Joris van Hoboken
guest researcher
Institute for Information Law (IViR)

Korte Spinhuissteeg 3
1012 CG Amsterdam
The Netherlands


Curriculum Vitae
Dr. Joris van Hoboken is a research fellow at the Information Law Institute of the New York University. At IViR he is a guest researcher and supervisor of PhD-theses.

His research addresses law and policy in the field of digital media, electronic communications and the internet. His interests include the implications of the fundamental right to freedom of expression and privacy online as well as the transatlantic comparison of different regulatory approaches to the online environment. He is a specialist in the field of search engine law and regulation and regularly writes, teaches and presents on the issues of data protection and intermediary liability on the Internet.

He graduated cum laude in bo th Theoretical Mathematics (2002, M.Sc.) and Law (2006, LL.M.) and serves as the chair of the Board of Directors of Bits of Freedom, a Dutch digital civil rights organization. Joris was awarded a Ph.D. by the University of Amsterdam (2012) for his thesis examining the implications of the right to freedom of expression for the legal governance of search engines.

In 2014 he received a prestigious award for his thesis by the Praemium Erasmianum Foundation.

(with A.M. Arnbak, N.A.N.M. van Eijk) Obscured by Clouds or How to Address Governmental Access to Cloud Data From Abroad, draft paper presented at Privacy Law Scholars Conference 2013, 6-7 June, Berkeley, United States.

See also: Snowden saga reveals gaps in protection of European data, Financial Times, 29 July 2013, p. 2.


(with A.M. Arnbak, N.A.N.M. van Eijk and with the assistance of N.P.H. Kruijsen, Cloud Computing in Higher Education and Research Institutions and the USA Patriot Act, November 2012.

Institutions have started to move their data and ICT operations into the cloud. It is becoming clear that this is leading to a decrease of overview and control over government access to data for law enforcement and national security purposes. This report looks at the possibilities for the U.S. government to obtain access to information in the cloud from Dutch institutions on the basis of U.S. law and on the basis of Dutch law and international co-operation. It concludes that the U.S. legal state of affairs implies that the transition towards the cloud has important negative consequences for the possibility to manage information confidentiality, information security and the privacy of European end users in relation to foreign governments.
The Patriot Act from 2001 has started to play a symbolic role in the public debate. It is one important element in a larger, complex and dynamic legal framework for access to data for law enforcement and national security purposes. In particular, the FISA Amendments Act provision for access to data of non-U.S. persons outside the U.S. enacted in 2008 deserves attention. The report describes this and other legal powers for the U.S. government to obtain data of non-U.S. persons located outside of the U.S. from cloud providers that fall under its jurisdiction. Such jurisdiction applies widely, namely to cloud services that conduct systematic business in the United States and is not dependent on the location where the data are stored, as is often assumed. For non-U.S. persons located outside of the U.S., constitutional protection is not applicable and the statutory safeguards are minimal.
In the Netherlands and across the EU, government agencies have legal powers to obtain access to cloud data as well. These provisions can also be be used to assist the U.S. government, when it does not have jurisdiction for instance, but they must stay within the constitutional safeguards set by national constitutions, the European Convention on Human Rights and the EU Charter.

This is the English translation of a report that was released in September 2012 in The Netherlands. It was covered extensively in Dutch newspapers, on Radio1 and the 8 PM news bulletin of public broadcaster NOS. Politicians across the spectrum reacted on the report, both directly in the media and through Parliamentary questions. Meanwhile, the State Secretary of Security and Justice has responded to the Parliamentary questions on 15 October 2012. References can be found on the Institute for Information Law website. The report is also available on SSRN.

See also: Patriot Act can "obtain" data in Europe, researchers say, CBS News, 4 December 2012.


Search engine freedom: On the implications of the Right to Freedom of Expression for the Legal Governance of Web Search Engines, Information Law Series 27, Alphen aan den Rijn: Kluwer Law International 2012.

In this book, the author explores how search media can be incorporated into freedom of expression doctrine, as well as media and communications law and policy more generally. And the book develops a theory of the legal relations between national governments and search media providers on the one hand and between end-users and information providers on the other. Among the many issues covered are the following:

  • role of government under the right to freedom of expression;
  • lack of transparency about the ranking and selection of search results;
  • search engine and ISP intermediary liability;
  • filtering by access providers;
  • freedom of expression and the governance of public libraries;
  • the search engine market, its business model and the separation rule for advertising;
  • search engine self-regulation;
  • user profiling and personalization;
  • decisions and actions for which search engines should be able to claim protection.

The analysis draws on specific legal developments under Article 10 of the European Convention on Human Rights and the United States First Amendment, and investigates issues of diversity, pluralism, and freedom of expression as they relate to editorial control in other media. The author concludes with recommendations regarding search engine governance and the proper role of government, indicating which existing elements of the regulatory framework for search media can be improved and offering directions for future legal and empirical research.
Considering the ever-growing cultural, political, and economic importance of the Internet and the World Wide Web in our societies, and the societal interests involved in the availability of effective search tools, this first in-depth legal analysis of search engine freedom will prove indispensable to the many practitioners and policymakers concerned with freedom of expression in the digital age.


The Right to be Forgotten and the Media Exception in the Proposed Data Protection Regulation, Contribution to the European Parliament Hearing on Data Protection for the Digital Age, 28 June 2012, Brussels.


(with N. Helberger) Little Brother Is Tagging You - Legal and Policy Implications of Amateur Data Controllers, Computer Law International (CRi), 2010-4, p. 101-109.

This article argues that the instances in which amateur users will fall under the ambit of data protection law are not the exception, but rather the rule. Based on an analysis of the provisions of the European Data Protection Directive, the article demonstrates that existing data protection law burdens amateur users with provisions that exceed the personal, technical and financial capacities of most Social Network Sites (SNS) users, that do no fit the SNS context or that users are simply not able to comply with without assistance from the SNS provider. While it is unacceptable to burden amateurs with a number of obligations that exceed their capacities, it is also not feasible to place all the burdens on SNS providers, since many of the privacy problems of SNSs are in fact user-made. All this points to a concept of joint-responsibility of SNS users and providers. The article concludes with a number of concrete suggestions on how such a concept of joint responsibility could be given form.


The Importance of Privacy. Confusion about the Civil Right of the Twenty-First Century, Open, nr. 19 (Beyond Privacy. New Notions of the Private and Public Domains), NAi Uitgevers, 2010.


(with N. Helberger, L. Guibault, E.H. Janssen, N.A.N.M. van Eijk, C.J. Angelopoulos, E. Swart, et al.) User-Created-Content: Supporting a participative Information Society, Final Report, Study carried out for the European Commission by IDATE, TNO and IViR, 2008.


Legal Space for Innovative Ordering. On the Need to Update Selection Intermediary Liability in the EU, International Journal of Communications Law & Policy, 2009-13.


(with N. Helberger) Looking Ahead—Future Issues when Reflecting on the Place of the iConsumer in Consumer Law and Copyright Law, Journal of Consumer Policy 2008-31, p. 489-96.


Freedom of Expression Implications for the Governance of Search, in Searching for Audiovisual Content, IRIS Special, December 2008.


(with C.J. Angelopoulos) Workshop on Audiovisual Search: Summary of the Discussion, in Searching for Audiovisual Content, IRIS Special, December 2008.


Updated 23.09.2014