Showing total 437 results

1. The problem of spam law: a comment on the Malaysian communications and multimedia commission's discussion paper on regulating unsolicited commercial messages

Author

Khong, Dennis W.K.

Subjects

*SPAM email laws, *INTERNET laws, *INTERNET fraud, *DIGITAL media, MALAYSIA. Communications & Multimedia Commission

Abstract

The Malaysian Communications and Multimedia Commission published a discussion paper on Regulating Unsolicited Commercial Messages in early August 2003. It was undertaken as a precursor to a law to control the problem of junk mails or spam on the Internet and other electronic media. In this article, I intend to explore the problem of regulating spam from an economic point of view, and to discuss the Commission''s findings. [Copyright &y& Elsevier]

Published

2004

2. ... and still we are left wanting: Malta's White Paper on digital rights.

Author

Weitzenboeck, Emily M.

Subjects

*DIGITAL rights management, *TECHNOLOGY & law, *INTERNET access, *FREEDOM of information, *ACCESS control, *ELECTRONIC information resources, MALTESE politics & government

Abstract

CLSR welcomes occasional comment pieces on issues of current importance in the law and technology field from different jurisdictions. In this instance the Government of Malta published a White Paper in October 2012 for public consultation, proposing the introduction of the following four so-called "digital rights" in the Constitution of Malta: (1) the right to Internet access; (2) the right to informational access; (3) the right to informational freedom and (4) the right to digital informational self-determination. The author believes that the proposal is indeed a step in the right direction but lacks punch where it matters most and does not go far enough. [ABSTRACT FROM AUTHOR]

Published

2013

3. The 2014 IAITL Conference - Call for papers - The 9th International Conference on Legal, Security and Privacy Issues in IT Law (LSPI) 15-17 October 2014, Lisbon, Portugal.

Published

2014

4. ELECTRONIC SIGNATURES — EVIDENCE: THE EVIDENTIAL ISSUES RELATING TO ELECTRONIC SIGNATURES1<fn id="fn1"><no>1</no>The author wishes to thank Professor Tapper, Peter Howes COO of rchive-it.com, Charles Hollander QC, John Theobald of Ikan plc and Nicholas Bohm consultant to Fox Williams and Alec Muffett Principle Engineer Security at Sun Microsystems Limited, for reading the first draft of this paper and for their valuable comments. All errors and omissions remain with the author.</fn> — PART 1

Author

Mason, Stephen

Subjects

*ELECTRONIC commerce, *DIGITAL signatures

Abstract

Both the Government and the industry are keenly promoting the use of electronic signatures. It is assumed that the widespread use of electronic signatures will encourage greater use of the Internet as a means to buy goods and services. This article looks at the evidential issues relating to electronic signatures, and illustrates the weakness of the infrastructure which, in turn, highlights the risks that both users and recipients encounter when using electronic signatures. [ABSTRACT FROM AUTHOR]

Published

2002

5. EU Data Protection Policy: The Privacy Fallacy: Adverse Effects of Europe’s Data Protection Policy in an Information-Driven Economy1<fn id="fn1"><no>1</no>I presented a short version of this paper at a seminar hosted by FEDMA and the Center for Information Policy Leadership @ Hunton & Williams (Data Flows and Individual Autonomy: The Benefits of Free Flow and the Cost of Privacy, Brussels, May 22, 2001). I am grateful for comments received from participants at that seminar, including Ulf Bru¨hann, Commission of the EC, and Paul de Hert, Catholic University Brabant (KUB). In addition, Marty Abrams, Professor Fred Cate, Oscar Marquis, and Jan Dhont, all of the law firm of Hunton & Williams, and Professor Corien Prins, Catholic University Brabant (KUB), made helpful comments and suggestions. My thinking on this subject has been shaped by discussions in the context of the Global Solutions Project of the Center for Information Policy Leadership @ Hunton & Williams.</fn>

Author

Bergkamp, Lucas

Subjects

*DATA protection laws, *RIGHT of privacy, *INFORMATION society

Abstract

The European Union has established a comprehensive legislative privacy framework aimed at protecting data pertaining to individuals. The EU is currently in the process of amending and supplementing its data protection legislation to prepare for the information society. In this article, Professor Lucas Bergkamp questions the desirability and necessity of the EU’s data protection regime in the information society. He examines the “other side” of data protection law and identifies its paradoxical and adverse effects. Based on a thorough analysis of how privacy law affects markets, he argues that data protection restricts consumer choice and freedom, and results in consumers receiving outdated, lower quality products and services at higher prices. The author proposes possible alternative approaches to data protection in Europe, and identifies the groundwork that needs to be conducted to devise a sensible, balanced privacy framework for the information society. [ABSTRACT FROM AUTHOR]

Published

2002

6. Originality and the future of copyright in an age of generative AI.

Author

Fenwick, Mark and Jurcys, Paulius

Subjects

*COPYRIGHT, *ARTIFICIAL intelligence, *CREATIVE ability, *CHATGPT

Abstract

This paper takes the occasion of French DJ David Guetta's use of generative AI tools to create lyrics and a voice in the style of Eminem, which he then used in one of his concerts, as the basis for an exploration of the shifting meaning of creativity and originality in the age of generative AI. Our main contention is that the Guetta form of creativity with generative AI tools differs in certain important respects from what has come before. The paper describes an iterative, dynamic process of conception, prompting, generation, refining, and deployment to characterise creativity in this context. Nevertheless, we contend that copyright – specifically the concept of originality as articulated in US federal law – is a sufficiently durable legal mechanism that can manage these new cultural forms, and that the two basic requirements of modern copyright law (a tangible medium of expression and a modest degree of creativity) remain relevant in identifying the scope of legal protection. The paper argues that the David Guetta story reveals something more general about creativity in a digital age, namely that while hybrid-networked (i.e., human – corporate – machine) creators have always created hybrid-networked cultural forms (i.e., creations that blend human and technology-constituted elements), such hybridity becomes increasingly visible and complex in the context of a new world of generative AI. At the very least, earlier – and influential – models of creativity as human-driven involving creation ex nihilo become harder to sustain in a new age of generative AI. But this does not mean copyright or notions of originality are redundant or that copyright law cannot accommodate Guetta and other cases. Such an account seems important as it challenges the hegemonic and reductive view that AI "generates" artistic works autonomously and avoids reducing the copyright issues raised by such creative works to the related but distinct question of whether learning models rely on copyrighted data. As such, copyright law should remain an important mechanism to facilitate genuine creators who are using AI systems in innovative and unique ways to push the boundaries of their creativity. [ABSTRACT FROM AUTHOR]

Published

2023

7. Algorithms that forget: Machine unlearning and the right to erasure.

Author

Juliussen, Bjørn Aslak, Rui, Jon Petter, and Johansen, Dag

Subjects

*RIGHT to be forgotten, *MACHINE learning, *GENERAL Data Protection Regulation, 2016, *ELECTRONIC data processing, *DISCLOSURE laws

Abstract

Article 17 of the General Data Protection Regulation (GDPR) contains a right for the data subject to obtain the erasure of personal data. The right to erasure in the GDPR gives, however, little clear guidance on how controllers processing personal data should erase the personal data to meet the requirements set out in Article 17. Machine Learning (ML) models that have been trained on personal data are downstream derivatives of the personal data used in the training data set of the ML process. A characteristic of ML is the non-deterministic nature of the learning process. The non-deterministic nature of ML poses significant difficulties in determining whether the personal data in the training data set affects the internal weights and adjusted parameters of the ML model. As a result, invoking the right to erasure in ML and to erase personal data from a ML model is a challenging task. This paper explores the complexities of enforcing and complying with the right to erasure in a ML context. It examines how novel developments in machine unlearning methods relate to Article 17 of the GDPR. Specifically, the paper delves into the intricacies of how personal data is processed in ML models and how the right to erasure could be implemented in such models. The paper also provides insights into how newly developed machine unlearning techniques could be applied to make ML models more GDPR compliant. The research aims to provide a functional understanding and contribute to a better comprehension of the applied challenges associated with the right to erasure in ML. [ABSTRACT FROM AUTHOR]

