Showing total 484 results

1. The problem of spam law: a comment on the Malaysian communications and multimedia commission's discussion paper on regulating unsolicited commercial messages

Author

Khong, Dennis W.K.

Subjects

*SPAM email laws, *INTERNET laws, *INTERNET fraud, *DIGITAL media, MALAYSIA. Communications & Multimedia Commission

Abstract

The Malaysian Communications and Multimedia Commission published a discussion paper on Regulating Unsolicited Commercial Messages in early August 2003. It was undertaken as a precursor to a law to control the problem of junk mails or spam on the Internet and other electronic media. In this article, I intend to explore the problem of regulating spam from an economic point of view, and to discuss the Commission''s findings. [Copyright &y& Elsevier]

Published

2004

2. ... and still we are left wanting: Malta's White Paper on digital rights.

Author

Weitzenboeck, Emily M.

Subjects

*DIGITAL rights management, *TECHNOLOGY & law, *INTERNET access, *FREEDOM of information, *ACCESS control, *ELECTRONIC information resources, MALTESE politics & government

Abstract

CLSR welcomes occasional comment pieces on issues of current importance in the law and technology field from different jurisdictions. In this instance the Government of Malta published a White Paper in October 2012 for public consultation, proposing the introduction of the following four so-called "digital rights" in the Constitution of Malta: (1) the right to Internet access; (2) the right to informational access; (3) the right to informational freedom and (4) the right to digital informational self-determination. The author believes that the proposal is indeed a step in the right direction but lacks punch where it matters most and does not go far enough. [ABSTRACT FROM AUTHOR]

Published

2013

3. The 2014 IAITL Conference - Call for papers - The 9th International Conference on Legal, Security and Privacy Issues in IT Law (LSPI) 15-17 October 2014, Lisbon, Portugal.

Published

2014

4. The 8th CLSR Best Paper Awards are announced at the IAITL Conference in Bangkok.

Subjects

*CONFERENCES & conventions, *LAWYERS, *INFORMATION technology, *AWARDS

Abstract

The article offers information about the annual conference "International Association of IT Lawyers" (IAITL) that was held in Bangkok, Thailand from November 11-15, 2013 and also about the 8th 'CLSR Best Paper Awards" that was given to Dr Uri Volovelsky.

Published

2014

5. The Fifth International Conference on Legal, Security and Privacy Issues in IT Law (LSPI), November 3–5, 2010, Barcelona, Spain: CLSR Best Paper Awards

Published

2011

6. ELECTRONIC SIGNATURES — EVIDENCE: THE EVIDENTIAL ISSUES RELATING TO ELECTRONIC SIGNATURES1<fn id="fn1"><no>1</no>The author wishes to thank Professor Tapper, Peter Howes COO of rchive-it.com, Charles Hollander QC, John Theobald of Ikan plc and Nicholas Bohm consultant to Fox Williams and Alec Muffett Principle Engineer Security at Sun Microsystems Limited, for reading the first draft of this paper and for their valuable comments. All errors and omissions remain with the author.</fn> — PART 1

Author

Mason, Stephen

Subjects

*ELECTRONIC commerce, *DIGITAL signatures

Abstract

Both the Government and the industry are keenly promoting the use of electronic signatures. It is assumed that the widespread use of electronic signatures will encourage greater use of the Internet as a means to buy goods and services. This article looks at the evidential issues relating to electronic signatures, and illustrates the weakness of the infrastructure which, in turn, highlights the risks that both users and recipients encounter when using electronic signatures. [ABSTRACT FROM AUTHOR]

Published

2002

7. EU Data Protection Policy: The Privacy Fallacy: Adverse Effects of Europe’s Data Protection Policy in an Information-Driven Economy1<fn id="fn1"><no>1</no>I presented a short version of this paper at a seminar hosted by FEDMA and the Center for Information Policy Leadership @ Hunton & Williams (Data Flows and Individual Autonomy: The Benefits of Free Flow and the Cost of Privacy, Brussels, May 22, 2001). I am grateful for comments received from participants at that seminar, including Ulf Bru¨hann, Commission of the EC, and Paul de Hert, Catholic University Brabant (KUB). In addition, Marty Abrams, Professor Fred Cate, Oscar Marquis, and Jan Dhont, all of the law firm of Hunton & Williams, and Professor Corien Prins, Catholic University Brabant (KUB), made helpful comments and suggestions. My thinking on this subject has been shaped by discussions in the context of the Global Solutions Project of the Center for Information Policy Leadership @ Hunton & Williams.</fn>

Author

Bergkamp, Lucas

Subjects

*DATA protection laws, *RIGHT of privacy, *INFORMATION society

Abstract

The European Union has established a comprehensive legislative privacy framework aimed at protecting data pertaining to individuals. The EU is currently in the process of amending and supplementing its data protection legislation to prepare for the information society. In this article, Professor Lucas Bergkamp questions the desirability and necessity of the EU’s data protection regime in the information society. He examines the “other side” of data protection law and identifies its paradoxical and adverse effects. Based on a thorough analysis of how privacy law affects markets, he argues that data protection restricts consumer choice and freedom, and results in consumers receiving outdated, lower quality products and services at higher prices. The author proposes possible alternative approaches to data protection in Europe, and identifies the groundwork that needs to be conducted to devise a sensible, balanced privacy framework for the information society. [ABSTRACT FROM AUTHOR]

Published

2002

8. Harmonizing innovation and regulation: The EU Artificial Intelligence Act in the international trade context.

Author

REN, Qiang and DU, Jing

Subjects

*ARTIFICIAL intelligence, *ARTIFICIAL intelligence laws, *CIVIL rights, *FOREIGN trade regulation, DEVELOPING countries

Abstract

The European Union's Artificial Intelligence Act focuses on establishing harmonized rules across EU Member States so that AI systems are safe, transparent, and respectful of existing laws and fundamental rights. It introduces a risk-based regulatory approach, classifying AI applications by risk levels and imposing stringent compliance requirements on high-risk applications. The paper critically examines the Act's provisions, including its prohibitions on certain AI practices, requirements for high-risk AI systems, and mandates for transparency and human oversight. The paper examines the implications of the Act for international trade and technological regulation, particularly in the context of the World Trade Organization's Technical Barriers to Trade (TBT) Agreement. It addresses the Act's potential impact on developing countries, highlighting concerns that the Act's uniform standards could potentially exacerbate the digital divide and create barriers in global AI innovation and trade. The paper suggests incorporating flexibility and differential standards in the Act, enhancing technical assistance for developing countries, and advocating the EU's active participation in global standard-setting. [ABSTRACT FROM AUTHOR]

Published

2024

9. ETIAS system and new proposals to advance the use of AI in public services.

Author

Rico, Clara Isabel Velasco and Laukyte, Migle

Subjects

*ARTIFICIAL intelligence, *PUBLIC services, *LAW enforcement, *HUMAN rights, *SOLIDARITY

Abstract

Eu-LISA is launching the European Travel Information and Authorization System (ETIAS), which seems an example of a different, human rights-oriented approach to AI within the law enforcement. However, the reality is quite different: the usual problems of the use of AI—lack of transparency, bias, opacity, just to name a few—are still on board. This paper critically assesses these promises of ETIAS and argues that it has serious issues that have not been properly dealt with. So as to argue the need to address these issues, the paper addresses ETIAS within the wider context of human rights and solidarity-based data governance. In this respect, ETIAS is seen as a tool which uses data for high value purposes, such as EU safety and security, yet it also calls for serious risk mitigation measures. Indeed, the risks related to law enforcement on the borders and in migration management are extremely serious due to the vulnerability of people who escape from poverty, wars, regimes, and other disasters. In the third part of this article, we articulate three proposals of such risk mitigation measures. We argue in favour of strengthening critical general safeguards in ETIAS, then elaborate a principle that should guide AI-based public service development (P4P principle) and end with a few IPR-related requirements for private sector involvement in such services. Adopting these measures could contribute to reduce the risk of building EU AI expertise upon data coming from the most vulnerable social groups of our planet. [ABSTRACT FROM AUTHOR]

Published

2024

10. Prospective implementation of ai for enhancing European (in)security: Challenges in reasoning of automated travel authorization decisions.

