Computer Law & Security Review最新文献_第3页

False choices: Competitiveness, deregulation, and the erosion of GDPR’s regulatory integrity 错误的选择：竞争力、放松管制和GDPR监管完整性的侵蚀

IF 3.2 3区社会学 Q1 LAW

Computer Law & Security Review

Pub Date : 2026-04-01 Epub Date: 2025-12-03 DOI: 10.1016/j.clsr.2025.106237

Itxaso Domínguez de Olazábal

In the name of competitiveness, the European Union (EU) is witnessing a political push to dilute its cornerstone digital regulation: the General Data Protection Regulation (GDPR). This opinion piece critically examines the emerging narrative that regulatory effectiveness must be traded off against innovation, agility, and economic growth. It challenges the assumption that the GDPR poses an inherent barrier to a ‘competitive digital EU’ and scrutinises how ongoing deregulation efforts - framed as simplification - undermine both the normative foundations and the enforceability of the Regulation. Drawing on recent legislative initiatives (including the so-called IVth Omnibus Proposal, with a brief reference to the so-called ‘Digital Omnibus’), the article argues that competitiveness has become a rhetorical device for shifting the regulatory Overton window. It contends that the real barriers to effectiveness lie not in the GDPR’s design but in uneven enforcement, institutional under-resourcing, and the failure to challenge extractive business models. Rather than weakening existing rules, the EU’s digital competitiveness would be better served by safeguarding the GDPR’s rights-based approach and by treating regulatory integrity and fundamental rights as the preconditions for a sustainable and just digital future.

在竞争力的名义下，欧盟（EU）正在见证一场政治推动，以淡化其基石数字监管：《通用数据保护条例》（GDPR）。这篇评论文章批判性地审视了一种新兴的说法，即监管有效性必须与创新、敏捷性和经济增长相权衡。它挑战了GDPR对“竞争性数字欧盟”构成固有障碍的假设，并仔细审查了正在进行的放松管制努力（框架为简化）如何破坏了规范基础和法规的可执行性。根据最近的立法举措（包括所谓的“第四综合提案”，其中简要提到了所谓的“数字综合提案”），文章认为竞争力已经成为改变监管奥弗顿窗口的修辞手段。它认为，影响有效性的真正障碍不在于GDPR的设计，而在于执行不平衡、机构资源不足以及未能挑战采掘商业模式。维护GDPR基于权利的方法，并将监管诚信和基本权利视为可持续和公正的数字未来的先决条件，将更好地服务于欧盟的数字竞争力，而不是削弱现有规则。

{"title":"False choices: Competitiveness, deregulation, and the erosion of GDPR’s regulatory integrity","authors":"Itxaso Domínguez de Olazábal","doi":"10.1016/j.clsr.2025.106237","DOIUrl":"10.1016/j.clsr.2025.106237","url":null,"abstract":"<div><div>In the name of competitiveness, the European Union (EU) is witnessing a political push to dilute its cornerstone digital regulation: the General Data Protection Regulation (GDPR). This opinion piece critically examines the emerging narrative that regulatory effectiveness must be traded off against innovation, agility, and economic growth. It challenges the assumption that the GDPR poses an inherent barrier to a ‘competitive digital EU’ and scrutinises how ongoing deregulation efforts - framed as simplification - undermine both the normative foundations and the enforceability of the Regulation. Drawing on recent legislative initiatives (including the so-called IVth Omnibus Proposal, with a brief reference to the so-called ‘Digital Omnibus’), the article argues that competitiveness has become a rhetorical device for shifting the regulatory Overton window. It contends that the real barriers to effectiveness lie not in the GDPR’s design but in uneven enforcement, institutional under-resourcing, and the failure to challenge extractive business models. Rather than weakening existing rules, the EU’s digital competitiveness would be better served by safeguarding the GDPR’s rights-based approach and by treating regulatory integrity and fundamental rights as the preconditions for a sustainable and just digital future.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"60 ","pages":"Article 106237"},"PeriodicalIF":3.2,"publicationDate":"2026-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145685493","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Integration of statutory norms in computable contracts 可计算合同中法定规范的整合

