Showing total 472 results

1. The problem of spam law: a comment on the Malaysian communications and multimedia commission's discussion paper on regulating unsolicited commercial messages

Author

Khong, Dennis W.K.

Subjects

*SPAM email laws, *INTERNET laws, *INTERNET fraud, *DIGITAL media, MALAYSIA. Communications & Multimedia Commission

Abstract

The Malaysian Communications and Multimedia Commission published a discussion paper on Regulating Unsolicited Commercial Messages in early August 2003. It was undertaken as a precursor to a law to control the problem of junk mails or spam on the Internet and other electronic media. In this article, I intend to explore the problem of regulating spam from an economic point of view, and to discuss the Commission''s findings. [Copyright &y& Elsevier]

Published

2004

2. ... and still we are left wanting: Malta's White Paper on digital rights.

Author

Weitzenboeck, Emily M.

Subjects

*DIGITAL rights management, *TECHNOLOGY & law, *INTERNET access, *FREEDOM of information, *ACCESS control, *ELECTRONIC information resources, MALTESE politics & government

Abstract

CLSR welcomes occasional comment pieces on issues of current importance in the law and technology field from different jurisdictions. In this instance the Government of Malta published a White Paper in October 2012 for public consultation, proposing the introduction of the following four so-called "digital rights" in the Constitution of Malta: (1) the right to Internet access; (2) the right to informational access; (3) the right to informational freedom and (4) the right to digital informational self-determination. The author believes that the proposal is indeed a step in the right direction but lacks punch where it matters most and does not go far enough. [ABSTRACT FROM AUTHOR]

Published

2013

3. The authenticity crisis.

Author

Jacobs, Bart

Subjects

*INTEGRITY, *DIGITAL signatures, *SECURITY management, *TRUTHFULNESS & falsehood, *FAKE news

Abstract

Authenticity of information is a term with a clear meaning, not in law, but in the area of information security. There, it involves two aspects, called source-authenticity and message-authenticity; they guarantee certainty about the origin of information, and about its integrity. Authenticity differs from veracity: whether information is true (holds) or not is independent of its authenticity. The authenticity crisis described in the title of this paper refers to the destabilising impact of the lack of authenticity of online information, for instance in fake news. The paper proposes systematic use of digital signatures to guarantee authenticity. A crucial point is that authenticity may be organised via technical means (namely via digital signatures), whereas veracity can not. Authenticity-guarantees make institutions recognisable online and provide people with useful tools for making their own credibility judgements. [ABSTRACT FROM AUTHOR]

Published

2024

4. Balancing the platform responsibility paradox: A case for amplification regulation to mitigate the spread of harmful but legal content online.

Author

Park, Tae Jung and Rohatgi, Akshita

Subjects

*INTERNET, *DIGITAL technology, *CENSORSHIP, *JURISDICTION, *FREEDOM of speech

Abstract

This paper examines the complex issue of harmful but legal content (HBLC) moderation on the internet, focusing on the contentious nature of specific content categories regulation and the emergence of an alternative approach, regulating these categories under the umbrella of HBLC. It highlights the fundamental difference between legal and illegal content and the irony when platforms face more liability than the principal poster for failing to take down legal, albeit harmful content, posted by third parties. Instead, it argues that platforms should be held accountable for amplifying harmful content due to the role of their recommender systems in promoting this content for engagement purposes. While challenging to conceptualise, the concept of amplification regulation is scrutinised in relation to HBLC and the potential ways of implementing such regulation are examined. Furthermore, the paper delves into the dynamic between the State and online platforms in the context of HBLC and amplification regulation, emphasising the need for a balanced approach tailored to each jurisdiction's context. [ABSTRACT FROM AUTHOR]

Published

2024

5. The rise of livestreaming e-commerce in China and challenges for regulation: A critical examination of a landmark case occurring during COVID-19 pandemic.

Author

Xiao, Pinghui

Subjects

*ELECTRONIC commerce, *COVID-19 pandemic, *LIVE streaming, *ONLINE shopping

Abstract

The devastating COVID-19 pandemic saw that the livestreaming e-commerce, which is a brand-new e-commerce model by combining online shopping with livestreams, emerged prominently in China. It shares some commonalities with other forms of e-commerce and traditional shopping channels like TV shopping one way or another, but the former is a disruptive iteration of the latter. Nonetheless, the arrival of livestreaming e-commerce also brings about significant regulatory challenges, due to opportunistic livestreamers coupled with other issues, resulting in all kinds of market failure acts, with false or misleading representations figuring most prominently. This is reflected by a landmark case occurring during the pandemic, in which Xin Ba as one of the most influential livestreamers sold cubilose products via Kuaishou, China's leading livestreaming e-commerce platform, in a false or misleading way. When the cubilose products touted as luxury foods were later proven to contain nothing but water and sugar, it attracted considerable public attention due to the large number of consumers affected and huge transactions it generated. This scandal was followed by an administrative investigation and a civil investigation. The Paper has an in-depth analysis of legal issues surrounding these investigations mainly centered on how Xin Ba as a livestreamer is liable for what, and finds that the laws applied to livestreaming e-commerce demonstrate legal inconsistencies and gaps, which a corresponding legal reform is proposed to address. As a way forward, the Paper also examines the issue of platform liabilities, a topic under-discussed under the landmark case. Upon the above deep analyses, the Paper concludes. [ABSTRACT FROM AUTHOR]

Published

2024

6. Transborder flow of personal data (TDF) in Africa: Stocktaking the ills and gains of a divergently regulated business mechanism.

Author

Babalola, Olumide

Subjects

*PERSONALLY identifiable information, *TRANSBORDER data flow, *STAKEHOLDERS

Abstract

Technology-based transactions are inseparable from the routine exchange of data. These exchanges may not pose privacy problems until the movement takes extra-territorial turns thereby facing multiple levels of cross-border regulations. In the 80 s, the frequency of transfer of personal data beyond geographical boundaries in Europe precipitated the regulation of transborder data flows (TDF) beginning with the enactment of the Organization for OECD Guidelines. In Africa, the concept of TDF is more complex than usually viewed by the stakeholders and this is partly because neither the African Union nor other regional bodies have introduced legislation on TDF. Like many concepts in data protection, TDF is bereft of a generally accepted meaning. Regardless of the uncertainty, this paper approaches TDF as the transmission of personal data from one country to another country or international entity for the purpose of processing. The paper discusses some definitions of TDF as understood under African regional and national data protection legislation. In a comparative and normative approach, the paper analyses the barriers to TDF in Africa vis a vis the European experience and then concludes with recommendations for workable TDF within and outside the continent from an African perspective beginning with the harmonization of existing regional framework. [ABSTRACT FROM AUTHOR]

Published

2024

7. Stack is the New Black?: Evolution and Outcomes of the 'India-Stackification' Process.

Author

Parsheera, Smriti

Subjects

*DIGITAL technology, *ELECTRONIC commerce, *DIGITAL transformation, *ELECTRONIC funds transfers

Abstract

India is going through a transformative phase in its digital journey. A large part of this is enfolding in the field of digital public infrastructures as the 'India Stack' branded suite of technological solutions permeates through areas like digital identity, instant payments, digital commerce, and consent management. The paper traces the socio-technical imaginaries that have fueled India's digital transformation strategy and how India Stack acquired its central place in that scheme. Drawing upon India's performance on global ICT-related indices and the OECD's Good Practice Principles for Public Service Design and Delivery, the paper also examines how the country is faring in translating its visions of digital transformation into outcomes. It identifies reliance on coercive digital adoption strategies, lack of participative decision-making, and insufficient accountability safeguards as some of the fault lines in India's path to fair and equitable digital transformation. [ABSTRACT FROM AUTHOR]

Published

2024

8. Consumer neuro devices within EU product safety law: Are we prepared for big tech ante portas?

Author

Steindl, Elisabeth

Subjects

*PRODUCT safety laws, *NEUROTECHNOLOGY (Bioengineering), *INVESTMENTS, *DIGITAL technology