Published

2023

8. The European AI liability directives – Critique of a half-hearted approach and lessons for the future.

Author

Hacker, Philipp

Subjects

*ARTIFICIAL intelligence, *CHATGPT, *PRODUCT liability, *EUROPEAN Union law

Abstract

The optimal liability framework for AI systems remains an unsolved problem across the globe. With ChatGPT and other large generative models taking the technology to the next level, solutions are urgently needed. In a much-anticipated move, the European Commission advanced two proposals outlining the European approach to AI liability in September 2022: a novel AI Liability Directive (AILD) and a revision of the Product Liability Directive (PLD). They constitute the final cornerstone of AI regulation in the EU. Crucially, the liability proposals and the proposed EU AI Act are inherently intertwined: the latter does not contain any individual rights of affected persons, and the former lack specific, substantive rules on AI development and deployment. Taken together, these acts may well trigger a "Brussels effect" in AI regulation, with significant consequences for the US and other countries. Against this background, this paper makes three novel contributions. First, it examines in detail the liability proposals and shows that, while making steps in the right direction, they ultimately represent a half-hearted approach: if enacted as foreseen, AI liability in the EU will primarily rest on disclosure of evidence mechanisms and a set of narrowly defined presumptions concerning fault, defectiveness and causality. Hence, second, the article suggests amendments to the proposed AI liability framework. They are collected in a concise Annex at the end of the paper. I argue, inter alia, that the dichotomy between the fault-based AILD Proposal and the supposedly strict liability PLD Proposal is fictional and should be abandoned; that an EU framework for AI liability should comprise one fully harmonizing regulation instead of two insufficiently coordinated directives; and that the current proposals unjustifiably collapse fundamental distinctions between social and individual risk by equating high-risk AI systems in the AI Act with those under the liability framework. Third, based on an analysis of the key risks AI poses, the final part of the paper maps out a road for the future of AI liability and regulation, in the EU and beyond. More specifically, I make four key proposals. Effective compensation should be ensured by combining truly strict liability for certain high-risk AI systems with general presumptions of defectiveness, fault and causality in cases involving SMEs or non-high-risk AI systems. The paper introduces a novel distinction between illegitimate- and legitimate-harm models to delineate strict liability's scope. Truly strict liability should be reserved for high-risk AI systems that, from a social perspective, should not cause harm (illegitimate-harm models, e.g., autonomous vehicles or medical AI). Models meant to cause some unavoidable harm by ranking and rejecting individuals (legitimate-harm models, e.g., credit scoring or insurance scoring) may merely face rebuttable presumptions of defectiveness and causality. General-purpose AI systems and Foundation Models should only be subjected to high-risk regulation, including liability for high-risk AI systems, in specific high-risk use cases for which they are deployed. Consumers, in turn, ought to be liable based on regular fault, in general. Furthermore, innovation and legal certainty should be fostered through a comprehensive regime of safe harbours, defined quantitatively to the best extent possible. Moreover, trustworthy AI remains an important goal for AI regulation. Hence, the liability framework must specifically extend to non-discrimination cases and provide for clear rules concerning explainability (XAI). Finally, awareness for the climate effects of AI, and digital technology more broadly, is rapidly growing in computer science. In diametrical opposition to this shift in discourse and understanding, however, EU legislators have long neglected environmental sustainability in both the draft AI Act and the proposed liability regime. To counter this, I propose to jump-start sustainable AI regulation via sustainability impact assessments in the AI Act and sustainable design defects in the liability regime. In this way, the law may help spur not only fair AI and XAI, but also sustainable AI (SAI). [ABSTRACT FROM AUTHOR]

Published

2023

9. "Lawful interception – A market access barrier in the European Union"?

Author

Doronin, Vadim

Subjects

*LAW enforcement, *EAVESDROPPING, *TELECOMMUNICATION, *INTERNET of things

Abstract

This paper studies legal requirements across the European Union to implement technical and organizational capabilities to intercept and deliver content data to law enforcement authorities, arguing that a fragmentation of rules across EU Member States imposes market access barriers upon telecommunications providers. The aim of this paper is to raise awareness about discrepancy of lawful interception rules across the EU, which causes legal uncertainty and places burdensome requirements upon regulated entities such as OTT but also IoT connectivity and satellite service providers. The paper further argues that the EU has competencies to legislate on harmonization of lawful interception capability rules by specifying what types of telecommunications providers can be subject to those rules, address types of capabilities, determine whether Member States should be responsible to reimburse telecommunications providers with incurred costs; and finally, regulate on the ability to share or outsource capabilities with other providers or third-party vendors. The author doesn't address human rights or privacy considerations associated with exercising lawful interception, nor grounds on which lawful interception can be requested under national law, nor evidential admissibility of intercepted data. [ABSTRACT FROM AUTHOR]

Published

2023

10. An institutional account of responsiveness in financial regulation- Examining the fallacy and limits of 'same activity, same risks, same rules' as the answer to financial innovation and regulatory arbitrage.

Author

Chiu, Iris H-Y

Subjects

*FINANCE laws, *ARBITRAGE, *FINANCIAL technology

Abstract

Financial regulators face the persistent issue of being challenged by financial innovations and regulatory arbitrage. This article argues that a functional approach of 'same activity, same risks, same rules' is potentially vague and insufficient, and does not provide clear guidance for regulators. By critically discussing the US Securities Exchange Commission's and UK Financial Conduct Authority's approaches to cryptoasset offers, the paper argues that whether and how regulators respond to financial innovation crucially depends on regulators' institutional structures. These structural limitations provide empowering as well as constraining aspects in relation to regulatory objectives and mandates, shaping financial regulators' responsiveness in different ways. The paper argues that an institutional account of regulatory responsiveness more accurately explains policy responses. The benefits and drawbacks of such policy responsiveness are also crucially shaped by these institutional structures. [ABSTRACT FROM AUTHOR]

Published

2023

11. The 8th CLSR Best Paper Awards are announced at the IAITL Conference in Bangkok.

Subjects

*CONFERENCES & conventions, *LAWYERS, *INFORMATION technology, *AWARDS

Abstract

The article offers information about the annual conference "International Association of IT Lawyers" (IAITL) that was held in Bangkok, Thailand from November 11-15, 2013 and also about the 8th 'CLSR Best Paper Awards" that was given to Dr Uri Volovelsky.

Published

2014

12. Tripartite perspective on the copyright-sharing economy in China.

Author

Lee, Jyh-An

Subjects

*DIGITAL technology, *COPYRIGHT, *INTELLECTUAL property, *STAKEHOLDERS, *ECONOMIC development, *SHARING economy

Abstract

Internet and digital technologies have facilitated copyright sharing in an unprecedented way, creating significant tensions between the free flow of information and the exclusive nature of intellectual property. Copyright owners, users, and online platforms are the three major players in the copyright system. These stakeholders and their relations form the main structure of the copyright-sharing economy. Using China as an example, this paper provides a tripartite perspective on the copyright ecology based on three categories of sharing, namely unauthorized sharing, altruistic sharing, and freemium sharing. The line between copyright owners, users, and platforms has been blurred by rapidly changing technologies and market forces. By examining the strategies and practices of these parties, this paper illustrates the opportunities and challenges for China's copyright industry and digital economy. The paper concludes that under the shadow of the law, a sustainable copyright-sharing model must carefully align the interests of businesses and individual users. [ABSTRACT FROM AUTHOR]

Published

2019

13. EU GDPR or APEC CBPR? A comparative analysis of the approach of the EU and APEC to cross border data transfers and protection of personal data in the IoT era.

Author

Sullivan, Clare

Subjects

*GENERAL Data Protection Regulation, 2016, *COMPARATIVE studies, *DATA protection, *INTERNET of things

Abstract

This article examines the two major international data transfer schemes in existence today – the European Union (EU) model which at present is effectively the General Data Protection Regulation (GDPR), and the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules system (CBPR), in the context of the Internet of Things (IoT). While IoT data ostensibly relates to things i.e. products and services, it impacts individuals and their data protection and privacy rights, and raises compliance issues for corporations especially in relation to international data flows. The GDPR regulates the processing of personal data of individuals who are EU data subjects including cross border data transfers. As an EU Regulation, the GDPR applies directly as law to EU member nations. The GDPR also has extensive extraterritorial provisions that apply to processing of personal data outside the EU regardless of place of incorporation and geographical area of operation of the data controller/ processor. There are a number of ways that the GDPR enables lawful international transfer of personal data including schemes that are broadly similar to APEC CBPR. APEC CBPR is the other major regional framework regulating transfer of personal data between APEC member nations. It is essentially a voluntary accountability scheme that initially requires acceptance at country level, followed by independent certification by an accountability agent of the organization wishing to join the scheme. APEC CBPR is viewed by many in the United States of America (US) as preferable to the EU approach because CBPR is considered more conducive to business than its counterpart schemes under the GDPR, and therefore is regarded as the scheme most likely to prevail. While there are broad areas of similarity between the EU and APEC approaches to data protection in the context of cross border data transfer, there are also substantial differences. This paper considers the similarities and major differences, and the overall suitability of the two models for the era of the Internet of Things (IoT) in which large amounts of personal data are processed on an on-going basis from connected devices around the world. This is the first time the APEC and GDPR cross-border data schemes have been compared in this way. The paper concludes with the author expressing a view as to which scheme is likely to set the global standard. [ABSTRACT FROM AUTHOR]

