legal loopholes – Azerbaijan Internet Watch

The State of Internet Freedom in Azerbaijan – 2022 legal overview

Posted on March 9, 2023 by aiw_admin

In this final installment of legal analysis, we offer an overview of some of the key developments covered over the last year with relevant updates within what is seemingly becoming a restrictive internet freedom environment.

Summary

From gradually declining space for online media, the visible pattern of offline persecution for online speech, to the lack of protection mechanisms against personal data infringements, and the ineffectiveness of legal remedies against targeted cyber-attacks and harassment, the research and documentation carried out by Azerbaijan Internet Watch throughout 2022, has shown that over the past year, there has been a significant negative impact, on internet freedoms.

It’s been especially tough for independent media practitioners who are facing the potential prospects of fines, complete closures, and further measures of control and intimidation. The signs of the deteriorating situation were already sown in January 2021 when the government of Azerbaijan announced the establishment of a new media body – the Media Development Agency [MEDIA] and the drafting of a new Media Law. This law which was passed in December 2021, effectively authorized the MEDIA to impose a number of restrictions on media subjects, including a requirement for mandatory registration of journalists with the authorities. As a result, the Law on Media further consolidated the state control over independent and online media.

Over the course of the past year, the general prosecutor’s office continued to persecute online speech by excessively relying on the Law on Information, Informatization, and Protection of Information combined with existing national legislation empowering the Prosecutor’s Office to take measures where it deems necessary. As a result, as documented in this but also prior reports, there have been numerous cases of social media users and media professionals facing fines, and other arbitrary punishments for exercising their right to freedom of speech, all on vaguely defined legal grounds.

AIW also identified that the government of Azerbaijan continuously failed to protect personal data effectively, either as a result of outdated laws, lack of technical capacity, or political will to address the issue. This is evident in numerous examples of hacked databases over the decade, where obtained personal data was shared or transferred to third parties, without consent, leaving countless users vulnerable. To make matters worse, the unlimited access by law enforcement and special service agencies to users’ personal data, leaves users at risk not to mention, the absence of privacy protection. The research carried out by AIW also showed there are no proper safeguard mechanisms against the abuse of personal data especially when this information is sold for commercial purposes, with subscribers left deprived of their right to know where their data is sent or sold.

Meanwhile, law enforcement authorities failed to offer an effective response to addressing complaints requesting a criminal investigation into the personal data infringements despite there being ample evidence proving that the personal data in question was indeed obtained through stolen or hacked accounts and later unlawfully distributed online.

The Pegasus litigations, including the targeted cyber-attacks on social media accounts of media professionals and activists, have also proved ineffective as a result of significant flaws and delays in the investigation process. The domestic litigations regarding the use of surveillance software (Pegasus) led to legal applications to the European Court of Human Rights (ECHR), exposing ill-intended practices of state secret surveillance agencies and inadequate national legislation, which has failed to ensure the protection of the rights of all users of telecommunication services as guaranteed by the Convention and the national laws.

Above mentioned domestic litigations also exposed the lack of adequate protective measures for privacy rights, especially in cases of covert surveillance and state-sponsored cyberattacks. Judicial remedies in place have been insufficient, and the existing civil and administrative avenues, require a heavy burden of proof on claimants.

As such, the European Court of Human Rights (ECtHR) remains the most effective international avenue for legal remedies against violations of internet freedoms in Azerbaijan, despite the systematic delays in executing ECtHR judgments. The legal overview carried out throughout the past year indicates that bringing more applications before international tribunals, including the ECtHR and the Human Rights Committee, is essential for protecting privacy rights and countering violations.

Meanwhile, the government of Azerbaijan must adopt effective legal remedies and procedural safeguards against unlawful access to personal data and covert surveillance.

Restricting the Media: Implications for Online Media. Post-March 2022 developments

Online media in Azerbaijan faces significant challenges with respect to freedom of expression and internet freedoms. There are a growing number of restrictive laws regulating the internet and online content. In addition, the government of Azerbaijan systematically blocks websites, throttles internet connectivity, and carries out cyberattacks and surveillance on human rights and political activists, independent media outlets, and their staff.

On March 24, 2022, Azerbaijan Internet Watch, in its comprehensive legal opinion “New Media Law: implications for online media/journalism in Azerbaijan”, highlighted the adverse implications of the new Media law specifically for on online media and journalistic activities online in Azerbaijan.

On February 8, 2022, the president of Azerbaijan, Ilham Aliyev approved the new Media Law. The law was adopted by Parliament on December 30, 2021. It was heavily criticized by local and international rights organizations who made repeated calls on the government to refrain from adopting the new Law given its restrictive nature. Critics of the draft law worried the new legal document would seriously threaten media freedom, including online media, as it contained provisions granting discretionary powers to the state authorities, including excessive media regulation, especially of online media platforms, as well as further restrictions on the work of practicing journalists, media companies, and relevant entities. Critics were also vocal about the absence of a broad and meaningful public consultation of the law prior to its adoption. The government of Azerbaijan strongly rejected any criticism.

And yet, AIW’s legal analysis, illustrated how the new law empowered media regulatory authorities to issue sanctions, further consolidating government control over the online media environment and journalistic activity, and imposing numerous requirements and regulations on audiovisual media, print media, online media subjects, news agencies, and journalist activities in Azerbaijan. The main concerns included the poorly worded definitions, excessive requirements, and restrictions for online media content, including registration requirements within the newly set up Media Registry for online media subjects, their staff, and freelance journalists working for online media.

The Media environment was already marred with violations and censorship in Azerbaijan prior to the adoption of the law. Numerous news websites were blocked while media practitioners affiliated with independent or opposition media platforms faced persecution and widespread intimidation. The most recent World Press Freedom Index by Reporters Without Borders ranked Azerbaijan 167th out of 180 countries in 2022.

Unlike previous media regulations implemented before 2009 which were mostly indirect restrictions and failed to meet satisfactory international human rights standards, laws that were adopted, amended, or implemented in the following years focused on more formal-legal measures. The new Media Law was the culmination of these measures.

Pre-2009 restrictions mainly consisted of de facto limitations (such as the imprisonment of journalists on bogus charges that were often unrelated to the media legislation) and financial “support” (one-time financial assistance packages, individual scholarships, various orders, medals, free housing after 2011).