Author

Csatlós, Erzsébet

Subjects

*DECISION making, *ARTIFICIAL intelligence, *DATA protection laws, *EMIGRATION & immigration, *NATIONAL security, *CIVIL rights

Abstract

The European Travel Information and Authorisation System , along with the automated decision-making system for immigration filtering, is soon to become a guardian controlling entry into Europe. In the digital realm of issuing travel authorisations, a central question arises: does streamlining the process of using an authoritative decision through IT tools and artificial intelligence simplify administrative decision-making, or does it raise more profound legal issues? The pressing question is whether algorithms will ultimately determine human destinies, or if we have not reached that point yet. This paper examines the set of rules for making a decision on the refusal of a travel permit, considering the obligations tied to providing reasons for such decisions. It emphasizes that the rationale should be built upon a combination of factual and legal foundations, which would entail revealing data linked to profiling. While explicit rights for explanations might not be granted, having substantial information gives the ability to contest decisions. To ensure decisions are well-founded, the methodology used for profiling must support these determinations, as general system descriptions are inadequate for clarifying specific cases. Therefore, the paper concludes that the complex interaction between the ETIAS screening process, data protection laws, and national security concerns presents a challenging situation for procedural rights. Fundamental rights, such as accessing records and receiving decision explanations, clash with the necessity to safeguard national security and build a so-called security union for Europe, it establishes a feeling of insecurity about respect for EU values. [ABSTRACT FROM AUTHOR]

Published

2024

11. The authenticity crisis.

Author

Jacobs, Bart

Subjects

*INTEGRITY, *DIGITAL signatures, *SECURITY management, *TRUTHFULNESS & falsehood, *FAKE news

Abstract

Authenticity of information is a term with a clear meaning, not in law, but in the area of information security. There, it involves two aspects, called source-authenticity and message-authenticity; they guarantee certainty about the origin of information, and about its integrity. Authenticity differs from veracity: whether information is true (holds) or not is independent of its authenticity. The authenticity crisis described in the title of this paper refers to the destabilising impact of the lack of authenticity of online information, for instance in fake news. The paper proposes systematic use of digital signatures to guarantee authenticity. A crucial point is that authenticity may be organised via technical means (namely via digital signatures), whereas veracity can not. Authenticity-guarantees make institutions recognisable online and provide people with useful tools for making their own credibility judgements. [ABSTRACT FROM AUTHOR]

Published

2024

12. Consumer neuro devices within EU product safety law: Are we prepared for big tech ante portas?

Author

Steindl, Elisabeth

Subjects

*PRODUCT safety laws, *NEUROTECHNOLOGY (Bioengineering), *INVESTMENTS, *DIGITAL technology

Abstract

Previously confined to the distinct medical market, neurotechnologies are expanding rapidly into the consumer market, driven by technological advancements and substantial investments. While offering promising benefits, concerns have emerged regarding the suitability of existing legal frameworks to adequately address the risks they present. Against the background of an ongoing global debate on new policies or new 'neurorights' regulating neurotechnology, this paper delves into the regulation of consumer Brain-Computer Interfaces (BCIs) in the European Union (EU), focusing on the pertinent product safety legislation. The analysis will primarily examine the sector-specific product safety law for medical devices, the Medical Devices Regulation (MDR). It will meticulously delineate which consumer BCIs fall within its scope and are obliged to comply with the requirements outlined. The tech-based approach of Annex XVI MDR, coupled with recent amendments, show that the EU has adopted a forward-thinking rationale towards regulating health-related risks associated with consumer BCIs within existing EU medical devices legislation, while abstaining from over-regulating aspects therein that are beyond its core objectives. Supplementary, the paper will discuss developments in EU horizontal product safety law, regulating all consumer BCIs that are not subject to sector-specific product safety legislation. In their recently adopted General Product Safety Regulation (GPSR), the EU has introduced several provisions addressing digital products. Inter alia, these changes will enhance the horizontal regulation of consumer BCIs. Overall, within the context of product safety law, the recent adaptations affirm notable efforts by the EU to refine the legal framework that governs consumer BCIs, striking a delicate balance between effective technology regulation and not impeding innovation. [ABSTRACT FROM AUTHOR]

Published

2024

13. Identification and demarcation—A general definition and method to address information technology in European IT security law.

Author

Brinker, Nils

Subjects

*INFORMATION technology, *INTERNET security, *DIGITAL technology, *OPEN source products, *OPEN source intelligence

Abstract

Information technology (IT) as a regulatory object is defined and viewed differently across various domains of European IT security law. However, common definitions and methods for the demarcation and separation of operational information technology can contribute to coherence in the historically grown body of regulation. This paper identifies three different general approaches for the treatment of information technology within the existing body of law: information technology as a means, as a service and as a product. Furthermore, we compile a general definition of information technology , which consists of three logical subentities: components, systems , and services. Additionally, steps for the practical identification of the operational information technology addressed by material law requirements are shown. First, all services that affect an articulated protected good must be identified. Within the identification of the systems used to realize those services , two dimensions must be considered. There is the functional dimension as well as the control and power of the disposal dimension. An identified weakness of the current state of IT security law is a lack of clearly formulated protected goods within the existing regulations, which contributes to the difficulties of addressing information technology in general. Furthermore, this paper discusses which actors are responsible for a demarcated piece of information technology and what responsibilities are assigned to them. This section also elaborates on the difficulty of appropriately addressing commercial and non-commercial actors. [ABSTRACT FROM AUTHOR]

Published

2024

14. Balancing the platform responsibility paradox: A case for amplification regulation to mitigate the spread of harmful but legal content online.

Author

Park, Tae Jung and Rohatgi, Akshita

Subjects

*INTERNET, *DIGITAL technology, *CENSORSHIP, *JURISDICTION, *FREEDOM of speech

Abstract

This paper examines the complex issue of harmful but legal content (HBLC) moderation on the internet, focusing on the contentious nature of specific content categories regulation and the emergence of an alternative approach, regulating these categories under the umbrella of HBLC. It highlights the fundamental difference between legal and illegal content and the irony when platforms face more liability than the principal poster for failing to take down legal, albeit harmful content, posted by third parties. Instead, it argues that platforms should be held accountable for amplifying harmful content due to the role of their recommender systems in promoting this content for engagement purposes. While challenging to conceptualise, the concept of amplification regulation is scrutinised in relation to HBLC and the potential ways of implementing such regulation are examined. Furthermore, the paper delves into the dynamic between the State and online platforms in the context of HBLC and amplification regulation, emphasising the need for a balanced approach tailored to each jurisdiction's context. [ABSTRACT FROM AUTHOR]

Published

2024

15. Transborder flow of personal data (TDF) in Africa: Stocktaking the ills and gains of a divergently regulated business mechanism.

Author

Babalola, Olumide

Subjects

*PERSONALLY identifiable information, *TRANSBORDER data flow, *STAKEHOLDERS

Abstract

Technology-based transactions are inseparable from the routine exchange of data. These exchanges may not pose privacy problems until the movement takes extra-territorial turns thereby facing multiple levels of cross-border regulations. In the 80 s, the frequency of transfer of personal data beyond geographical boundaries in Europe precipitated the regulation of transborder data flows (TDF) beginning with the enactment of the Organization for OECD Guidelines. In Africa, the concept of TDF is more complex than usually viewed by the stakeholders and this is partly because neither the African Union nor other regional bodies have introduced legislation on TDF. Like many concepts in data protection, TDF is bereft of a generally accepted meaning. Regardless of the uncertainty, this paper approaches TDF as the transmission of personal data from one country to another country or international entity for the purpose of processing. The paper discusses some definitions of TDF as understood under African regional and national data protection legislation. In a comparative and normative approach, the paper analyses the barriers to TDF in Africa vis a vis the European experience and then concludes with recommendations for workable TDF within and outside the continent from an African perspective beginning with the harmonization of existing regional framework. [ABSTRACT FROM AUTHOR]

Published

2024

16. The rise of livestreaming e-commerce in China and challenges for regulation: A critical examination of a landmark case occurring during COVID-19 pandemic.

