The role of cybersecurity and data protection initiatives in ensuring the confidentiality of international commercial arbitration

Abstract

In recent years, cyberattacks and data breaches have emerged as a growing threat to most sectors worldwide. The field of international commercial arbitration has proved no exception to this troubling trend. In fact, it is considered an attractive target for hackers. Thus, if proactive cybersecurity steps are not taken, both the security of highly sensitive commercial data and compliance with data protection laws could be at stake. In light of this, various initiatives have been implemented in an effort to improve cybersecurity and data protection in the context of arbitration. This dissertation analyses the extent to which the latest initiatives concerning cybersecurity and data protection in the field of international arbitration serve to ensure the duty of confidentiality and compliance with data protection laws, especially the General Data Protection Regulation (GDPR). By analysing the recent efforts, guidance and protocols that are formulated to help address ongoing cybersecurity and data protection concerns in international arbitration. Overall, the analysis suggests that existing cybersecurity and data protection measures are not sufficient to safeguard the confidentiality of the arbitration process and ensure compliance with data protection laws and regulations. Yet, the findings also indicate that arbitral institutions are well placed to spearhead the implementation of cybersecurity guidance and rules tailored to arbitral proceedings following consultation with experts in information technology security. Such an approach would enhance the level of cybersecurity and data protection, as well as impose an obligation on all participants in the arbitral process, thereby fostering confidence in international commercial arbitration as a reliable dispute resolution mechanism.