Ahead of its adoption in the parliament, the new Media Law was drafted behind closed doors, without public discussions. Even after the draft law was revealed to the public, recommendations and proposals offered by media experts were not taken into account. Several international human rights organizations criticized the new Media Law and urged the Government not to enact the Law.

Among some of the problematic areas of the law are:

*Article 14:

This specific article and its paragraphs require that information published and (or) disseminated in the media (including online media) must meet at least 14 requirements. The law also requires that content published by media outlets should meet the requirements of the Law on Protection of Children from Harmful Information and the Law on Information, Informatization, and Protection of Information which provides an exhaustive list of requirements criticized for vagueness.

*Article 60:

Article 60 paragraph 5, requires online media to publish at least 20 articles per day to qualify as an online media platform.

This is the first time a law defines what constitutes online media. But the rationale behind these measures is unclear. The article does not mention for instance, how newsrooms with smaller teams are meant to produce twenty articles per day. Independent journalists who have voiced concern over this specific article say, this creates an environment of news pollution with platforms focused on producing poorer stories aimed at simply meeting the imposed quota.

It also requires that online media outlets disclose their organizational information on their respective websites;

It also requires online media to register with the tax authorities, identify and appoint a person responsible for editorial;

*Article 62:

Article 62.1 reads that permission from state bodies is not required for setting up online media. But Article 62.2 requires that an online media entity must apply to the relevant executive authority (Media Registry) 7 days prior to the publication or dissemination of the relevant media material. In other words, while there is no need to apply for creating an online media platform, there is a requirement to apply for a permit once the online resource becomes operational and starts publishing.

Article 62.4 requires an additional opinion issued by the State Committee for Work with Religious Organizations before an online media focusing on religion and religious content is set up.

*Article 74 and Media Registry

The Media Registry system became operational in October 2022. The “rules for maintaining a media registry” — are a set of regulations determining the requirements and procedures journalists must meet in order to be eligible for inclusion as well as exclusion.

The Media Registry itself is an electronic information resource managed by the Media Development Agency, which is managed by the Supervisory Board consisting of a Chairman and 6 (six) members appointed by the President of the Republic of Azerbaijan.

Article 74.2 reads that in order for journalists to be included in the registry they must prove a degree in higher education as well as a number of other merit-based criteria.

Article 74.2.5 requires that journalists obtain and provide an employment contract with a media entity which must be registered with the Media Registry.

*Article 78

According to Article 78.3 of the Media Law (transitive provisions) both print and online media shall apply to the Media Agency within six months after the media registry is established. If an application for a media platform’s registration is denied, then the applicant is not considered a legal entity. Since journalists cannot be “legal entities,” it is unclear what happens to journalists whose registration is denied.

There is no option to opt out from the registry as it is mandatory as per Article 78.3 of the Media Law.

Already, 200 media outlets and 180 journalists applied to the media registry according to the statement by the Media Agency. The Agency claims that approximately 160 media outlets were registered already. Independent media watchdogs, say around 40 media outlets were denied registration.

On January 12, 2023, the Executive Director of the Media Development Agency, Ahmed Ismayilov said, “media entities have six months to register, those who fail to do so, will be taken to court by the agency. It will be up to the court to decide whether to continue their activities or not.”

Following this statement, a group of independent and opposition journalists and media platforms have come together under a campaign “We do not want a licensed media.” They have been organizing round table discussions both online and offline calling on the government to cancel the registry and reform the bill on Media. In January, the group also issued a statement in which signatories claimed, “the new law will have very serious negative effects on the freedom of the media and journalists, and on their freedom of movement and activity.” The signatories of the statement also said, the law was unconstitutional and was against the European Convention on Human Rights. As such, they intend to apply to the Constitutional Court and continue onwards with the European Court of Human Rights.

The campaign led to Ismayilov’s backing from previously made statements about court proceedings. Instead, Ismayilov reportedly said, the registration was on a voluntary basis. However, it remains to be seen whether this claim holds true.

Even some pro-governmental journalists criticized the media registry based on rigid regulation and arbitrary application.

Several media organizations challenged the application to the media registry in domestic courts. Among them is 24saat.org LLC (an online media outlet), which has submitted a claim against Media Agency. The news site, was one of the first news platforms denied registration on the grounds its content was not sustainable (referring to the requirement of publishing a minimum of 20 news items on daily basis). The site raised the issues of the illegality of that decision, and its incompatibility with the Constitution and international agreements, asking instead that the agency registers the site and recognizes the violation of the right to freedom of expression. On January 9, 2023, the Baku Administrative Court held a preparatory hearing on the claim of 24saat.org LLC against the Media Agency. The court case continues.

The increased role of law enforcement & abuse of power in prosecuting online speech: post-May 2022 developments

There are two legislative acts that regulate internet freedom:

The Law on Information, Informatization, and Protection of Information defines the requirements and responsibilities for individuals;
The Law on Media, which defines the (almost) similar and additional requirements and responsibilities for journalists and media;

In addition, the Code of Administrative Offences (Articles 388 and 388-1) determines administrative offenses for violations of the above-mentioned laws (the punishment includes fines and administrative detention).

Some Articles of the Criminal Code may be applied to the violations of the above-mentioned laws (such as Article 283 – incitement to hatred and enmity). As well as, the Law on Prosecutur’s Office which allows the respective prosecutor’s offices to issue warning to persons who might breach the law, inter alia, with their statements (Article 22).

The parliament amended the Law on Information, Informatization, and Protection of Information in December 2021 broadening the responsibility of the website owners – previously owner was obligated to remove content, but as per recent amendments he/she must also block access to relevant content (article).

In general, both laws mentioned above can be described as online content regulation. Article 13.2 of the Law on Information and Article 14 of the Media Law regulate prohibited content and website owners as well as online media outlets must comply with these regulations. Otherwise, they would be subjected to blocking, suspension, administrative punishment, or warnings. Both legislative pieces prescribe a list of prohibited information. These lists are not exhaustive and very extensive. Moreover, the language of these lists is vague and open to arbitrary interference.