Author

Xiao, Pinghui

Subjects

*ELECTRONIC commerce, *COVID-19 pandemic, *LIVE streaming, *ONLINE shopping

Abstract

The devastating COVID-19 pandemic saw that the livestreaming e-commerce, which is a brand-new e-commerce model by combining online shopping with livestreams, emerged prominently in China. It shares some commonalities with other forms of e-commerce and traditional shopping channels like TV shopping one way or another, but the former is a disruptive iteration of the latter. Nonetheless, the arrival of livestreaming e-commerce also brings about significant regulatory challenges, due to opportunistic livestreamers coupled with other issues, resulting in all kinds of market failure acts, with false or misleading representations figuring most prominently. This is reflected by a landmark case occurring during the pandemic, in which Xin Ba as one of the most influential livestreamers sold cubilose products via Kuaishou, China's leading livestreaming e-commerce platform, in a false or misleading way. When the cubilose products touted as luxury foods were later proven to contain nothing but water and sugar, it attracted considerable public attention due to the large number of consumers affected and huge transactions it generated. This scandal was followed by an administrative investigation and a civil investigation. The Paper has an in-depth analysis of legal issues surrounding these investigations mainly centered on how Xin Ba as a livestreamer is liable for what, and finds that the laws applied to livestreaming e-commerce demonstrate legal inconsistencies and gaps, which a corresponding legal reform is proposed to address. As a way forward, the Paper also examines the issue of platform liabilities, a topic under-discussed under the landmark case. Upon the above deep analyses, the Paper concludes. [ABSTRACT FROM AUTHOR]

Published

2024

17. Stack is the New Black?: Evolution and Outcomes of the 'India-Stackification' Process.

Author

Parsheera, Smriti

Subjects

*DIGITAL technology, *ELECTRONIC commerce, *DIGITAL transformation, *ELECTRONIC funds transfers

Abstract

India is going through a transformative phase in its digital journey. A large part of this is enfolding in the field of digital public infrastructures as the 'India Stack' branded suite of technological solutions permeates through areas like digital identity, instant payments, digital commerce, and consent management. The paper traces the socio-technical imaginaries that have fueled India's digital transformation strategy and how India Stack acquired its central place in that scheme. Drawing upon India's performance on global ICT-related indices and the OECD's Good Practice Principles for Public Service Design and Delivery, the paper also examines how the country is faring in translating its visions of digital transformation into outcomes. It identifies reliance on coercive digital adoption strategies, lack of participative decision-making, and insufficient accountability safeguards as some of the fault lines in India's path to fair and equitable digital transformation. [ABSTRACT FROM AUTHOR]

Published

2024

18. Privacy icons as a component of effective transparency and controls under the GDPR: effective data protection by design based on art. 25 GDPR.

Author

von Grafenstein, Max, Kiefaber, Isabel, Heumüller, Julie, Rupp, Valentin, Graßl, Paul, Kolless, Otto, and Puzst, Zsófia

Subjects

*DATA protection, *DATA privacy, *GENERAL Data Protection Regulation, 2016, *INFORMATION technology, *COOKIES (Computer science)

Abstract

Understandable privacy information builds trust with users and therefore provides an important competitive advantage for the provider. However, designing privacy information that is both truthful and easy for users to understand is challenging. There are many complex balancing decisions to be made, not only with respect to legal but also visual and user experience design issues. This is why designing understandable privacy information requires combining at least three disciplines that have had little to do with each other in current practice: law, visual design, and user experience design research. The challenges of combining all three disciplines actually culminate in the design and use of Privacy Icons, which are expected to make lengthy legal texts clear and easy to understand (see Art. 12 sect. 7 of the EU General Data Protection Regulation). However, that is much easier said than done. In this paper, we summarise our key learnings from a five years research process on how to design Privacy Icons as a component of effective transparency and user controls. We will provide examples of information and control architectures for privacy policies, forms of consent (especially in the form of cookie banners), privacy dashboards and consent agents in which Privacy Icons may be embedded, 2) a non-exhaustive set of more than 150 Privacy Icons, and above all 3) a concept and process model that can be used to implement the requirements of the GDPR in terms of transparency and user controls in an effective way, according to the data protection by design approach in Art. 25 sect. 1 GDPR. The paper will show that it is a rocky road to the stars and we still haven't arrived – but at least we know how to go. [ABSTRACT FROM AUTHOR]

Published

2024

19. Is the regulation of connected and automated vehicles (CAVs) a wicked problem and why does it matter?

Author

Dunphy, Amy

Subjects

*AUTONOMOUS vehicles, *DRIVERLESS cars, *ARTIFICIAL intelligence, *DIGITAL technology, *GOVERNMENT regulation

Abstract

The anticipated public deployment of highly connected and automated vehicles ('CAVs') has the potential to introduce a range of complex regulatory challenges because of the novel and expansive way that data is generated, used, collected and shared by CAVs. Regulators within Australia and internationally are facing the complex task of developing rules and regulations to meet these challenges against the backdrop of continuing uncertainty about the ultimate form of CAVs and the timeframe for their introduction. This paper undertakes a novel examination of whether the regulation of high level CAVs and their associated data will constitute a 'wicked problem'. The wicked problem framework provides a valuable lens through which to examine difficult issues that are faced by regulators and, in turn, to aid in developing regulatory responses and to navigate such issues. A new four quadrant framework is developed and applied. It draws on and expands the seminal work on wicked problems by Rittel and Webber, and Alford and Head. The framework is used to critically reflect on whether CAVs are a 'wicked problem', and, if so, what might be the potential consequences for policy and regulatory development involving the data environment. This paper considers whether evaluating the 'wickedness' of a problem is a useful exercise for regulators, and the potential impact on developing novel approaches to regulatory responses. [ABSTRACT FROM AUTHOR]

Published

2024

20. The future EU postal regulation. What can be learnt from the telecommunication regulations.

Author

Chołodecki, Mateusz

Subjects

*TELECOMMUNICATION, *POSTAL service, *INFORMATION technology, *INTERNET

Abstract

Postal and telecommunication markets are part of the network industry, regulated by specific regimes. After a long period of legal monopoly, the telecommunication market was fully liberalized before the postal one. Thus, the telecommunication regulatory framework has always been a pattern for the postal market in the EU. These two markets constantly develop in the fast-changing technological environment and shifting customer demands. The paper deals with the regulatory challenges of the EU postal market in light of the recently adopted telecommunication regulation - the EU Directive 2018/1972 establishing the European Electronic Communications Code. The directive has set new regulatory goals changing them to focus on high-speed internet connectivity and a more consumer-oriented market. The current postal regulatory framework has achieved all its goals and needs new ones to adjust the market to contemporary challenges. First, the paper critically analyzes the current EU regulatory framework in the postal market. Then, it proposes a new regulatory model considering market needs like mail-oriented universal postal service, fast-growing e-commerce, and the competition from new entrants. [ABSTRACT FROM AUTHOR]

Published

2024

21. Towards a right to repair for the Internet of Things: A review of legal and policy aspects.

Author

Boniface, Christopher, Urquhart, Lachlan, and Terras, Melissa

Subjects

*INTERNET of things, *DATA protection, *DATA privacy, *SUSTAINABILITY, *INFORMATION technology

Abstract

The way in which consumers engage with, utilise, or discard the technologies in their lives is constantly being reassessed and changed. This paper questions what role the emergent "right to repair" could play in resolving issues posed by the increasing ubiquity of the Internet of Things (IoT). The right gives consumers the ability and freedom to fix their devices, or to fair access to appropriate services that can carry out repair on their behalf. In this paper, firstly we establish the problem space surrounding consumer IoT – i.e., devices that are interconnected via the internet, enabling them to send and receive data. We reflect on hardware, software, and data components that pose legal and policy challenges for data protection, security, and sustainability. Through a literature review we then reflect on the current socio-legal developments that support or oppose changes in the consumer IoT market in regards to repair. We then highlight gaps in the existing literature that should inform future research trajectories in this area. This includes exploring disparities between environmental and consumer autonomy approaches, assessing consistency in regulatory developments, and market prioritisation. Finally, the paper concludes with a series of key insights and recommendations from our analysis including: recognition of the growing e-Waste problem and the inequalities it exacerbates and perpetuates; the need for identification and argumentation for different formulations of "repair" and how these may impact the implementation of a right going forward; the need for identification of the reasoning behind disparities in governmental approaches to the right to repair; and the need to practically translate better IoT design practices into reality. [ABSTRACT FROM AUTHOR]

Published

2024

22. Challenges in regulating cloud service providers in EU financial regulation: From operational to systemic risks, and examining challenges of the new oversight regime for critical cloud service providers under the Digital Operational Resilience Act.

