Internet Law



Internet law is one of the youngest branches of law, raised from the neediness of expanding the existing and creating a new regulatory framework. That new regulatory framework would regulate the Internet and bring the necessary legal certainty and security of its users. Internet law or Cyber law, as it’s also called, includes the regulation of online contractual and tort relations, the right to privacy, freedom of speech and intellectual property, internet security, copyright on computer program codes and databases. It also includes the criminal offenses resulting from online actions, online betting, as well as the tax aspect of the online exchange of goods and services. It covers areas of property rights when it comes to ownership of digital data, internet domains and etc.

Internet law (or cyber law) as it is also called, in a broader sense, covers all parts of the legal system and legal areas related to the Internet and provides protection to Internet users.

The biggest problems who have been facing network users today is sensitive relationship between internet providers and users, the right to privacy, the collection of personal data (including trade and misuse), the protection of payment card data and bank accounts. Therefore, from the companies that collect the mentioned data are expected to do everything in order to prevent hacker attacks and other illegal activities. The other side of the coin is a provider’s legal activity, social networks activity and platforms that collect personal data. With the formal consent of users, they use personal data to make a profit and increase the value of their own companies. Monitoring of the users activities by official governments and state institutions is a special problem that threatens the neutrality of the Internet in general, as well as the privacy and personal interests of individual users.

Very common problems are internet security, protection of intellectual property and copyright on the internet and ease way that can be infringed in the online sphere. There is no 100% protection, but legal regulation is trying to establish the highest possible legal security and unhindered use of the Internet.




One of the important areas covered by the Internet law is the criminal protection of legal entity and natural persons who use the network for private or business purposes.

In addition to repressive action by prescribing the type and degree of sanctions for the commission of certain statutory acts, Internet law also deals with the study of network weaknesses and its improvement, which significantly contributes to the prevention of crimes in cyberspace.

In almost every developed country in the world, there are formed special and well trained equipped departments within the police and prosecutor’s office. The departments have been set up to deal with these cases.

Although it is up to the state authorities to provide protection to Internet users, so much can be prevented by informing citizens and employees in companies about all important aspects of protection and preventive action.

That is why it is important to be informed regularly, because technology is developing rapidly. Those who use it to commit crimes are just as quickly improving and upgrading it. These types of crimes have the highest growth rate in the world. The global network enables cross-border action, so these problems are no longer part of national legislation, but also a problem of the whole world, which must be addressed in a coordinated and joint manner. 



The current Criminal Code of the Republic of Serbia regulating criminal offenses especially the section called as criminal offenses committed on the Internet or in connection with high technologies criminal offenses against the security of computer programs in the Republic of Serbia.

Thus, the criminal act Damage to computer data and programs is envisaged, for which, depending on the amount of damage caused, a prison sentence of up to 5 years can be imposed.

Also, for the entry, destruction, modification or concealment of software or digital records, as well as hardware storage media, which prevents its use, or significantly interferes with the transfer or processing of data that serve government agencies or other institutions (committing the crime of computer sabotage) the amount of the fine.

For the production and introduction of a virus into someone else’s computer or computer system, the punishment can be up to 2 years in prison, depending on whether the damage was caused.

The RS Criminal Code, the traditional Fraud took on a special form if it was committed on the Internet or in connection with computer data. Because of importance of protection on the Internet against fraud, the legislator prescribed a sentence of as much as 10 years in prison for fraud that causes damage of over 1,500,000 RSD.

For unauthorized access to a secure computer, a computer network and electronic data processing, legislator prescribed punish by 6 months in prison. But if the obtain data is used, the sentence can be up to 2 years in prison, while if severe consequences occur and can be up to 3 years.

The Act also prohibits actions of preventing or restricting access to the public computer network, i.e. the use of someone else’s computer or network.



