Opinion: Cyberattack on ECHR, the holy grail of human rights in Europe

The first recorded cyberattack targeting a major European institution sets a very dangerous precedent, says the former CEO of the Israel-EU Chamber of Commerce and Industry

By Ella Rosenberg

Cyberattacks, unwillingly, have become the norm in the various industries, whether they are low or high risk. Governmental institutions have also, unwillingly, become a target for such attacks. 

The recent cyberattack on the European Court of Human Rights (ECHR) has proven that even the EU institutions are not immune from the dark and unprecedented threats of the modern day and age most monstrous weapon- hijacking and use of personal data. 

The attack took place on December 22nd amidst the anticipation of a judgement condemning the Turkish Government for the detention and imprisonment of a Turkish Member of Parliament, Selahattin Demirtas. 

The ECHR has issued a statement in which it has indirectly accused the Turkish Government, yet directly linking the attack to the delivery of the Judgement: "Following the delivery of the Selahattin Demirtas v. Turkey (no. 2) judgment on 22 December, the website of the European Court of Human Rights was the subject of a large- scale cyberattack which has made it temporarily inaccessible. The Court strongly deplores this serious incident. The competent services are currently making every effort to remedy the situation as soon as possible".  

The Court was fortunate enough not to suffer significant breaches in its internal system. The judgement has been eventually delivered, and has issued the Government of Turkey to take all necessary measures for the immediate release of Mr. Demirtas, and awarding him damages amounting to 28,500 EUR. 

This is first recorded time that a cyberattack has targeted a major European institution. EU agencies are subject to intense cyber practices and scrutiny, and ENISA, the European Union Agency for Cyber Security, has led the EU, its institutions and agencies, towards maintaining a sound cyber in-house cyber practice. 

The ECHR, although named the European Court of Human Rights, is not an EU institution. The Court is subject to the European Convention of Human Rights, which is not EU legislation. Be that as it may, in order to accede the European Union and as part of the Copenhagen Criteria, acceding the Convention is a non-compromising criterion. It may be deducted that the cyber best practices of the Court were sufficient to withhold the unprecedented attack, yet the mere fact the Court was attacked leads to a troubling conclusion. Attacking the European Court of Human Rights, the cornerstone of human rights and their protection across the European Continent, sets a very dangerous de-facto precedent- the holy grail of human rights in Europe is no longer immune to attacks, regardless of who issues the attack.   


Ella Rosenberg, an EU Law Regulatory Consultant, is the former CEO of the Israel-EU Chamber of Commerce and Industry