Author

Kun, Eyup

Subjects

*SYSTEMIC risk (Finance), *OPERATIONAL risk, *FINANCIAL institutions, *INTERNET security

Abstract

The use of cloud services by financial institutions has become increasingly prevalent due to its economic benefits. However, this comes with the inherent drawbacks of increased security risks and potential financial stability risks from the cloud market concentration. The EU has introduced specific legal instruments that place responsibilities on financial institutions to mitigate these risks. This paper analyses how the regulation of cloud service providers in the EU financial sector has evolved from the regulation of operational risk to the regulation of systemic risk. The Digital Operational Resilience Act, adopted in December 2022 and effective from January 17, 2025, plays a key role in enabling this transformation by recognizing the systemic risk aspect of the use of cloud service providers. It responds to this risk by creating a new oversight regime of critical cloud service providers. However, new oversight of critical cloud service providers brings about novel problems, particularly concerning the ne bis in idem principle in the case of overlapping oversight and enforcement by different authorities responsible for respective legislative instruments in cybersecurity and data protection. The overlapping oversight shall respect the principle. This paper evaluates to what extent the overlapping regime respects the principle under Article 50 of the Charter of Fundamental Rights of the European Union by analysing the Digital Operational Resilience Act and provides suggestions to improve coordination among different competent authorities in the case of overlapping supervision and enforcement to respect the principle. [ABSTRACT FROM AUTHOR]

Published

2024

23. The development of China's electronic case file regulations and its future implications.

Author

Qin, Han, Chen, Li, and Mou, Luye

Subjects

*CRIMINAL procedure, *CRIMINAL justice system, *DATA security failures, *DATA protection

Abstract

Following the issuance of a set of guiding opinions by the Supreme People's Court and Supreme People's Procuratorate in 2016, China has developed a preliminary framework to regulate the preparation, transfer, and use of electronic files. This paper sets out the key features of this framework, highlighting in particular the usefulness of electronic case files as procedural evidence to safeguard the integrity of the criminal justice process. This paper argues that such measures contribute significantly to improving procedural justice and judicial independence in contemporary China. However, further technological and legal rules are needed to address security concerns arising from the use of electronic files. The use of electronic case files is accompanied by new vulnerabilities in the criminal process in the form of data leakage, malicious tampering, and file losses. If these concerns are sufficiently addressed, the further integration of cutting-edge technology could improve the protection of the rights of the accused, reduce latent judge bias, and provide further clarity on the legal status of electronic case files in China. [ABSTRACT FROM AUTHOR]

Published

2024

24. FutureNewsCorp, or how the AI Act changed the future of news.

Author

Helberger, Natali

Subjects

*ARTIFICIAL intelligence, *PRESS, *LEGAL liability, *DIGITAL technology, *INFORMATION technology

Abstract

Inspired by scenario writing methods to foster discussion on the societal implications of technology and regulation, the paper develops a 'legal fiction scenario' to anticipate the impact of the proposed European AI Act and examine some of the regulatory choices made. The paper tells the story of FutureNewsCorp – the largest news media company in Europe in the year 2043. The story of FutureNewsCorp is used for a critical analysis of the most recent draft of the AI Act and here, in particular, of the role of standardisation bodies and the division of responsibility between providers of AI systems and their professional users. Using the scenario method, the paper demonstrates that regulations like the planned AI Act can result in a shift of the power to decide what responsible use of AI is - from regulators and editors to technology developers and standardisation bodies - and that in doing so it may contribute to changing the structure and workings of an entire sector. [ABSTRACT FROM AUTHOR]

Published

2024

25. Citizen scientists as data controllers: Data protection and ethics challenges of distributed science.

Author

Purtova, Nadezhda and Pierce, Robin L

Subjects

*CITIZEN science, *DATA protection, *PERSONALLY identifiable information, *RESEARCH ethics, *ACQUISITION of data

Abstract

Citizen-science is a rapidly expanding approach to knowledge production that increasingly involves the collection of personal data in various forms. This processing of personal data invokes relevant data protection laws and, specifically, the designation of data controller, the person(s) or organisation(a) who determine if and how personal data is to be processed and hence are charged with the legal responsibility for compliance with the General Data Protection Regulation (GDPR). Traditionally, in the context of research, professional researchers would be designated controllers, and research participants whose data was processed would be "data subjects" and hence enjoy the GDPR's protections. Yet, citizen-scientists adopt a dual role, acting both as participants and as researchers. This paper maps the implications this dual role has from the perspective of data protection law and research ethics. We explain how the data protection concept of controller has been interpreted very broadly. As a result, in their dual role, citizen scientists can be both data subjects entitled to protection and data controllers, sometimes of their own data, tasked with data protection compliance obligations. If citizen scientists share the objectives of research projects they participate in or co-shape those objectives, it is likely that they – together with the professional researchers - will be considered controllers, and held responsible for the processing of personal data in compliance with the GDPR. The paper discusses how this can affect both the quality of protections provided to participants (including participant-researchers), thus undermining the fundamental goal of research ethics, generally, as well as the practice of citizen science itself. We analyse this question of citizen scientists as data controllers as both a matter of law and research ethics. We conclude with policy recommendations that can be applied both on the level of data protection law (to reconsider how the role of controller is assigned) and research ethics guidelines that should take a nuanced approach to the circumstances of assignment of the status of data controller in citizen science projects as an important step toward responsible and ethical participatory research. [ABSTRACT FROM AUTHOR]

Published

2024

26. The right not to use the internet.

Author

Kloza, Dariusz

Subjects

*INTERNET, *INTERNET governance, *HUMAN rights, *INTERNET access, *DIGITAL technology

Abstract

Over the past years, while the use of the internet has accelerated, it has increasingly ceased to be a mere option. Rather, it has turned into a de facto obligation for anyone who exercises their rights or fulfils their duties. These developments invite the question as to whether and to what extent people could be forced to use the internet or whether such an obligation conforms to democratic standards, amongst others. In this paper, I first set the scene by overviewing the reasons for the non-use of the internet and against its non-use. I then look at the possibilities of protecting individuals from the obligation to use the internet by means of human rights law, either as a new, standalone right or by way of interpretation of suitable existing rights. With this paper, I aim to establish the context and to kindle a debate that might eventually lead to a change in policy and practice. [ABSTRACT FROM AUTHOR]

Published

2024

27. Research on the application and examination of electronic evidence preserved on the blockchain in Chinese copyright judicial practice.

Author

Zhang, Huaiyin, Wang, Rongrong, and Cai, Kui

Subjects

*ELECTRONIC evidence, *BLOCKCHAINS, *INTEGRITY, *COPYRIGHT infringement, *JUDICIAL review

Abstract

In the era of smart justice, blockchain technology has revolutionized the way of preserving and examining electronic evidence.Blockchain technology has its functional advantages of distributed storage, hash function verification, and timestamp and accordingly possesses the technical characteristics of stability, integrity, and immutability. As such, blockchain technology can help alleviate the dilemma over electronic evidence due to its flaws, such as easy distortion and modification and difficulty in the collection, especially in the cases of copyright disputes where it is difficult to determine the ownership of works and fixation of evidence. The paper explores two ways of applying blockchain evidence and their distinct proving roles in copyright infringement cases. The paper further finds the similarities and differences between the two types of blockchain electronic preservation in the judicial review mechanism. In Chinese copyright judicial practice, the ambiguity in the rules of blockchain evidence, the inconsistency of different courts in examining blockchain evidence, and the disarray of blockchain evidence preservation platforms all confused and affected judicial discretion when dealing with blockchain evidence. Learning from the United States, the paper concludes with standard-related, judicial, and self-governance suggestions to pave the way for applying and examining blockchain evidence in Chinese copyright judicial practice. [ABSTRACT FROM AUTHOR]

Published

2024

28. Originality and the future of copyright in an age of generative AI.

Author

Fenwick, Mark and Jurcys, Paulius

Subjects

*COPYRIGHT, *ARTIFICIAL intelligence, *CREATIVE ability, *CHATGPT

Abstract

This paper takes the occasion of French DJ David Guetta's use of generative AI tools to create lyrics and a voice in the style of Eminem, which he then used in one of his concerts, as the basis for an exploration of the shifting meaning of creativity and originality in the age of generative AI. Our main contention is that the Guetta form of creativity with generative AI tools differs in certain important respects from what has come before. The paper describes an iterative, dynamic process of conception, prompting, generation, refining, and deployment to characterise creativity in this context. Nevertheless, we contend that copyright – specifically the concept of originality as articulated in US federal law – is a sufficiently durable legal mechanism that can manage these new cultural forms, and that the two basic requirements of modern copyright law (a tangible medium of expression and a modest degree of creativity) remain relevant in identifying the scope of legal protection. The paper argues that the David Guetta story reveals something more general about creativity in a digital age, namely that while hybrid-networked (i.e., human – corporate – machine) creators have always created hybrid-networked cultural forms (i.e., creations that blend human and technology-constituted elements), such hybridity becomes increasingly visible and complex in the context of a new world of generative AI. At the very least, earlier – and influential – models of creativity as human-driven involving creation ex nihilo become harder to sustain in a new age of generative AI. But this does not mean copyright or notions of originality are redundant or that copyright law cannot accommodate Guetta and other cases. Such an account seems important as it challenges the hegemonic and reductive view that AI "generates" artistic works autonomously and avoids reducing the copyright issues raised by such creative works to the related but distinct question of whether learning models rely on copyrighted data. As such, copyright law should remain an important mechanism to facilitate genuine creators who are using AI systems in innovative and unique ways to push the boundaries of their creativity. [ABSTRACT FROM AUTHOR]