Published

2019

14. Beyond financial regulation of crypto-asset wallet software: In search of secondary liability.

Author

Barbereau, Tom and Bodó, Balázs

Subjects

*BITCOIN, *BLOCKCHAINS, *PUBLIC-private sector cooperation, *LEGAL liability, *SURVEILLANCE detection

Abstract

Since Bitcoin, the blockchain space considerably evolved. One crucial piece of software to interact with blockchains and hold private-public key pairs to distinct crypto-assets and securities are wallets. Wallet software can be offered by liable third-parties ('custodians') who hold certain rights over assets and transactions. As parties subject to financial regulation, they are to uphold Anti-money Laundering and Combating the Financing of Terrorist (AML/CFT) standards by undertaking Know-Your-Customer (KYC) checks on users of their services. In juxtaposition, wallet software can also be issued without the involvement of a liable third-party. As no KYC is performed and users have full 'freedom to act', such 'non-custodial' wallet software is popular in criminal undertakings. They are required to interact with peer-to-peer applications and organisations running on blockchains whose benefits are not the subject of this paper. To date, financial regulation fails to adequately address such wallet software because it presumes the existence of a registered, liable entity offering said software. As illustrated in the case of Tornado Cash, financial regulation fails to trace chains of secondary liability. Alas, the considered solution is a systematic surveillance of all transactions. Against this backdrop, this paper sets forth an alternative approach rooted in copyright law. Concepts that pertain to secondary liability prove of value to develop a flexible, principles-based approach to the regulation of non-custodial wallet software that accounts for both, infringing and non-infringing uses. [ABSTRACT FROM AUTHOR]

Published

2023

15. Untangling the cyber norm to protect critical infrastructures.

Author

Kouloufakos, Triantafyllos

Subjects

*CYBERSPACE, *INTERNATIONAL law, *TELECOMMUNICATION, *INTERNATIONAL security

Abstract

This paper aims to investigate the use and interpretation of the norm of protection of critical infrastructure in international law. The paper will firstly elaborate on the use of the term critical infrastructure in the current international context along with examples from domestic law from states that have firmly established their presence in cyberspace. Subsequently, this paper will discuss how the norm is approached in international law and specifically by the United Nations Group of Governmental Experts Reports (UNGGE Report) and also by the 2021 Open-ended working group on developments in the field of information and telecommunications in the context of international security (OWEG Report) as well as the General Assembly and the Security Council. Moreover, it will look into the approach of different international organisations, to how they understand and apply the norm of protecting critical infrastructures. Furthermore, the paper will analyse how non-state actor initiatives such as the Global Commission for the Stability of Cyberspace and the Paris Call for Trust have interpreted and even expanded said norm. [ABSTRACT FROM AUTHOR]

Published

2023

16. From fragile to smart consumers: Shifting paradigm for the digital era.

Author

Colangelo, Giuseppe and Maggiolino, Mariateresa

Subjects

*DIGITAL technology, *ELECTRONIC data processing, *INTERNATIONAL economic relations, *CONSUMERS

Abstract

Abstract The use of digital technologies, functioning thanks to data processing, has been conquering many sectors of the world economy and it is possible that, in the near future, only a few markets will still be excluded from this industrial revolution. Therefore, even if one chose unreasonably to disregard the many innovations that the digital economy has brought about, its development seems quite inexorable, although it is true that this new stage in human progress raises some concerns. In particular, many worry about the millions of passive and powerless digital consumers who, facing a few huge and influential companies without any education or awareness, could succumb and find themselves poorer, victimized, and manipulated. The paper proposes to react to this state of affairs without further fueling the fear of the digital revolution and without the thought that regulation can be used only as a shield to protect fragile digital consumers. Rather, by taking inspiration from some regulatory actions undertaken by the European Union, the paper bears in mind that regulation can be used as a sword in the hands of consumers to finally assign them a lead role in digital markets. New rules to empower consumers and to make them take autonomous and independent decisions as to the management of their personal data as well as to the merits of digital firms can be envisaged. After all, one of the cultural roots of Western societies is that every individual should be enabled to be faber ipsius fortunae. [ABSTRACT FROM AUTHOR]

Published

2019

17. Greed for data and exclusionary conduct in data-driven markets.

Author

Kathuria, Vikas

Subjects

*DATA security, *BIG data, *MACHINE learning

Abstract

Several two-sided platforms base their business model on collecting user data, which not only is used for advertisements that generate revenue, but also improve the underlying algorithm that forms the core of any virtual platform. In such markets, big data generates network effects that sustain the market position of the dominant player. Further, scope in data adds a crucial competitive advantage to the advertisement-driven business model. The paper argues that by cutting the supply of user data to its competitors, a dominant player can successfully restrict its competitors from gaining critical mass (in terms of both scale and scope) that is crucial to stay viable in a competitive market. The literature on the competition assessment of data-driven markets has predominantly been theoretical hitherto. This paper presents the competition assessment of two recent cases—European Commission's decision against Google in the Android licensing case, and Bundeskartellamt's (German Federal Cartel Office) action against Facebook— in their technological and economic context to ascertain foreclosure. While Google's practices resulted in foreclosure, the technological and economic context in Bundeskartellamt's case against Facebook does not present a convincing theory of foreclosure. The paper also draws common lessons from these cases that can guide the competition assessment in similar circumstances. The paper, therefore, contributes to the scant academic literature on the exclusionary conduct in data-driven markets from a practical standpoint. [ABSTRACT FROM AUTHOR]

Published

2019

18. Regulating internet platforms in the EU - The emergence of the 'Level playing Field'.

Author

Savin, Andrej

Subjects

*INTERNET security laws, *COMPUTER crime laws, *DATA protection laws, *DISCLOSURE laws, *DATA privacy

Abstract

Abstract This paper analyses the European Union's regulatory policy on platforms. The first part of the paper looks at the how the EU formulates platform policy while the second analyses the proposed and existing laws that already cover them. The final part looks at the consequences of the level playing field as the guiding regulatory principle. The main argument is that EU regulatory intervention concerning platforms seeks to bring linear providers in line with platforms through the "level playing field" or, in other words, that the EU seeks to protect the incumbents and minimise disruption rather than enhance the value-creating potential of platforms. [ABSTRACT FROM AUTHOR]

Published

2018

19. Some risks of tokenization and blockchainizaition of private law.

Author

Savelyev, Alexander

Subjects

*BLOCKCHAINS, *DISTRIBUTED computing, *CIVIL law, *DATA protection laws, *INFORMATION technology laws, *SECURITY systems, *LAW

Abstract

The paper focuses on the analysis of the problems that may be driven by mass tokenization of the objects of civil law, i.e. the creation of a digital representation of such objects in the form of a record in blockchain. This occurs where the value of such objects is transferred subsequently by means of disposal of such tokens, which is a subject of separate rights to it. The paper outlines two core problems, which were inspired by recent legislative activities in Belarus and Russia. The first is a possible displacement of existing legal regimes of objects of civil rights by the legal regime of the token. Secondly, the problem of definition of the nature of rights to tokens arises (in rem versus ad personam) as well as remedies for their violations. Provisions of the Belarus Decree “On the development of digital economy” of 21 December 2017 and drafts of the laws on blockchain and ICO, discussed in Russian Parliament and Government are taken to illustrate these problems. [ABSTRACT FROM AUTHOR]

Published

2018

20. The drive for virtual (online) courts and the failure to consider obligations to combat human trafficking – A short note of concern on identification, protection and privacy of victims.

