-
Council of Europe convention 108+: A modernised international treaty for the protection of personal data Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2021-01-14 Cécile de Terwangne
The Council of Europe has modernized its Convention 108 for the protection of individuals with regard to automatic processing of personal data: in 2018 it adopted Convention 108+. The modernised version of Convention 108 seeks to respond to the challenges posed, in terms of human rights, by the use of new information and communication technologies. This article presents a detailed analysis of this
-
The impact of the general data protection regulation on innovation and the global political economy Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2021-01-09 Crispin Niebel
This paper attempts to outline how the General Data Protection Regulation might be positive not only for consumers and societal well-being but also for innovation in the digital age. Situated within the highly charged debate regarding the impact of regulations on innovation, this paper examines the General Data Protection Regulation in light of the theoretical facets underpinning the contexts in which
-
Tying and bundling by online platforms – Distinguishing between lawful expansion strategies and anti-competitive practices Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-12-29 Daniel Mandrescu
The assessment of tying and bundling practices under Art. 102 TFEU in the case of online platforms will require adjusting current practice to correspond to their technical complexity and multi sided nature. Although the current framework may appear suitable to deal with this kind of abuses, The recent cases against Google show that there is still much uncertainty in practice. Therefore this article
-
Internet court's challenges and future in China Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-12-29 Meirong Guo
China established the world's first Internet court in Hangzhou in August 2017. Subsequently in 2018 Internet courts in Beijing and Guangzhou were established respectively. With the official establishment of these three Internet courts, China's electronic litigation advanced to a new stage.. Internet courts offer many advantages, and this innovative adjudication model has earned widespread approval
-
Diffusion of the Budapest Convention on cybercrime and the development of cybercrime legislation in Pacific Island countries: ‘Law on the books’ vs ‘law in action’ Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-12-19 Dr. Chat Le Nguyen; Dr. Wilfred Golman
The Council of Europe Convention on Cybercrime,1 referred to as the Budapest Convention on Cybercrime, has been diffused globally, and is serving as a benchmark or a ‘model law’ for drafting national cybercrime legislation in many countries worldwide. This paper argues that, through the mechanism of ‘state socialization’ combined with incentives, e.g. assistance in building law enforcement capacity
-
Patent trolls in China: Some empirical data Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-12-17 Renjun Bian
Prior research found that the Chinese patent system is more pro-patentee than once believed. Patent owners performed much better in both infringement lawsuits and post-grant validity reviews in China than in many other countries, such as the United States and Germany. Also, after a finding of infringement, Chinese courts were quite lenient with regard to permanent injunctions. All these pro-patentee
-
Education for the provision of technologically enhanced legal services Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-12-16 Václav Janeček; Rebecca Williams; Ewart Keep
Legal professionals increasingly rely on digital technologies when they provide legal services. The most advanced technologies such as artificial intelligence (AI) promise great advancements of legal services, but lawyers are traditionally not educated in the field of digital technology and thus cannot fully unlock the potential of such technologies in their practice. In this paper, we identify five
-
An analysis of cybersecurity in Dutch annual reports of listed companies Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-12-15 E.V.A. Eijkelenboom; B.F.H. Nieuwesteeg
In this paper we study the disclosure of cybersecurity information in Dutch annual reports, such as cybersecurity measures and cyber incidents, from a financial law and economics perspective. We start our discussion with an analysis of the requirements in financial law to disclose cybersecurity information in annual reports. Hereafter, we discuss the incentives for the board regarding disclosing cybersecurity
-
Understanding the rule of prevalence in the NIS directive: C-ITS as a case study Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-12-08 Charlotte Ducuing
The paper discusses the interpretation of the rule of prevalence of Article 1 (7) NIS Directive, which has not been the subject of any academic debate so far. Article 1 (7) NIS Directive organises the interface between the NIS Directive regime and other European Union sector-specific legislations imposing (cyber)security obligations, by laying down the conditions according to which such obligations
-
Data protection law beyond identifiability? Atmospheric profiles, nudging and the Stratumseind Living Lab Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-11-29 Maša Galič; Raphaël Gellert
The deployment of pervasive information and communication technologies (ICTs) within smart city initiatives transforms cities into extraordinary apparatuses of data capture. ICTs such as smart cameras, sound sensors and lighting technology are trying to infer and affect persons’ interests, preferences, emotional states, and behaviour. It should be no surprise then that contemporary legal and policy
