The ongoing developments of artificial intelligence have made the self-driving car industry enter the phase of extensive road testing in recent years. However, in China, research on self-driving car legislation is basically nonexistent. This paper focuses on comprehensively analyzing the self-driving car legislation and testing process based on the latest provisions in both China and the United States

A series of recent developments highlight the increasingly important role of online platforms in impacting data privacy in today's digital economy. Revelations and parliamentary hearings about privacy violations in Facebook's app and service partner ecosystem, EU Court of Justice judgments on joint responsibility of platforms and platform users, and the rise of smartphone app ecosystems where app behaviour

This article aims to analyse the liability of Internet intermediaries in India for hosting defamatory content. In the absence of any statutory law relating to online defamation, the courts in India have had to rely upon comparable developments in the United Kingdom to define the contours of liability of the intermediaries for facilitating the publication of defamatory content on the Internet. However

The process of commencing services based on 5G technology has begun. One condition for starting up 5G technology is the distribution of the frequencies required for the provision of those services. For the first time in the process of making frequencies available, requirements have arisen pertaining to the security of the infrastructure necessary for the provision of those services. In the EU, recommendations

Antitrust enforcement and competition policy in the digital economy is high on the agenda of authorities and policymakers. The distinctive features of digital markets and the strategic role played by large platforms apparently require a rethinking of the antitrust regime. Several reform proposals point to the need to integrate the antitrust toolkit with ex ante measures since there is a risk that ex

Machines have moved from supporting decision-making processes of humans to making decisions for humans. This shift has been accompanied by concerns regarding the impact of decisions made by algorithms on individuals and society. Unsurprisingly, the delegation of important decisions to machines has therefore triggered a debate on how to regulate the automated decision-making practices. In Europe, policymakers

Against the common perception of data protection as a road-block, we demonstrate that the GDPR can work as a research enabler. This study demonstrates that European data protection law's regulatory pillars, the first related to the protection of the fundamental right to data protection and the second regarding the promotion of the free flow of personal data, result into an architecture of layered data

Blockchain technology allows virtual disintermediation and automatization of property transactions, which might help to design future platforms, intended to facilitate cross-border transactions within the EU and worldwide. To this end, users of these blockchain-based platforms may create the so-called “digital tokens” or “colored coins” that aim to represent rights over different types of “real world”

The paper examines how the EU General Data Protection Regulation (GDPR) is applied to the development of AI products and services, drawing attention to the differences between academic and commercial research. The GDPR aims to encourage innovation by providing several exemptions from its strict rules for scientific research. Still, the GDPR defines scientific research in a broad manner, which includes

This article examines the intersection of the GDPR and selected due process requirements in the context of automated administrative decision-making. It finds that the safeguards for decisions based solely on automated data processing provided by the GDPR coincide with or serve a comparable function to traditional administrative due process elements such as the duty to give reasons, the duty of care

On 6 October 2020, the Grand Chamber of the European Court of Justice rendered two landmark judgments in Privacy International, La Quadrature du Net and Others, French Data Network and Others as well as Ordre des barreaux francophones et germanophone and Others. The Grand Chamber confirmed that EU law precludes national legislation which requires a provider of electronic communications services to

This article considers the purchasing of hacking technology by governments and the role of government procurement processes in regulating the hacking market and reducing risks to the buyer. While the proliferation of hacking technology for government actors has led to various proposed solutions for accountability, little consideration has been given to public purchasing of this technology. This article

The concept of “Critical Infrastructures” is constantly evolving in order to reflect current concerns and to respond to new challenges, especially in terms of (cyber)security and resilience. Protection of critical infrastructures against numerous threats has therefore developed into a high priority at national and EU level. During the last two decades a new type of threat has prevailed in the Critical

This paper addresses the interplay between robots, cybersecurity, and safety from a European legal perspective, a topic under-explored by current technical and legal literature. The legal framework, together with technical standards, is a necessary parameter for the production and deployment of robots. However, European law does not regulate robots as such, and there exist multiple and overlapping

Whilst the legal debate concerning automated decision-making has been focused mainly on whether a ‘right to explanation’ exists in the GDPR, the emergence of ‘explainable Artificial Intelligence’ (XAI) has produced taxonomies for the explanation of Artificial Intelligence (AI) systems. However, various researchers have warned that transparency of the algorithmic processes in itself is not enough. Better