Author

Gerry, Felicity, Muraszkiewicz, Julia, and Iannelli, Olivia

Subjects

*HUMAN trafficking laws, *HUMAN trafficking prevention, *HUMAN rights, *DATA protection laws, *INFORMATION technology laws

Abstract

This article examines the introduction of virtual (online) court systems being introduced in parts of the UK in the particular context of human trafficking victims. The justice system in England and Wales is undergoing significant transformation through the use of technology, under a drive for efficiency. The authors argue that online court systems are being implemented without investment into appropriate legal research and with assumptions regarding the approval process, and questions the effect of virtual hearings on the fundamental principles of due process. Whilst identifying vulnerability has been the subject of guidance, it remains unclear how these courts will deal with human trafficking issues. Human trafficking is a highly lucrative industry that extends to all corners of the globe and international as well as UK protocols and legislation exist with the objective to protect and assist the victims of human trafficking, with full respect for their human rights, ensuring a victim-centred approach. The protection of personal data and privacy of all online court users is important; however, trafficked persons belong a particularly vulnerable group, and the protection of their personal data is critical in alleviating the risk of further harm, intimidation, retaliation, or inappropriate use of biometric data.In conclusion, the authors argue that technological solutions to inefficiency have been given priority over justice solutions and just outcomes, without addressing systemic issues in the context of human trafficking. An Online Court…is not, incidentally, (as some press reports have suggested) intended to be a court without judges, or a court where matters in dispute are to be determined automatically by some algorithm embedded in a computer, or by a civil servant. But it is a court where the basic problem facing ordinary people, namely turning their heart-felt grievances into something formulated in legal terms, and enabling them to identify and present their documentary and other evidence, is capable of being addressed electronically and cheaply, so that both their opponents know the case to be met, and the court is equipped at the earliest possible stage with the materials necessary to decide it justly. This statement is from Briggs LJ Addressing the Bar of England and Wales on the use of online courts in 2016. 2 2 Briggs LJ The Online Court Counsel Magazine April 2016 〈 https://www.counselmagazine.co.uk/articles/the-online-court〉 Whilst this is a hopeful description of what technology can do for the justice system, this paper seeks to show that perhaps our enthusiasm ought to be restrained until we answer key questions. The authors explore these questions using the example of victims of human trafficking. These persons engage with the justice system in a variety of ways. Some are witnesses to trafficking crimes in a criminal prosecution. Others may themselves be on trial for crimes they were compelled to commit as a result of their trafficking situation. Additionally, they can be party to a civil case, e.g., arising out of an employment situation. In each of these cases there is possibility for the victim to be identified, if they are not already, as somebody who has a right to assistance and support. There is an opportunity for the state to carry out an identification and thus, as explained in this paper, fulfil human rights obligations. What happens when cases go online? There are also serious questions with regard to privacy and data protection and how the implementation of online court processes may act as a barrier to identifying victims of human trafficking. The authors, therefore, advocate for great caution to be used with the introduction of virtual justice and call for additional research to be undertaken in order to gain a clear vision of what the current and future effects of this new system may be. [ABSTRACT FROM AUTHOR]

Published

2018

21. Intellectual property law and practice in the blockchain realm.

Author

Gürkaynak, Gönenç, Yılmaz, İlay, Yeşilaltay, Burak, and Bengi, Berk

Subjects

*BLOCKCHAINS, *INTELLECTUAL property, *INFORMATION technology laws, *DATA protection laws, *DIGITAL signatures, *LAW

Abstract

Blockchain technology is claimed to be and perceived as one of the revolutionary technologies that will have an enormous impact on our lives in the forthcoming years and decades. The legal questions surrounding blockchain appear to be among the most controversial issues surrounding this novel technology, which create uncertainties as to the scope and speed of its eventual adoption. Is it legal to use blockchain technology? Does or should any governmental authority or court take a record stored in blockchain into consideration in their decisions? Is blockchain reliable? Can the technology be used for the protection and enforcement of legal and property rights? The technological advancements offered by blockchain promise wide ranges of use in a variety of sectors and legal areas, including intellectual property (IP) law. This paper will focus primarily on the possible opportunities that blockchain may offer with respect to the future of IP law and discuss its potential impact on the registration, management and enforcement of intellectual property rights. We will proceed to offer blockchain-based solutions to foster the operation of IP offices, reinforce customs procedures in detecting counterfeit products, and enhance the efficiency of IP rights management by the right holders. The paper concludes by providing some suggestions to pave the way for the advancement of blockchain technology and to increase the number of people that this technology reaches, as well as its successful integration into the various services and registration/transaction channels that we use today. [ABSTRACT FROM AUTHOR]

Published

2018

22. Controlling lethal autonomous weapons systems: A typology of the position of states.

Author

Qerimi, Qerim

Subjects

*DECISION making, *PSYCHOLOGICAL typologies, *WEAPONS systems, *INTERNATIONAL law, *GENERAL Data Protection Regulation, 2016

Abstract

This paper seeks to understand the potential for robust global control of lethal autonomous weapons systems (LAWS). The paper seeks to uncover the predominant views and trends in global decision-making about such weapons systems by way of observing the positions and preferences of States inhabiting the international system as a realistic modality of a more probable normative outcome. Through a thorough examination of publicly available positions of United Nations (UN) Member States, it establishes a typology of varying positions maintained by States and reveals the argumentative rationale for the major positions advanced. This typology results to be far from unified and is composed of the following categories: (1) States that support the prohibition of LAWS; (2) States that support the prohibition of LAWS, but do not support calls for an international ban treaty; (3) States that do not support (or oppose) the prohibition of LAWS; (4) States with "flexible" positions over the LAWS: oppose use or use under certain circumstances, but not the development and production; (5) States that expressed support for multilateral talks, but have not expressed a position on the prohibition or not of LAWS; and (6) States that have called for a legally binding instrument (or legal regulation) on LAWS (inclusive of both prohibitions and regulations). Regulation and human control emerge as factors that have significant value in the equation. [ABSTRACT FROM AUTHOR]

Published

2023

23. GDPR-compliant AI-based automated decision-making in the world of work.

Author

Lukács, Adrienn and Váradi, Szilvia

Subjects

*GENERAL Data Protection Regulation, 2016, *DECISION making, *EMPLOYMENT, *ARTIFICIAL intelligence, *DATA protection

Abstract

Artificial Intelligence is spreading fast in our everyday life and the world of work is no exception. AI is increasingly shaping the employment context: such emerging areas are augmented and automated decision-making. As AI-based decision-making is fuelled by personal data, compliance with data protection frameworks is inevitable. Even though automated decision-making is already addressed by the European norms on data protection – especially the GDPR –, their application in the world of work raises specific questions. The paper examines, in the light of the 'general' data protection background, what specific data protection challenges are raised in the field of AI-based automated decision-making in the context of employment. As a result of the research, the paper provides a detailed overview on the European legal framework on the data protection aspects of AI-based automated decision-making in the employment context. It identifies the main challenges, such as the applicability of the existing legal framework to the current use-cases and the specific questions relating to the lawful bases in the world of work, and provides guidelines on how to address these challenges. [ABSTRACT FROM AUTHOR]

Published

2023

24. Critiquing the U.S. characterization, attribution and retaliation laws and policies for cyberattacks.

Author

Jimoh, Mujib

Subjects

*CYBERTERRORISM, *GOVERNMENT accountability, *RETALIATION for terrorism

Abstract

This paper critiques the U.S. characterization, attribution, and retaliation laws and policies for cyberattacks. Characterization, attribution, and retaliation are part of the most important aspects of responding to cyberattacks. The U.S. does not have a clearly defined characterization process, other than the Government Accountability Office (GAO), Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Homeland Security (DHS)'s Threat Table which characterizes the different motivations for carrying out cyberattacks by cyber threat actors. This Threat Table has hardly changed since 2005, yet, cyber threat actors continually develop their tactics, techniques, and procedures (TTPs) and conceal their real motivations for carrying out cyberattacks. Like characterization, the U.S. does not have a known attribution procedure, nor is a single agency tasked with the function of attribution. Different agencies – the Department of Justice (DoJ), the Federal Bureau of Investigation (FBI), the National Cyber Investigative Joint Task Force (NCIJTF), and the Office of the Director of National Intelligence (ODNI) – and even private sectors companies, participate in the attribution process. This invites potential contradiction and interference with the attribution process. Though, unlike characterization and attribution, the U.S. retaliation policies are contained in different documents, none has the preciseness required to be effective. This paper thus, makes recommendations for each of these aspects of cyberattack response. [ABSTRACT FROM AUTHOR]

Published

2023

25. The Fifth International Conference on Legal, Security and Privacy Issues in IT Law (LSPI), November 3–5, 2010, Barcelona, Spain: CLSR Best Paper Awards

Published

2011

26. Generative and AI-powered oracles: "What will they say about you?".

Author

Levantino, Francesco Paolo

Subjects

*ARTIFICIAL intelligence, *CHATGPT, *DATA protection, *DATA security, *VIRTUAL reality

Abstract

In less than one year from its launch, the chatbot ChatGPT has captured widespread public attention, thanks to its ease of use and remarkable performance. However, part of this interest is due to its involvement in some data protection and data security issues. In the context of the ongoing debate surrounding similar technologies, such as generative AI, this contribution will first introduce the "ChatGPT phenomenon" (Sections 1 and 2). Then, it will analyse the various positions taken by some key stakeholders on the issues of above and the regulation of the design and use of such technologies, examining these perspectives through the lenses of "Digital Constitutionalism". Particularly, this paper will emphasise the role that civil society can play in such dynamics (Section 3). Subsequently, it will further promote an active and forward-looking approach in addressing the looming threats these and other AI-based technologies could pose to fundamental rights and society as a whole (Section 4). As we already approach the next AI era without even noticing, the question worth asking ourselves is: "What will generative and AI-powered oracles reveal about us?" (Section 5). [ABSTRACT FROM AUTHOR]