-
(Re-)defining software defined networks under the European electronic communications code Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-11-19 Serge J.H. Gijrath
This article assesses some aspects of innovative developments in the deployment of electronic communications networks in the European Union: software defined networks (SDN) and network functional virtualization (NFV). The overall research for this article focuses on the re-regulation of the 2018 European Electronic Communications Code (EECC), and the 2018 Body of European Regulators for Electronic
-
Mapping the development of China's data protection law: Major actors, core values, and shifting power relations Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-11-13 Bo Zhao; Yang Feng
This Article seeks to map the possible paths of the development of China's data protection law by examining the changing power relations among three major actors - the State, digital enterprises and the public in the context of China's booming data-driven economy. We argue that focusing on different core values, these three major actors are the key driving forces shaping China's data protection regime
-
Framing Big Data in the Council of Europe and the EU data protection law systems: Adding ‘should’ to ‘must’ via soft law to address more than only individual harms Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-11-12 Paul de Hert; Vagelis Papakonstantinou
On 19 November 2019 the Council of Europe hosted an international conference, immediately preceding the annual plenary meeting of its Committee of Convention 108, on “Convention 108+ and the future data protection global standard”. One of the authors made a presentation on “Comparing the EU and Council of Europe approach to Big Data”, and it is its contents and findings that are further elaborated
-
The future of data protection: Gold standard vs. global standard Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-11-09 Alessandro Mantelero
While GDPR has been described as the new gold standard for data protection, Convention 108 may represent the potential global standard in this field. The recent progressive expansion of the Council of Europe's model and the modernised version of the Convention have revitalised its role in the global context. In a multipolar world of different regulatory approaches where data protection legislation
-
Exclusivity and paternalism in the public governance of explainable AI Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-11-07 Perry Keller; Archie Drake
In this comment, we address the apparent exclusivity and paternalism of goal and standard setting for explainable AI and its implications for the public governance of AI. We argue that the widening use of AI decision-making, including the development of autonomous systems, not only poses widely-discussed risks for human autonomy in itself, but is also the subject of a standard-setting process that
-
Financial instruments entail liabilities: Ether, bitcoin, and litecoin do not Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-11-07 Evariest Callens
The financial assets that are subject to major EU financial legislation (i.e. (designated types of) financial instruments) have traditionally been defined in a largely exemplary and circular manner. The recent proliferation of ‘non-traditional’ financial assets, such as cryptocurrencies and stablecoins, is increasingly challenging the viability of these pragmatic financial asset definitions. Through
-
Reviewable Automated Decision-Making Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-10-22 Jennifer Cobbe; Jatinder Singh
In this paper we introduce the concept of ‘reviewability' as an alternative approach to improving the accountability of automated decision-making that involves machine learning systems. In doing so, we draw on an understanding of automated decision-making as a socio-technical process, involving both human (organisational) and technical components, beginning before a decision is made and extending beyond
-
Law and policy of platform economy in China Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-10-22 Chuanman You
China is experiencing a phenomenal expansion of platform economy fuelled by the advancement of information and communication technologies. It has become a global frontrunner in many sectors, including commerce, finance, and entertainment. A comprehensive law and policy narrative, however, is largely absent from English academic literature. This paper seeks to fill this gap by analysing the dynamic
-
“Schrems II”: The return of the Privacy Shield Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-10-16 Xavier Tracol
On 16 July 2020, the Grand Chamber of the European Court of Justice rendered its landmark judgment in Case C-311/18 Data Protection Commissioner v. Facebook Ireland Ltd and Maximillian Schrems (“Schrems II”). The Grand Chamber invalidated the Commission decision on the adequacy of the data protection provided by the EU-US Privacy Shield. It however considered that the decision of the Commission on
-
Human-centric data protection laws and policies: A lesson from Japan Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-10-14 Hiroshi Miyashita
This article examines the human dignity defined in Convention 108+ and, from a Japanese perspective, explores the possibility of a universal philosophy of data protection. The recent human resources scandal (the Rikunabi case) in Japan has made stakeholders to realise the importance of the basic philosophy of data protection. Convention 108+ declared ‘human dignity’ to prohibit an instrumental treatment