The Internet remains the odd child of international law. While forever more universal law venues such as conferences, edited volumes or research projects consider “the Internet” a peculiar, interesting aspect of its well-recognized disciplines, international scholarship fails to address the global network as a whole, stalling the application of the fully developed and well-suited international law

With the increase in automation of vehicles and the rise of driver monitoring systems in those vehicles, data protection becomes more relevant for the automotive sector. Monitoring systems could contribute to road safety by, for instance, warning the driver if he is dozing off. However, keeping such a close eye on the user of the vehicle has legal implications. Within the European Union, the data gathered

Smart Devices ‘cross the streams’ of both the physical and virtual worlds and can benefit their users greatly as well as society in general. However, with the growth in popularity of these devices, there is a corresponding growth in risks, both to the user and to the internet at large. This paper outlines the scope of threats which are posed by the hacking of Smart Devices and how these risks can now

Notwithstanding suggestions that the concrete treatment of legal and deceased person data during European data protection's development has been broadly comparable, this article finds that stark divergences are in fact apparent. Justification for the inclusion of both categories has rested on a claimed linkage to living natural person interests. However, despite early fusion, legal persons have been

The article deals with the legislative amendments that have been recently adopted in the Russian Federation, the so-called ‘Yarovaya’ law, the ‘fake news’ law and the ‘disrespect’ law. It explains the essence and problems of implementation of the above-mentioned legal instruments and assesses them from the human rights angle. It is established that the rather complex laws under analysis pose significant

When the word 'ethical' becomes synonymous with specious, you know that something is amiss. With each data governance scandal, with each creation of a corporate 'ethics board', 'ethical standards' seemingly lose a few more feathers, to the point of generating instant suspicion when invoked in any official report. We argue that a key challenge in this regard is to more precisely define the ethics-regulation

There has been an increase in the collection and use of Passenger Name Record (PNR) data for security purposes globally. Though academic analysis of this trend has remained focused largely on the North American and European context, the Government of South Africa has been using PNRs since 2014 for security purposes. South Africa was the first country on the African continent to implement such a regime

Strong encryption can prevent anybody from accessing user data, including the technology companies responsible for its implementation. As strong encryption technology has become increasingly prevalent, law enforcement agencies have sought legislation to secure continued lawful access to the data affected. Following analysis of the encryption debates in the United States and the United Kingdom, this

The Council of Europe has modernized its Convention 108 for the protection of individuals with regard to automatic processing of personal data: in 2018 it adopted Convention 108+. The modernised version of Convention 108 seeks to respond to the challenges posed, in terms of human rights, by the use of new information and communication technologies. This article presents a detailed analysis of this

This paper attempts to outline how the General Data Protection Regulation might be positive not only for consumers and societal well-being but also for innovation in the digital age. Situated within the highly charged debate regarding the impact of regulations on innovation, this paper examines the General Data Protection Regulation in light of the theoretical facets underpinning the contexts in which

The assessment of tying and bundling practices under Art. 102 TFEU in the case of online platforms will require adjusting current practice to correspond to their technical complexity and multi sided nature. Although the current framework may appear suitable to deal with this kind of abuses, The recent cases against Google show that there is still much uncertainty in practice. Therefore this article

China established the world's first Internet court in Hangzhou in August 2017. Subsequently in 2018 Internet courts in Beijing and Guangzhou were established respectively. With the official establishment of these three Internet courts, China's electronic litigation advanced to a new stage.. Internet courts offer many advantages, and this innovative adjudication model has earned widespread approval

The Council of Europe Convention on Cybercrime,1 referred to as the Budapest Convention on Cybercrime, has been diffused globally, and is serving as a benchmark or a ‘model law’ for drafting national cybercrime legislation in many countries worldwide. This paper argues that, through the mechanism of ‘state socialization’ combined with incentives, e.g. assistance in building law enforcement capacity

Prior research found that the Chinese patent system is more pro-patentee than once believed. Patent owners performed much better in both infringement lawsuits and post-grant validity reviews in China than in many other countries, such as the United States and Germany. Also, after a finding of infringement, Chinese courts were quite lenient with regard to permanent injunctions. All these pro-patentee

Legal professionals increasingly rely on digital technologies when they provide legal services. The most advanced technologies such as artificial intelligence (AI) promise great advancements of legal services, but lawyers are traditionally not educated in the field of digital technology and thus cannot fully unlock the potential of such technologies in their practice. In this paper, we identify five