Abstract

Previously confined to the distinct medical market, neurotechnologies are expanding rapidly into the consumer market, driven by technological advancements and substantial investments. While offering promising benefits, concerns have emerged regarding the suitability of existing legal frameworks to adequately address the risks they present. Against the background of an ongoing global debate on new policies or new 'neurorights' regulating neurotechnology, this paper delves into the regulation of consumer Brain-Computer Interfaces (BCIs) in the European Union (EU), focusing on the pertinent product safety legislation. The analysis will primarily examine the sector-specific product safety law for medical devices, the Medical Devices Regulation (MDR). It will meticulously delineate which consumer BCIs fall within its scope and are obliged to comply with the requirements outlined. The tech-based approach of Annex XVI MDR, coupled with recent amendments, show that the EU has adopted a forward-thinking rationale towards regulating health-related risks associated with consumer BCIs within existing EU medical devices legislation, while abstaining from over-regulating aspects therein that are beyond its core objectives. Supplementary, the paper will discuss developments in EU horizontal product safety law, regulating all consumer BCIs that are not subject to sector-specific product safety legislation. In their recently adopted General Product Safety Regulation (GPSR), the EU has introduced several provisions addressing digital products. Inter alia, these changes will enhance the horizontal regulation of consumer BCIs. Overall, within the context of product safety law, the recent adaptations affirm notable efforts by the EU to refine the legal framework that governs consumer BCIs, striking a delicate balance between effective technology regulation and not impeding innovation. [ABSTRACT FROM AUTHOR]

Published

2024

9. Is the regulation of connected and automated vehicles (CAVs) a wicked problem and why does it matter?

Author

Dunphy, Amy

Subjects

*AUTONOMOUS vehicles, *DRIVERLESS cars, *ARTIFICIAL intelligence, *DIGITAL technology, *GOVERNMENT regulation

Abstract

The anticipated public deployment of highly connected and automated vehicles ('CAVs') has the potential to introduce a range of complex regulatory challenges because of the novel and expansive way that data is generated, used, collected and shared by CAVs. Regulators within Australia and internationally are facing the complex task of developing rules and regulations to meet these challenges against the backdrop of continuing uncertainty about the ultimate form of CAVs and the timeframe for their introduction. This paper undertakes a novel examination of whether the regulation of high level CAVs and their associated data will constitute a 'wicked problem'. The wicked problem framework provides a valuable lens through which to examine difficult issues that are faced by regulators and, in turn, to aid in developing regulatory responses and to navigate such issues. A new four quadrant framework is developed and applied. It draws on and expands the seminal work on wicked problems by Rittel and Webber, and Alford and Head. The framework is used to critically reflect on whether CAVs are a 'wicked problem', and, if so, what might be the potential consequences for policy and regulatory development involving the data environment. This paper considers whether evaluating the 'wickedness' of a problem is a useful exercise for regulators, and the potential impact on developing novel approaches to regulatory responses. [ABSTRACT FROM AUTHOR]

Published

2024

10. The future EU postal regulation. What can be learnt from the telecommunication regulations.

Author

Chołodecki, Mateusz

Subjects

*TELECOMMUNICATION, *POSTAL service, *INFORMATION technology, *INTERNET

Abstract

Postal and telecommunication markets are part of the network industry, regulated by specific regimes. After a long period of legal monopoly, the telecommunication market was fully liberalized before the postal one. Thus, the telecommunication regulatory framework has always been a pattern for the postal market in the EU. These two markets constantly develop in the fast-changing technological environment and shifting customer demands. The paper deals with the regulatory challenges of the EU postal market in light of the recently adopted telecommunication regulation - the EU Directive 2018/1972 establishing the European Electronic Communications Code. The directive has set new regulatory goals changing them to focus on high-speed internet connectivity and a more consumer-oriented market. The current postal regulatory framework has achieved all its goals and needs new ones to adjust the market to contemporary challenges. First, the paper critically analyzes the current EU regulatory framework in the postal market. Then, it proposes a new regulatory model considering market needs like mail-oriented universal postal service, fast-growing e-commerce, and the competition from new entrants. [ABSTRACT FROM AUTHOR]

Published

2024

11. Towards a right to repair for the Internet of Things: A review of legal and policy aspects.

Author

Boniface, Christopher, Urquhart, Lachlan, and Terras, Melissa

Subjects

*INTERNET of things, *DATA protection, *DATA privacy, *SUSTAINABILITY, *INFORMATION technology

Abstract

The way in which consumers engage with, utilise, or discard the technologies in their lives is constantly being reassessed and changed. This paper questions what role the emergent "right to repair" could play in resolving issues posed by the increasing ubiquity of the Internet of Things (IoT). The right gives consumers the ability and freedom to fix their devices, or to fair access to appropriate services that can carry out repair on their behalf. In this paper, firstly we establish the problem space surrounding consumer IoT – i.e., devices that are interconnected via the internet, enabling them to send and receive data. We reflect on hardware, software, and data components that pose legal and policy challenges for data protection, security, and sustainability. Through a literature review we then reflect on the current socio-legal developments that support or oppose changes in the consumer IoT market in regards to repair. We then highlight gaps in the existing literature that should inform future research trajectories in this area. This includes exploring disparities between environmental and consumer autonomy approaches, assessing consistency in regulatory developments, and market prioritisation. Finally, the paper concludes with a series of key insights and recommendations from our analysis including: recognition of the growing e-Waste problem and the inequalities it exacerbates and perpetuates; the need for identification and argumentation for different formulations of "repair" and how these may impact the implementation of a right going forward; the need for identification of the reasoning behind disparities in governmental approaches to the right to repair; and the need to practically translate better IoT design practices into reality. [ABSTRACT FROM AUTHOR]

Published

2024

12. Challenges in regulating cloud service providers in EU financial regulation: From operational to systemic risks, and examining challenges of the new oversight regime for critical cloud service providers under the Digital Operational Resilience Act.

Author

Kun, Eyup

Subjects

*SYSTEMIC risk (Finance), *OPERATIONAL risk, *FINANCIAL institutions, *INTERNET security

Abstract

The use of cloud services by financial institutions has become increasingly prevalent due to its economic benefits. However, this comes with the inherent drawbacks of increased security risks and potential financial stability risks from the cloud market concentration. The EU has introduced specific legal instruments that place responsibilities on financial institutions to mitigate these risks. This paper analyses how the regulation of cloud service providers in the EU financial sector has evolved from the regulation of operational risk to the regulation of systemic risk. The Digital Operational Resilience Act, adopted in December 2022 and effective from January 17, 2025, plays a key role in enabling this transformation by recognizing the systemic risk aspect of the use of cloud service providers. It responds to this risk by creating a new oversight regime of critical cloud service providers. However, new oversight of critical cloud service providers brings about novel problems, particularly concerning the ne bis in idem principle in the case of overlapping oversight and enforcement by different authorities responsible for respective legislative instruments in cybersecurity and data protection. The overlapping oversight shall respect the principle. This paper evaluates to what extent the overlapping regime respects the principle under Article 50 of the Charter of Fundamental Rights of the European Union by analysing the Digital Operational Resilience Act and provides suggestions to improve coordination among different competent authorities in the case of overlapping supervision and enforcement to respect the principle. [ABSTRACT FROM AUTHOR]

Published

2024

13. The development of China's electronic case file regulations and its future implications.

Author

Qin, Han, Chen, Li, and Mou, Luye

Subjects

*CRIMINAL procedure, *CRIMINAL justice system, *DATA security failures, *DATA protection

Abstract

Following the issuance of a set of guiding opinions by the Supreme People's Court and Supreme People's Procuratorate in 2016, China has developed a preliminary framework to regulate the preparation, transfer, and use of electronic files. This paper sets out the key features of this framework, highlighting in particular the usefulness of electronic case files as procedural evidence to safeguard the integrity of the criminal justice process. This paper argues that such measures contribute significantly to improving procedural justice and judicial independence in contemporary China. However, further technological and legal rules are needed to address security concerns arising from the use of electronic files. The use of electronic case files is accompanied by new vulnerabilities in the criminal process in the form of data leakage, malicious tampering, and file losses. If these concerns are sufficiently addressed, the further integration of cutting-edge technology could improve the protection of the rights of the accused, reduce latent judge bias, and provide further clarity on the legal status of electronic case files in China. [ABSTRACT FROM AUTHOR]

Published

2024

14. Identification and demarcation—A general definition and method to address information technology in European IT security law.

Author

Brinker, Nils

Subjects

*INFORMATION technology, *INTERNET security, *DIGITAL technology, *OPEN source products, *OPEN source intelligence

Abstract

Information technology (IT) as a regulatory object is defined and viewed differently across various domains of European IT security law. However, common definitions and methods for the demarcation and separation of operational information technology can contribute to coherence in the historically grown body of regulation. This paper identifies three different general approaches for the treatment of information technology within the existing body of law: information technology as a means, as a service and as a product. Furthermore, we compile a general definition of information technology , which consists of three logical subentities: components, systems , and services. Additionally, steps for the practical identification of the operational information technology addressed by material law requirements are shown. First, all services that affect an articulated protected good must be identified. Within the identification of the systems used to realize those services , two dimensions must be considered. There is the functional dimension as well as the control and power of the disposal dimension. An identified weakness of the current state of IT security law is a lack of clearly formulated protected goods within the existing regulations, which contributes to the difficulties of addressing information technology in general. Furthermore, this paper discusses which actors are responsible for a demarcated piece of information technology and what responsibilities are assigned to them. This section also elaborates on the difficulty of appropriately addressing commercial and non-commercial actors. [ABSTRACT FROM AUTHOR]

Published

2024

15. Privacy icons as a component of effective transparency and controls under the GDPR: effective data protection by design based on art. 25 GDPR.