Published

2023

29. Algorithms that forget: Machine unlearning and the right to erasure.

Author

Juliussen, Bjørn Aslak, Rui, Jon Petter, and Johansen, Dag

Subjects

*RIGHT to be forgotten, *MACHINE learning, *GENERAL Data Protection Regulation, 2016, *ELECTRONIC data processing, *DISCLOSURE laws

Abstract

Article 17 of the General Data Protection Regulation (GDPR) contains a right for the data subject to obtain the erasure of personal data. The right to erasure in the GDPR gives, however, little clear guidance on how controllers processing personal data should erase the personal data to meet the requirements set out in Article 17. Machine Learning (ML) models that have been trained on personal data are downstream derivatives of the personal data used in the training data set of the ML process. A characteristic of ML is the non-deterministic nature of the learning process. The non-deterministic nature of ML poses significant difficulties in determining whether the personal data in the training data set affects the internal weights and adjusted parameters of the ML model. As a result, invoking the right to erasure in ML and to erase personal data from a ML model is a challenging task. This paper explores the complexities of enforcing and complying with the right to erasure in a ML context. It examines how novel developments in machine unlearning methods relate to Article 17 of the GDPR. Specifically, the paper delves into the intricacies of how personal data is processed in ML models and how the right to erasure could be implemented in such models. The paper also provides insights into how newly developed machine unlearning techniques could be applied to make ML models more GDPR compliant. The research aims to provide a functional understanding and contribute to a better comprehension of the applied challenges associated with the right to erasure in ML. [ABSTRACT FROM AUTHOR]

Published

2023

30. The European AI liability directives – Critique of a half-hearted approach and lessons for the future.

Author

Hacker, Philipp

Subjects

*ARTIFICIAL intelligence, *CHATGPT, *PRODUCT liability, *EUROPEAN Union law

Abstract

The optimal liability framework for AI systems remains an unsolved problem across the globe. With ChatGPT and other large generative models taking the technology to the next level, solutions are urgently needed. In a much-anticipated move, the European Commission advanced two proposals outlining the European approach to AI liability in September 2022: a novel AI Liability Directive (AILD) and a revision of the Product Liability Directive (PLD). They constitute the final cornerstone of AI regulation in the EU. Crucially, the liability proposals and the proposed EU AI Act are inherently intertwined: the latter does not contain any individual rights of affected persons, and the former lack specific, substantive rules on AI development and deployment. Taken together, these acts may well trigger a "Brussels effect" in AI regulation, with significant consequences for the US and other countries. Against this background, this paper makes three novel contributions. First, it examines in detail the liability proposals and shows that, while making steps in the right direction, they ultimately represent a half-hearted approach: if enacted as foreseen, AI liability in the EU will primarily rest on disclosure of evidence mechanisms and a set of narrowly defined presumptions concerning fault, defectiveness and causality. Hence, second, the article suggests amendments to the proposed AI liability framework. They are collected in a concise Annex at the end of the paper. I argue, inter alia, that the dichotomy between the fault-based AILD Proposal and the supposedly strict liability PLD Proposal is fictional and should be abandoned; that an EU framework for AI liability should comprise one fully harmonizing regulation instead of two insufficiently coordinated directives; and that the current proposals unjustifiably collapse fundamental distinctions between social and individual risk by equating high-risk AI systems in the AI Act with those under the liability framework. Third, based on an analysis of the key risks AI poses, the final part of the paper maps out a road for the future of AI liability and regulation, in the EU and beyond. More specifically, I make four key proposals. Effective compensation should be ensured by combining truly strict liability for certain high-risk AI systems with general presumptions of defectiveness, fault and causality in cases involving SMEs or non-high-risk AI systems. The paper introduces a novel distinction between illegitimate- and legitimate-harm models to delineate strict liability's scope. Truly strict liability should be reserved for high-risk AI systems that, from a social perspective, should not cause harm (illegitimate-harm models, e.g., autonomous vehicles or medical AI). Models meant to cause some unavoidable harm by ranking and rejecting individuals (legitimate-harm models, e.g., credit scoring or insurance scoring) may merely face rebuttable presumptions of defectiveness and causality. General-purpose AI systems and Foundation Models should only be subjected to high-risk regulation, including liability for high-risk AI systems, in specific high-risk use cases for which they are deployed. Consumers, in turn, ought to be liable based on regular fault, in general. Furthermore, innovation and legal certainty should be fostered through a comprehensive regime of safe harbours, defined quantitatively to the best extent possible. Moreover, trustworthy AI remains an important goal for AI regulation. Hence, the liability framework must specifically extend to non-discrimination cases and provide for clear rules concerning explainability (XAI). Finally, awareness for the climate effects of AI, and digital technology more broadly, is rapidly growing in computer science. In diametrical opposition to this shift in discourse and understanding, however, EU legislators have long neglected environmental sustainability in both the draft AI Act and the proposed liability regime. To counter this, I propose to jump-start sustainable AI regulation via sustainability impact assessments in the AI Act and sustainable design defects in the liability regime. In this way, the law may help spur not only fair AI and XAI, but also sustainable AI (SAI). [ABSTRACT FROM AUTHOR]

Published

2023

31. "Lawful interception – A market access barrier in the European Union"?

Author

Doronin, Vadim

Subjects

*LAW enforcement, *EAVESDROPPING, *TELECOMMUNICATION, *INTERNET of things

Abstract

This paper studies legal requirements across the European Union to implement technical and organizational capabilities to intercept and deliver content data to law enforcement authorities, arguing that a fragmentation of rules across EU Member States imposes market access barriers upon telecommunications providers. The aim of this paper is to raise awareness about discrepancy of lawful interception rules across the EU, which causes legal uncertainty and places burdensome requirements upon regulated entities such as OTT but also IoT connectivity and satellite service providers. The paper further argues that the EU has competencies to legislate on harmonization of lawful interception capability rules by specifying what types of telecommunications providers can be subject to those rules, address types of capabilities, determine whether Member States should be responsible to reimburse telecommunications providers with incurred costs; and finally, regulate on the ability to share or outsource capabilities with other providers or third-party vendors. The author doesn't address human rights or privacy considerations associated with exercising lawful interception, nor grounds on which lawful interception can be requested under national law, nor evidential admissibility of intercepted data. [ABSTRACT FROM AUTHOR]

Published

2023

32. An institutional account of responsiveness in financial regulation- Examining the fallacy and limits of 'same activity, same risks, same rules' as the answer to financial innovation and regulatory arbitrage.

Author

Chiu, Iris H-Y

Subjects

*FINANCE laws, *ARBITRAGE, *FINANCIAL technology

Abstract

Financial regulators face the persistent issue of being challenged by financial innovations and regulatory arbitrage. This article argues that a functional approach of 'same activity, same risks, same rules' is potentially vague and insufficient, and does not provide clear guidance for regulators. By critically discussing the US Securities Exchange Commission's and UK Financial Conduct Authority's approaches to cryptoasset offers, the paper argues that whether and how regulators respond to financial innovation crucially depends on regulators' institutional structures. These structural limitations provide empowering as well as constraining aspects in relation to regulatory objectives and mandates, shaping financial regulators' responsiveness in different ways. The paper argues that an institutional account of regulatory responsiveness more accurately explains policy responses. The benefits and drawbacks of such policy responsiveness are also crucially shaped by these institutional structures. [ABSTRACT FROM AUTHOR]

Published

2023

33. How might the GDPR evolve? A question of politics, pace and punishment.

Author

Buckley, Gerard, Caulfield, Tristan, and Becker, Ingolf

Subjects

*GENERAL Data Protection Regulation, 2016, *DIGITAL technology, *PERSONALLY identifiable information, *FINES (Penalties), *INFORMATION technology