Published

2023

27. Going native? How crypto technology may help regulators.

Author

Biancotti, Claudia

Subjects

*CRYPTOCURRENCIES, *STATUTES, *RISK management in business, *FRAUD, *BLOCKCHAINS

Abstract

The crypto industry suffered a prolonged crisis in 2022. It is now at a turning point, as lawmakers around the world deploy new statutes aimed at curtailing endemic fraud, inadequate risk management, and bad governance. This is a net positive for the ecosystem – without legal certainty, it cannot flourish. In this paper, I argue that some crypto-native constructs may usefully complement traditional frameworks in the regulation of both crypto itself and the broader financial system. Protected environments, such as regulatory sandboxes and innovation hubs, should be leveraged to foster creative cooperation between authorities and the crypto industry. [ABSTRACT FROM AUTHOR]

Published

2023

28. The protection of human biodata: Is there any role for data ownership?

Author

Demir, Esra

Subjects

*DATA protection, *CIVIL rights, *ARTIFICIAL intelligence, *ELECTRONIC data processing

Abstract

In the area of human biodata governance, one of the most pressing questions is how to address the tension between fostering innovation and protecting the fundamental rights and freedoms that arise from the development, deployment, and use of AI and data processing. On the one hand, data collected and stored in biobanks hold great promise, particularly for improving health care. However, the improper handling of these vast amounts of biodata also raises unresolved legal and ethical issues. This article aims to contribute to the debate on the protection of human biodata by examining the EU acquis on data ownership and questioning whether there is any role for data ownership. On the basis of de lege lata , this paper argues that there is no such ownership protection for human biodata, but there are some indications. On the basis of de lege feranda , through a doctrinal legal analysis, it argues that biodata should not be subject to general ownership rights without a specific justification demonstrating the need for ownership of data from an economic and social perspective. [ABSTRACT FROM AUTHOR]

Published

2023

29. Fairness and justice through automation in China's smart courts.

Author

Papagianneas, Straton and Junius, Nino

Subjects

*JUDICIAL reform, *AUTOMATION, *ARTIFICIAL intelligence

Abstract

Xi Jinping's judicial reforms have placed the concepts of 'fairness' and 'justice' at the forefront, coinciding with the integration of information technology and AI into all aspects of China's court system through smart court reform. According to official Chinese discourse, smart court reform is supposed to make the justice system 'fairer'. However, research has not yet clearly established how 'fairness' and automation are connected in the Chinese context. This article is interested in how smart court and automation fit into Chinese interpretations of 'fairness'. Therefore, we ask what notions of 'fairness' drive and justify smart court reform? The main argument is that SCR allegedly reinforces elements of procedural fairness, i.e., internal accountability, external visibility, and due process in a way that they are conducive to substantive goals of legitimation, social stability, and user convenience. Most noteworthy, there is a strong emphasis on procedural consistency. This article conducts a systematic qualitative analysis of the foundational texts and discourse about smart courts in China, such as judicial policy documents, development and reform plans, white papers, and regulations. In our analysis we find that smart courts promote procedural and substantive components of 'fairness' that strengthen legal rationality while keeping open channels of control. Our findings help explain the rapid embrace of automation and technology in China's justice administration: they fit perfectly within the ruling party's worldview and perpetuate it in turn. [ABSTRACT FROM AUTHOR]

Published

2023

30. Countering online hate speech: How does human rights due diligence impact terms of service?

Author

Nave, Eva and Lane, Lottie

Subjects

*ONLINE hate speech, *DUE diligence, *HUMAN rights, *ARTIFICIAL intelligence laws

Abstract

The Internet is a global forum largely governed by private actors driven by profit concerns, often disregarding the human rights of historically marginalised communities. Increased attention is being paid to the corporate human rights due diligence (HRDD) responsibilities applicable to online platforms countering illegal online content, such as hate speech. At the European Union (EU) level, cross-sector initiatives regulate the rights of marginalised groups and establish HRDD responsibilities for online platforms to expeditiously identify, prevent, mitigate, remedy and remove online hate speech. These initiatives include the Digital Services Act, the Audiovisual Media Services Directive, the proposed Directive on Corporate Sustainability Due Diligence, the proposed Artificial Intelligence Act and the Code of conduct on countering illegal hate speech online. Nevertheless, the HRDD framework applicable to online hate speech has focused mostly on the platforms' responsibilities throughout the course of their operations - guidance regarding HRDD requirements concerning the regulation of hate speech in the platforms' Terms of Service (ToS) is missing. This paper employs a conceptualisation of criminal hate speech as explained in the Council of Europe Committee of Ministers' Recommendation CM/Rec(2022)16, Paragraph 11, to develop specific HRDD responsibilities. We argue that online platforms should, as part of emerging preventive HRDD responsibilities within Europe, respect the rights of historically oppressed communities by aligning their ToS with the conceptualisation of criminal hate speech in European human rights standards. [ABSTRACT FROM AUTHOR]

Published

2023

31. The regulation of digital advertising under the DSA: A critical assessment.

Author

Duivenvoorde, Bram and Goanta, Catalina

Subjects

*CONSUMER protection, *INFLUENCER marketing, *INTERNET advertising, *LEGAL liability, *PUBLIC interest

Abstract

This article critically assesses to what extent the Digital Services Act (DSA) protects consumers in relation to three important developments in digital advertising: (i) the rise of influencer marketing as a new form of native advertising (ii) the personalisation of advertising and (iii) hybrid ads as advertising solutions that find themselves at the intersection of influencer marketing and personalised advertising. We describe and analyse these developments to better understand whether and how they are governed by the DSA. While the DSA specifically left influencer marketing outside of the material scope of its advertising rules, new forms of advertising (i.e. on-platform influencer marketing, which we refer to as hybrid ads) challenge this choice, as we argue they may fall under the DSA's advertising rules, just as personalised advertising. The resulting regulatory choice of differentiating between advertising practices on social media is odd at best, since it does not take into account the characteristics of these practices or the essential role of social media platforms in other forms of advertising than personalised advertising. The paper critically reveals three main pitfalls related to the way in which the DSA tackles consumer protection concerns in relation to the selected digital advertising developments: coherence/fragmentation; little consumer benefits; and limited future-proofing. [ABSTRACT FROM AUTHOR]

Published

2023

32. Organization and management of sensitive personal health data in electronic systems in countries with implemented data protection laws, lessons to Brazil: A brief systematic review.

Author

Fantonelli, Miliane dos Santos, Zanotto, Wagner Luiz, de Melo, Fabiana Magarrote Fernandes, Celuppi, Ianka Cristina, Lacerda, Thaisa Cardoso, de Oliveira, Fernanda Maia, Hammes, Jades Fernando, Cunha, Célio Luiz, Felisberto, Mariano, Santos, Ranieri Alves dos, Scandolara, Daniel, da Rosa, Julia Salvan, de Oliveira, Júlia Meller Dias, Demarchi, Izabel Galhardo, Wazlawick, Raul Sidnei, and Dalmarco, Eduardo Monguilhott

Subjects

*DATA management, *ELECTRONIC systems, *HEALTH facilities, *DATA protection laws

Abstract

Personal health data has always been a big challenge for governments and health institutions around the world. Similarly, to Brazil, several countries have data protection laws, thus in this paper, we performed a systematic review to answer the question: what are the actions regarding organization and management of sensitive personal heath data in countries with implemented data protection laws that can serve as examples of effective implementations of the data protection law in health systems? A total of 18 studies were included in this review, on outcomes consent and access. Regarding consent, we highlight processes for consent permission for sharing data with physicians or databases, for entering data in electronic medical records and for accessing data for conducting studies. About access: patient portal data, login/authorization for viewing medical data, database infrastructure and unauthorised access. The results showed that there are countries that are quite developed in terms of data protection in health, as we mentioned in the highlights about access and consent, but still we noticed a lack of documents about the work process involved in the implementations of systems rules, registration and permissions, to help other countries that are still starting in the subject as Brazil. [ABSTRACT FROM AUTHOR]

Published

2023

33. Fine-tuning GPT-3 for legal rule classification.

Author

Liga, Davide and Robaldo, Livio

Subjects

*ARTIFICIAL intelligence, *LANGUAGE models, *ANNOTATIONS & citations (Law), *XML (Extensible Markup Language), *NATURAL language processing

Abstract

In this paper, we propose a Legal Rule Classification (LRC) task using one of the most discussed language model in the field of Artificial Intelligence, namely GPT-3, a generative pretrained language model. We train and test the proposed LRC task on the GDPR encoded in LegalDocML (Palmirani and Vitali, 2011) and LegalRuleML (Athan et al., 2013), two widely used XML standards for the legal domain. We use the LegalDocML and LegalRuleML annotations provided in Robaldo et al. (2020) to fine-tuned GPT-3. While showing the ability of large language models (LLMs) to easily learn to classify legal and deontic rules even on small amount of data, we show that GPT-3 can significantly outperform previous experiments on the same task. Our work focused on a multiclass task, showing that GPT-3 is capable to recognize the difference between obligation rules, permission rules and constitutive rules with performances that overcome previous scores in LRC. [ABSTRACT FROM AUTHOR]

Published

2023

34. Horizontal intervention, sectoral challenges: Evaluating the data act's impact on agricultural data access puzzle in the emerging digital agriculture sector.