Author

von Grafenstein, Max, Kiefaber, Isabel, Heumüller, Julie, Rupp, Valentin, Graßl, Paul, Kolless, Otto, and Puzst, Zsófia

Subjects

*DATA protection, *DATA privacy, *GENERAL Data Protection Regulation, 2016, *INFORMATION technology, *COOKIES (Computer science)

Abstract

Understandable privacy information builds trust with users and therefore provides an important competitive advantage for the provider. However, designing privacy information that is both truthful and easy for users to understand is challenging. There are many complex balancing decisions to be made, not only with respect to legal but also visual and user experience design issues. This is why designing understandable privacy information requires combining at least three disciplines that have had little to do with each other in current practice: law, visual design, and user experience design research. The challenges of combining all three disciplines actually culminate in the design and use of Privacy Icons, which are expected to make lengthy legal texts clear and easy to understand (see Art. 12 sect. 7 of the EU General Data Protection Regulation). However, that is much easier said than done. In this paper, we summarise our key learnings from a five years research process on how to design Privacy Icons as a component of effective transparency and user controls. We will provide examples of information and control architectures for privacy policies, forms of consent (especially in the form of cookie banners), privacy dashboards and consent agents in which Privacy Icons may be embedded, 2) a non-exhaustive set of more than 150 Privacy Icons, and above all 3) a concept and process model that can be used to implement the requirements of the GDPR in terms of transparency and user controls in an effective way, according to the data protection by design approach in Art. 25 sect. 1 GDPR. The paper will show that it is a rocky road to the stars and we still haven't arrived – but at least we know how to go. [ABSTRACT FROM AUTHOR]

Published

2024

16. FutureNewsCorp, or how the AI Act changed the future of news.

Author

Helberger, Natali

Subjects

*ARTIFICIAL intelligence, *PRESS, *LEGAL liability, *DIGITAL technology, *INFORMATION technology

Abstract

Inspired by scenario writing methods to foster discussion on the societal implications of technology and regulation, the paper develops a 'legal fiction scenario' to anticipate the impact of the proposed European AI Act and examine some of the regulatory choices made. The paper tells the story of FutureNewsCorp – the largest news media company in Europe in the year 2043. The story of FutureNewsCorp is used for a critical analysis of the most recent draft of the AI Act and here, in particular, of the role of standardisation bodies and the division of responsibility between providers of AI systems and their professional users. Using the scenario method, the paper demonstrates that regulations like the planned AI Act can result in a shift of the power to decide what responsible use of AI is - from regulators and editors to technology developers and standardisation bodies - and that in doing so it may contribute to changing the structure and workings of an entire sector. [ABSTRACT FROM AUTHOR]

Published

2024

17. Citizen scientists as data controllers: Data protection and ethics challenges of distributed science.

Author

Purtova, Nadezhda and Pierce, Robin L

Subjects

*CITIZEN science, *DATA protection, *PERSONALLY identifiable information, *RESEARCH ethics, *ACQUISITION of data

Abstract

Citizen-science is a rapidly expanding approach to knowledge production that increasingly involves the collection of personal data in various forms. This processing of personal data invokes relevant data protection laws and, specifically, the designation of data controller, the person(s) or organisation(a) who determine if and how personal data is to be processed and hence are charged with the legal responsibility for compliance with the General Data Protection Regulation (GDPR). Traditionally, in the context of research, professional researchers would be designated controllers, and research participants whose data was processed would be "data subjects" and hence enjoy the GDPR's protections. Yet, citizen-scientists adopt a dual role, acting both as participants and as researchers. This paper maps the implications this dual role has from the perspective of data protection law and research ethics. We explain how the data protection concept of controller has been interpreted very broadly. As a result, in their dual role, citizen scientists can be both data subjects entitled to protection and data controllers, sometimes of their own data, tasked with data protection compliance obligations. If citizen scientists share the objectives of research projects they participate in or co-shape those objectives, it is likely that they – together with the professional researchers - will be considered controllers, and held responsible for the processing of personal data in compliance with the GDPR. The paper discusses how this can affect both the quality of protections provided to participants (including participant-researchers), thus undermining the fundamental goal of research ethics, generally, as well as the practice of citizen science itself. We analyse this question of citizen scientists as data controllers as both a matter of law and research ethics. We conclude with policy recommendations that can be applied both on the level of data protection law (to reconsider how the role of controller is assigned) and research ethics guidelines that should take a nuanced approach to the circumstances of assignment of the status of data controller in citizen science projects as an important step toward responsible and ethical participatory research. [ABSTRACT FROM AUTHOR]

Published

2024

18. The right not to use the internet.

Author

Kloza, Dariusz

Subjects

*INTERNET, *INTERNET governance, *HUMAN rights, *INTERNET access, *DIGITAL technology

Abstract

Over the past years, while the use of the internet has accelerated, it has increasingly ceased to be a mere option. Rather, it has turned into a de facto obligation for anyone who exercises their rights or fulfils their duties. These developments invite the question as to whether and to what extent people could be forced to use the internet or whether such an obligation conforms to democratic standards, amongst others. In this paper, I first set the scene by overviewing the reasons for the non-use of the internet and against its non-use. I then look at the possibilities of protecting individuals from the obligation to use the internet by means of human rights law, either as a new, standalone right or by way of interpretation of suitable existing rights. With this paper, I aim to establish the context and to kindle a debate that might eventually lead to a change in policy and practice. [ABSTRACT FROM AUTHOR]

Published

2024

19. Research on the application and examination of electronic evidence preserved on the blockchain in Chinese copyright judicial practice.

Author

Zhang, Huaiyin, Wang, Rongrong, and Cai, Kui

Subjects

*ELECTRONIC evidence, *BLOCKCHAINS, *INTEGRITY, *COPYRIGHT infringement, *JUDICIAL review

Abstract

In the era of smart justice, blockchain technology has revolutionized the way of preserving and examining electronic evidence.Blockchain technology has its functional advantages of distributed storage, hash function verification, and timestamp and accordingly possesses the technical characteristics of stability, integrity, and immutability. As such, blockchain technology can help alleviate the dilemma over electronic evidence due to its flaws, such as easy distortion and modification and difficulty in the collection, especially in the cases of copyright disputes where it is difficult to determine the ownership of works and fixation of evidence. The paper explores two ways of applying blockchain evidence and their distinct proving roles in copyright infringement cases. The paper further finds the similarities and differences between the two types of blockchain electronic preservation in the judicial review mechanism. In Chinese copyright judicial practice, the ambiguity in the rules of blockchain evidence, the inconsistency of different courts in examining blockchain evidence, and the disarray of blockchain evidence preservation platforms all confused and affected judicial discretion when dealing with blockchain evidence. Learning from the United States, the paper concludes with standard-related, judicial, and self-governance suggestions to pave the way for applying and examining blockchain evidence in Chinese copyright judicial practice. [ABSTRACT FROM AUTHOR]

Published

2024

20. The 2014 IAITL Conference - Call for papers - The 9th International Conference on Legal, Security and Privacy Issues in IT Law (LSPI) 15-17 October 2014, Lisbon, Portugal.