Abstract

The digital age has made personal data more valuable and less private. This paper explores the future of the European Union's General Data Protection Regulation (GDPR) by imagining a range of challenging scenarios and how it might handle them. We analyse United States', Chinese and European approaches (self-regulation, state control, arms-length regulators) and identify four key drivers shaping the future regulatory landscape: econopolitics, enforcement capacity, societal trust, and speed of technological development. These scenarios lead us to envision six resultant versions of GDPR, ranging from laxer protection than now to models empowering individuals and regulators. While our analysis suggests a minor update to the status quo GDPR is the most likely outcome, we argue a more robust implementation is necessary. This would entail meaningful penalties for non-compliance, harmonised enforcement, a positive case to counter the regulation-stifles-innovation narrative, defence of cross-border data rights, and proactive guidelines to address emerging technologies. Strengthening the GDPR's effectiveness is crucial to ensure the digital age empowers individuals, not just information technology corporations and governments. [ABSTRACT FROM AUTHOR]

Published

2024

34. Algorithmic proxy discrimination and its regulations.

Author

Chen, Xi

Subjects

*PROXY, *ALGORITHMS, *ANTI-discrimination laws, *LEGAL liability, *BIG data

Abstract

As a specific type of algorithmic discrimination, algorithmic proxy discrimination (APD) exerts disparate impacts on legally protected groups because machine learning algorithms adopt facially neutral proxies to refer to legally protected features through their operational logic. Based on the relationship between sensitive feature data and the outcome of interest, APD can be classified as direct or indirect conductive. In the context of big data, the abundance and complexity of algorithmic proxy relations render APD inescapable and difficult to discern, while opaque algorithmic proxy relations impede the imputation of APD. Thus, as traditional antidiscrimination law strategies, such as blocking relevant data or disparate impact liability, are modeled on human decision-making and cannot effectively regulate APD. The paper proposes a regulatory framework targeting APD based on data and algorithmic aspects. [ABSTRACT FROM AUTHOR]

Published

2024

35. Better alone than in bad company: Addressing the risks of companion chatbots through data protection by design.

Author

Dewitte, Pierre

Subjects

*CHATBOTS, *DATA protection, *ARTIFICIAL intelligence, *GENERAL Data Protection Regulation, 2016, *DATA privacy

Abstract

Recent years have seen a surge in the development and use of companion chatbots, conversational agents specifically designed to act as virtual friends, romantic partners, life coaches or even therapists. Yet, these tools raise many concerns, especially when their target audience is comprised of vulnerable individuals. While the recently adopted AI Act is expected to address some of these concerns, both compliance and enforcement are bound to take time. Since the development of companion chatbots involves the processing of personal data at nearly every step of the process, from training to fine-tuning to deployment, this paper argues that the General Data Protection Regulation ("GDPR"), and data protection by design more specifically, already provides a solid ground for regulators and courts to force controllers to mitigate these risks. In doing so, it sheds light on the broad material scope of Articles 24(1) and 25(1) GDPR, highlights the role of these provisions as proxies to Fundamental Rights Impact Assessments ("FRIAs"), and peels off the many layers of personal data processing involved in the companion chatbots supply chain. That reasoning served as the basis for a complaint lodged with the Belgian data protection authority, the full text and supporting evidence of which are provided as supplementary materials. [ABSTRACT FROM AUTHOR]

Published

2024

36. Open Banking goes to Washington: Lessons from the EU on regulatory-driven data sharing regimes.

Author

Colangelo, Giuseppe

Subjects

*BANKING industry, *FINANCIAL databases, DODD-Frank Wall Street Reform & Consumer Protection Act

Abstract

After representing the main country embracing a market-led approach to Open Banking, the U.S. is on the verge of switching to a regulatory-driven regime by mandating the sharing of financial data. Relying on the Section 1033 of the Dodd-Frank Act, the Consumer Financial Protection Bureau (CFPB) has, indeed, recently proposed a rulemaking on "Personal Financial Data Rights." As the U.S. is, therefore, apparently following the EU, which has been at the forefront of the government-led Open Banking movement, the paper aims at analyzing the CFPB's proposal by taking stock of the EU experience. The review of the EU regulatory framework and its UK implementation provides useful insights about the functioning and challenging trade-offs of Open Banking, thus ultimately enabling us to assess whether the CFPB's proposal would provide significant added value for innovation and competition or would rather represent an unnecessary regulatory burden. [ABSTRACT FROM AUTHOR]

Published

2024

37. Data sovereignty and data transfers as fundamental elements of digital transformation: Lessons from the BRICS countries.

Author

Belli, Luca, Gaspar, Water B., and Singh Jaswant, Shilpa

Subjects

*DIGITAL transformation, *DIGITAL technology, *ELECTRONIC data processing, *DATA transmission systems

Abstract

When talking about digital transformation, data sovereignty considerations and data transfers cannot be excluded from the discussion, given the considerable likelihood that digital technologies deployed along the process collect, process and transfer (personal) data in multiple jurisdictions. An increasing number of nations, especially those within the BRICS grouping (Brazil, Russia, India, China, and South Africa) are developing their data governance and digital transformation approaches based on data sovereignty considerations, deeming specific types of data as key strategic and economic resources, which deserve particular protection and that must be leveraged for national development. From this perspective, this paper will try to shed light on how data sovereignty and data transfers interplay in the context of digital transformations. Particularly, we will consider the various dimensions that compose the concept of data sovereignty and will utilise a range of examples from the BRICS grouping to back some of the key considerations developed with empirical evidence. We define data sovereignty as the capacity to understand how and why (personal) data are processed and by whom, develop data processing capabilities, and effectively regulate data processing, thus retaining self-determination and control. We have chosen the BRICS grouping for three reasons. First, research on the grouping's data policies and digital transformation is still minimal despite their leading role. Second, BRICS account for over 40 % of the global population, or 3.2 billion people (which can be seen as 3.2 billion "data subjects" or data producers, depending on perspective, thus making them key players in data governance and digital transformation. Third, the BRICS members have realised that digital transformation is essential for the future of their economies and societies and have shaped specific data governance visions which must be considered by other countries, especially from the global majority, to understand why data governance is instrumental to foster thriving digital environments. [ABSTRACT FROM AUTHOR]

Published

2024

38. EU sanctions in response to cyber-attacks as crime-based emergency measures.

Author

Miadzvetskaya, Yuliya

Subjects

*CYBERTERRORISM, *COMPUTER crimes, *INTERNET security, *CRIME prevention, *INTERNATIONAL sanctions

Abstract

This contribution seeks to explore the growing use of administrative measures in response to cybercrimes by analysing the specific case of sanctions in response to cyber-attacks. They constitute a novel crime-based sanctions regime, laying the foundations of personalised deterrence with respect to malicious cyber actors and consist in asset freezes and visa bans. This article reflects on the hazy boundary between crime-based sanctions as administrative or criminal law measures. The paper argues that while crime-based sanctions in response to cyber-attacks present certain similarities with criminal law measures, they remain complementary crime prevention instruments. Their administrative nature allows for an emergency response to malicious cyber operations that would not be permissible if a more stringent evidentiary standard was required. [ABSTRACT FROM AUTHOR]

Published

2024

39. Ontological models for representing image-based sexual abuses.

Author

Falduti, Mattia and Griffo, Cristine

Subjects

*SEX crimes, *INTERNET content, *ONTOLOGY, *GOVERNMENT regulation, *ABUSIVE behavior

Abstract

In recent years, there has been extensive discourse on the moderation of abusive content online. Image-based Sexual Abuses (IBSAs) represent a type of abusive content that involves sexual images or videos. Platforms must moderate user-generated online content to tackle this issue effectively. One way to achieve this is by allowing users to report content, which can be flagged as abusive. In such instances, platforms may enforce their terms of service and prohibit certain types of content or users. Alongside these efforts, numerous countries have been making progress in defining and regulating this subject by implementing dedicated regulations. However, national solutions alone are insufficient for addressing a constantly increasing global emergency. Consequently, digital platforms create their own definitions of abusive conduct to overcome obstacles arising from conflicting national laws. In this paper, we use an ontological approach to model two types of abusive behavior. To do this, we applied the UFO-L patterns to build ontological models and based them on a top-level ontology, the Unified Foundational Ontology (UFO). The outcome is a set of ontological models that digital platforms can use to monitor and manage user compliance with the service provider's code of conduct. [ABSTRACT FROM AUTHOR]