IF 3.2 3区社会学 Q1 LAW

Computer Law & Security Review

Pub Date : 2026-04-01 Epub Date: 2025-12-01 DOI: 10.1016/j.clsr.2025.106223

Cosimo Laneve , Alessandro Parenti , Giovanni Sartor

Legal contracts are governed not only by their explicit terms but also by statutory norms, a principle recognized across legal systems. As contracts become computable and executable as code, ensuring compliance with these norms becomes critical. This paper introduces a method for integrating legislative provisions into computable contracts using the Stipula language, via a novel import construct. We distinguish between mandatory and default imports to model imperative and optional legal norms, respectively, and define a mechanism to enforce the priorities between these norms and contract’s provisions. This approach supports the automated creation of legally compliant contracts and lays the foundation for a broader framework aimed at enhancing the effectiveness of consumer rights through programmable legal tools.

法律合同不仅受其明确条款的约束，还受法定规范的约束，这是各法律体系公认的原则。随着合约变成可计算和可执行的代码，确保遵守这些规范变得至关重要。本文介绍了一种利用托托语言，通过一种新颖的导入结构，将立法规定整合到可计算合同中的方法。我们分别区分强制导入和默认导入，以模拟强制导入和可选导入的法律规范，并定义一种机制来强制执行这些规范和合同条款之间的优先级。这种方法支持自动创建符合法律规定的合同，并为旨在通过可编程法律工具提高消费者权利有效性的更广泛框架奠定基础。

引用次数: 0

Bridging the Great Wall: China’s Evolving Cross-Border Data Flow Policies and Implications for Global Data Governance 跨越长城：中国不断演变的跨境数据流政策及其对全球数据治理的影响

IF 3.2 3区社会学 Q1 LAW

Computer Law & Security Review

Pub Date : 2025-11-01 Epub Date: 2025-09-25 DOI: 10.1016/j.clsr.2025.106208

Sheng Zhang , Henry Gao

Despite the rapid expansion of the digital economy, the global regulatory framework for data flows remains fragmented, with countries adopting divergent approaches shaped by their own regulatory priorities. As a key player in the Internet economy, China’s approach to cross-border data flows (CBDF) not only defines its domestic digital landscape but also influences emerging global norms. This paper takes a comprehensive view of the evolution of China’s CBDF regime, examining its development through both domestic and international lenses. Domestically, China’s regulation of CBDF has evolved from a security-first approach to one that seeks to balance security with economic development. This paper examines the economic, political, and international drivers behind this shift. This paper also compares the approaches of China and the United States to CBDF, in light of the recent tightening of US restrictions, from both technical and geopolitical perspectives. At the technical level, recent policy trends in both countries reveal notable similarities. At the geopolitical level, however, the divergence between the two frameworks is not only significant but continues to widen. The paper concludes by examining the broader implications for global data governance and offering recommendations to bridge digital divides and promote a more inclusive international framework.

尽管数字经济迅速扩张，但全球数据流监管框架仍然支离破碎，各国根据自己的监管重点采取了不同的方法。作为互联网经济的关键参与者，中国对跨境数据流（CBDF）的处理方式不仅决定了其国内的数字格局，也影响着新兴的全球规范。本文全面考察了中国CBDF制度的演变，从国内和国际两个角度考察了其发展。在国内，中国对CBDF的监管已经从安全第一的方式演变为寻求安全与经济发展之间的平衡。本文考察了这一转变背后的经济、政治和国际驱动因素。鉴于美国最近收紧了对CBDF的限制，本文还从技术和地缘政治的角度比较了中国和美国对CBDF的做法。在技术层面，两国最近的政策趋势显示出显著的相似之处。然而，在地缘政治层面，这两个框架之间的分歧不仅很大，而且还在继续扩大。最后，本文考察了全球数据治理的更广泛影响，并为弥合数字鸿沟和促进更具包容性的国际框架提出了建议。