Published

2014

21. ELECTRONIC SIGNATURES — EVIDENCE: THE EVIDENTIAL ISSUES RELATING TO ELECTRONIC SIGNATURES1<fn id="fn1"><no>1</no>The author wishes to thank Professor Tapper, Peter Howes COO of rchive-it.com, Charles Hollander QC, John Theobald of Ikan plc and Nicholas Bohm consultant to Fox Williams and Alec Muffett Principle Engineer Security at Sun Microsystems Limited, for reading the first draft of this paper and for their valuable comments. All errors and omissions remain with the author.</fn> — PART 1

Author

Mason, Stephen

Subjects

*ELECTRONIC commerce, *DIGITAL signatures

Abstract

Both the Government and the industry are keenly promoting the use of electronic signatures. It is assumed that the widespread use of electronic signatures will encourage greater use of the Internet as a means to buy goods and services. This article looks at the evidential issues relating to electronic signatures, and illustrates the weakness of the infrastructure which, in turn, highlights the risks that both users and recipients encounter when using electronic signatures. [ABSTRACT FROM AUTHOR]

Published

2002

22. EU Data Protection Policy: The Privacy Fallacy: Adverse Effects of Europe’s Data Protection Policy in an Information-Driven Economy1<fn id="fn1"><no>1</no>I presented a short version of this paper at a seminar hosted by FEDMA and the Center for Information Policy Leadership @ Hunton & Williams (Data Flows and Individual Autonomy: The Benefits of Free Flow and the Cost of Privacy, Brussels, May 22, 2001). I am grateful for comments received from participants at that seminar, including Ulf Bru¨hann, Commission of the EC, and Paul de Hert, Catholic University Brabant (KUB). In addition, Marty Abrams, Professor Fred Cate, Oscar Marquis, and Jan Dhont, all of the law firm of Hunton & Williams, and Professor Corien Prins, Catholic University Brabant (KUB), made helpful comments and suggestions. My thinking on this subject has been shaped by discussions in the context of the Global Solutions Project of the Center for Information Policy Leadership @ Hunton & Williams.</fn>

Author

Bergkamp, Lucas

Subjects

*DATA protection laws, *RIGHT of privacy, *INFORMATION society

Abstract

The European Union has established a comprehensive legislative privacy framework aimed at protecting data pertaining to individuals. The EU is currently in the process of amending and supplementing its data protection legislation to prepare for the information society. In this article, Professor Lucas Bergkamp questions the desirability and necessity of the EU’s data protection regime in the information society. He examines the “other side” of data protection law and identifies its paradoxical and adverse effects. Based on a thorough analysis of how privacy law affects markets, he argues that data protection restricts consumer choice and freedom, and results in consumers receiving outdated, lower quality products and services at higher prices. The author proposes possible alternative approaches to data protection in Europe, and identifies the groundwork that needs to be conducted to devise a sensible, balanced privacy framework for the information society. [ABSTRACT FROM AUTHOR]

Published

2002

23. The legal aspects of cybersecurity vulnerability disclosure: To the NIS 2 and beyond.

Author

Vostoupal, Jakub, Stupka, Václav, Harašta, Jakub, Kasl, František, Loutocký, Pavel, and Malinka, Kamil

Subjects

*INTERNET security, *CIVIL law, *ADMINISTRATIVE law, *CRIMINAL law

Abstract

This paper focuses on the legal aspects of responsible vulnerability disclosure, bug bounty programs and legal risks associated with their implementation in the Czech Republic. Firstly, the authors introduce the basics of vulnerability disclosure procedures, identify different organisational models, and identify risks that may arise on the part of the organisation launching the bug bounty program or the hackers participating in it. The identified risks are divided into those arising from civil law, administrative law, and criminal law. For each identified risk, the authors then propose appropriate technical, organisation or legal solutions that can be applied to eliminate or reduce these risks. Nevertheless, the authors identified two areas that cannot be sufficiently mitigated through existing tools and laws and are likely to require legislative intervention – the matter of safeguarding the anonymity of reporters through confidentiality, and the problematic ability to consent to the testing procedures by the public bodies. [ABSTRACT FROM AUTHOR]

Published

2024

24. The EU Regulatory approach(es) to AI liability, and its Application to the financial services market.

Author

Montagnani, Maria Lillà, Najjar, Marie-Claire, and Davola, Antonio

Subjects

*ARTIFICIAL intelligence, *TECHNOLOGY, *LEGISLATION, *LEGAL liability, *POLICY sciences

Abstract

The continued progress of Artificial Intelligence (AI) can benefit different aspects of society and various fields of the economy, yet pose crucial risks to both those who offer such technologies and those who use them. These risks are emphasized by the unpredictability of developments in AI technology (such as the increased level of autonomy of self-learning systems), which renders it even more difficult to build a comprehensive legal framework accounting for all potential legal and ethical issues arising from the use of AI. As such, enforcement authorities are facing increased difficulties in checking compliance with applicable legislation and assessing liability, due to the specific features of AI, – namely: complexity, opacity, autonomy, unpredictability, openness, data-drivenness, and vulnerability. These problems are particularly significant in areas, such as financial markets, in which consequences arising from malfunctioning of AI systems are likely to have a major impact both in terms of individuals' protection, and of overall market stability. This scenario challenges policymaking in an increasingly digital and global context, where it becomes difficult for regulators to predict and face the impact of AI systems on economy and society, to make sure that they are human-centric, ethical, explainable, sustainable and respectful of fundamental rights and values. The European Union has been dedicating increased attention to filling the gap between the existing legal framework and AI. Some of the legislative proposals in consideration call for preventive legislation and introduce obligations on different actors – such as the AI Act – while others have a compensatory scope and seek to build a liability framework – such as the proposed AI Liability Directive and revised Product Liability Directive. At the same time, cross-sectorial regulations shall coexist with sector-specific initiatives, and the rules they establish. The present paper starts by assessing the fit of the existing European liability regime(s) with the constantly evolving AI landscape, by identifying the normative foundations on which a liability regime for such technology should be built on. It then addresses the proposed additions and revisions to the legislation, focusing on how they seek to govern AI systems, with a major focus on their implications on highly-regulated complex systems such as financial markets. Finally, it considers potential additional measures that could continue to strike a balance between the interests of all parties, namely by seeking to reduce the inherent risks that accompany the use of AI and to leverage its major benefits for our society and economy. [ABSTRACT FROM AUTHOR]

Published

2024

25. Evaluation of trust service and software product regimes for zero-knowledge proof development under eIDAS 2.0.

Author

Ramos Fernández, Raül

Subjects

*DATA privacy, *TRUST, *COMPUTER software, *STAKEHOLDERS, *TECHNOLOGY

Abstract

This paper delves into two legal models for zero-knowledge proof protocols in the context of the eIDAS 2.0 Regulation: a trust service or a software product. The ARIES: reliAble euRopean Identity EcoSystem EU project highlighted the need for a legal framework for stakeholders to accept proof of the existence of user data with legal certainty, while Hyperledger Indy shows that ZKP solutions are currently commercialized, stressing deficiencies in the eIDAS 2.0. An overview of ZKP applied to identity, its relationship to the European Digital Identity Wallet and the electronic attestations of attributes, both introduced by the eIDAS 2.0, and Self-Sovereign Identity systems, leads to the central question of proof of the existence of user-held data as a trust service or as a software product and its data privacy implications for each approach. Finally, we outline a possible solution based on the product approach for future work. Our findings reveal that ZKP technology must have legal value and a presumption system to be effective. However, the path we take could lead us either to develop a system of surveillance and control in electronic environments or to build an environment where we share not the data itself but proof of its existence. [ABSTRACT FROM AUTHOR]

Published

2024

26. Unpacking AI-enabled border management technologies in Greece: To what extent their development and deployment are transparent and respect data protection rules?

Author

Chelioudakis, Eleftherios

Subjects

*ARTIFICIAL intelligence, *TECHNOLOGY, *BORDER security, *DATA protection, *LAW enforcement

Abstract

This article embarks on a comprehensive examination of two research questions. The first question is "What are the AI-enabled applications, which are developed and deployed in Greece in the border management field?". The goal is to provide to the reader a thorough listing of these technologies, as well as information regarding the companies that develop them, and the EU funding schemes that support them. By investigating this question, the paper assesses whether there exists transparent information regarding the procurement, development, and deployment phases of such AI tools in Greece, with a keen focus on the accessibility of related documents and data to civil society actors.The second question is "To what extent are the development and deployment of these AI-enabled border management applications in compliance with the applicable data protection provisions?". There the goal is to register the different breaches of data protection provisions when such AI tools are developed and deployed in practice, taking into account the findings of civil society actors that have challenged the lawful use of such applications in accordance with the related national legal framework enforcing Regulation 2016/679 (GDPR) and transposing the Directive 2016/680. [ABSTRACT FROM AUTHOR]

Published

2024

27. Frontex as a hub for surveillance and data sharing: Challenges for data protection and privacy rights.

Author

Gandhi, Shrutika

Subjects

*INFORMATION sharing, *DATA protection, *RIGHT of privacy, *POLITICAL refugees, *IMMIGRANTS