-
The ‘Strasbourg Effect’ on data protection in light of the ‘Brussels Effect’: Logic, mechanics and prospects Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-10-10 Lee A. Bygrave
This article considers various factors that will shape the potential effect of the Council of Europe's modernised Convention on data protection (Convention 108+) on non-European states’ regulatory policy. It does so by elucidating the logic and mechanics of this effect in light of the ‘Brussels Effect’ that is commonly attributed, in part, to EU data protection law. The central arguments advanced in
-
Explainable AI and the philosophy and practice of explanation Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-10-05 Kieron O'Hara
Considerations of the nature of explanation and the law are brought together to argue that computed accounts of AI systems’ outputs cannot function on their own as explanations of decisions informed by AI. The important context for this inquiry is set by Article 22(3) of GDPR. The paper looks at the question of what an explanation is from the point of view of the philosophy of science – i.e. it asks
-
Can Online Courts Promote Access to Justice? A Case Study of the Internet Courts in China Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-09-16 Huang-Chih Sung
The right to access the courts is a basic human right in civilised societies, but the current legal system is unfriendly and often unaffordable for the victims of e-commerce disputes and copyright infringements seeking access to justice. Therefore, how to design a judicial system that is more accessible for the aforementioned victims has become a critical legal point of contention in the digital economy
-
Who is the fairest of them all? Public attitudes and expectations regarding automated decision-making Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-09-08 Natali Helberger; Theo Araujo; Claes H. de Vreese
The ongoing substitution of human decision makers by automated decision-making (ADM) systems in a whole range of areas raises the question of whether and, if so, under which conditions ADM is acceptable and fair. So far, this debate has been primarily led by academics, civil society, technology developers and members of the expert groups tasked to develop ethical guidelines for ADM. Ultimately, however
-
Legal technology in contemporary USA and China Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-09-01 Ran Wang
The US and China are two typical models that present legal tech trends that are common world over. In China, robust regional models of intelligent judicial systems have emerged alongside some common applications that include the same-type case referencing, automated sentencing decision, uniform standards of evidence, and judges’ data profiling systems. In the US, legal tech refers to artificial intelligence
-
‘Private jurisprudence’ and the right to be forgotten balancing test Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-08-30 M.R. Leiser
Upon receipt of a right to be forgotten request, private actors like Google are responsible for implementing the balancing test between competing rights of privacy and data protection and free expression and access to information. This amounts to private jurisprudence that data subjects, lawyers, and interested parties could, theoretically, game to their advantage. This paper critiques this process
-
Conducting research with school children and data in line with “ethical principles” lawyers at work in the ethics management of the H2020 mathisis project Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-08-21 Eugenio Mantovani; István Böröcz; Paul de Hert
Recent advancements in human-computer interaction, machine learning and in artificial intelligence hold the potential to influence both the curriculum and the pedagogy of school children. While the impacts of new technologies remain uncertain, ongoing research and innovation projects are already developing and testing such technologies in schools. This article builds on the experience of the authors
-
Law versus technology: Blockchain, GDPR, and tough tradeoffs Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-08-14 Unal Tatar; Yasir Gokce; Brian Nussbaum
Inconsistency between the way in which the law is structured, and the way in which technologies actually operate is always an interesting and useful topic to explore. When a law conflicts with a business model, the solution will often be changing the business model. However, when the law comes into conflict with the architecture of hardware and software, it is less clear how the problem will be managed
-
What GDPR tells about certification Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-08-12 Eric Lachaud
The EU lawmaker has introduced several certification models in the GDPR. A first model entitles accredited private certification bodies to design and manage certification schemes under the close monitoring of the supervisory authorities. Another model gives to the supervisory authorities the opportunity to design and manage their own schemes. The EU lawmaker has also left the door open to the establishment
-
Investigating the dynamics of illegal online activity: The power of reporting, dark web, and related legislation Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-07-28 Emmanouela Kokolaki; Evangelia Daskalaki; Katerina Psaroudaki; Meltini Christodoulaki; Paraskevi Fragopoulou