{"title":"Bridging the Great Wall: China’s Evolving Cross-Border Data Flow Policies and Implications for Global Data Governance","authors":"Sheng Zhang , Henry Gao","doi":"10.1016/j.clsr.2025.106208","DOIUrl":"10.1016/j.clsr.2025.106208","url":null,"abstract":"<div><div>Despite the rapid expansion of the digital economy, the global regulatory framework for data flows remains fragmented, with countries adopting divergent approaches shaped by their own regulatory priorities. As a key player in the Internet economy, China’s approach to cross-border data flows (CBDF) not only defines its domestic digital landscape but also influences emerging global norms. This paper takes a comprehensive view of the evolution of China’s CBDF regime, examining its development through both domestic and international lenses. Domestically, China’s regulation of CBDF has evolved from a security-first approach to one that seeks to balance security with economic development. This paper examines the economic, political, and international drivers behind this shift. This paper also compares the approaches of China and the United States to CBDF, in light of the recent tightening of US restrictions, from both technical and geopolitical perspectives. At the technical level, recent policy trends in both countries reveal notable similarities. At the geopolitical level, however, the divergence between the two frameworks is not only significant but continues to widen. The paper concludes by examining the broader implications for global data governance and offering recommendations to bridge digital divides and promote a more inclusive international framework.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106208"},"PeriodicalIF":3.2,"publicationDate":"2025-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145158697","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

The digital prior restraint: Applying human rights safeguards to upload filters in the EU 数字先行约束：在欧盟应用人权保障上传过滤器

IF 3.2 3区社会学 Q1 LAW

Computer Law & Security Review

Pub Date : 2025-11-01 Epub Date: 2025-10-08 DOI: 10.1016/j.clsr.2025.106219

Emmanuel Vargas Penagos

This article examines the human rights standards relevant to the use of upload filters for content moderation within EU secondary legislation. Upload filters, which automatically screen user-generated content before publication, are a type of prior restraint, which raises critical concerns on freedom of expression. EU secondary legislation establishes rules for both mandatory and voluntary use of these technologies, which must be read in light of human rights protections. This article analyses the characteristics of both mandatory and voluntary upload filters as prior restraints, the relevant EU legal provisions governing their use, and the safeguards required to prevent disproportionate restrictions on speech. Additionally, it explores the procedural and institutional safeguards under EU law, viewed through the lens of the CJEU and ECtHR case law on prior restraints and the rights to a fair trial and to an effective remedy.

本文考察了与在欧盟二级立法中使用上传过滤器进行内容审核相关的人权标准。上传过滤器在发布之前自动筛选用户生成的内容，这是一种预先限制，引发了对言论自由的严重担忧。欧盟二级立法为这些技术的强制性和自愿性使用制定了规则，必须从人权保护的角度来解读。本文分析了强制上传过滤器和自愿上传过滤器作为事先限制的特点，管理其使用的相关欧盟法律规定，以及防止对言论的不成比例限制所需的保障措施。此外，它还通过欧洲法院和欧洲人权法院判例法关于事先限制和公平审判和有效补救权利的视角，探讨了欧盟法律下的程序和体制保障。

引用次数: 0

Enhancing access to justice for land and property disputes through online dispute resolution and artificial intelligence 通过网络纠纷解决和人工智能，加强土地和财产纠纷的司法救助

IF 3.2 3区社会学 Q1 LAW

Computer Law & Security Review

Pub Date : 2025-11-01 Epub Date: 2025-09-10 DOI: 10.1016/j.clsr.2025.106194

Fahimeh Abedi, Abbas Rajabifard, Davood Shojaei

Land, as a fundamental resource, holds immense importance in meeting human needs and driving economic prosperity, but often becomes a focal point for disputes. Resolving these disputes poses challenges stemming from inadequate laws, complexities in land administration systems and limited judicial capacity. Recognising the importance of strong legal rights and efficient dispute resolution in fostering economic development, this paper explores the role of technology, specifically Online Dispute Resolution (ODR), in addressing land and property disputes and protecting land rights. ODR systems, have revolutionised traditional approaches to conflict resolution. ODR offers a novel and accessible method for resolving disputes, reducing costs, and eliminating the need for physical presence. The integration of Artificial Intelligence (AI) into ODR platforms further enhances these benefits by streamlining case management and improving decision-making processes. AI can analyse large volumes of data, predict outcomes, and offer insights that aid in dispute resolution. The widespread adoption of ODR platforms globally underscores its potential to enhance access to justice, while AI technologies promise to refine and expedite these systems. Through a comprehensive examination, this paper explores into the intricate landscape of land and property disputes, emphasising the significance of technology-driven solutions. The potential applications of AI-ODR in mitigating complexities associated with land disputes offer promising avenues for progress in ensuring accountable land governance, sustainable development, and the protection of human. This research aims to contribute to the ongoing discourse on advancing legal empowerment and access to justice, particularly in the area of land and property rights and disputes.