Author

ATİK, Can

Subjects

*AGRICULTURAL technology, *TECHNOLOGICAL innovations, *DATA, *ANTITRUST law, *TRADE regulation

Abstract

The proposal of the Data Act containing 'harmonised rules on fair access and use of data' was released on 23 February 2022. It is a horizontal framework for data access to unlock competition and innovation. The emerging Digital Agriculture sector is one of the non-personal data-driven industries that can be affected by this legislative intervention. Therefore, it is highly relevant to investigate the possible implications of the horizontal Data Act proposal from the sectoral perspective. This paper aims to map the prominent data access problems in this emerging sector, explain the needed solutions for the sectoral challenges, demonstrate what the Data Act brings, and discuss to what extent this horizontal framework is helpful to overcome the sectoral problems connected to the ambiguities on agricultural data access. Thus, this piece also identifies the remaining issues that may need to be addressed by a possible follow-up sectoral regulation and competition law. [ABSTRACT FROM AUTHOR]

Published

2023

35. Russian data retention requirements: Obligation to store the content of communications.

Author

Zhuravlev, Mikhail S. and Brazhnik, Tatiana A.

Subjects

*RECORDS management, *TELECOMMUNICATION, *RIGHT of privacy, *HUMAN rights, *DATA protection

Abstract

This paper presents an analysis of Russian data retention regulations. The most controversial point of the Russian data retention requirements is an obligation to keep the content of communications that is untypical for legislation of European and other countries. These regulations that oblige telecom operators and Internet communication services to store the content of communications should come into force on July 1, 2018. The article describes in detail the main components of the data retention mechanism: the triggers for its application, its scope, exemptions and barriers to its enforcement. Attention is paid to specific principles for implementation of content retention requirements based on the concepts of proportionality, reasonableness and effectiveness. Particular consideration is given to the comparative aspects of the Russian data retention legislation and those applying in different countries (mainly EU member states). The article focuses on the differences between the Russian and EU approaches to the question of how to strike a balance between public security interests and privacy. While the EU model of data retention is developing in the context of profound disputes on human rights protection, the Russian model is mostly concentrated on security interests and addresses mainly economic, technological aspects of its implementation. The paper stresses that a range of factors (legal, economic and technological) needs to be taken into account for developing an optimal data retention system. Human rights guarantees play the key role in legitimization of such intrusive measures as data retention. Great attention should be paid to the procedures, precise definitions, specification of entitled authorities and the grounds for access to data, providing legal immunities and privileges, etc. Only this extensive range of legal guarantees can balance intervention effect of state surveillance and justify data retention practices. [ABSTRACT FROM AUTHOR]

Published

2018

36. Preventing discrimination in the automated targeting of job advertisements.

Author

Dalenberg, David Jacobus

Subjects

*ARTIFICIAL intelligence, *JOB advertising, *BIG data, *MACHINE learning, *DATA mining, *INDIRECT discrimination

Abstract

On the background of the increasing amount of discriminatory challenges facing artificial intelligence applications, this paper examines the requirements that are needed to comply with European non-discrimination law to prevent discrimination in the automated online job advertising business. This paper explains under which circumstance the automated targeting of job advertisements can amount to direct or indirect discrimination. The paper concludes with technical recommendations to dismantle the dangers of automated job advertising. Various options like influencing the pre-processing of big data and altering the algorithmic models are evaluated. This paper also examines the possibilities of using techniques like data mining and machine learning to actively battle direct and indirect discrimination. The European non-discrimination directives 2000/43/EC, 2000/78/EC, and 2006/54/EC which prohibit direct and indirect discrimination in the field of employment on the grounds of race or ethnic origin, sex, sexual orientation, religious belief, age and disability are used as a legal framework. [ABSTRACT FROM AUTHOR]

Published

2018

37. Banking in the cloud: Part 3 – contractual issues.

Author

Hon, W. Kuan and Millard, Christopher

Subjects

*CLOUD computing, *BANKING industry, *FINANCIAL services industry, *DATA protection, *FINANCIAL institutions

Abstract

This paper looks at EU banks' use of public cloud computing services. It is based primarily on anonymised interviews with banks, cloud providers, advisers, and financial services regulators. The findings are presented in three parts. Part 1 of this paper explored the extent to which banks operating in the EU, including global banks, use public cloud computing services. Part 2 of this paper covered the main legal and regulatory issues that may affect banks' use of cloud services. Part 3 looks at the key contractual issues that arise in negotiations between banks and cloud service providers, including data protection requirements, complexities caused by the layering of cloud services, termination, service changes, and liability. It also presents the overall conclusion derived from the studies conducted, as set out in the three parts of the paper. All three parts of the paper can be accessed via Computer Law and Security Review's page on ScienceDirect at: http://www.sciencedirect.com/science/journal/02673649?sdc=2 . The full list of sources is available via the same link and will be printed at the end of this part of the article. [ABSTRACT FROM AUTHOR]

Published

2018

38. Normative challenges of identification in the Internet of Things: Privacy, profiling, discrimination, and the GDPR.

Author

Wachter, Sandra

Subjects

*INTERNET of things, *RIGHT of privacy, *INTERNET security, *ONLINE profiling, *LAW

Abstract

In the Internet of Things (IoT), identification and access control technologies provide essential infrastructure to link data between a user's devices with unique identities, and provide seamless and linked up services. At the same time, profiling methods based on linked records can reveal unexpected details about users' identity and private life, which can conflict with privacy rights and lead to economic, social, and other forms of discriminatory treatment. A balance must be struck between identification and access control required for the IoT to function and user rights to privacy and identity. Striking this balance is not an easy task because of weaknesses in cybersecurity and anonymisation techniques. The EU General Data Protection Regulation (GDPR), set to come into force in May 2018, may provide essential guidance to achieve a fair balance between the interests of IoT providers and users. Through a review of academic and policy literature, this paper maps the inherent tension between privacy and identifiability in the IoT. It focuses on four challenges: (1) profiling, inference, and discrimination; (2) control and context-sensitive sharing of identity; (3) consent and uncertainty; and (4) honesty, trust, and transparency. The paper will then examine the extent to which several standards defined in the GDPR will provide meaningful protection for privacy and control over identity for users of IoT. The paper concludes that in order to minimise the privacy impact of the conflicts between data protection principles and identification in the IoT, GDPR standards urgently require further specification and implementation into the design and deployment of IoT technologies. [ABSTRACT FROM AUTHOR]

Published

2018

39. Banking in the cloud: Part 2 – regulation of cloud as ‘outsourcing’.

Author

Hon, W. Kuan and Millard, Christopher

Subjects

*CLOUD computing, *FINANCIAL services industry, *BANKING laws, *RISK assessment, *DATA protection, *SECRECY (Law)

Abstract

This paper looks at EU banks' use of public cloud computing services. It is based primarily on anonymised interviews with banks, cloud providers, advisers, and financial services regulators. The findings are presented in three parts. Part 1 explored the extent to which banks operating in the EU, including global banks, use public cloud computing services. Part 2 of this paper covers the main legal and regulatory issues that may affect banks' use of cloud services. It sets out how EU banking regulators have approached banks' use of cloud services and considers regulators' lack of cloud computing knowledge. The paper further considers how the regulation of outsourcing applies to banks' use of cloud services, including whether cloud computing constitutes “outsourcing”. It analyses the contentious issue of contractual audit rights for regulators as well as legal and practical issues around risk assessments, security, business continuity, concentration risk, bank resolution, and banking secrecy laws. Part 3 looks at the key contractual issues that arise between banks and cloud service providers, including data protection requirements, termination, service changes, and liability. All three parts of the paper can be accessed via Computer Law and Security Review's page on ScienceDirect at: http://www.sciencedirect.com/science/journal/02673649?sdc=2 . The full list of sources is available via the same link and will be printed alongside the third part of the article. [ABSTRACT FROM AUTHOR]

