authorities, in absence of any criteria or clear terms in place. As the ECtHR has ruled, freedom of religion and the freedom to change religion in particular cover activities aimed at persuading others to change religion.]

Procedural safeguards:

Another problematic provision is article 13-2.3.9 of the law, which classifies insult and slander as the prohibited content online. Generally, the legislation of Azerbaijan provides for both civil action and criminal prosecution of defamation. As to the criminal prosecution of defamation, as of March 2017, there are four articles in the Criminal Code that provide criminal liability for defamation. With the amendments to the Law on Information, Informatization, and Protection of Information and Code of Administrative Offences on 17 March 2020, defamation is now sanctioned under the code of administrative offenses.

In practice, police often apply this provision against people who allegedly insult police or other state officials. 

On June 27, 2020, police arrested and fined several individuals who criticized the singers who devoted a song to the police claiming, they allegedly insulted the singers on social networks, insulted their honor and dignity. Meydan TV’s investigation revealed that most of those punished were representatives of opposition parties such as the Popular Front, Musavat and public activists. They were punished under Article 388-1 (posting of information prohibited from dissemination on the Internet).

However, the application of this provision contradicts with the domestic legislation. In Azerbaijan, it is not up to the police to classify the information on the grounds of slander or insult and instead is defined exclusively by the respective domestic courts upon the complaints of the individuals.

According to well-established court practice, courts always decide to conduct an expert examination to assess whether information/opinion is insulting or slanderous, and then the judge relies on the result of the expert examination. Furthermore, the law does not exclude the possibility that the same statement may be subject to both civil and criminal proceedings for defamation. 

Furthermore, the law does not specify how the sanction might be imposed if alleged prohibited content is identified. It is not clear from the text whether the website user will bear the responsibility alone or together with the owner of the internet or host provider. It is seemingly left to the executive authority to decide. For instance, in the case of a media article that allegedly contains prohibited content, the government may block the website forever in parallel, imposing sanctions on the content owner (user of the information resource).

Proportionate and necessary:

As discussed above, if the restriction does not meet proportionality and necessity requirements, the content removal or blocking measures may lead to violation of freedom of expression guaranteed under article 10 of the European Convention on Human Rights. Law on Information, Informatisation, and Protection of Information fail to specify a definition of the categories of blocking orders, such as blocking of entire websites, Internet Protocol (IP) addresses, ports, network protocols or types of use, like social networking, including a limit on the duration of the blocking order which is crucial parameters of the interference to assess whether applied methods are proportionate and necessary in a democratic society to limit the freedom of expression.

Conclusion

This ambiguous law gives extensive flexibility for the state to consider different, particularly critical views as false and government views as correct. The new amendments stipulate that the information shared on the Internet, which disrupts activities of the state institutions, is prohibited and punishable under the Code of Administrative Offences. While false information is also prohibited and punishable if such information threatens other socially dangerous consequences, which the law does not define. 

Such vague definitions and ambiguous expressions provide extensive discretion powers for the state authorities, allowing them to label critical views as false and prohibited. Given the abovementioned concerns, the Law on Information, Informatisation, and Protection of Information does not comply with international standards on freedom of expression. Its scope remains incredibly broad in terms of vague definitions, lack of safeguards, and procedural guarantees.