The Convention was originally scheduled to pass in January 2014, but was delayed for modifications after protests by the private sector, civil society organizations, and privacy experts—all of whom had very little involvement in the drafting process. But a number of countries promulgated harmful new cybersecurity legislation after it was improved in June.
As Access noted in analyzing both versions of the Convention, the Convention has some positive provisions but still needs strengthening. It requires states to consider human rights in implementing cyber security legislation, but it also supports greater government control of private user data. For example, the Convention permits governments to process private data when “in the public interest,” a confusingly vague standard.