In recent months, the Office of General Prosecutor (OGP) embarked on a spree, of resorting to official warnings and legislation on administrative offenses against online media. The Law on Prosecutor’s Office authorizes the OGP and subordinate prosecutor’s offices to issue official warnings. Also, the Code of Administrative Offenses (Article 54.2) gives unlimited power to the Prosecutor’s office to initiate administrative offense cases for any other case envisaged in the Code. Thus, the prosecutor’s office has the authority to take measures of responsibility and deterrence against the dissemination of prohibited information on the Internet under the existing legislation on administrative offenses and the law of the prosecutor’s office.

AIW’s legal analysis titled “Who regulates content online in Azerbaijan. Legal analysis,” published in May 2022, shared the increased pattern of prosecuting authorities’ inclination to intervene and persecute online media speech.

Since then, OGP continued to issue warnings and leveling administrative offenses in the following cases:

*On July 27, 2022, social media users Fikret Faramez oglu, the head of the “jamaz.info” website, Agil Alishov, the head of the “miq.az” website and Facebook users – Elchin Ismayil, Ali Jabbarli, and Nurana Fataliyeva were warned by the OGP as per Article 22 of the Law “On the Prosecutor’s Office”, not to allow for such negative circumstances in the future (on the grounds of dissemination of false information to undermine the business reputation of the Azerbaijan Army, create artificial agitation among citizens, as well as overshadow the work done in the direction of strengthening the state’s defense capabilities);

*The same day, Tofiq Shahmuradov (military journalist) was accused under Article 388-1.1.1 of the Code of Administrative Offenses by the OGP, and the Nizami District Court found him guilty and sentenced the journalist to one month of administrative detention (on the grounds of disseminating false information to undermine the business reputation of the Azerbaijan Army, create artificial agitation among citizens, as well as overshadow the work done in the direction of strengthening the state’s defense capabilities);

*On July 30, 2022, the Prosecutor General’s Office of Azerbaijan warned social network users Sakhavat Mammadov, Rovshan Mammadov, Zulfugar Alasgarov, Elgun Rahimov, Fuzuli Kahramani, Zeynal Bakhshiyev, and Ruslan Izzatli within the scope of the Law on Prosecution’s Office (on the grounds – the requirements to present facts and events impartially and objectively, and not to allow one-sidedness, were not observed during the publication of information in the media);

*On August 3, 2022, the OGP warned Facebook users – Tayyar Huseynli, Mubariz Sadigli, Nijat Dadashov, and Irshad Muradov over violating relevant online content regulation (incitement to hatred, privacy violation, and defamation);

*On August 4, 2022, the OGP warned Rustam Ismayilbayli (activist) over a social media post, based on Article 22 of the Law on Prosecutor’s Office;

*On September 16, 2022, Taleh Khasmmadov (human rights defender) was warned by the OGP based on Article 22 of the Law on Prosecutor’s Office (dissemination of unspecified information about the Azerbaijani army). The rights defender was warned not to violate laws.

None of these warnings and/or administrative offense cases meet the requirements of the freedom of expression and access to a fair trial envisaged within the international human rights standards or the constitutional obligations of the Republic of Azerbaijan.

Continued targeted cyber attacks against critics: post-November 2022 developments

In November 2022, AIW published a lengthy legal opinion, “In Azerbaijan, hasty legislative measures in response to cyber threats, leave the protection of personal data on the back burner,” providing a comprehensive analysis of the domestic legislation and the government’s use of those laws and its adverse effects for the personal data protection in Azerbaijan.

Among identified gaps, the report noted that in Azerbaijan, the national legislation on personal data protection does not effectively protect individuals against the arbitrary use of their personal data by both public and private entities.

The analysis also indicates that the national laws restrict and control personal data with intrusive measures, such as equipping telecom networks with special devices, and real-time access to vast amounts of personal data, in the absence of a criminal investigation or judicial order. As such, the absence of clear and enforceable regulations to protect personal data against arbitrariness and flawed systems due to negligence puts personal data at a higher risk of infringements.

Azerbaijan although joined Convention 108, also known as the Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data, in 2009, has not ratified Additional Protocol to Convention 108 which requires each party to establish an independent body to ensure compliance with data protection principles and lays down rules on trans-border data flows.

The rights related to personal data are guaranteed by Article 32 of the Constitution of Azerbaijan, which provides the right to privacy of personal and family life, including information transmitted by various means of communication, including correspondence, telephone, mail, and telegraph. The Constitution prohibits acquiring, storing, using, and spreading information about a person’s private life without his/her consent.

There is also the Law on Personal Data, adopted in May 2010 which regulates personal data through different normation legal acts, and the Decision of the Cabinet of Ministers of Azerbaijan about “the requirements for the protection of personal data” adopted in September 2010. However, previously published analyses on the matter, point out a number of shortcomings.

The weakness of Azerbaijani safeguard mechanisms was acknowledged by Global Cybersecurity Index, which placed Azerbaijan in 40th place among 194 countries ranked by the index. The European Union’s EU4Digital Initiative also criticized the weakness of Azerbaijani mechanisms. According to the findings, Azerbaijani legislation was described as outdated and unable to protect personal data effectively while the government of Azerbaijan demonstrated no political will to overcome this problem.

Even the intra-country public cybersecurity assessment report found flaws in protection mechanisms (a lack of cybersecurity benchmarks for digital web providers).

The government-issued national strategy for overcoming the problem has not indicated positive results yet. Cyber-attacks increased following the second Karabakh war and peaked again during the September border clashes in 2022. Large-scale cybersecurity attacks were committed against several state institutions and banks in April 2022 and August 2022 the authorities refrained from explaining the extent of the damage and did not publicize the results of counteracting measures.

Gaps in legal remedies addressing government-sponsored cyber attacks

In February 2023, AIW, published the report “Legal overview legal remedies (or lack thereof) in cases of online targeting,” showing how Azerbaijan does not effectively protect digital rights. The report focused on two types of violations – cyber-attacks, and covert surveillance, which occur frequently but is not prevented due to inadequate legal remedies.

For instance, there is no automatic notification system for covert surveillance, and there is no independent internal review body. Additionally, there are no rules against prosecutorial discretion, no mechanism to address conflicts of interest between law enforcement and state security bodies, and challenges concerning judicial avenues.