Published

2024

40. Non-fungible tokens, tokenization, and ownership.

Author

Kaisto, Janne, Juutilainen, Teemu, and Kauranen, Joona

Subjects

*NON-fungible tokens, *BLOCKCHAINS, *CIVIL law, *CRYPTOCURRENCIES, *COMPUTER art

Abstract

The emergence of non-fungible tokens (NFTs) in the blockchain environment has prompted many intriguing questions for private law scholars around the world. A question as basic as whether NFTs can be owned has proven difficult in many countries. This is the first research question of our article, which focuses on NFTs created in the Ethereum system by utilizing standard ERC-721. Because these NFTs are identifiable and distinguishable from all other tokens, the notion of owning an NFT is not unthinkable. Yet no universal answer can be offered. Whether NFTs qualify as objects of ownership must be studied at the level of individual legal systems. We argue that NFTs can be owned under Finnish law, with the same probably applying to many other legal systems. Starting with this notion, we pose two further research questions. As the second research question, we ask what problems of a patrimonial law nature may arise in attempts to connect different kinds of rights, even irrevocably, to owning or holding an NFT. Creditor rights seem relatively easy in this respect because most legal systems allow prospective debtors to obligate themselves as they wish. We also study whether a limited liability company could issue an NFT as a share certificate with legal effects corresponding to those of a physical (paper) share certificate. While an affirmative answer could be justified in some legal systems, Finnish law makes it difficult to tokenize a company's shares other than in the framework of a settlement system within the meaning of the European Union's DLT Pilot Regulation. Even greater difficulties arise in attempts to connect the ownership of a (material) thing and of an NFT so that a person who owns a token also owns the thing. Our third and final research question addresses tokenization of digital art, which gives rise to some special questions. We ask what rights the transferee of an NFT can receive in connection with tokenization of digital art. Here, our main finding is that digital art can be meaningfully tokenized even though digital copies are not regarded as possible objects of ownership. [ABSTRACT FROM AUTHOR]

Published

2024

41. From brussels effect to gravity assists: Understanding the evolution of the GDPR-inspired personal information protection law in China.

Author

Li, Wenlong and Chen, Jiahong

Subjects

*DATA protection laws, *PERSONAL information management, *GENERAL Data Protection Regulation, 2016, *COMPARATIVE law, *DATA protection

Abstract

This paper explores the evolution of China's Personal Information Protection Law (PIPL) and situates it within the context of global data protection development. It draws inspiration from the theory of 'Brussels Effect' and provides a critical account of its application in non-Western jurisdictions, taking China as a prime example. Our objective is not to provide a comparative commentary on China's legal development but to illuminate the intricate dynamics between the Chinese law and the EU's GDPR. We argue that the trajectory of China's Personal Information Protection Law calls into question the applicability of the Brussels Effect: while the GDPR's imprint on the PIPL is evident, a deeper analysis unveils China's nuanced, non-linear adoption that diverges from many assumptions of the Brussels Effect and similar theories. The evolution of the GDPR-inspired PIPL is not as a straightforward outcome of the Brussels Effect but as a nuanced, intricate interplay of external influence and domestic dynamics. We introduce a complementary theory of 'gravity assist', which portrays China's strategic instrumentalisation of the GDPR as a template to shape its unique data protection landscape. Our theoretical framework highlights how China navigates through a patchwork of internal considerations, international standards, and strategic choices, ultimately sculpting a data protection regime that has a similar appearance to the GDPR but aligns with its distinct political, cultural and legal landscape. With a detailed historical and policy analysis of the PIPL, coupled with reasonable speculations on its future avenues, our analysis presents a pragmatic, culturally congruent approach to legal development in China. It signals a trajectory that, while potentially converging at a principled level, is likely to diverge significantly in practice, driven by China's broader socio-political and economic agendas rather than the foundational premises of EU data protection law and its global aspirations. It thus indicates the inherent limitations of applying Brussels Effect and other theoretical frameworks to non-Western jurisdictions, highlighting the imperative for integrating complementary theories to more accurately navigate complex legal landscapes. [ABSTRACT FROM AUTHOR]

Published

2024

42. Tripartite perspective on the copyright-sharing economy in China.

Author

Lee, Jyh-An

Subjects

*DIGITAL technology, *COPYRIGHT, *INTELLECTUAL property, *STAKEHOLDERS, *ECONOMIC development, *SHARING economy

Abstract

Internet and digital technologies have facilitated copyright sharing in an unprecedented way, creating significant tensions between the free flow of information and the exclusive nature of intellectual property. Copyright owners, users, and online platforms are the three major players in the copyright system. These stakeholders and their relations form the main structure of the copyright-sharing economy. Using China as an example, this paper provides a tripartite perspective on the copyright ecology based on three categories of sharing, namely unauthorized sharing, altruistic sharing, and freemium sharing. The line between copyright owners, users, and platforms has been blurred by rapidly changing technologies and market forces. By examining the strategies and practices of these parties, this paper illustrates the opportunities and challenges for China's copyright industry and digital economy. The paper concludes that under the shadow of the law, a sustainable copyright-sharing model must carefully align the interests of businesses and individual users. [ABSTRACT FROM AUTHOR]

Published

2019

43. EU GDPR or APEC CBPR? A comparative analysis of the approach of the EU and APEC to cross border data transfers and protection of personal data in the IoT era.

Author

Sullivan, Clare

Subjects

*GENERAL Data Protection Regulation, 2016, *COMPARATIVE studies, *DATA protection, *INTERNET of things

Abstract

This article examines the two major international data transfer schemes in existence today – the European Union (EU) model which at present is effectively the General Data Protection Regulation (GDPR), and the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules system (CBPR), in the context of the Internet of Things (IoT). While IoT data ostensibly relates to things i.e. products and services, it impacts individuals and their data protection and privacy rights, and raises compliance issues for corporations especially in relation to international data flows. The GDPR regulates the processing of personal data of individuals who are EU data subjects including cross border data transfers. As an EU Regulation, the GDPR applies directly as law to EU member nations. The GDPR also has extensive extraterritorial provisions that apply to processing of personal data outside the EU regardless of place of incorporation and geographical area of operation of the data controller/ processor. There are a number of ways that the GDPR enables lawful international transfer of personal data including schemes that are broadly similar to APEC CBPR. APEC CBPR is the other major regional framework regulating transfer of personal data between APEC member nations. It is essentially a voluntary accountability scheme that initially requires acceptance at country level, followed by independent certification by an accountability agent of the organization wishing to join the scheme. APEC CBPR is viewed by many in the United States of America (US) as preferable to the EU approach because CBPR is considered more conducive to business than its counterpart schemes under the GDPR, and therefore is regarded as the scheme most likely to prevail. While there are broad areas of similarity between the EU and APEC approaches to data protection in the context of cross border data transfer, there are also substantial differences. This paper considers the similarities and major differences, and the overall suitability of the two models for the era of the Internet of Things (IoT) in which large amounts of personal data are processed on an on-going basis from connected devices around the world. This is the first time the APEC and GDPR cross-border data schemes have been compared in this way. The paper concludes with the author expressing a view as to which scheme is likely to set the global standard. [ABSTRACT FROM AUTHOR]

Published

2019

44. From fragile to smart consumers: Shifting paradigm for the digital era.

Author

Colangelo, Giuseppe and Maggiolino, Mariateresa

Subjects

*DIGITAL technology, *ELECTRONIC data processing, *INTERNATIONAL economic relations, *CONSUMERS

Abstract

Abstract The use of digital technologies, functioning thanks to data processing, has been conquering many sectors of the world economy and it is possible that, in the near future, only a few markets will still be excluded from this industrial revolution. Therefore, even if one chose unreasonably to disregard the many innovations that the digital economy has brought about, its development seems quite inexorable, although it is true that this new stage in human progress raises some concerns. In particular, many worry about the millions of passive and powerless digital consumers who, facing a few huge and influential companies without any education or awareness, could succumb and find themselves poorer, victimized, and manipulated. The paper proposes to react to this state of affairs without further fueling the fear of the digital revolution and without the thought that regulation can be used only as a shield to protect fragile digital consumers. Rather, by taking inspiration from some regulatory actions undertaken by the European Union, the paper bears in mind that regulation can be used as a sword in the hands of consumers to finally assign them a lead role in digital markets. New rules to empower consumers and to make them take autonomous and independent decisions as to the management of their personal data as well as to the merits of digital firms can be envisaged. After all, one of the cultural roots of Western societies is that every individual should be enabled to be faber ipsius fortunae. [ABSTRACT FROM AUTHOR]

