Cyber security is a hot topic in international arbitration. The enactment of the EU General Data Protection Regulation (GPDR) and the Brazilian General Law on Personal Data (LGPD) has brought attention to the relevance of data protection and its associated risks. This article addresses the recent actions taken by certain arbitral institutions and international associations – worldwide and in Brazil – to bring awareness of data protection and avoid cyber attacks that could put at risk the confidentiality of arbitration, one of its most desired characteristics.


Confidentiality is one of the most desired characteristics of arbitration. In a 2018 survey carried out by London’s Queen Mary University and White & Case, 96 percent of respondents confirmed that confidentiality is a key element when choosing arbitration over other dispute resolution methods. Besides, most participants stated that confidentiality should be an opt-out – as opposed to an opt-in – feature for arbitration.

Indeed, parties may discuss and produce in arbitration valuable data, such as distribution networks, business models, commercial know-how, technical formulae, trade secrets or other proprietary information. The disclosure of such information to third parties may have severe adverse consequence. According to the ‘International Arbitration Survey: Cybersecurity in International Arbitration’, 11 percent of respondents declared they had already suffered cyber attacks in arbitration. A very famous cyber attack occurred in 2015 when the website of the Permanent Court of Arbitration was hacked to obtain information regarding a maritime boundary dispute between China and the Philippines.

Jul-Sep 2019 issue

Veirano Advogados