Within existing legislation, the country’s criminal law is one that addresses cyberattacks and breaches of privacy. According to the Criminal Code (Articles 155, 156, and 271-273), cyberattacks and violations of privacy and correspondence rights are prohibited and shall be punished. According to these legal norms in case such an act is committed by law enforcement officials, they are categorized as aggravated circumstances. In these cases, the investigative authority is the prosecutor’s office.

There are civil legal remedies under tort law. However, tort law remedies are effective in practice if the relevant breaches are found in the criminal case. Domestic law in a substantive manner also contains constraints against covert surveillance.

According to domestic procedural law (Code of Criminal Procedure), initial inquiries must be conducted based on reports from victims or others. If the initial inquiry finds, reasonable suspicion on allegations it must remit its preliminary investigation. If the prosecutor’s office dismisses the allegations and refuses to initiate a criminal case, interested parties have the right to apply to district courts. District courts have the authority to remit the case back. Moreover, the relevant official bodies shall conduct disciplinary proceedings about the allegations about their officials on cyberattacks and illegal covert surveillance.

In addition, concerning cyberattacks, there is another review body within the Ministry of Digital Development and Transport – the Cyber Security Service. While the cyber security service does not possess sanctions against authorities, it does have the authority to review the cyberattack claims and issue general warnings concerning cyberattacks. Furthermore, this body may inform other investigative authorities if the problem concerns these authorities. However, it doest not have the legal power to conduct an investigation itself nor can it be considered independent.

In its February report, AIW shared recent cases demonstrating the lack of interest by the law enforcement authorities to offer protection in cases of digital rights violations despite having an ex officio power to conduct criminal investigations. Since then attacks have continued.

The most recent state-sponsored attack was against imprisoned political activist Bakhtiyar Hajiyev. Prior to his arrest, Hajiyev criticized the Government, especially the activities of the Ministry of Internal Affairs. Last year, he was abducted by unknown persons and was forced to delete posts about the Minister of Internal Affairs. Up until today, it remains unclear who abducted Hajiyev. The activist was also subjected to a nasty blackmail campaign.

In December 2022, following his return to Azerbaijan from a trip abroad, Hajiyev was summoned by the Baku General Police Department. He was charged with hooliganism and contempt of court. Based on these charges Khatai District Court applied for a remand in custody, the decision was extended until April 28, 2023. Hajiyev went on a hunger strike twice during his detention. After more than 50 days, he stopped at the end of February 2023.

At the end of December 2022, some anonymous social media accounts shared private correspondence between Hajiyev and the media editor (Vusala Mahirgizi). The leaked conversations alleged Hajiyev was a marionette of one of the clans. Hajiyev published a statement in which the activist said, the correspondence was leaked as a result of hacking of his private communication and that the allegations of Hajiyev being marionette were false.

It is worth noting that this correspondence was leaked during calls for the activist’s release. The leak was largely viewed as an attempt to weaken the advocacy campaign for the release of Hajiyev.

Since February 22, 2023, however, Hajiyev has been the target of another blackmail campaign. A number of anonymous users on Telegram under different channels [‘Exposure of Bakhtiyar Hajiyev’] have been disseminating some of Hajiyev’s private information as well as other women the activist has corresponded with were leaked. Currently, one of the Telegram accounts has 4681 subscribers. Similar information was leaked by fake Facebook accounts. In addition to leaked correspondence, sexually explicit photos of several women who appear with Hajiyev were shared by these accounts. As a result, at least two women were forced to leave their homes and hide from their families, fearing reprisals for ‘immorality’ from their families.

It has been identified, that some parts of the correspondence were probably photoshopped according to media professionals. However, there are others that may be authentic.

These anonymous users also published the names of activists threatening to leak their conversations with Hajiyev as well. Some of these activists are advocates calling for Hajiyev’s release. Some activists whose private communications were leaked said, they would submit a complaint about it.

In the meantime, the Ministry of Internal Affairs said these leaks had nothing to do with them and that during Hajiyev’s arrest, they did not seize any of his devices. However, according to Hajiyev’s lawyers, Hajiyev arrived at the Baku General Police Department in his car and left his phone in the car. The car stayed there for three days and it is likely his phone was compromised during this period.

Meanwhile, the Telegram channels are still active. Hajiyev submitted a complaint to the Prosecutor’s Office about the first incident of cyberattacks. According to his lawyers, they will add a second incident also.

What is next?

The overall analysis and reports indicate that domestic legal remedies in the substantive and procedural law do not protect privacy rights up to satisfactory levels in Azerbaijan. While substantive law at the formal level safeguards digital rights, in practice, these safeguards have no real effects. Judicial remedies are insufficient because criminal procedural avenues in some circumstances are insufficient, and in other circumstances, the district courts cannot force for initiation of the criminal case against officials as the latter still depends on investigative bodies like the prosecutor’s office who decide whether or not to open a criminal case.

Moreover, civil and administrative judicial avenues are also not operational because the heavy burden of proof lies on claimants. In addition, internal disciplinary proceedings are not effective due to a lack of independent oversight bodies. Also, Cyber Security Service lacks real mandatory power in cyberattack cases in addition to independence issues. Therefore, in the cases of covert surveillance and cyberattacks by state authorities, domestic remedies are not effective. It should be added that other aspects of domestic remedies concerning internet freedoms also have challenges. For example, blocking access and official warnings by the prosecutor’s office are especially problematic.

It is well established by the ECtHR in several cases against Azerbaijan that the domestic courts consistently fail to conduct effective judicial oversight in politically motivated cases and instead merely uphold the position of the executive authorities (see, among others, Aliyev v Azerbaijan, appl. No. 68762/14, 71200/14, 20/09/2018, para. 224). Consequently, it may be concluded that procedural law and its safeguards against internet freedom violations have serious flaws. Moreover, practical case studies further furnish that the relevant investigative authorities and domestic courts are not interested in pursuing criminal investigation cyberattacks, covert surveillance, and upholding internet freedoms in the cases of access blocking and official warnings.

The European Court of Human Rights (ECtHR) might be considered one of the most effective international avenues in terms of providing legal remedies for violations of internet freedoms. The effectiveness of the ECtHR lies in its ability to issue binding judgments against member states (namely, Azerbaijan) which can result in the provision of legal remedies for the victims of rights violations. However, there are systematic delays in the execution of the ECtHR judgments by Azerbaijan*, the Committee of Ministers of the Council of Europe continuously supervises the execution of judgments of the ECtHR by the member states and urges states to obey the judgments.