Although intellectual property law is a special area of law, with the advent of the Internet, it has encountered many temptations. When it comes to the internet there was a neediness for a specific approach to solving the problem of protection of subjective rights over intellectual work. Copyright, as the most important and widespread segment of intellectual property, suffers the most damage due to the emergence of new technologies. Trademarks today are not reserved only for traditional types of goods and services, they are also products and services offered virtually, as well as the most diverse website of the platform.

The best example of trademark infringement is the registration of Internet domains that contain someone else’s trademark. The conditions and ways of trademark protection and the procedure for downloading such internet domains are covered by the Internet, and not by traditional IP law. The tendency of buying cheap internet domains for selling has led to the expansion of the application of this regulation in practice, even in Republic of Serbia. This type of domain name fraud is called “Cybersquatting“.

When it comes to Internet domains, other well-known illegal actions are “Typosquatting” (registration of Internet domains similar to the original and through payment search that misleading the visitor that he is at the right address) and “Pagejacking” (copying parts of the website and pasting them on another, fake site to make it look original, but usually with a changed bank account number and payment instructions). International fraudsters use this method for so-called “phishing”.

That is why ICANN has adopted The Uniform Domain Name Dispute Resolution Policy (UDRP) in order to resolve domain disputes faster and more efficiently, without resorting to traditional courts in nation countries. When it comes to the .RS internet domain, Commerce Dispute Resolution Commission regarding the national internet domain of the Republic of Serbia was formed at the Serbian Chamber of Commerce, with the authorization of the ICANN Foundation as well.

What should be further mentioned is that the computer program is a copyright work in the sense of the Law on Copyright and Related Rights of the RS. In this regard, the author of the computer program is provided with special copyright protection, and he enjoys all property interest and moral rights that belong to the author under the law itself. The specificity of a computer program is that the author has the right to allow or prohibit the reproduction of his work. He also has this right in terms of created computer program who was as a result of changes, adaptations of his computer program. So, in terms of another program that was created as a product of changing its last version.  In addition to the above, there is a significant exception to this right of the author of a computer program, i.e. the restriction of his right to prohibit a person who has legally acquired his computer program from reproducing it. For example when it is necessary in order to use the program in accordance with its purpose, debugging, achieving interoperability of independently created computer program with other programs through the process of decompilation of the same, under special conditions prescribed by Law.

In addition to the above, special attention should be paid to the fact that if the author created a computer program during the employment, performing his work obligations, then the permanent holder of all exclusive property rights on the created computer program is the employer. However, this does not have to be the case if he has explicitly agreed in the work contract that the property interest will still belong to the employee, i.e. the author. Also, the author will be entitled to a special fee from the computer program who have been created in the employment relationship only if such a fee is specifically agreed.




Although most Internet users believe that contract law is not applicable online, this is a misconception. Almost every exchange of information or purchase of goods or services on a serious internet platform requires prior agreement with the Terms and Conditions of Use. It is nothing more than accepting an offer to conclude a contract upon accession. This is primarily important for “online” stores, i.e. for the e-commerce business, where goods are sold, i.e. services are provided via the Internet. Therefore, in this case, in order to create a legal relationship between the seller / service provider and the buyer, or user of the service, it is necessary for them to conclude a contract in electronic form by electronic means, whose validity can’t be questionable. This type of business and this contract has regulated by the RS Law on Electronic Commerce, which prescribes its mandatory content, as well as the manner and moment of its conclusion. Among the other things, the mentioned law stipulates, that the seller / service provider is obliged to confirm receipt of an electronic message containing the offer of the buyer/service user, or accept the offer to conclude a contract, without delay, electronically, by a special electronic message. When it comes to the moment of concluding the contract in electronic form, it is considered that it is concluded at the moment when the bidder receives an electronic message from the bidder. The message containing the bidder’s statement to accept the bid.

With the development of technology, there is a neediness of the contract implementation in computer code itself. This is the area of a smart contracts, which falls under the IT law.



The regulation and control of personal data collected by subjects characterized as controllers or processors is and will be a big problem for the individual, but also for the entire civilization. Personal data has become a product and the subject of trade. For now, mainly for the needs of marketing, personalization of the offer and artificial intelligence.