Abstract

The European Border and Coast Guard Agency, more commonly known as Frontex, was established in 2004 with "a view to improving the integrated management of the external borders of the Member States of the European Union." It was tasked with the responsibility of providing technical support and expertise to Member States in the management of borders. Over the years its mandate has increased considerably through amendments to its legislative framework. This expansion has taken place against a background of serious allegations concerning Frontex's role in violating the fundamental rights of asylum seekers through its involvement in pushback operations – the practice of stopping asylum-seekers and migrants in need of protection at or before they reach the European Union's external border. While Frontex's complicity in pushbacks has been widely examined by academics, its transformation into a major surveillance and data processing hub and its compliance (or lack thereof) with the fundamental rights to privacy and protection of personal data have received limited academic attention. This paper traces the evolution of Frontex over the years and fundamental rights implications of the transformation of its role. [ABSTRACT FROM AUTHOR]

Published

2024

28. Originality and the future of copyright in an age of generative AI.

Author

Fenwick, Mark and Jurcys, Paulius

Subjects

*COPYRIGHT, *ARTIFICIAL intelligence, *CREATIVE ability, *CHATGPT

Abstract

This paper takes the occasion of French DJ David Guetta's use of generative AI tools to create lyrics and a voice in the style of Eminem, which he then used in one of his concerts, as the basis for an exploration of the shifting meaning of creativity and originality in the age of generative AI. Our main contention is that the Guetta form of creativity with generative AI tools differs in certain important respects from what has come before. The paper describes an iterative, dynamic process of conception, prompting, generation, refining, and deployment to characterise creativity in this context. Nevertheless, we contend that copyright – specifically the concept of originality as articulated in US federal law – is a sufficiently durable legal mechanism that can manage these new cultural forms, and that the two basic requirements of modern copyright law (a tangible medium of expression and a modest degree of creativity) remain relevant in identifying the scope of legal protection. The paper argues that the David Guetta story reveals something more general about creativity in a digital age, namely that while hybrid-networked (i.e., human – corporate – machine) creators have always created hybrid-networked cultural forms (i.e., creations that blend human and technology-constituted elements), such hybridity becomes increasingly visible and complex in the context of a new world of generative AI. At the very least, earlier – and influential – models of creativity as human-driven involving creation ex nihilo become harder to sustain in a new age of generative AI. But this does not mean copyright or notions of originality are redundant or that copyright law cannot accommodate Guetta and other cases. Such an account seems important as it challenges the hegemonic and reductive view that AI "generates" artistic works autonomously and avoids reducing the copyright issues raised by such creative works to the related but distinct question of whether learning models rely on copyrighted data. As such, copyright law should remain an important mechanism to facilitate genuine creators who are using AI systems in innovative and unique ways to push the boundaries of their creativity. [ABSTRACT FROM AUTHOR]

Published

2023

29. Algorithms that forget: Machine unlearning and the right to erasure.

Author

Juliussen, Bjørn Aslak, Rui, Jon Petter, and Johansen, Dag

Subjects

*RIGHT to be forgotten, *MACHINE learning, *GENERAL Data Protection Regulation, 2016, *ELECTRONIC data processing, *DISCLOSURE laws

Abstract

Article 17 of the General Data Protection Regulation (GDPR) contains a right for the data subject to obtain the erasure of personal data. The right to erasure in the GDPR gives, however, little clear guidance on how controllers processing personal data should erase the personal data to meet the requirements set out in Article 17. Machine Learning (ML) models that have been trained on personal data are downstream derivatives of the personal data used in the training data set of the ML process. A characteristic of ML is the non-deterministic nature of the learning process. The non-deterministic nature of ML poses significant difficulties in determining whether the personal data in the training data set affects the internal weights and adjusted parameters of the ML model. As a result, invoking the right to erasure in ML and to erase personal data from a ML model is a challenging task. This paper explores the complexities of enforcing and complying with the right to erasure in a ML context. It examines how novel developments in machine unlearning methods relate to Article 17 of the GDPR. Specifically, the paper delves into the intricacies of how personal data is processed in ML models and how the right to erasure could be implemented in such models. The paper also provides insights into how newly developed machine unlearning techniques could be applied to make ML models more GDPR compliant. The research aims to provide a functional understanding and contribute to a better comprehension of the applied challenges associated with the right to erasure in ML. [ABSTRACT FROM AUTHOR]

Published

2023

30. The European AI liability directives – Critique of a half-hearted approach and lessons for the future.

Author

Hacker, Philipp

Subjects

*ARTIFICIAL intelligence, *CHATGPT, *PRODUCT liability, *EUROPEAN Union law

Abstract

The optimal liability framework for AI systems remains an unsolved problem across the globe. With ChatGPT and other large generative models taking the technology to the next level, solutions are urgently needed. In a much-anticipated move, the European Commission advanced two proposals outlining the European approach to AI liability in September 2022: a novel AI Liability Directive (AILD) and a revision of the Product Liability Directive (PLD). They constitute the final cornerstone of AI regulation in the EU. Crucially, the liability proposals and the proposed EU AI Act are inherently intertwined: the latter does not contain any individual rights of affected persons, and the former lack specific, substantive rules on AI development and deployment. Taken together, these acts may well trigger a "Brussels effect" in AI regulation, with significant consequences for the US and other countries. Against this background, this paper makes three novel contributions. First, it examines in detail the liability proposals and shows that, while making steps in the right direction, they ultimately represent a half-hearted approach: if enacted as foreseen, AI liability in the EU will primarily rest on disclosure of evidence mechanisms and a set of narrowly defined presumptions concerning fault, defectiveness and causality. Hence, second, the article suggests amendments to the proposed AI liability framework. They are collected in a concise Annex at the end of the paper. I argue, inter alia, that the dichotomy between the fault-based AILD Proposal and the supposedly strict liability PLD Proposal is fictional and should be abandoned; that an EU framework for AI liability should comprise one fully harmonizing regulation instead of two insufficiently coordinated directives; and that the current proposals unjustifiably collapse fundamental distinctions between social and individual risk by equating high-risk AI systems in the AI Act with those under the liability framework. Third, based on an analysis of the key risks AI poses, the final part of the paper maps out a road for the future of AI liability and regulation, in the EU and beyond. More specifically, I make four key proposals. Effective compensation should be ensured by combining truly strict liability for certain high-risk AI systems with general presumptions of defectiveness, fault and causality in cases involving SMEs or non-high-risk AI systems. The paper introduces a novel distinction between illegitimate- and legitimate-harm models to delineate strict liability's scope. Truly strict liability should be reserved for high-risk AI systems that, from a social perspective, should not cause harm (illegitimate-harm models, e.g., autonomous vehicles or medical AI). Models meant to cause some unavoidable harm by ranking and rejecting individuals (legitimate-harm models, e.g., credit scoring or insurance scoring) may merely face rebuttable presumptions of defectiveness and causality. General-purpose AI systems and Foundation Models should only be subjected to high-risk regulation, including liability for high-risk AI systems, in specific high-risk use cases for which they are deployed. Consumers, in turn, ought to be liable based on regular fault, in general. Furthermore, innovation and legal certainty should be fostered through a comprehensive regime of safe harbours, defined quantitatively to the best extent possible. Moreover, trustworthy AI remains an important goal for AI regulation. Hence, the liability framework must specifically extend to non-discrimination cases and provide for clear rules concerning explainability (XAI). Finally, awareness for the climate effects of AI, and digital technology more broadly, is rapidly growing in computer science. In diametrical opposition to this shift in discourse and understanding, however, EU legislators have long neglected environmental sustainability in both the draft AI Act and the proposed liability regime. To counter this, I propose to jump-start sustainable AI regulation via sustainability impact assessments in the AI Act and sustainable design defects in the liability regime. In this way, the law may help spur not only fair AI and XAI, but also sustainable AI (SAI). [ABSTRACT FROM AUTHOR]

Published

2023

31. "Lawful interception – A market access barrier in the European Union"?

Author

Doronin, Vadim

Subjects

*LAW enforcement, *EAVESDROPPING, *TELECOMMUNICATION, *INTERNET of things

Abstract

This paper studies legal requirements across the European Union to implement technical and organizational capabilities to intercept and deliver content data to law enforcement authorities, arguing that a fragmentation of rules across EU Member States imposes market access barriers upon telecommunications providers. The aim of this paper is to raise awareness about discrepancy of lawful interception rules across the EU, which causes legal uncertainty and places burdensome requirements upon regulated entities such as OTT but also IoT connectivity and satellite service providers. The paper further argues that the EU has competencies to legislate on harmonization of lawful interception capability rules by specifying what types of telecommunications providers can be subject to those rules, address types of capabilities, determine whether Member States should be responsible to reimburse telecommunications providers with incurred costs; and finally, regulate on the ability to share or outsource capabilities with other providers or third-party vendors. The author doesn't address human rights or privacy considerations associated with exercising lawful interception, nor grounds on which lawful interception can be requested under national law, nor evidential admissibility of intercepted data. [ABSTRACT FROM AUTHOR]

Published

2023

32. An institutional account of responsiveness in financial regulation- Examining the fallacy and limits of 'same activity, same risks, same rules' as the answer to financial innovation and regulatory arbitrage.