*The Committee of Ministers of the Council of Europe (to which Azerbaijan is a party) mandates that member states comply with the judgments and certain decisions of the European Court of Human Rights. And yet, the court’s decision on Khadija Ismayilova group v. Azerbaijan (Application No. 65286/13) calling on Azerbaijan to duly investigate committed acts, where they [the authorities] failed to do so, and any possible connection and links between crimes committed against journalists and their professional activities, was not complied with.

Given the existing environment, the likelihood of further cyber threats and attacks continuing is high.

The Telegram channels targeting Hajiyev remain. Unidentified persons with ties to the law enforcement authorities have access to Hajiyev’s personal data, and their goal to continue abusing this access is likely. Moreover, the state authorities have broad opportunities to compromise other activists’ accounts and to disseminate their private communications. Therefore, cyber threats currently create a difficult challenge for civil society activists. It should be added that the Government does not commit to changing personal data protection laws and taking practical steps to prevent state-oriented or third-party cyber attacks.

International human rights mechanisms, especially international tribunals are the main source of protection against violations of privacy rights and cyberattacks. Especially bringing more applications before the ECtHR and the Human Rights Committee is very important. Currently, there is no case law of the relevant international human rights mechanisms concerning cyberattacks and privacy violations against Azerbaijan. Despite Azerbaijan not adhering to the judgments of international tribunals on violations of rights, such kind of implementation procedure might help improve the situation.

Due to the current problematic situation within the legal profession (lack of lawyers, lack of interest, and fear among lawyers to take up human rights cases), many cases cannot be brought before international tribunals. Most human rights lawyers are already overwhelmed with the volume of cases they represent. Therefore, international assistance in bringing these applications before international courts is a useful tool for counteracting violations. International human rights organizations must assist local human rights lawyers in bringing cases of personal data infringements to international courts (ECtHR, UN).

In the meantime, the government of Azerbaijan must be urged to adopt effective legal remedies and procedural safeguards against arbitrary and unlawful control of personal data with excessive and broad discretion. Minimum safeguards for the exercise of discretion by public authorities must include detailed rules on (i) the nature of the offenses (grounds) which may give rise to an interception order; (ii) duration, scope, and practical review of interception orders; (iii) the precautions to be taken when communicating the data to other parties.

An independent regulatory authority should be established to supervise and review complaints about personal data breaches. The laws must also be formulated with sufficient clarity and precision to give citizens an adequate understanding of the conditions and circumstances in which the authorities are empowered to resort to this secret and potentially dangerous interference with the right to respect for private life and correspondence.

International advocacy campaigning is a useful instrument for getting attention to the problem. New campaigns may bring the attention of international public bodies to the issue.

Finally, capacity-building activities on internet security issues should be continued and potentially targeted groups should be equipped with more information and tools in this area.

The State of Internet Freedom in Azerbaijan, a legal overview

Posted on July 29, 2021 by aiw_admin

This is part five and the final installment, in a series of detailed legal reports and analyses on existing legal amendments, and new legislation affecting privacy, freedom of expression, media, and online rights in Azerbaijan and their compliance with international standards for freedom of expression.

This final report, “The State of Internet Freedom in Azerbaijan, a legal overview” was prepared in partnership with human rights lawyer, Emin Abbasov. It is a comprehensive overview, of the existing legal framework in Azerbaijan on internet freedoms.

The following report identifies gaps within the legislation, policy, and practice that fail to comply with international legal standards in the field of internet freedoms.

As such, the aim of the report is to:

identify and report key developments concerning internet freedoms covering the period between 2020-2021;
analyze and review legislation, policies, and practices in line with international standards;
provide recommendations to strengthen and develop legislation, policies, and practices already in place;

Executive Summary

Azerbaijan’s track record on freedom of expression and freedom of the media has been on a steady decline according to a number of key reports by international media freedom watchdogs. This has been the case especially since 2014.

The most recent rankings by the Reporters Without Borders’ Press Freedom Index in 2020, place Azerbaijan at the bottom of the index, where the country ranks 169 out of 180 countries monitored. Freedom House’s annual Freedom on the Net report ranked Azerbaijan in 2020 as “Not Free.”

From a legal perspective, despite routine calls on the government of Azerbaijan to ensure the domestic legislation and its application comply with international standards, particularly in line with the ECtHR case-law requirements on freedom of expression, media, and internet rights, the legislative authority, continues to adopt restrictive new bills that further deteriorate fundamental rights and freedoms.

During the reporting period, the parliament in Azerbaijan adopted several amendments to existing national legislation, imposing further restrictions and increasing state control over the internet. In the meantime, relevant authorities failed to carry out effective and prompt investigations and prosecution into the cases of blackmailing and online sexual harassment against activists and politicians. Further, the government prepared a draft law on the media, with proposals to license Internet televisions and radios, and a new media registry with strict requirements for journalists, media owners, and media platforms.

The report also identifies the government’s failure to present, sufficient mitigation policies to remove the infrastructural barriers related to internet access when switching to online education during country-wide restrictions imposed in March of last year as a result of COVID19. These barriers were more profound in remote areas of the country where access to the internet is poor due to inadequate infrastructure and among economically vulnerable populations.

Finally, this report concludes that domestic legislation in Azerbaijan does not provide effective safeguards for the protection of the rights and freedoms of people online. On the contrary, it gives law enforcement a wide range of powers while failing to provide an independent review mechanism neither by the courts nor by other independent institutions over the exercise of those unlimited powers.

In response to these challenges, the report offers a number of recommendations for the government to improve its domestic legislation in line with international standards with the view of better protection of individuals’ rights and freedoms online. The full PDF report can be accessed here. Below are some of the key findings.