In this paper we study the disclosure of cybersecurity information in Dutch annual reports, such as cybersecurity measures and cyber incidents, from a financial law and economics perspective. We start our discussion with an analysis of the requirements in financial law to disclose cybersecurity information in annual reports. Hereafter, we discuss the incentives for the board regarding disclosing cybersecurity

The paper discusses the interpretation of the rule of prevalence of Article 1 (7) NIS Directive, which has not been the subject of any academic debate so far. Article 1 (7) NIS Directive organises the interface between the NIS Directive regime and other European Union sector-specific legislations imposing (cyber)security obligations, by laying down the conditions according to which such obligations

The deployment of pervasive information and communication technologies (ICTs) within smart city initiatives transforms cities into extraordinary apparatuses of data capture. ICTs such as smart cameras, sound sensors and lighting technology are trying to infer and affect persons’ interests, preferences, emotional states, and behaviour. It should be no surprise then that contemporary legal and policy

This article assesses some aspects of innovative developments in the deployment of electronic communications networks in the European Union: software defined networks (SDN) and network functional virtualization (NFV). The overall research for this article focuses on the re-regulation of the 2018 European Electronic Communications Code (EECC), and the 2018 Body of European Regulators for Electronic

This Article seeks to map the possible paths of the development of China's data protection law by examining the changing power relations among three major actors - the State, digital enterprises and the public in the context of China's booming data-driven economy. We argue that focusing on different core values, these three major actors are the key driving forces shaping China's data protection regime

On 19 November 2019 the Council of Europe hosted an international conference, immediately preceding the annual plenary meeting of its Committee of Convention 108, on “Convention 108+ and the future data protection global standard”. One of the authors made a presentation on “Comparing the EU and Council of Europe approach to Big Data”, and it is its contents and findings that are further elaborated

While GDPR has been described as the new gold standard for data protection, Convention 108 may represent the potential global standard in this field. The recent progressive expansion of the Council of Europe's model and the modernised version of the Convention have revitalised its role in the global context. In a multipolar world of different regulatory approaches where data protection legislation

In this comment, we address the apparent exclusivity and paternalism of goal and standard setting for explainable AI and its implications for the public governance of AI. We argue that the widening use of AI decision-making, including the development of autonomous systems, not only poses widely-discussed risks for human autonomy in itself, but is also the subject of a standard-setting process that

The financial assets that are subject to major EU financial legislation (i.e. (designated types of) financial instruments) have traditionally been defined in a largely exemplary and circular manner. The recent proliferation of ‘non-traditional’ financial assets, such as cryptocurrencies and stablecoins, is increasingly challenging the viability of these pragmatic financial asset definitions. Through

In this paper we introduce the concept of ‘reviewability' as an alternative approach to improving the accountability of automated decision-making that involves machine learning systems. In doing so, we draw on an understanding of automated decision-making as a socio-technical process, involving both human (organisational) and technical components, beginning before a decision is made and extending beyond

China is experiencing a phenomenal expansion of platform economy fuelled by the advancement of information and communication technologies. It has become a global frontrunner in many sectors, including commerce, finance, and entertainment. A comprehensive law and policy narrative, however, is largely absent from English academic literature. This paper seeks to fill this gap by analysing the dynamic

On 16 July 2020, the Grand Chamber of the European Court of Justice rendered its landmark judgment in Case C-311/18 Data Protection Commissioner v. Facebook Ireland Ltd and Maximillian Schrems (“Schrems II”). The Grand Chamber invalidated the Commission decision on the adequacy of the data protection provided by the EU-US Privacy Shield. It however considered that the decision of the Commission on

This article examines the human dignity defined in Convention 108+ and, from a Japanese perspective, explores the possibility of a universal philosophy of data protection. The recent human resources scandal (the Rikunabi case) in Japan has made stakeholders to realise the importance of the basic philosophy of data protection. Convention 108+ declared ‘human dignity’ to prohibit an instrumental treatment

This article considers various factors that will shape the potential effect of the Council of Europe's modernised Convention on data protection (Convention 108+) on non-European states’ regulatory policy. It does so by elucidating the logic and mechanics of this effect in light of the ‘Brussels Effect’ that is commonly attributed, in part, to EU data protection law. The central arguments advanced in

Considerations of the nature of explanation and the law are brought together to argue that computed accounts of AI systems’ outputs cannot function on their own as explanations of decisions informed by AI. The important context for this inquiry is set by Article 22(3) of GDPR. The paper looks at the question of what an explanation is from the point of view of the philosophy of science – i.e. it asks