Author

Chiu, Iris H-Y

Subjects

*FINANCE laws, *ARBITRAGE, *FINANCIAL technology

Abstract

Financial regulators face the persistent issue of being challenged by financial innovations and regulatory arbitrage. This article argues that a functional approach of 'same activity, same risks, same rules' is potentially vague and insufficient, and does not provide clear guidance for regulators. By critically discussing the US Securities Exchange Commission's and UK Financial Conduct Authority's approaches to cryptoasset offers, the paper argues that whether and how regulators respond to financial innovation crucially depends on regulators' institutional structures. These structural limitations provide empowering as well as constraining aspects in relation to regulatory objectives and mandates, shaping financial regulators' responsiveness in different ways. The paper argues that an institutional account of regulatory responsiveness more accurately explains policy responses. The benefits and drawbacks of such policy responsiveness are also crucially shaped by these institutional structures. [ABSTRACT FROM AUTHOR]

Published

2023

33. The 8th CLSR Best Paper Awards are announced at the IAITL Conference in Bangkok.

Subjects

*CONFERENCES & conventions, *LAWYERS, *INFORMATION technology, *AWARDS

Abstract

The article offers information about the annual conference "International Association of IT Lawyers" (IAITL) that was held in Bangkok, Thailand from November 11-15, 2013 and also about the 8th 'CLSR Best Paper Awards" that was given to Dr Uri Volovelsky.

Published

2014

34. Tripartite perspective on the copyright-sharing economy in China.

Author

Lee, Jyh-An

Subjects

*DIGITAL technology, *COPYRIGHT, *INTELLECTUAL property, *STAKEHOLDERS, *ECONOMIC development, *SHARING economy

Abstract

Internet and digital technologies have facilitated copyright sharing in an unprecedented way, creating significant tensions between the free flow of information and the exclusive nature of intellectual property. Copyright owners, users, and online platforms are the three major players in the copyright system. These stakeholders and their relations form the main structure of the copyright-sharing economy. Using China as an example, this paper provides a tripartite perspective on the copyright ecology based on three categories of sharing, namely unauthorized sharing, altruistic sharing, and freemium sharing. The line between copyright owners, users, and platforms has been blurred by rapidly changing technologies and market forces. By examining the strategies and practices of these parties, this paper illustrates the opportunities and challenges for China's copyright industry and digital economy. The paper concludes that under the shadow of the law, a sustainable copyright-sharing model must carefully align the interests of businesses and individual users. [ABSTRACT FROM AUTHOR]

Published

2019

35. EU GDPR or APEC CBPR? A comparative analysis of the approach of the EU and APEC to cross border data transfers and protection of personal data in the IoT era.

Author

Sullivan, Clare

Subjects

*GENERAL Data Protection Regulation, 2016, *COMPARATIVE studies, *DATA protection, *INTERNET of things

Abstract

This article examines the two major international data transfer schemes in existence today – the European Union (EU) model which at present is effectively the General Data Protection Regulation (GDPR), and the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules system (CBPR), in the context of the Internet of Things (IoT). While IoT data ostensibly relates to things i.e. products and services, it impacts individuals and their data protection and privacy rights, and raises compliance issues for corporations especially in relation to international data flows. The GDPR regulates the processing of personal data of individuals who are EU data subjects including cross border data transfers. As an EU Regulation, the GDPR applies directly as law to EU member nations. The GDPR also has extensive extraterritorial provisions that apply to processing of personal data outside the EU regardless of place of incorporation and geographical area of operation of the data controller/ processor. There are a number of ways that the GDPR enables lawful international transfer of personal data including schemes that are broadly similar to APEC CBPR. APEC CBPR is the other major regional framework regulating transfer of personal data between APEC member nations. It is essentially a voluntary accountability scheme that initially requires acceptance at country level, followed by independent certification by an accountability agent of the organization wishing to join the scheme. APEC CBPR is viewed by many in the United States of America (US) as preferable to the EU approach because CBPR is considered more conducive to business than its counterpart schemes under the GDPR, and therefore is regarded as the scheme most likely to prevail. While there are broad areas of similarity between the EU and APEC approaches to data protection in the context of cross border data transfer, there are also substantial differences. This paper considers the similarities and major differences, and the overall suitability of the two models for the era of the Internet of Things (IoT) in which large amounts of personal data are processed on an on-going basis from connected devices around the world. This is the first time the APEC and GDPR cross-border data schemes have been compared in this way. The paper concludes with the author expressing a view as to which scheme is likely to set the global standard. [ABSTRACT FROM AUTHOR]

Published

2019

36. Lost in translation? Critically assessing the promises and perils of Brazil's Digital Markets Act proposal in the light of international experiments.

Author

Fernandes, Victor Oliveira

Subjects

*INFORMATION technology, *LEGISLATION, *ANTITRUST law, *DIGITAL technology, *CONSUMERS

Abstract

This paper undertakes a comprehensive analysis of Brazil's initial draft legislation aimed at regulating competition in digital markets, which was submitted on November 10, 2022. The Brazilian proposal seeks to establish an asymmetric regulatory framework inspired by the European Union's Digital Markets Act (DMA) in order to foster competition in digital markets. Although the draft promises have extensive scope, the lack of impact assessments and public consultations in its introduction necessitates careful scrutiny. Our analysis compares the different aspects of PL 2,768 with the DMA, the new Section 19a of the German Competition Law, and the UK's digital markets, Competition and Consumers Bill. This comparison reveals similarities as well as differences that require adjustment. Fundamentally, the last version of the Brazilian proposal lacks well-defined goals, with unclear consequences of the stated principles for regulating platforms. This ambiguity creates uncertainty regarding whether obligations should conform to or go beyond the prevailing prioritization of consumer welfare in Brazil's antitrust policy. In addition, the legislation adopts a regulatory approach that may overlook the complexity of platform power in the context of digital ecosystems. Moreover, the proposal's leaner obligations framework may overlook the opportunity to thoroughly analyze international experiments that could provide valuable insights for Brazil's approach. PL 2,768 aims to update competition policy, but achieving this goal requires a thoughtful reassessment of legislation and open discussion with the public. Adopting evidence-based assessment and drawing on comparative lessons could greatly improve the effectiveness of the proposal. [ABSTRACT FROM AUTHOR]

Published

2024

37. Promoting more accountable AI in the boardroom through smart regulation.

Author

Zhao, Jingchen

Subjects

*ARTIFICIAL intelligence, *BOARDS of directors, *CORPORATE governance, *SUSTAINABLE development, *INFORMATION technology

Abstract

This paper focuses on the benefits that accountable artificial intelligence (AI) could bring to corporate boardrooms, and the role and format of regulation to promote more accountable AI. It will investigate the interconnections between AI, accountable decisions made by boards of directors in companies, the associated legal risks, and how to regulate AI to mitigate risks while promoting accountability. In the boardroom, AI is defined as the use of computers to assist, support, collaborate or even duplicate directors' behaviours. The last few years have seen increased calls for boards to have oversight responsibility at the intersection between AI and the regulatory and policy implications in a corporate setting. AI can be applied to advance the effectiveness and efficiency of corporate governance and to raise awareness of accountable practice in its standardisation and implementation. However, AI can also be a disruptive technology, and the accountable practice of AI needs to be reinforced by regulatory insight to enable its sustainable development. No consensus has yet been reached on the most appropriate regulatory framework to achieve these goals; this article therefore aims to identify the most appropriate regulatory framework to promote sustainable AI by monitoring and mitigating the associated risks in a corporate setting. We investigate the rationale for and advantages of a smart regulatory approach for regulating AI, aiming to achieve the participation of multi-disciplinary teams with members playing particular roles associated with the safe and effective deployment of AI. [ABSTRACT FROM AUTHOR]

Published

2024

38. Substantive fairness in the GDPR: Fairness Elements for Article 5.1a GDPR.

Author

Häuselmann, Andreas and Custers, Bart

Subjects

*GENERAL Data Protection Regulation, 2016, *FAIRNESS, *PERSONALLY identifiable information, *DATA protection laws, *ANTITRUST law