Although almost all countries in the world limit the time limit for storing this information with their regulations. It is never possible to determine with certainty where and for what period have been stored, which is why it is necessary to solve this problem systematically, through active action of communities and high institutions. The difficulty for the individuals is to exercise their rights individually, which the laws guarantee them to a greater or lesser extent.

In this regard, not all legal systems have the same level of protection, i.e. they do not have the same approach to the notion of privacy, which can range from a subjective right whose exercise is a personal matter of an individual to a category that raises personal data and the right to protection to basic human rights, as proclaimed by EU regulations. First regulation was the Convention on Human Rights from 1950, and now the protection of human rights in Europe today is specifically regulated by the General Data Protection Regulation (GDPR). The GDPR radically changed the approach to collecting and processing personal data within the EU, but also outside its borders to the extent and in the manner provided by the regulations.

The same path was followed by our legislation with the adoption of The Personal Data Protection Law of the RS, which becomes effective in August 2019, and which was written on the model and in accordance with the General Data Protection Regulation GDPR. In this regard, our legislation is in step with European regulations, in order to harmonize the mechanisms of personal data protection at the global level, as particularly sensitive and important categories of data, which actually represent the private, personal sphere of each individual.

Having in mind that The Personal Data Protection Law (PDPL) is quite complex and difficult for many to understand, especially controllers and processors of personal data who are obliged to adhere to their obligations prescribed by PDPL. For these purposes they have the opportunity to hire a person for the protection of personal data, so-called the Data Protection Officer (DPO) who has special expertise in the personal data protection area. The DPO is primarily a person who has the ability to inform the controller and processor, as well as their employees, and gives opinions on their obligations regarding the protection of personal data, monitor the application of the provisions of the PDPL, as well as all other regulations and internal acts related to the subject matter. DPO have to cooperate with the Commissioner for Information of Public Importance and Personal Data Protection and generally participate in raising awareness and training of employees involved in data processing and control activities. In addition to the above, the DPO performs other obligations and participates in the process of personal data protection, in which way it provides assistance to the controller and processor. Also, the DPO may be appointed from the ranks of the controller’s and processor’s employees, who have undergone special training and thus acquired such a status. The DPO also may be a third party, who otherwise deals with it, and who is by the controller / processor hired by special contract. What is important to note is that the PDPL also proscribe cases when the controller and processor are obliged to hire a person as DPO.




Spam is not specifically regulated by law in our country, but its prohibition can be reported from a number of other regulations governing advertising, consumer protection and internet security.

Given that about 80% of all emails sent to the United States are Spam, and about 20% of citizens once bought goods through a spam offer, it is clear why this type of invasive advertising or even attack is so common in the world. As we previously mentioned, because of the supranational nature of internet crime, it is very difficult for scammers to track down.

Again, the most effective form of protection is precaution. So never respond to spam or start any communication, do not put your email on a website, put some kind of protected contact form, read the websites terms and conditions before you leaving your data, use spam filter, create and leave another email address on public internet information exchange platforms.

Internet law differs from IT law that regulates the flow of digital information and digital money, software, and the legal side of encryption and cryptography.



Co-authors: lawyer Dragan Milić and lawyer Jelena Blagojević



We provide professional legal representation and legal assistance in areas such as:

  • Protection of trademarks, signs, design solutions and other types of intellectual property on the Internet and the exercise of the right to protection before the competent courts
  • Disputes over gTLD and ccTLD internet domains
  • Internet security
  • Independence and freedom of the Internet
  • The right to privacy on the Internet
  • Freedom of speech and communication on the global network
  • Development of Terms and Conditions and Privacy Policy for the websites
  • All types of contracts related to internet business
  • Tax advice
  • Database and developer code protection




The interest of technological internet companies under whose control social networks are is to take as little responsibility as possible for the content that users publish, and if it’s possible to completely distance themselves from the actions of their users through disclaimers contained in the service’s terms and conditions. However, such a withdrawal does not produce full legal effect. The responsibility of an Internet company that provides information society services cannot be avoided. Certain degree of responsibilitiy must exist regardless of whether it draws from the lex specialis regulations about e-commerce or consumer rights, or from the general rules under which the legal system operates, and also regardless of whether it is the public interest or the interest or data subjective.