Published

2018

40. Building sustainable free legal advisory systems: Experiences from the history of AI & law.

Author

Greenleaf, Graham, Mowbray, Andrew, and Chung, Philip

Subjects

*ARTIFICIAL intelligence, *LEGAL literature, *DECISION support systems, *ACCESS to information, *INFORMATION economy

Abstract

The enthusiasm for artificial intelligence (AI) as a source of solutions to problems is not new. In law, from the early 1980s until at least the early 2000s, considerable work was done on developing ‘legal expert systems.’ As the DataLex project, we participated in those developments, through research and publications, commercial and non-commercial systems, and teaching students application development. This paper commences with a brief account of that work to situate our perspective. The main aim of this paper is an assessment of what might be of value from the experience of the DataLex Project to contemporary use of ‘AI and law’ by free legal advice services, who must necessarily work within funding and other constraints in developing and sustaining such systems. We draw fifteen conclusions from this experience, which we consider are relevant to development of systems for free legal advice services. The desired result, we argue, is the development of integrated legal decision-support systems, not ‘expert systems’ or ‘robot lawyers’. We compare our insights with the approach of the leading recent text in the field, and with a critical review of the field over twenty-five years. We conclude that the approach taken by the DataLex Project, and now applied to free legal advice services, remains consistent with leading work in field of AI and law. The paper concludes with brief suggestions of what are the most desirable improvements to tools and platforms to enable development of free legal advice systems. The objectives of free access to legal information services have much in common with those of free legal advice services. The information resources that free access to law providers (including LIIs) can provide will often be those that free legal advice services will need to use to develop and sustain free legal advisory systems. There is therefore strong potential for valuable collaborations between these two types of services providers. [ABSTRACT FROM AUTHOR]

Published

2018

41. Banking in the cloud: Part 1 – banks' use of cloud services.

Author

Hon, W. Kuan and Millard, Christopher

Subjects

*CLOUD computing, *SOFTWARE as a service, *CUSTOMER services, BRITISH banking industry

Abstract

This paper looks at EU banks' use of public cloud computing services. It is based primarily on anonymised interviews with banks, cloud providers, advisers, and financial services regulators. The findings are presented in three parts. Part 1 explores the extent to which banks operating in the EU, including global banks, use public cloud computing services. It describes how banks are using cloud computing and the key drivers for doing so (such as time to market), as well as real and perceived barriers (such as misconceptions about cloud and financial services regulation), including cultural and technical/commercial aspects. It summarises how banks have approached the cloud and how cloud providers have approached the banking sector. Part 2 of this paper will cover the main legal and regulatory issues that may affect banks' use of cloud services, including how the regulation of outsourcing applies to banks' use of cloud services. Part 3 will look at the key contractual issues that arise between banks and cloud service providers, including data protection requirements, termination, service changes, and liability. All three parts of the paper can be accessed via Computer Law and Security Review's page on ScienceDirect at: http://www.sciencedirect.com/science/journal/02673649?sdc=2 . The full list of sources is available via the same link and will be printed alongside the third part of the paper. [ABSTRACT FROM AUTHOR]

Published

2018

42. The unique Chinese legal approach to online ad blocking: Is it in the right direction?

Author

Lu, Bingbin

Subjects

*INTERNET advertising -- Law & legislation, *INTERNET advertising, *AD blockers, *UNFAIR competition

Abstract

The legal debate around online ad blocking demonstrates a tension between user's freedom and online content providers' revenue-generating business model. This paper aims to analyze ad blocking from a unique perspective of the Chinese law and practice. Since ad blocking does not violate copyright law, copyright law cannot be a guardian to the ad-based business model. China takes a different approach to protect the ad-based business model under unfair competition law and bans ad blocking software directly by regulation. The Chinese courts held that providing ad blocking software is anti-competitive under a vague general principle of the Anti-Unfair Competition Law. The special policy reason behind these decisions is that the Chinese government and courts want to maintain this business model and strengthen intellectual property protection. These decisions are reinforced by the regulatory ban of ad blocking software in China. However, the Chinese approach is in the wrong direction. The Chinese courts have applied a principle of “non-interference unless in the public interest” to ad blocking cases but never analyzed the public interest seriously. This paper argues that the “public interest” in the Internet context should be the interests of Internet users. The group of Internet users is large enough to constitute the general public. The public have a compelling interest of autonomy to justify ad blocking. The right approach to solving the ad blocking problem should be flexible, easily adjustable and it should not totally fail one side. Compared to direct regulatory intervention, a flexible judicial approach is better because it could take into consideration a variety of interests and strike a balance in specific cases. And, to regulate new technologies, a soft version of guidelines could be easily adjustable than an immature regulation. The Internet itself is a creative industry developed under the process of “creative destruction”. Any legal intervention shall be careful and not impede the emerging technologies, market structure development and autonomous competition. [ABSTRACT FROM AUTHOR]

Published

2017

43. Using biometric-based identification systems in Brazil: A review on low cost fingerprint techniques on-the-go.

Author

Da Costa-Abreu, Márjory and Smith, Stephen

Subjects

*BIOMETRIC identification, *COMPUTER access control, *HUMAN fingerprints, *TECHNOLOGY, *CRIMINAL investigation

Abstract

Automatic authentication has become an essential service in several public areas. However, although the technology related with this kind of service has evolved, the price tag of its use is not affordable for most countries. In the so-called “under developed” counties, such as Brazil, South Africa and India, for example, registration systems are often paper-based and/or cover only a fraction of the population. Thus, the reality is that there is an increasing gap into the usage of such technologies amongst different countries and it can be a factor that makes development more difficult and, therefore, less inclusive. One of the main technologies used for automatic identity prediction is based on biometrics analysis, which can distinguish physical or behavioural features to help overcome the traditional paper-based identity systems. Despite the limitations already mentioned, Brazil is known to have introduced several different uses of biometric-based technologies for authentication. However, the use of these technologies is not always ideal and, since the population size is a key factor, it is essential to select the most affordable option which is not necessarily the most adequate for the country's needs. This paper will focus on establishing what biometric-based solutions exist in Brazil today, highlighting the main challenges, as well as briefly proposing a new prototype for mobile fingerprint acquisition. [ABSTRACT FROM AUTHOR]

Published

2017

44. Enabling valid informed consent for location tracking through privacy awareness of users: A process theory.

Author

Tsohou, Aggeliki and Kosta, Eleni

Subjects

*INFORMED consent (Law), *ONLINE social networks, *MOBILE apps, *INFORMATION processing, *CELL phone users

Abstract

People use mobile devices for an increasing variety of purposes in order to enjoy the vast possibilities; they check the local weather, road traffic, personalised local news, their personalised favourite social network, etc. At the same time, application developers and market stores deploy mobile applications that collect vast amounts of information on mobile users, such as their age, gender, location or specific phone identifiers. Numerous studies illustrate that mobile applications collect valuable information about users and use it for profiling the users for their own purposes or sell this information for commercial interests. Therefore, the topic of consent to information processing becomes increasingly more interesting for researchers, legal experts and practitioners. In this paper, the authors examine the issue of valid informed consent for location tracking by mobile phone users. They first analyse the legal premises for informed consent that represent requirements for mobile application developers and providers who request consent. However, the ones who actually give consent are the mobile users and therefore their understanding of consent is of paramount importance. Extensive literature is missing on empirical studies examining the topic from the users' perception perspective. For that reason, the authors conduct an empirical investigation with mobile users and present their findings in the form of a process theory. The process theory reveals how users' valid informed consent for location tracking can be obtained, starting from enhancing reading the privacy policy to stimulating privacy awareness and enabling informed consent. The paper includes a discussion section in which the authors describe the implications of the process theory for the different stakeholders and offer recommendations deriving from the empirical findings. The contribution is addressed to software and mobile application developers and providers, technology regulation researchers and policy makers, as well as security and privacy researchers. [ABSTRACT FROM AUTHOR]

Published

2017

45. European regulatory framework for person carrier robots.

Author

Fosch Villaronga, E. and Roig, A.