Abstract

According to the fairness principle in Article 5.1a of the EU General Data Protection Regulation (GDPR), data controllers must process personal data fairly. However, the GDPR fails to explain what is fairness and how it should be achieved. In fact, the GDPR focuses mostly on procedural fairness: if personal data are processed in compliance with the GDPR, for instance, by ensuring lawfulness and transparency, such processing is assumed to be fair. Because some forms of data processing can still be unfair, even if all the GDPR's procedural rules are complied with, we argue that substantive fairness is also an essential part of the GDPR's fairness principle and necessary to achieve the GDPR's goal of offering effective protection to data subjects. Substantive fairness is not mentioned in the GDPR and no guidance on substantive fairness is provided. In this paper, we provide elements of substantive fairness derived from EU consumer law, competition law, non-discrimination law, and data protection law that can help interpret the substantive part of the GDPR's fairness principle. Three elements derived from consumer protection law are good faith, no detrimental effects, and autonomy (e.g., no misleading or aggressive practices). We derive the element of abuse of dominant position (and power inequalities) from competition law. From other areas of law, we derive non-discrimination, vulnerabilities, and accuracy as elements relevant to interpreting substantive fairness. Although this may not be a complete list, cumulatively these elements may help interpret Article 5.1a GDPR and help achieve fairness in data protection law. [ABSTRACT FROM AUTHOR]

Published

2024

39. A fair trial in complex technology cases: Why courts and judges need a basic understanding of complex technologies.

Author

Custers, Bart

Subjects

*INFORMATION technology, *DATA protection laws, *JUDGES, *COURTS, *DATA protection

Abstract

Technology is getting increasingly complicated. If complex technologies have the potential to cause harm, people may need protection. Such legal protection is increasingly available, but it is only effective if it can also be enforced in courts. If people do not understand what is happening, for instance, with their personal data, they may not go to court at all. When people go to court, they may encounter another problem: if also courts and judges have a limited understanding of how the complex technologies work, this can affect the right to a fair trial. In this paper, it is argued that a fair trial requires that courts and judges need to have sufficient understanding of the technology in cases on which they are ruling. Since not all judges can be trained to have deep understanding of technology, other ways to address this are proposed. [ABSTRACT FROM AUTHOR]

Published

2024

40. Clarifying "personal data" and the role of anonymisation in data protection law: Including and excluding data from the scope of the GDPR (more clearly) through refining the concept of data protection.

Author

Rupp, Valentin and von Grafenstein, Max

Subjects

*DATA protection laws, *GENERAL Data Protection Regulation, 2016, *DATA protection, *PERSONALLY identifiable information, *DATA privacy

Abstract

In a data-driven society, the collection and processing of data is essential to the operation of existing technologies and the development of new ones. Data protection law protects individuals against risks associated with the processing of "personal data". However, despite an intensive legal debate, there is still considerable uncertainty as to when data is personal data and when it is not. The reason for this is that data such as technical data or geo-location data usually is not "personal" per se but only when it is used for a specific purpose and in a specific way, or to be more precise, when the data processing causes a specific risk to a fundamental right of an individual. In our paper, we demonstrate that by focusing on these risks when assessing the scope of application, the question whether data falls into the scope of the General Data Protection Regulation (GDPR) or not becomes much clearer. The about, purpose, and result elements, introduced by the Art. 29 Working Party, thereby turn out to be a powerful set of analytical tools to determine which rights are specifically affected by data processing and, thus, to what extent a data subject is identified or identifiable in the processing context. While the about element addresses different risks to the right to privacy, the purpose element specifically reveals risks to the autonomy status of an individual. Finally, the result element focuses on the negative effect data processing can have on any other fundamental rights of the individual. On this basis, it is also possible to define more precisely the legal requirements for anonymising personal data. First of all, we illustrate that anonymisation mainly affects the about element and can do little "against" the purpose and result element. At least, however, by assessing which sphere of privacy is specifically concerned, it is possible to more precisely define when an individual is identified in a dataset and, thus, what the requirements for anonymization are. [ABSTRACT FROM AUTHOR]

Published

2024

41. Discrimination for the sake of fairness by design and its legal framework.

Author

Hoch, Holly, Hertweck, Corinna, Loi, Michele, and Tamò-Larrieux, Aurelia

Subjects

*DISCRIMINATION (Sociology), *FAIRNESS, *COMPUTER scientists, *DATA protection laws, *ALGORITHMS

Abstract

As algorithms are increasingly enlisted to make critical determinations about human actors, the more frequently we see these algorithms appear in sensational headlines crying foul on discrimination. There is broad consensus among computer scientists working on this issue that such discrimination can be reduced by intentionally collecting and consciously using sensitive information about demographic features like sex, gender, race, religion etc. Companies implementing such algorithms might, however, be wary of allowing algorithms access to such data as they fear legal repercussions, as the promoted standard has been to omit protected attributes, otherwise dubbed "fairness through unawareness". This paper asks whether such wariness is justified in light of EU data protection and anti-discrimination laws. In order to answer this question, we introduce a specific case and analyze how EU law might apply when an algorithm accesses sensitive information to make fairer predictions. We review whether such measures constitute discrimination, and for who, arriving at different conclusions based on how we define the harm of discrimination and the groups we compare. Finding that several legal claims could arise regarding the use of sensitive information, we ultimately conclude that the proffered fairness measures would be considered a positive (or affirmative) action under EU law. As such, the appropriate use of sensitive information in order to increase the fairness of an algorithm is a positive action, and not per se prohibited by EU law. [ABSTRACT FROM AUTHOR]

Published

2024

42. The European Health Data Space: An expanded right to data portability?

Author

Li, Wenkai and Quinn, Paul

Subjects

*ELECTRONIC health records, *ELECTRONIC data processing, *GENERAL Data Protection Regulation, 2016, *MEDICAL records, *INTERNETWORKING

Abstract

The European Commission recently released its proposal for a Regulation giving rise to a European Health Data Space (EHDS), as the first domain-specific common European data space under the European Union's data strategy. The proposed EHDS aims to improve access to and control by individuals of their personal electronic health data in primary use and increase data availability for secondary use purposes. This article is primarily concerned with the ambition to enhance the right of natural persons to data portability and promote interoperability in the health sector. This article seeks to delineate to what extent they represent a new and expanded right alongside the right to data portability provided in the General Data Protection Regulation (GDPR). In comparing this new expanded right to the original right outlined in Article 20 of the GDPR, the authors argue that Article 3(8) of the EHDS proposal represents an important expansion with the potential to allow individuals more possibility to control and mobilise their electronic health data, especially those elements located within Electronic Health Records (EHRs). This will also be facilitated by the strengthened interoperability requirements foreseen by the EHDS proposal. However, this paper also identifies several limitations and inconsistencies in the new data portability right which could potentially hinder its functioning. This notably includes the proposal's failure to take into account the need for data portability for secondary use purposes, and the unclear relationship of Article 3(8) of the proposal with Article 9 of the GDPR. It is recommended that these points should be considered carefully in future versions of the EHDS proposal. [ABSTRACT FROM AUTHOR]

Published

2024

43. ITALIAN-LEGAL-BERT models for improving natural language processing tasks in the Italian legal domain.

Author

Licari, Daniele and Comandè, Giovanni

Subjects

*NATURAL language processing, *LANGUAGE models, *DIGITAL technology, *LEGAL research, *ARTIFICIAL intelligence

Abstract

• First Transform-based language models pre-trained on large corpora of Italian legal cases. • A 'distilled' ITALIAN-LEGAL-BERT model three times faster in inference and training than the original model. • Local + Sparse + Global (LSG) ITALIAN-LEGAL-BERT variants for to handle Italian legal long sequences. Legal-BERT models are based on the BERT architecture (or its variants) and have been developed specifically for the legal domain. They have reached the state of the art in complex legal tasks such as legal research, document synthesis, contract analysis, argument extraction, and legal prediction. In this paper, we proposed four versions of Legal-BERT models pre-trained on the Italian legal domain. They aim to improve NLP applications in the Italian legal context. We have shown that they outperforms the Italian "generalpurpose" BERT in several domain-specific tasks, such as named entity recognition, sentence classification, semantic similarity with Bi-encoders, and document classification. [Display omitted] [ABSTRACT FROM AUTHOR]

Published

2024

44. An entity-centric approach to manage court judgments based on Natural Language Processing.

Author

Bellandi, Valerio, Bernasconi, Christian, Lodi, Fausto, Palmonari, Matteo, Pozzi, Riccardo, Ripamonti, Marco, and Siccardi, Stefano