土地作为一种基础性资源，在满足人类需求和推动经济繁荣方面具有巨大的重要性，但也常常成为争议的焦点。解决这些争端带来了法律不足、土地管理制度复杂和司法能力有限等挑战。认识到强有力的法律权利和有效的争议解决对促进经济发展的重要性，本文探讨了技术，特别是在线争议解决（ODR）在解决土地和财产纠纷和保护土地权利方面的作用。ODR系统彻底改变了解决冲突的传统方法。ODR为解决纠纷、降低成本和消除实际存在的需要提供了一种新颖且易于访问的方法。将人工智能（AI）集成到ODR平台中，通过简化案例管理和改进决策流程，进一步增强了这些优势。人工智能可以分析大量数据，预测结果，并提供有助于解决争议的见解。ODR平台在全球的广泛采用凸显了其促进诉诸司法的潜力，而人工智能技术有望完善和加快这些系统。通过全面考察，本文探讨了土地和财产纠纷的复杂格局，强调了技术驱动解决方案的重要性。AI-ODR在缓解与土地纠纷相关的复杂性方面的潜在应用，为确保负责任的土地治理、可持续发展和人类保护方面取得进展提供了有希望的途径。这项研究的目的是促进正在进行的关于推进法律赋权和诉诸司法的论述，特别是在土地和财产权利和纠纷领域。

{"title":"Enhancing access to justice for land and property disputes through online dispute resolution and artificial intelligence","authors":"Fahimeh Abedi, Abbas Rajabifard, Davood Shojaei","doi":"10.1016/j.clsr.2025.106194","DOIUrl":"10.1016/j.clsr.2025.106194","url":null,"abstract":"<div><div>Land, as a fundamental resource, holds immense importance in meeting human needs and driving economic prosperity, but often becomes a focal point for disputes. Resolving these disputes poses challenges stemming from inadequate laws, complexities in land administration systems and limited judicial capacity. Recognising the importance of strong legal rights and efficient dispute resolution in fostering economic development, this paper explores the role of technology, specifically Online Dispute Resolution (ODR), in addressing land and property disputes and protecting land rights. ODR systems, have revolutionised traditional approaches to conflict resolution. ODR offers a novel and accessible method for resolving disputes, reducing costs, and eliminating the need for physical presence. The integration of Artificial Intelligence (AI) into ODR platforms further enhances these benefits by streamlining case management and improving decision-making processes. AI can analyse large volumes of data, predict outcomes, and offer insights that aid in dispute resolution. The widespread adoption of ODR platforms globally underscores its potential to enhance access to justice, while AI technologies promise to refine and expedite these systems. Through a comprehensive examination, this paper explores into the intricate landscape of land and property disputes, emphasising the significance of technology-driven solutions. The potential applications of AI-ODR in mitigating complexities associated with land disputes offer promising avenues for progress in ensuring accountable land governance, sustainable development, and the protection of human. This research aims to contribute to the ongoing discourse on advancing legal empowerment and access to justice, particularly in the area of land and property rights and disputes.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106194"},"PeriodicalIF":3.2,"publicationDate":"2025-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145027228","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Changing lenses on lenses –Function creep with public camera surveillance in the Netherlands? 镜头换镜头-荷兰公共摄像头监控的功能蠕变？

IF 3.2 3区社会学 Q1 LAW

Computer Law & Security Review

Pub Date : 2025-11-01 Epub Date: 2025-10-17 DOI: 10.1016/j.clsr.2025.106221

Nanou van Iersel , Francien Dechesne

The paper explores the notion of function creep – a gradual transformation of a data processing system’s original purpose or activities – in the context of public camera surveillance in the Netherlands. Public camera surveillance here refers to digital cameras (e.g., CCTV), possibly with artificial intelligence (AI) extension(s) (e.g., for automatic violence detection), controlled by Dutch law enforcement agencies for public safety purposes. The paper is structured around three pillars: technology, law and practice. The technology pillar highlights relevant technical characteristics of camera surveillance that afford function creep, after which the law pillar maps out legal frameworks related to (preventing) function creep (notably, the principle of purpose limitation). The final pillar, practice, draws on qualitative empirical data collected from Dutch law enforcement organizations. With this three-dimensional approach, the paper illustrates how function creep occurs, the accountability challenges it poses and potential ways of resolving them.