Subjects

*HUMAN-robot interaction, *DATA protection, *EUROPEAN Union law, *ROBOTICS, *ETHICS, *LAW

Abstract

The aim of this paper is to establish the grounds for a future regulatory framework for Person Carrier Robots, which includes legal and ethical aspects. Current industrial standards focus on physical human–robot interaction, i.e. on the prevention of harm. Current robot technology nonetheless challenges other aspects in the legal domain. The main issues comprise privacy, data protection, liability, autonomy, dignity, and ethics. The paper first discusses the need to take into account other interdisciplinary aspects of robot technology to offer complete legal coverage to citizens. As the European Union starts using impact assessment methodology for completing new technologies regulations, a new methodology based on it to approach the insertion of personal care robots will be discussed. Then, after framing the discussion with a use case, analysis of the involved legal challenges will be conducted. Some concrete scenarios will contribute to easing the explanatory analysis. [ABSTRACT FROM AUTHOR]

Published

2017

46. The law and economics of AI liability.

Author

Buiten, Miriam, de Streel, Alexandre, and Peitz, Martin

Subjects

*ECONOMICS, *ARTIFICIAL intelligence, *EMPLOYMENT, *LEGAL liability

Abstract

The employment of AI systems presents challenges for liability rules. This paper identifies these challenges and evaluates how liability rules should be adapted in response. The paper discusses the gaps in liability that arise when AI systems are unpredictable or act (semi)-autonomously. It considers the problems in proving fault and causality when errors in AI systems are difficult to foresee for producers, and monitoring duties of users are difficult to define. From an economic perspective, the paper considers what liability rules would minimise costs of harm related to AI. Based on the analysis of risks and optimal liability rules, the paper evaluates the recently published EU proposals for a Product Liability Directive and for an AI Liability Directive. [ABSTRACT FROM AUTHOR]

Published

2023

47. Sentencing data-driven cybercrime. How data crime with cascading effects is tackled by UK courts.

Author

Porcedda, Maria Grazia

Subjects

*COMPUTER crimes, *PERSONALLY identifiable information, *BIG data, *DATA protection, *CLOUD computing

Abstract

This paper contributes to research seeking to understand if and how legislation can effectively counter cybercrimes that compromise personal data. These 'data crimes', which are the 'dark side' of big data and the data economy enabled by cloud computing, display cascading effects, in that they empower disparate criminals to commit further crimes and victimise a broad range of individuals or data subjects. The paper addresses the under-researched area of sentencing, which, as the last step of the judicial process, plays a crucial role in how the law is interpreted and implemented. This paper investigates courts' approach to the evolving technological environment of cybercrime captured by data crime and the cascade effect and whether the cascade effect can assist courts in dealing with data-driven cybercrime. The paper examines original data collected from UK courts, namely 17 sentencing remarks relating to cybercrime court cases decided in England & Wales between 2012 and 2019. The analysis shows that courts appreciate the impact of data crime and their cascading effects, but that the complexity of the offences is lost at sentencing, arguably due to the negative impact of systemic factors, such as technology neutral law and the lack of legal authorities. After examining such systemic factors, the paper suggests how the cascade effect could aid sentencing by adding specificity and context to data crime. The paper ends with avenues for further research relating to debates on fair cybercrime sentencing and open justice. [ABSTRACT FROM AUTHOR]

Published

2023

48. Can legitimate interest be an appropriate lawful basis for processing Artificial Intelligence training datasets?

Author

Kramcsák, Pablo Trigo

Subjects

*ARTIFICIAL intelligence, *DATA protection, *ELECTRONIC data processing, *JURISDICTION

Abstract

Precision and effectiveness of Artificial Intelligence (AI) models are highly dependent on the availability of genuine, relevant, and representative training data. AI systems tested and validated on poor-quality datasets can produce inaccurate, erroneous, skewed, or harmful outcomes (actions, behaviors, or decisions), with far-reaching effects on individuals' rights and freedoms. Appropriate data governance for AI development poses manifold regulatory challenges, especially regarding personal data protection. An area of concern is compliance with rules for lawful collection and processing of personal data, which implies, inter alia, that using databases for AI design and development should be based on a clear and precise legal ground: the prior consent of the data subject or another specific valid legal basis. Faced with this challenge, the European Union's personal data protection legal framework does not provide a preferred, one-size-fits-all answer, and the best option will depend on the circumstances of each case. Although there is no hierarchy among the different legal bases for data processing, in doubtful cases, consent is generally understood by data controllers as a preferred or default choice for lawful data processing. Notwithstanding this perception, obtaining data subjects' consent is not without drawbacks for AI developers or AI-data controllers, as they must meet (and demonstrate) various requirements for the validity of consent. As a result, data subjects' consent could not be a suitable and realistic option to serve AI development purposes. In view of this, it is necessary to explore the possibility of basing this type of personal data processing on lawful grounds other than the data subject's consent, specifically, the legitimate interest of the data controller or third parties. Given its features, legitimate interests could help to meet the challenge of quality, quantity, and relevance of data curation for AI training. The aim of this article is to provide an initial conceptual approach to support the debate about data governance for AI development in the European Union (EU), as well as in non-EU jurisdictions with European-like data protection laws. Based on the rules set by the EU General Data Protection Regulation (GDPR), this paper starts by referring to the relevance of adequate data curation and processing for designing trustworthy AI systems, followed by a legal analysis and conceptualization of some difficulties data controllers face for lawful processing of personal data. After reflecting on the legal standards for obtaining data subject's valid consent, the paper argues that legitimate interests (if certain criteria are met) may better match the purpose of building AI training datasets. [ABSTRACT FROM AUTHOR]

Published

2023

49. Using sensitive data to prevent discrimination by artificial intelligence: Does the GDPR need a new exception?

Author

van Bekkum, Marvin and Zuiderveen Borgesius, Frederik

Subjects

*ARTIFICIAL intelligence, *GENERAL Data Protection Regulation, 2016, *DECISION making, *DATA protection

Abstract

Organisations can use artificial intelligence to make decisions about people for a variety of reasons, for instance, to select the best candidates from many job applications. However, AI systems can have discriminatory effects when used for decision-making. To illustrate, an AI system could reject applications of people with a certain ethnicity, while the organisation did not plan such ethnicity discrimination. But in Europe, an organisation runs into a problem when it wants to assess whether its AI system accidentally discriminates based on ethnicity: the organisation may not know the applicants' ethnicity. In principle, the GDPR bans the use of certain 'special categories of data' (sometimes called 'sensitive data'), which include data on ethnicity, religion, and sexual preference. The proposal for an AI Act of the European Commission includes a provision that would enable organisations to use special categories of data for auditing their AI systems. This paper asks whether the GDPR's rules on special categories of personal data hinder the prevention of AI-driven discrimination. We argue that the GDPR does prohibit such use of special category data in many circumstances. We also map out the arguments for and against creating an exception to the GDPR's ban on using special categories of personal data, to enable preventing discrimination by AI systems. The paper discusses European law, but the paper can be relevant outside Europe too, as many policymakers in the world grapple with the tension between privacy and non-discrimination policy. [ABSTRACT FROM AUTHOR]

Published

2023

50. The thin red line: Refocusing data protection law on ADM, a global perspective with lessons from case-law.

Author

Demetzou, Katerina, Zanfir-Fortuna, Gabriela, and Vale, Sebastião Barros

Subjects

*DATA protection, *JUDGE-made law, *GENERAL Data Protection Regulation, 2016, *LEGISLATION, *COMPARATIVE law

Abstract

This article explores existing data protection law provisions in the EU and in six other jurisdictions from around the world - with a focus on Latin America - that apply to at least some forms of the processing of data typically part of an Artificial Intelligence (AI) system. In particular, the article analyzes how data protection law applies to "automated decision-making" (ADM), starting from the relevant provisions of EU's General Data Protection Regulation (GDPR). Rather than being a conceptual exploration of what constitutes ADM and how "AI systems" are defined by current legislative initiatives, the article proposes a targeted approach that focuses strictly on ADM and how data protection law already applies to it in real life cases. First, the article will show how GDPR provisions have been enforced in Courts and by Data Protection Authorities (DPAs) in the EU, in numerous cases where ADM is at the core of the facts of the case considered. After showing that the safeguards in the GDPR already apply to ADM in real life cases, even where ADM does not meet the high threshold in its specialized provision in Article 22 ("solely" ADM which results in "legal or similarly significant effects" on individuals), the article includes a brief comparative law analysis of six jurisdictions that have adopted general data protection laws (Brazil, Mexico, Argentina, Colombia, China and South Africa) and that are visibly inspired by GDPR provisions or its predecessor, Directive 95/46/EC, including those that are relevant for ADM. The ultimate goal of this study is to support researchers, policymakers and lawmakers to understand how existing data protection law applies to ADM and profiling. 1 1 The authors thank the reviewers of the CPDP Latin America 2022 Conference and this journal for their suggestions to improve the draft paper. We also thank our colleague Stefania Medrano for her research and translation support into Latin American jurisdictions. [ABSTRACT FROM AUTHOR]

Published

2023