Key Developments between January 1, 2020 – June 31, 2021

The Cabinet of Ministers adopted a decision No.22 on January 29, 2020, approving the “Rules of the organization of operation of the information system on activity against foreign technical intelligence,” and “Level of access of information resources of state bodies within the information system on activity against foreign technical intelligence.” However, the specifics of these rules and what they entail were not disclosed;
Azerbaijan tightened control over online content, specifically the definition of “prohibited information”. On March 17, 2020, the parliament amended the Law of the Republic of Azerbaijan On Information, Informatization and Protection of Information (30-VIQD). According to the amendment, “prohibited information” includes false information endangering human life and health; causing significant property damage; mass violation of public safety; disruption of life support services; and of financial, transportation, communication, industrial, energy, and social infrastructure facilities; or leading to other socially dangerous consequences.”
During the reporting period, the number of attacks and direct targeting against activists, politicians, and their family members with intimate photos, videos, and personal messages that were leaked online, increased significantly;[1]
On June 29, 2020, the Parliament adopted amendments to the Law on Telecommunications and appointed the Ministry of Transport, Communications and High Technologies as an administrator of domain name registration in Azerbaijan;[2]
On September 27, 2020, authorities in Azerbaijan imposed restrictions on access to the internet by limiting the speed of the internet, blocking access to social media platforms and messenger services such as WhatsApp, Telegram, and others during the second Karabakh war;[3]
On January 13, 2021, the government established Azerbaijan State Agency for Media Development, according to the Presidential decree “On deepening media reforms in the Republic of Azerbaijan” [signed on January 12, 2020]. The agency was given broad powers to control the online media landscape;[4]
The Government announced a new draft law on media with provisions to license Internet TV channels;
Azerbaijan parliament members announced plans to draft a new law on Hate Speech.

Key findings

The regulation of the internet in Azerbaijan is controlled by the Ministry of Transport, Communications and High Technologies, (MTCHT). The MTCHT is a government agency, in charge of regulating communications and the development of information technologies. It also controls the internet telecommunications infrastructure.
Despite the Law on Telecommunication obligating the state, to ensure healthy competition and antimonopoly activity in the field of telecommunications[7], the import and distribution of the internet in the country is mainly distributed through state companies or private companies under strict government control.[8] According to the Law on Telecommunication (Article 6) regulation of telecommunication activity in Azerbaijan is carried out by the state through broad powers, notably, through the licensing and certification of telecommunication activity, the application of tariffs for the use of telecommunication services, and radiofrequency, and etc.
The activities of internet service providers (ISPs) and operators are required to register with the MTCHT. According to the “Rules of registration of operators and providers of Internet telecommunication services” approved by the Resolution of the Cabinet of Ministers of the Republic of Azerbaijan [No. 427] and dated October 12, 2017, operators and providers of internet telecommunication services must register for a license by applying through the MTCHT, within 15 (fifteen) days of the start of the service.[9] The Rule further states that in accordance with the Presidential Decree No. 507 dated June 19, 2001 “On the division of powers of search operations’ entities while carrying out search operations,” ISPs are required to have a copy of the guarantee, on the installation of special equipment that provides access to information, for search operations.[10] The Rule also requires that the operators and providers submit, approved copy (copies) of the agreement (contracts) concluded with the first subscriber (subscribers), to the registration authority namely the MTCHT.[11]
The State Security Service and the Ministry of Internal Affairs are authorized for the organization of search operations within the communication networks in accordance with the Rule approved by the Presidential Decree № 638 dated October 2, 2015 “On approval of the Rules on information security during search operation activities on communication networks”.[12] This respective rule was never published. According to the Constitutional Law “On normative legal acts” laws and presidential decrees signed by the President must be officially published within 72 hours after the signing.[13] The Constitutional Law also allows that certain provisions of normative legal acts reflecting state secrets are not published.[14]
On June 17, 2021, the National Television and Radio Council (NTRC) announced the provisions in the draft law “On Media” concerning television and radio broadcasting.[18] According to the draft law a number of restrictions on freedom of expression and information, as well as regulation of media activities is envisioned. For the purpose of this report, only those restrictions that concern and impact freedom on the internet are considered here.
The Council of Europe’s Committee of Ministers recommendation CM/Rec(2007)16 to its member States to promote the public service value of the Internet[19] indicates the importance of diversification of competitive market structures in internet resources and ICTs. According to the Recommendations, member states should develop, in co-operation with the private sector and civil society, strategies that promote sustainable, economic growth via competitive market structures in order to stimulate investment, particularly from local capital, into critical Internet resources and ICTs, with particular reference to: developing strategies which promote affordable access to ICT infrastructure, including the Internet, promoting technical interoperability, open standards and cultural diversity in ICT policy covering telecommunications, broadcasting and the Internet. Azerbaijan has so far, failed to meet these recommendations.
In the context of its Recommendation CM/Rec(2018)1 to member States on media pluralism and transparency of media ownership, the Council of Europe’s Committee of Ministers refers to the term “online media” and stresses its importance for media pluralism. It further notes that states have a positive obligation to foster a favorable environment for freedom of expression, offline and online, in which everyone can exercise their right to freedom of expression and participate in public debate effectively, irrespective of whether their views are received favorably by the State or others.[25] Moreover, in 2012, the UN Human Rights Council adopted a key resolution on the promotion, protection, and enjoyment of human rights on the Internet, “calling upon all States to promote and facilitate access to the Internet and international cooperation aimed at the development of media and information and communications facilities in all countries.”[26]
- So far, the relevant government institutions have failed to offer such assurances in Azerbaijan. The extent of government control and monopoly, as well as poor internet infrastructure, are reflected in numerous international reports. The 2021 Inclusive Internet Index, ranked Azerbaijan 84^th globally in the “readiness category,”[27] and the country’s overall performance scores have deteriorated year on year.[28] According to June Speedtest Global Index, (results are updated mid-month for the previous month), Azerbaijan ranked 122^nd out of 181 countries in the category of fixed internet speed. The country’s score improved in the category of mobile internet speed, scoring 66^th place out of 137 countries ranked in this category.[29]
The Guiding Principles on Business and Human Rights also recognize the responsibility of business enterprises to respect human rights, independent of State obligations or the implementation of those obligations (see A/HRC/17/31, annex; and A/HRC/32/38, paragraphs 9- 10). They provide a minimum baseline for corporate human rights accountability, urging companies to adopt public statements of commitment to respect the human rights endorsed by senior or executive-level management; conduct due diligence processes that meaningfully “identify, prevent, mitigate and account for” actual and potential human rights impacts throughout the company’s operations; and provide for or cooperate in the remediation of adverse human rights impacts (see A/HRC/17/31, annex, principles 16-24).[35]
- These internationally recognized standard-setting instruments are usually not legally binding but elaborated from different binding human rights treaties and standards. Such documents set out a number of recommendations, standards, and commitments on the regulation of Internet infrastructure, as well as the regulatory role of states in accessing the Internet. However, none are implemented in the context of Azerbaijan.
During the period of martial law, access to the Internet remained blocked to the public, in the absence of any administrative decisions or justifications, the guarantees associated with the decision, and clearly stated reasons for such restrictions in place.
Azerbaijan signed the Budapest Convention – the Council of Europe Convention against Cybercrime – in 2008 and has ratified it, in 2010.[58] The Budapest Convention is a treaty on crimes committed on the internet and on computer networks. In Azerbaijan, regulation of intelligence services and online policing online, including investigation and prosecution of offenses committed online, are regulated by the Criminal Code, Criminal Procedure Code, Law on Search and Operation, Law on Police, and Law on Prosecutors office, including other normative legal acts of the Republic of Azerbaijan. However, there is no dedicated strategy or other specific policy documents on cybercrime currently available or being developed in Azerbaijan.[59]
- In the absence of such policies, the law enforcement agencies, especially the police, which do not have significant capacity to investigate and prosecute crimes committed online, often interferes with the freedom of expression of the social network users.
- In recent years, the police increasingly play the role of an arbitrator in resolving public conflicts and disputes between internet users. By complaining to the police, individuals can force others (whom they are in conflict with) to delete their status and comments from social network accounts. In return, police promptly identify those who complained about/against or people who criticize the government, and especially the law enforcement agencies on social networks, forcing them to apologize to the public on camera. Police then share the apology videos with the media.[60]
Local civil society activists suggest that during the quarantine period, a large number of people who were held administratively or who were criminally liable for organizing and/or participating in wedding or funeral ceremonies were brought to the police stations, where their forced confessions of repentance were filmed and later broadcasted on national television channels. According to credible reports received by the Election Monitoring and Democracy Studies Center, an Azerbaijani NGO, most people did not give consent to such video recordings. As such, the broadcast of the videos took place against Article 51 of the Code of the Administrative Offenses, which prohibits the dissemination of materials (audio, video, photo) in the mass media without the consent of the person against whom the administrative proceedings are conducted.[62]
Such practice was also used against LGBTQI+ people at least on one occasion. In July 2020, police shared the testimonies of two persons, who were accused of allegedly promoting drug use via their TikTok accounts. The video of their forced confession was shown on state media (Azertag), to discredit LGBTQI+ people and to create a negative public image.[63]
Council of Europe Committee of Ministers Declaration on Freedom of Communication on the Internet (Adopted by the Committee of Ministers on May 28, 2003 at the 840^th meeting of the Ministers’ Deputies), contains ten principles. According to the seventh principle, “In order to ensure protection against online surveillance and to enhance the free expression of information and ideas, member states should respect the will of users of the Internet not to disclose their identity. This does not prevent member states from taking measures and co-operating in order to trace those responsible for criminal acts, in accordance with national law, the Convention for the Protection of Human Rights and Fundamental Freedoms, and other international agreements in the fields of justice and the police.”[68]
- But in the case of Azerbaijan, and following the decree on amendments, no such measures were taken into account. Moreover, at the time of writing of this report, there is no information on whether this mechanism was finalized.