本文探讨了功能蠕变的概念-数据处理系统的原始目的或活动的逐渐转变-在荷兰的公共摄像头监控的背景下。这里的公共摄像头监控是指由荷兰执法机构控制的数字摄像头（例如闭路电视），可能带有人工智能（AI）扩展（例如用于自动暴力检测），用于公共安全目的。本文围绕三大支柱展开：技术、法律和实践。技术支柱强调了导致功能蔓延的摄像头监控的相关技术特征，之后，法律支柱制定了与（防止）功能蔓延相关的法律框架（特别是目的限制原则）。最后一个支柱是实践，它借鉴了从荷兰执法组织收集的定性经验数据。通过这种三维的方法，本文说明了功能蠕变是如何发生的，它所带来的责任挑战以及解决它们的潜在方法。

引用次数: 0

Anticipating compliance. An exploration of foresight initiatives in data protection 预期合规。数据保护前瞻性举措的探索

IF 3.2 3区社会学 Q1 LAW

Computer Law & Security Review

Pub Date : 2025-11-01 Epub Date: 2025-09-17 DOI: 10.1016/j.clsr.2025.106182

Alessandro Ortalda , Stefano Leucci , Gabriele Rizzo

The pace of technological progress has been increasing in recent years. As novel technologies arise or existing ones further develop, it becomes increasingly challenging to balance leveraging these advancements and safeguarding personal data. By relying on firsthand accounts of professionals in the field, the paper identifies how these challenges, which appear to be applicable to data controllers and Data Protection Authorities, are substantially connected with ensuring a sound interpretation of the law through time.

The paper examines the leading foresight and anticipation techniques and explores their possible data protection applications by reviewing existing initiatives that attempt to implement foresight in the context of data protection.

Section 2 delves into the evolving regulatory landscape, emphasising the need for a foresight-based approach to tackle the complexities arising from data-intensive technologies and the changing European regulatory framework. Section 3 introduces foresight as a discipline, its history and evolution, and leading techniques. Section 4 presents practical examples of foresight in data protection, detailing initiatives by the authors and other actors in the data protection space.

In conclusion, the paper underscores the initial consensus on the benefits of anticipatory approaches in addressing current data protection challenges. Anticipation techniques, as a flexible concept, can be tailored to meet the needs of various stakeholders, fostering a collaborative and practical approach to data protection. However, a gap in consolidated methodologies persists, necessitating further research to design and implement practical foresight approaches.

近年来，技术进步的步伐一直在加快。随着新技术的出现或现有技术的进一步发展，平衡这些进步和保护个人数据变得越来越具有挑战性。通过依赖该领域专业人士的第一手资料，本文确定了这些似乎适用于数据控制者和数据保护当局的挑战如何与确保对法律的合理解释实质性地联系在一起。本文考察了领先的预见和预测技术，并通过审查在数据保护背景下试图实施预见的现有举措，探索了它们可能的数据保护应用。第2部分深入研究了不断变化的监管环境，强调需要一种基于远见的方法来解决数据密集型技术和不断变化的欧洲监管框架所带来的复杂性。第三节介绍前瞻性作为一门学科，它的历史和演变，以及主要技术。第4节介绍了数据保护远见的实际例子，详细介绍了作者和其他参与者在数据保护领域的举措。总之，本文强调了在应对当前数据保护挑战时，对前瞻性方法的好处的初步共识。预测技术作为一个灵活的概念，可以根据不同利益相关者的需求进行定制，从而促进数据保护的协作和实用方法。然而，综合方法的差距仍然存在，需要进一步研究设计和实施实际的预见方法。