This paper aims to shed light into the operation of SafeLine, the only Greek Hotline for illegal online content, and its seventeen years of successful operation as a member of INHOPE, the International Association of Internet Hotlines. The operation of SafeLine is introduced and an analysis of the received reports during its operation is attempted, in order to reveal hidden trends over the seventeen
-
A vulnerability analysis: Theorising the impact of artificial intelligence decision-making processes on individuals, society and human diversity from a social justice perspective Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-07-27 Tetyana (Tanya) Krupiy
The article examines a number of ways in which the use of artificial intelligence technologies to predict the performance of individuals and to reach decisions concerning the entitlement of individuals to positive decisions impacts individuals and society. It analyses the effects using a social justice lens. Particular attention is paid to the experiences of individuals who have historically experienced
-
Options towards a global standard for the protection of individuals with regard to the processing of personal data Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-07-22 Christian Pauletto
Purpose States have adopted a number of international instrument dedicated in full or in part to privacy and data protection, at multilateral or regional levels, in binding or non-binding form. This article discusses the potential and context of the emergence of a possible global standard on data protection focusing on the 1981 Council of Europe Convention for the Protection of Individuals with Regard
-
Disclosure, Exposure and the ʻRight to be Forgottenʼ after Google Spain: Interrogating Google Search's webmaster, end user and Lumen notification practices Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-07-15 David Erdos
This article argues that Google's essentially blanket and unsafeguarded dissemination to webmasters of URLs delisted under the Google Spain judgment disclosures claimants’ personal data, cannot be justified either on the purported basis of their consent or a legal requirement but instead seriously infringes European data protection standards. Such disclosure would only be compatible with the initially
-
Use of artificial intelligence by tax administrations: An analysis regarding taxpayers’ rights in Latin American countries Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-07-04 Antonio Faúndez-Ugalde; Rafael Mellado-Silva; Eduardo Aldunate-Lizana
In this paper, we analyze taxpayers’ rights to have access to artificial intelligence algorithms and formulas that have been used by tax administrations in Latin America. We consider two applications of artificial intelligence: in the characterization of taxpayers’ risk and the robotization of tax audit actions. Very little has been described in the literature on how these technologies coexist with
-
CLOUD act agreements from an EU perspective Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-07-04 Marcin Rojszczak
For many years, transatlantic cooperation between the EU and the US in the area of personal data exchange has been a subject of special interest on the part of lawmakers, courts – including supranational ones – NGOs and the public. When implementing recent reform of data protection law, the European Union decided to further strengthen guarantees of the protection of privacy in cyberspace. At the same
-
Data protection, scientific research, and the role of information Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-06-25 Rossana Ducato
This paper aims to critically assess the information duties set out in the General Data Protection Regulation (GDPR) and national adaptations when the purpose of processing is scientific research. Due to the peculiarities of the legal regime applicable to the research context information about the processing plays a crucial role for data subjects. However, the analysis points out that the information
-
Utilising AI in the legal assistance sector—Testing a role for legal information institutes Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-06-13 Andrew Mowbray; Philip Chung; Graham Greenleaf
The use of artificial intelligence (AI) in law has again become of great interest to lawyers and government. Legal Information Institutes (LIIs) have played a significant role in the provision of legal information via the web. The concept of ‘free access to law’ is not static, and the evolution of its principles now requires a response from providers of free access to legal information (‘a LII response’)
-
Information asymmetries: recognizing the limits of the GDPR on the data-driven market Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-06-10 Peter J. van de Waerdt
Online search engines, social media platforms, and targeted advertising services often employ a “data-driven” business model based on the large-scale collection, analysis, and monetization of personal data. When providing such services significant information asymmetries arise: data-driven companies collect much more personal data than the consumer knows or can reasonably oversee, and data-driven companies
-
LinkedLegal: Investigating social media as evidence in courtrooms Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-06-10 Lynne Graves; William Bradley Glisson; Kim-Kwang Raymond Choo
The pervasive nature of social media suggests it would increasingly appear as evidence in the courtroom as it has increasingly documented daily life. This research examines the use of such evidence through the review of appellate judgments. It has identified 5,189 appeal cases in federal and state jurisdictions for the period from 1 October 2000 to 30 September 2017. California was used for the state