Conclusions & Recommendations

The analysis of the domestic legal framework shared in this report demonstrates that the current legal framework provides law enforcement authorities with unlimited powers to operate in online spaces. The analysis also explains, how this framework empowers the state to exercise full and unchecked control over telecommunication infrastructure.

In such an environment, internet and mobile operators as well as the ISPs have no power or independence to challenge the unlimited powers of the state. Further, our analysis indicates that the legal national framework is designed in such a way, that it fully disregards or undervalues the rights of individuals online while granting authorities ambiguous powers to control everything online in the absence of an independent review of the regulatory authorities’ decisions and actions.

The most striking example of such unlimited powers is an obligation placed on the ISPs to allow law enforcement authorities to set up special technical devices on the ISP’s infrastructure, in order to monitor users online and collect information about them. This is done in the absence of explicit legal provisions which normally would require a court order to carry out such activity, as well as in the absence of independent oversight by a regulatory body, that Azerbaijan failed to establish since 2016. As a result, the lack of an independent regulatory body in the field of telecommunications, as well as the lack of an independent judiciary that is capable of providing effective protection and independent judicial review against the government’s interferences, leaves citizens without any remedies to pursue.

Finally, this report also illustrates the weakness of the legislation on emergency powers, which at the moment fails to indicate the exact limits of government bodies during a state of emergency or war. Such loopholes allow the state authorities to exercise their exclusive powers in a way that can exceed the needs created as a result of such circumstances.

Based on the overview presented above, the following set of recommendations can help improve the overall environment of internet freedom in Azerbaijan:

Amend the legislation, notably the law On Information, Informatization, and Protection of Information, including the Code of Administrative Offences and Criminal Code to remove restrictions on content, such as false information, insult, and slander. Consult with the independent civil society groups to amend the legislation on content regulation in order to strengthen the national legislation and make it in line with international standards. Provide self-regulation opportunities for providers and private companies to regulate inapplicable content in online spaces;
Consider wider consultation and public discussions when reviewing new legislation and policy to ensure the voices of all key stakeholders are heard;
Avoid adopting the draft law on media, that currently requires licensing of the Internet TVs and radios. Instead, ensure the provisions of journalistic activity online is not subject to specific authorization;
Establish an independent National Regulatory Authority in line with international standards including, civil society organizations and other relevant stakeholders;
Provide effective and prompt investigation and prosecution of online harassment, and blackmailing against activists, politicians, and/or their family members;
Amend the Law on Telecommunications, the law on Information, Informatization and Protection of Information and Law on Private Information, including other normative legal acts to indicate what specific measures and in what circumstances the government is undertaking to exclude the anonymity of the internet users, including installing special software and hardware systems for the provision of blanket surveillance in online spaces.
Amend the legislation to provide effective safeguards against abuse of power of law enforcement authorities, notably, amend article 10 of the Law of The Republic Of Azerbaijan On Operational-Search Activity to ensure that a respective court decree is required for conducting online tracking, interception, and seizure of private information from the telecommunication channels about individuals;
Ensure that the Martial Law and the Law on Emergency Situations contain explicit provisions, notably safeguards, against the abusive application of emergency powers online. In doing so, amend the respective laws to include clear procedures of imposing any limitation over the internet and provide that such decisions are subject to effective safeguards;