{"title":"Anticipating compliance. An exploration of foresight initiatives in data protection","authors":"Alessandro Ortalda , Stefano Leucci , Gabriele Rizzo","doi":"10.1016/j.clsr.2025.106182","DOIUrl":"10.1016/j.clsr.2025.106182","url":null,"abstract":"<div><div>The pace of technological progress has been increasing in recent years. As novel technologies arise or existing ones further develop, it becomes increasingly challenging to balance leveraging these advancements and safeguarding personal data. By relying on firsthand accounts of professionals in the field, the paper identifies how these challenges, which appear to be applicable to data controllers and Data Protection Authorities, are substantially connected with ensuring a sound interpretation of the law through time.</div><div>The paper examines the leading foresight and anticipation techniques and explores their possible data protection applications by reviewing existing initiatives that attempt to implement foresight in the context of data protection.</div><div>Section 2 delves into the evolving regulatory landscape, emphasising the need for a foresight-based approach to tackle the complexities arising from data-intensive technologies and the changing European regulatory framework. Section 3 introduces foresight as a discipline, its history and evolution, and leading techniques. Section 4 presents practical examples of foresight in data protection, detailing initiatives by the authors and other actors in the data protection space.</div><div>In conclusion, the paper underscores the initial consensus on the benefits of anticipatory approaches in addressing current data protection challenges. Anticipation techniques, as a flexible concept, can be tailored to meet the needs of various stakeholders, fostering a collaborative and practical approach to data protection. However, a gap in consolidated methodologies persists, necessitating further research to design and implement practical foresight approaches.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106182"},"PeriodicalIF":3.2,"publicationDate":"2025-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145106347","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Law by design obligations: The future of regulating digital technologies in Europe? 设计义务法律：欧洲数字技术监管的未来？

IF 3.2 3区社会学 Q1 LAW

Computer Law & Security Review

Pub Date : 2025-11-01 Epub Date: 2025-11-24 DOI: 10.1016/j.clsr.2025.106232

Christian Djeffal

Law by design obligations refer to a growing, dynamic approach in European technology law. This article examines this trend by establishing a definition of law by design obligations based on three key elements: their focus on the creation and development of technologies throughout the lifecycle, their aim to incorporate and achieve legal goals in these processes, and the discretion they afford in complying with such obligations. The study shows an evolving practice with legal roots in 1970s data protection. Initially focused on data protection and security, such obligations have expanded to 45 design goals in European legislation. This growth in breadth and depth indicates their increased importance, which has not been previously examined. The analysis of regulatory practice uncovers significant choices that shape how these obligations function: this includes the legal scope defining applicability through various limitations and thresholds; goals establishing how principles serve as aims with different levels of detail and potential conflicts; procedural dimensions organizing iterative processes of assessment, measures, and proportionality; collective dimensions of knowledge governance enabling learning within and across organizations; and accountability dimensions ensuring compliance through documentation, specialized roles, and enforcement mechanisms. These choices demonstrate that law by design obligations are not fixed but highly adaptable regulatory instruments. Four structural elements set law by design apart from traditional regulation. Goal orientation links the translation of legal principles into socio-technical contexts, maintaining discretion for implementation. Stretched temporality extends regulatory influence through permanence across technology lifecycles, an accelerated pace of legal response, and a proactive approach. The interdisciplinary and cross-sectoral nature of the field encourages dialogue between law and technology. Finally, knowledge governance transforms isolated compliance efforts into collective learning systems.