-
Legal Remedies For a Forgiving Society: Children's rights, data protection rights and the value of forgiveness in AI-mediated risk profiling of children by Dutch authorities Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-06-06 Dr. Karolina La Fors
30 years after the United Nations Convention on the Right of the Child (CRC) and two years after the new EU data protection regime, the social value of forgiveness is not part of these legal instruments. The lack of this value within these legal instruments and the lack of research on the subject of forgiveness in relation to improving the legal position of children require urgent addressing especially
-
Googled justice: an examination of the citation of Internet sources in judicial opinions in Uganda Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-06-05 Solomon Rukundo
Search engines like Google have made it incredibly easy to access vast amounts of information with little effort. Many lawyers now prefer to go online for their legal research. Lawyers are citing online sources to establish legal and factual positions in their submission briefs to court and, in turn, judges are citing them in their opinions. Judges are also conducting online research to better understand
-
Scope of jurisdiction online and the importance of messaging – lessons from Australia and the EU Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-06-03 Professor Dan Jerker B. Svantesson
Where a court makes an order, for example, requiring an Internet platform to block or remove content, it has several options. The order can be limited to content displayed locally, it can apply to that content globally, or something in-between. This – the matter of ‘scope of jurisdiction’ – is gaining increasing attention and was the central issue in two recent decisions by the Court of Justice of
-
It's all linked: How communication to the public affects internet architecture Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-05-19 Giancarlo Frosio
The architecture of the Internet is changing. A novel expansive construction of communication and making available to the public has been shaking the Internet ecosystem. It reaches into basic online activities, such as linking. Departing from well-established international approaches, the Court of Justice of the European Union (CJEU) has recently decided a multitude of cases that redesigned the notion
-
Vulnerable data subjects Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-05-14 Gianclaudio Malgieri; Jędrzej Niklas
Discussion about vulnerable individuals and communities spread from research ethics to consumer law and human rights. According to many theoreticians and practitioners, the framework of vulnerability allows formulating an alternative language to articulate problems of inequality, power imbalances and social injustice. Building on this conceptualisation, we try to understand the role and potentiality
-
CSLR - EU Update - April 2020 Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-05-14 Imogen Palmer; Kit Burden
Relevant DLA Piper articles published since the previous submission in February
-
The genomic data deficit: On the need to inform research subjects of the informational content of their genomic sequence data in consent for genomic research Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-05-12 Dara Hallinan
Research subject consent plays a significant role in the legitimation of genomic research in Europe – both ethically and legally. One key criterion for any consent to be legitimate is that the research subject is ‘informed’. This criterion implies that the research subject is given all relevant information to allow them to decide whether engaging with a genomic research infrastructure or project would
-
How far can Convention 108+ ‘globalise’? Prospects for Asian accessions Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-05-12 Graham Greenleaf
The ‘globalisation’ of Council of Europe data protection Convention 108 through non-European accessions has continued steadily, with eight such accessions since the first in 2013. The ‘modernisation’ of the Convention was completed on 10 October 2018 when the amending protocol for the new ‘Convention 108+’ became open for signature. Any new countries from outside Europe wishing to accede will have
-
Privacy and security by design: Comparing the EU and Israeli approaches to embedding privacy and security Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-04-28 Eldar Haber; Aurelia Tamò-Larrieux
Policymakers in the European Union and Israel are searching for regulatory strategies on how to best protect their citizens informational privacy. More recently, the focus has shifted towards Privacy and Security by Design as a mean to address current privacy concerns. While Privacy and Security by Design in itself is not a new idea, its implementation has taken new forms within the General Data Protection
-
Building up the “Accountable Ulysses” model. The impact of GDPR and national implementations, ethics, and health-data research: Comparative remarks Comput. Law Secur. Rev. (IF 1.849) Pub Date : 2020-04-26 Denise Amram
The paper illustrates obligations emerging under articles 9 and 89 of the EU Reg. 2016/679 (General Data Protection Regulation, hereinafter “GDPR”) within the health-related data processing for research purposes. Furthermore, through a comparative analysis of the national implementations of the GDPR on the topic, the paper highlights few practical issues that the researcher might deal with while accomplishing
Contents have been reproduced by permission of the publishers.