[1] Azerbaijan Internet Watch, Targeted harassment via telegram channels and hacked Facebook accounts, March 9, 2021, https://www.az-netwatch.org/news/targeted-harassment-via-telegram-channels/

[2] The law on amendments to the Law of the Republic of Azerbaijan “On Telecommunications”, 29 June 2020, available (in Azerbaijani) at: http://e-qanun.az/framework/45676

[3] Azerbaijan limits internet access to prevent Armenia’s large-scale acts of provocation – short notice from the Ministry of Transport, Communications and High Technologies, available (in English) at: https://mincom.gov.az/en/view/news/990/azerbaijan-limits-internet-access-to-prevent-armenias-large-scale-acts-of-provocation-

[4] Presidential decree on deepening media reforms in the Republic of Azerbaijan, 12 January 2021, available (in Azerbaijani) at: http://e-qanun.az/framework/46675

[7] Article 11.1 of the Telecommunication law. “Operators, providers, other legal and physical persons operating in the field of telecommunication, as well device producers and suppliers are equal subjects in the creation and development of telecommunication services.”

[8] Article 3.1.8, article 11.2, and article 11.2.1 of the Law on Telecommunication

[9] The Rules of registration of operators and providers of Internet telecommunication services Available (in Azerbaijani) at: http://e-qanun.az/framework/36773

[10] Presidential Decree On the division of powers of search operations entities in the implementation of search operations, June 19, 2001, available (in Azerbaijani) at: http://e-qanun.az/framework/3569

[11] Article 3.3.3 of the Rule of registration of operators and providers of Internet telecommunication services.

[12] Presidential Decree “On approval of the” Rules for ensuring information security in the implementation of search operations in communications networks ” 2 October 2005, available (in Azerbaijani) at: http://e-qanun.az/framework/30840

[13] Article 83.1 of the Constitutional Law (№ 21-IVKQ) “On normative legal acts” dated 21 December 2010. Available (in Azerbaijani) at: http://www.e-qanun.az/framework/21300

[14] Article 82.7 of the Constitutional Law (№ 21-IVKQ) “On normative legal acts”

[18] Azadliq Radio, Internet TV channels may require a license, June 17, 2021, https://www.azadliq.org/a/internet-tv-lisenziya/31313244.html

[19] Adopted by the Committee of Ministers on November 7, 2007, at the 1010th meeting of the Ministers’ Deputies, https://search.coe.int/cm/Pages/result_details.aspx?ObjectID=09000016805d4a39

[25] The Council of Europe’s Committee of Ministers Recommendation CM/Rec(2018)1[1] to member States on media pluralism and transparency of media ownership, (Adopted by the Committee of Ministers on 7 March 2018 at the 1309th meeting of the Ministers’ Deputies), https://search.coe.int/cm/Pages/result_details.aspx?ObjectId=0900001680790e13

[26] The promotion, protection, and enjoyment of human rights on the Internet: resolution / adopted by the Human Rights Council, https://digitallibrary.un.org/record/731540?ln=en

[27] The Readiness category examines the capacity to access the Internet, including skills, cultural acceptance, and supporting policy.

[28] The Inclusive Internet Index, https://theinclusiveinternet.eiu.com/explore/countries/AZ/

[29] The Speed Test global Index, https://www.speedtest.net/global-index/azerbaijan#fixed

[35] Report by the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, para., 45.

https://globalfreedomofexpression.columbia.edu/wp-content/uploads/2017/06/Kaye-Report-March-2017-AHRC3522.pdf

[58] The Law on Ratification of the Budapest Convention, available (in Azerbaijani) at: http://e-qanun.az/framework/18619

[59] Council of Europe, the status of the ratification of the Budapest Convention concerning to Azerbaijan, https://www.coe.int/en/web/octopus/country-wiki-ap/-/asset_publisher/CmDb7M4RGb4Z/content/azerbaijan?_101_INSTANCE_CmDb7M4RGb4Z_viewMode=view/

[60] On June 3, 2020, Baku residents Tatyana Ulankina, Ramin Bakhishov, Allahverdi Imanguliyev, Shirzad Shirzadov, and Taleh Bakhshiyev were detained in the Baku Metro for allegedly resisting police. Police asked that the detained individuals comply with the lawful demands relating to the rules of the special quarantine regime. A video was shot and broadcast on the website of the Ministry of Internal Affairs in which each of the detainees apologized and regretted their actions to the police department. Afterward, a criminal case was launched under Articles 139-1 (violation of anti-epidemic, sanitary-hygienic or quarantine regimes when there is a real threat of the spreading of the disease or the actual spreading of the disease) and 221 (hooliganism) of the Criminal Code, and the investigation was launched. The CCTV footage from the subway that appeared on social media showed there was a minor dispute between one person and two police officers over the wearing of a protective mask, which the person in the video claimed he had and others joined to support him, https://www.youtube.com/watch?v=EBC-l9EuiCQ&t=136s

[62] Election Monitoring and Democracy Studies Center (EMDS), Briefing Document, Measures against the COVID-19 pandemic in Azerbaijan: Deepening pressure on freedoms and Political Crisis, https://smdtaz.org/wp-content/uploads/2020/09/EMDS-briefing-22.09.20.pdf

[63] Azertag,az, People who registered on the social network “Tik-Tok” under the names “Maya” and “Banu” and posted videos promoting drug use were detained, July 23, 2020, https://video.azertag.az/video/98901

[68] Council of Europe Committee of Ministers Declaration on freedom of communication on the Internet, Adopted by the Committee of Ministers on May 28, 2003, during the 840th meeting of the Ministers’ Deputies, https://search.coe.int/cm/Pages/result_details.aspx?ObjectID=09000016805dfbd5