Published

2019

45. Greed for data and exclusionary conduct in data-driven markets.

Author

Kathuria, Vikas

Subjects

*DATA security, *BIG data, *MACHINE learning

Abstract

Several two-sided platforms base their business model on collecting user data, which not only is used for advertisements that generate revenue, but also improve the underlying algorithm that forms the core of any virtual platform. In such markets, big data generates network effects that sustain the market position of the dominant player. Further, scope in data adds a crucial competitive advantage to the advertisement-driven business model. The paper argues that by cutting the supply of user data to its competitors, a dominant player can successfully restrict its competitors from gaining critical mass (in terms of both scale and scope) that is crucial to stay viable in a competitive market. The literature on the competition assessment of data-driven markets has predominantly been theoretical hitherto. This paper presents the competition assessment of two recent cases—European Commission's decision against Google in the Android licensing case, and Bundeskartellamt's (German Federal Cartel Office) action against Facebook— in their technological and economic context to ascertain foreclosure. While Google's practices resulted in foreclosure, the technological and economic context in Bundeskartellamt's case against Facebook does not present a convincing theory of foreclosure. The paper also draws common lessons from these cases that can guide the competition assessment in similar circumstances. The paper, therefore, contributes to the scant academic literature on the exclusionary conduct in data-driven markets from a practical standpoint. [ABSTRACT FROM AUTHOR]

Published

2019

46. Regulating internet platforms in the EU - The emergence of the 'Level playing Field'.

Author

Savin, Andrej

Subjects

*INTERNET security laws, *COMPUTER crime laws, *DATA protection laws, *DISCLOSURE laws, *DATA privacy

Abstract

Abstract This paper analyses the European Union's regulatory policy on platforms. The first part of the paper looks at the how the EU formulates platform policy while the second analyses the proposed and existing laws that already cover them. The final part looks at the consequences of the level playing field as the guiding regulatory principle. The main argument is that EU regulatory intervention concerning platforms seeks to bring linear providers in line with platforms through the "level playing field" or, in other words, that the EU seeks to protect the incumbents and minimise disruption rather than enhance the value-creating potential of platforms. [ABSTRACT FROM AUTHOR]

Published

2018

47. Untangling the cyber norm to protect critical infrastructures.

Author

Kouloufakos, Triantafyllos

Subjects

*CYBERSPACE, *INTERNATIONAL law, *TELECOMMUNICATION, *INTERNATIONAL security

Abstract

This paper aims to investigate the use and interpretation of the norm of protection of critical infrastructure in international law. The paper will firstly elaborate on the use of the term critical infrastructure in the current international context along with examples from domestic law from states that have firmly established their presence in cyberspace. Subsequently, this paper will discuss how the norm is approached in international law and specifically by the United Nations Group of Governmental Experts Reports (UNGGE Report) and also by the 2021 Open-ended working group on developments in the field of information and telecommunications in the context of international security (OWEG Report) as well as the General Assembly and the Security Council. Moreover, it will look into the approach of different international organisations, to how they understand and apply the norm of protecting critical infrastructures. Furthermore, the paper will analyse how non-state actor initiatives such as the Global Commission for the Stability of Cyberspace and the Paris Call for Trust have interpreted and even expanded said norm. [ABSTRACT FROM AUTHOR]

Published

2023

48. Beyond financial regulation of crypto-asset wallet software: In search of secondary liability.

Author

Barbereau, Tom and Bodó, Balázs

Subjects

*BITCOIN, *BLOCKCHAINS, *PUBLIC-private sector cooperation, *LEGAL liability, *SURVEILLANCE detection

Abstract

Since Bitcoin, the blockchain space considerably evolved. One crucial piece of software to interact with blockchains and hold private-public key pairs to distinct crypto-assets and securities are wallets. Wallet software can be offered by liable third-parties ('custodians') who hold certain rights over assets and transactions. As parties subject to financial regulation, they are to uphold Anti-money Laundering and Combating the Financing of Terrorist (AML/CFT) standards by undertaking Know-Your-Customer (KYC) checks on users of their services. In juxtaposition, wallet software can also be issued without the involvement of a liable third-party. As no KYC is performed and users have full 'freedom to act', such 'non-custodial' wallet software is popular in criminal undertakings. They are required to interact with peer-to-peer applications and organisations running on blockchains whose benefits are not the subject of this paper. To date, financial regulation fails to adequately address such wallet software because it presumes the existence of a registered, liable entity offering said software. As illustrated in the case of Tornado Cash, financial regulation fails to trace chains of secondary liability. Alas, the considered solution is a systematic surveillance of all transactions. Against this backdrop, this paper sets forth an alternative approach rooted in copyright law. Concepts that pertain to secondary liability prove of value to develop a flexible, principles-based approach to the regulation of non-custodial wallet software that accounts for both, infringing and non-infringing uses. [ABSTRACT FROM AUTHOR]

Published

2023

49. The drive for virtual (online) courts and the failure to consider obligations to combat human trafficking – A short note of concern on identification, protection and privacy of victims.

Author

Gerry, Felicity, Muraszkiewicz, Julia, and Iannelli, Olivia

Subjects

*HUMAN trafficking laws, *HUMAN trafficking prevention, *HUMAN rights, *DATA protection laws, *INFORMATION technology laws

Abstract

This article examines the introduction of virtual (online) court systems being introduced in parts of the UK in the particular context of human trafficking victims. The justice system in England and Wales is undergoing significant transformation through the use of technology, under a drive for efficiency. The authors argue that online court systems are being implemented without investment into appropriate legal research and with assumptions regarding the approval process, and questions the effect of virtual hearings on the fundamental principles of due process. Whilst identifying vulnerability has been the subject of guidance, it remains unclear how these courts will deal with human trafficking issues. Human trafficking is a highly lucrative industry that extends to all corners of the globe and international as well as UK protocols and legislation exist with the objective to protect and assist the victims of human trafficking, with full respect for their human rights, ensuring a victim-centred approach. The protection of personal data and privacy of all online court users is important; however, trafficked persons belong a particularly vulnerable group, and the protection of their personal data is critical in alleviating the risk of further harm, intimidation, retaliation, or inappropriate use of biometric data.In conclusion, the authors argue that technological solutions to inefficiency have been given priority over justice solutions and just outcomes, without addressing systemic issues in the context of human trafficking. An Online Court…is not, incidentally, (as some press reports have suggested) intended to be a court without judges, or a court where matters in dispute are to be determined automatically by some algorithm embedded in a computer, or by a civil servant. But it is a court where the basic problem facing ordinary people, namely turning their heart-felt grievances into something formulated in legal terms, and enabling them to identify and present their documentary and other evidence, is capable of being addressed electronically and cheaply, so that both their opponents know the case to be met, and the court is equipped at the earliest possible stage with the materials necessary to decide it justly. This statement is from Briggs LJ Addressing the Bar of England and Wales on the use of online courts in 2016. 2 2 Briggs LJ The Online Court Counsel Magazine April 2016 〈 https://www.counselmagazine.co.uk/articles/the-online-court〉 Whilst this is a hopeful description of what technology can do for the justice system, this paper seeks to show that perhaps our enthusiasm ought to be restrained until we answer key questions. The authors explore these questions using the example of victims of human trafficking. These persons engage with the justice system in a variety of ways. Some are witnesses to trafficking crimes in a criminal prosecution. Others may themselves be on trial for crimes they were compelled to commit as a result of their trafficking situation. Additionally, they can be party to a civil case, e.g., arising out of an employment situation. In each of these cases there is possibility for the victim to be identified, if they are not already, as somebody who has a right to assistance and support. There is an opportunity for the state to carry out an identification and thus, as explained in this paper, fulfil human rights obligations. What happens when cases go online? There are also serious questions with regard to privacy and data protection and how the implementation of online court processes may act as a barrier to identifying victims of human trafficking. The authors, therefore, advocate for great caution to be used with the introduction of virtual justice and call for additional research to be undertaken in order to gain a clear vision of what the current and future effects of this new system may be. [ABSTRACT FROM AUTHOR]

Published

2018

50. Some risks of tokenization and blockchainizaition of private law.

Author

Savelyev, Alexander

Subjects

*BLOCKCHAINS, *DISTRIBUTED computing, *CIVIL law, *DATA protection laws, *INFORMATION technology laws, *SECURITY systems, *LAW

Abstract

The paper focuses on the analysis of the problems that may be driven by mass tokenization of the objects of civil law, i.e. the creation of a digital representation of such objects in the form of a record in blockchain. This occurs where the value of such objects is transferred subsequently by means of disposal of such tokens, which is a subject of separate rights to it. The paper outlines two core problems, which were inspired by recent legislative activities in Belarus and Russia. The first is a possible displacement of existing legal regimes of objects of civil rights by the legal regime of the token. Secondly, the problem of definition of the nature of rights to tokens arises (in rem versus ad personam) as well as remedies for their violations. Provisions of the Belarus Decree “On the development of digital economy” of 21 December 2017 and drafts of the laws on blockchain and ICO, discussed in Russian Parliament and Government are taken to illustrate these problems. [ABSTRACT FROM AUTHOR]

Published

2018