Whether we call them online content sharing providers or social information service companies, these internet giants, such as Alphabet Inc. or Meta Platphorms Inc. have grown to positions of value and power that nobody couldn’t even imagine one or two decades ago. These companies, which base their activities on providing services to individuals who use the Internet, have tested traditionally organized legal systems, not only of nation states but also of the European Union. The response to the tendency of technology companies to withdrawal responsibilities regarding the actions of their users, first came through case law, and soon after through EU regulations. The neediness of the protecting first the public interest (first of all interest of minors), but also subjective rights of the individual (such as intellectual property rights), has contributed to a more extensive interpretation of existing imperative norms and the adoption of new ones. Purpose of the new norms adaptation is to fill legal gaps, which was created as a response of the rapid technological change.


EU directives which regulate the liability of internet platforms

One of the primary questions that arises in the responsibility of technology companies is the moment when that responsibility arises.Thus, for example, service providers are of the opinion that their platforms cannot be held liable for illegal content before the moment when they found out about it, i.e. when a third party made that illegality probable. However, as technology advances, especially modern algorithms that Internet service providers have, there is a need to expand their responsibilities by using technology algorithms to prevent a large number of illegal posts and prevent them from trying to be published. The European legislator, within the Directive on copyright and related rights in the Digital Single Market (2019/790), has prescribed a certain service provider’s responsibility for the user’s copyright infringements. The previously mentioned directive proscribe the obligation to the service provider to take number of actions in order to prevent copyright infringements.

During and after the public debate on the enactment of the act, proponents of online freedoms and opponents of Article 17 of the previously said Directive have pointed out, the consequences of such responsibility. The consequences can be seen in the fact that the service provider will remove the content for which he is not sure whether it was posted legally or illegally in order to avoid responsibility and without a motive to take the risk. Which would inevitably affect the restriction of freedom of speech, availability of content, restriction of the right to receive information, and thus the flow of information in general. On the other hand, one of the main arguments for increasing the service provider’s responsibility is the establishment of legal regulation on the Internet and the prevention of violations of legal norms and assistance in exercising subjective rights.


Limitations of the algorithm and consequences for user’s subjective right

We are all witnesses that platforms have started to use algorithms that already indicate the opposite of the content when it comes to posting content with public morals, law or pre-prescribed general rules of the platform and make it impossible to post it. In addition to this, on the initiative of the platform itself preliminary have increased attention to the reasons why third parties may point to abuses and actions in accordance with such requests. Although internet platforms have previously had options for reporting illegality or content that violates public interest and morals, order and peace, as well as subjective rights of others, due to increased levels of responsibility, the list of reasons for reporting content is constantly expanding.

However, where there are set of rules, there are also attempts to abuse and circumvent them. Inevitably, there are consequences that are reflected on the restriction of the rights of others. Thus, the eternal balance between the importance of two rights or two goods, private and public interest, between the right to privacy and the right to information and freedom of speech, gained a new field of discussion, this time on the Internet.

The assessment of merits of the report of illegality or rights violation is more questionable because it is decided by internet platforms according to not always clear and transparent criteria. That leaves doubt whether such decisions are automated without the influence of any human factor, even if they have a control function. Perhaps the solution lies in the most precise rules, steps for exercising the right to the platform and the most transparent procedure with the right to second instance decision-making in the presence of an adequately trained person or commission by the platform. Arbitrating by the platform regarding the application in such situations is certainly necessary. Because, if the exercise of subjective rights is left exclusively to the court, i.e. platform users or third parties who are instructed to resolve their claims exclusively through the court, that procedures would be unavailable for many, both for financial reasons and due to the inevitable international element as its basic features.