Subjects

*LEGAL documents, *NATURAL language processing, *MACHINE learning, *DIGITAL technology, *ALGORITHMS

Abstract

In this paper, we present an entity-centric infrastructure to manage legal documents, especially court judgments, based on the organization of a textual document repository and on the annotation of these documents to serve a variety of downstream tasks. Documents are pre-processed and then iteratively annotated using a set of NLP services that combine complementary approaches based on machine learning and syntactic rules. We present a framework that has been designed to be developed and maintained in a sustainable way, allowing for multiple services and uses of the annotated document repository and considering the scarcity of annotated data as an intrinsic challenge for its development. The design activity is the result of a cooperative project where a scientific team, institutional bodies, and companies appointed to implement the final system are involved in co-design activities. We describe experiments to demonstrate the feasibility of the solution and discuss the main challenges to scaling the system at a national level. In particular, we report the results we obtained in annotating data with different low-resource methods and with solutions designed to combine these approaches in a meaningful way. An essential aspect of the proposed solution is a human-in-the-loop approach to control the output of the annotation algorithms in agreement with the organizational processes in place in Italian courts. Based on these results we advocate for the feasibility of the proposed approach and discuss the challenges that must be addressed to ensure the scalability and robustness of the proposed solution. [ABSTRACT FROM AUTHOR]

Published

2024

45. Enforcing legal information extraction through context-aware techniques: The ASKE approach.

Author

Castano, Silvana, Ferrara, Alfio, Furiosi, Emanuela, Montanelli, Stefano, Picascia, Sergio, Riva, Davide, and Stefanetti, Carolina

Subjects

*LEGAL documents, *DIGITAL technology, *NATURAL language processing, *MACHINE learning, *DIGITAL transformation

Abstract

To cope with the growing volume, complexity, and articulation of legal documents as well as to foster digital justice and digital law, increasing effort is being devoted to legal knowledge extraction and digital transformation processes. In this paper, we present the ASKE (Automated System for Knowledge Extraction) approach to legal knowledge extraction, based on a combination of context-aware embedding models and zero-shot learning techniques into a three-phase extraction cycle, which is executed a number of times (called generations) to progressively extract concepts representative of the different meanings of terminology used in legal documents chunks. A graph-based data structure called ASKE Conceptual Graph is initially populated through a data preparation step, and it is continuously enriched at each ASKE generation with results of document chunk classification, new extracted terminology, and newly derived concepts. A quantitative evaluation of ASKE knowledge extraction and document classification is provided by considering the EurLex dataset. Furthermore, we present the results of applying ASKE to a real case-study of Italian case law decisions with qualitative feedback from legal experts in the framework of an ongoing national research project. [ABSTRACT FROM AUTHOR]

Published

2024

46. A systematic narrative review of pathways into, desistance from, and risk factors of financial-economic cyber-enabled crime.

Author

Loggen, Joeri, Moneva, Asier, and Leukfeldt, Rutger

Subjects

*COMPUTER crimes, *DESISTANCE from crime, *COST benefit analysis, *COMMERCIAL crimes, *RESEARCH

Abstract

Financial-economic cyber-enabled crime (hereinafter: financial cybercrime) has increased dramatically over the past years. However, research on financial cybercrime is still underdeveloped and highly heterogeneous, especially regarding the processes of initiation to and desistance from crime. This paper synthesizes existing knowledge on pathways into, desistance from, and risk factors related to financial cybercrime, and identifies research gaps. Adhering to PRISMA-ScR guidelines, we executed a systematic search and identified 37 eligible documents published as of February 2022, indicating two initiation points into financial cybercrime: involvement in traditional crime, and experiencing strain. Through social learning, individuals then learn the necessary skills and knowledge and engage in financial cybercrime, after which the decision to desist is influenced by a cost-benefit analysis, the use of neutralization techniques, and maturing. As for risk factors, we identified 33, with being male, unemployed, having low self-control and deviant peers, and wanting to earn money quickly being of potential importance. Regarding research gaps, there is a dearth of research related to the initiation and desistance processes of financial cybercrime, and the identified studies lacked a robust research designs, with 76 percent being of low or medium quality. More quality research is needed to address these issues. [ABSTRACT FROM AUTHOR]

Published

2024

47. Cybersecurity in the EU: How the NIS2-directive stacks up against its predecessor.

Author

Vandezande, Niels

Subjects

*INTERNET security, *CYBERTERRORISM, *DIGITAL technology, *SUPPLY chains

Abstract

In December 2022 the second Directive on security of network and information systems (NIS2 Directive) was published. The first directive, adopted in 2016, aimed to provide a high common level of cybersecurity across the Member States, but proved difficult to implement. To respond to new threats posed by digitalisation and the overall surge in cyber-attacks, it was decided to overhaul this framework to strengthen security requirements, address supply chain security, streamline reporting, and introduce stricter supervisory measures and enforcement. In this paper, we will analyse the core tenets of the NIS2 Directive and conduct a comparison with how these new requirements stack up against the NIS Directive. We will also frame this initiative in the EU's overall cybersecurity initiatives. [ABSTRACT FROM AUTHOR]

Published

2024

48. Data modelling as a means of power: At the legal and computer science crossroads.

Author

von Lewinski, Kai, Beurskens, Michael, and Scherzinger, Stefanie

Subjects

*DATA modeling, *COMPUTER science, *REGISTERS (Computers), *INFORMATION resources management, EUROPEAN law

Abstract

The process of data modelling can be empowering , as the resulting information system can intentionally or accidentally reshape the real world. Examples from civil and commercial registers from German and European Law illustrate that neither legal nor computer science are sufficiently aware of the risks and opportunities involved. We demonstrate that the power inherent in data modelling is rarely properly accounted for. Awareness seems to be — by and large — universally lacking. Since civil and commercial registers have evolved from paper-based systems, we cast an outlook on registers designed de novo , such as the Transparenz- and Gesellschaftsregister. [ABSTRACT FROM AUTHOR]

Published

2024

49. Beyond financial regulation of crypto-asset wallet software: In search of secondary liability.

Author

Barbereau, Tom and Bodó, Balázs

Subjects

*BITCOIN, *BLOCKCHAINS, *PUBLIC-private sector cooperation, *LEGAL liability, *SURVEILLANCE detection

Abstract

Since Bitcoin, the blockchain space considerably evolved. One crucial piece of software to interact with blockchains and hold private-public key pairs to distinct crypto-assets and securities are wallets. Wallet software can be offered by liable third-parties ('custodians') who hold certain rights over assets and transactions. As parties subject to financial regulation, they are to uphold Anti-money Laundering and Combating the Financing of Terrorist (AML/CFT) standards by undertaking Know-Your-Customer (KYC) checks on users of their services. In juxtaposition, wallet software can also be issued without the involvement of a liable third-party. As no KYC is performed and users have full 'freedom to act', such 'non-custodial' wallet software is popular in criminal undertakings. They are required to interact with peer-to-peer applications and organisations running on blockchains whose benefits are not the subject of this paper. To date, financial regulation fails to adequately address such wallet software because it presumes the existence of a registered, liable entity offering said software. As illustrated in the case of Tornado Cash, financial regulation fails to trace chains of secondary liability. Alas, the considered solution is a systematic surveillance of all transactions. Against this backdrop, this paper sets forth an alternative approach rooted in copyright law. Concepts that pertain to secondary liability prove of value to develop a flexible, principles-based approach to the regulation of non-custodial wallet software that accounts for both, infringing and non-infringing uses. [ABSTRACT FROM AUTHOR]

Published

2023

50. Untangling the cyber norm to protect critical infrastructures.

Author

Kouloufakos, Triantafyllos

Subjects

*CYBERSPACE, *INTERNATIONAL law, *TELECOMMUNICATION, *INTERNATIONAL security

Abstract

This paper aims to investigate the use and interpretation of the norm of protection of critical infrastructure in international law. The paper will firstly elaborate on the use of the term critical infrastructure in the current international context along with examples from domestic law from states that have firmly established their presence in cyberspace. Subsequently, this paper will discuss how the norm is approached in international law and specifically by the United Nations Group of Governmental Experts Reports (UNGGE Report) and also by the 2021 Open-ended working group on developments in the field of information and telecommunications in the context of international security (OWEG Report) as well as the General Assembly and the Security Council. Moreover, it will look into the approach of different international organisations, to how they understand and apply the norm of protecting critical infrastructures. Furthermore, the paper will analyse how non-state actor initiatives such as the Global Commission for the Stability of Cyberspace and the Paris Call for Trust have interpreted and even expanded said norm. [ABSTRACT FROM AUTHOR]

Published

2023