The right to access the courts is a basic human right in civilised societies, but the current legal system is unfriendly and often unaffordable for the victims of e-commerce disputes and copyright infringements seeking access to justice. Therefore, how to design a judicial system that is more accessible for the aforementioned victims has become a critical legal point of contention in the digital economy

The ongoing substitution of human decision makers by automated decision-making (ADM) systems in a whole range of areas raises the question of whether and, if so, under which conditions ADM is acceptable and fair. So far, this debate has been primarily led by academics, civil society, technology developers and members of the expert groups tasked to develop ethical guidelines for ADM. Ultimately, however

The US and China are two typical models that present legal tech trends that are common world over. In China, robust regional models of intelligent judicial systems have emerged alongside some common applications that include the same-type case referencing, automated sentencing decision, uniform standards of evidence, and judges’ data profiling systems. In the US, legal tech refers to artificial intelligence

Upon receipt of a right to be forgotten request, private actors like Google are responsible for implementing the balancing test between competing rights of privacy and data protection and free expression and access to information. This amounts to private jurisprudence that data subjects, lawyers, and interested parties could, theoretically, game to their advantage. This paper critiques this process

Recent advancements in human-computer interaction, machine learning and in artificial intelligence hold the potential to influence both the curriculum and the pedagogy of school children. While the impacts of new technologies remain uncertain, ongoing research and innovation projects are already developing and testing such technologies in schools. This article builds on the experience of the authors

Inconsistency between the way in which the law is structured, and the way in which technologies actually operate is always an interesting and useful topic to explore. When a law conflicts with a business model, the solution will often be changing the business model. However, when the law comes into conflict with the architecture of hardware and software, it is less clear how the problem will be managed

The EU lawmaker has introduced several certification models in the GDPR. A first model entitles accredited private certification bodies to design and manage certification schemes under the close monitoring of the supervisory authorities. Another model gives to the supervisory authorities the opportunity to design and manage their own schemes. The EU lawmaker has also left the door open to the establishment

This paper aims to shed light into the operation of SafeLine, the only Greek Hotline for illegal online content, and its seventeen years of successful operation as a member of INHOPE, the International Association of Internet Hotlines. The operation of SafeLine is introduced and an analysis of the received reports during its operation is attempted, in order to reveal hidden trends over the seventeen

The article examines a number of ways in which the use of artificial intelligence technologies to predict the performance of individuals and to reach decisions concerning the entitlement of individuals to positive decisions impacts individuals and society. It analyses the effects using a social justice lens. Particular attention is paid to the experiences of individuals who have historically experienced

Purpose States have adopted a number of international instrument dedicated in full or in part to privacy and data protection, at multilateral or regional levels, in binding or non-binding form. This article discusses the potential and context of the emergence of a possible global standard on data protection focusing on the 1981 Council of Europe Convention for the Protection of Individuals with Regard

This article argues that Google's essentially blanket and unsafeguarded dissemination to webmasters of URLs delisted under the Google Spain judgment disclosures claimants’ personal data, cannot be justified either on the purported basis of their consent or a legal requirement but instead seriously infringes European data protection standards. Such disclosure would only be compatible with the initially

In this paper, we analyze taxpayers’ rights to have access to artificial intelligence algorithms and formulas that have been used by tax administrations in Latin America. We consider two applications of artificial intelligence: in the characterization of taxpayers’ risk and the robotization of tax audit actions. Very little has been described in the literature on how these technologies coexist with

For many years, transatlantic cooperation between the EU and the US in the area of personal data exchange has been a subject of special interest on the part of lawmakers, courts – including supranational ones – NGOs and the public. When implementing recent reform of data protection law, the European Union decided to further strengthen guarantees of the protection of privacy in cyberspace. At the same

This paper aims to critically assess the information duties set out in the General Data Protection Regulation (GDPR) and national adaptations when the purpose of processing is scientific research. Due to the peculiarities of the legal regime applicable to the research context information about the processing plays a crucial role for data subjects. However, the analysis points out that the information

The use of artificial intelligence (AI) in law has again become of great interest to lawyers and government. Legal Information Institutes (LIIs) have played a significant role in the provision of legal information via the web. The concept of ‘free access to law’ is not static, and the evolution of its principles now requires a response from providers of free access to legal information (‘a LII response’)