设计义务法是指欧洲技术法中不断发展的动态方法。本文通过建立基于三个关键要素的设计义务的法律定义来研究这一趋势：它们关注整个生命周期的技术创造和开发，它们的目标是在这些过程中合并和实现法律目标，以及它们在遵守这些义务时所提供的自由裁量权。该研究表明，20世纪70年代数据保护的法律根源是一种不断发展的实践。这些义务最初侧重于数据保护和安全，但在欧洲立法中已扩展到45个设计目标。这种广度和深度的增长表明它们的重要性日益增加，这是以前没有研究过的。对监管实践的分析揭示了影响这些义务如何发挥作用的重要选择：这包括通过各种限制和门槛定义适用性的法律范围；目标确定原则如何作为具有不同细节水平和潜在冲突的目标；组织评估、措施和比例的迭代过程的程序维度；支持组织内部和跨组织学习的知识治理的集体维度；责任维度通过文档、专门角色和执行机制确保遵从性。这些选择表明，法律设计义务不是固定的，而是适应性很强的监管工具。四个结构要素将法律设计与传统法规区分开来。目标导向将法律原则的翻译与社会技术背景联系起来，保持执行的自由裁量权。延长的临时性通过贯穿技术生命周期的持久性、加快法律响应的步伐和积极主动的方法来扩大监管的影响。该领域的跨学科和跨部门性质鼓励法律与技术之间的对话。最后，知识治理将孤立的遵从性工作转化为集体学习系统。

{"title":"Law by design obligations: The future of regulating digital technologies in Europe?","authors":"Christian Djeffal","doi":"10.1016/j.clsr.2025.106232","DOIUrl":"10.1016/j.clsr.2025.106232","url":null,"abstract":"<div><div>Law by design obligations refer to a growing, dynamic approach in European technology law. This article examines this trend by establishing a definition of law by design obligations based on three key elements: their focus on the creation and development of technologies throughout the lifecycle, their aim to incorporate and achieve legal goals in these processes, and the discretion they afford in complying with such obligations. The study shows an evolving practice with legal roots in 1970s data protection. Initially focused on data protection and security, such obligations have expanded to 45 design goals in European legislation. This growth in breadth and depth indicates their increased importance, which has not been previously examined. The analysis of regulatory practice uncovers significant choices that shape how these obligations function: this includes the legal scope defining applicability through various limitations and thresholds; goals establishing how principles serve as aims with different levels of detail and potential conflicts; procedural dimensions organizing iterative processes of assessment, measures, and proportionality; collective dimensions of knowledge governance enabling learning within and across organizations; and accountability dimensions ensuring compliance through documentation, specialized roles, and enforcement mechanisms. These choices demonstrate that law by design obligations are not fixed but highly adaptable regulatory instruments. Four structural elements set law by design apart from traditional regulation. Goal orientation links the translation of legal principles into socio-technical contexts, maintaining discretion for implementation. Stretched temporality extends regulatory influence through permanence across technology lifecycles, an accelerated pace of legal response, and a proactive approach. The interdisciplinary and cross-sectoral nature of the field encourages dialogue between law and technology. Finally, knowledge governance transforms isolated compliance efforts into collective learning systems.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106232"},"PeriodicalIF":3.2,"publicationDate":"2025-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145623492","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Proposing ELDA methodology: Ethical and Legal by Design and Assessment for cybersecurity solutions 提出ELDA方法：网络安全解决方案的设计和评估的道德和法律

IF 3.2 3区社会学 Q1 LAW

Computer Law & Security Review

Pub Date : 2025-11-01 Epub Date: 2025-10-24 DOI: 10.1016/j.clsr.2025.106220

Federica Casarosa, Giovanni Comandé, Jacopo Fortuna

The Guidelines Ethical by Design and Ethics of Use Approaches for Artificial Intelligence have provided an extensive and detailed set of indications grounded on interdisciplinary debate regarding the use of artificial intelligence. This article aims to leverage the intellectual work leading to its ethical approaches to develop a framework adapted to the specificities of cybersecurity. The overall result of this paper is to propose Ethical and Legal by Design and Assessment Guidelines (ELDA) that integrate the ethics questions and the legal questions, arguing that an ethical by design approach cannot be sustained without its big brother: legal by design. Ethics by design can be a policy direction until there is a clearly emerging legal framework. Legal by design in technological domains is often taken for granted, better “assumed as granted” by the need to be lawful. Building on these premises, this text aims to provide initial advice on both perspectives when designing, developing, deploying, or using cybersecurity solutions, regardless of the sector of application.

《人工智能设计伦理指南》和《人工智能使用方法伦理指南》提供了一套广泛而详细的指标，这些指标基于关于人工智能使用的跨学科辩论。本文旨在利用导致其伦理方法的智力工作来开发适应网络安全特殊性的框架。本文的总体结果是提出了整合伦理问题和法律问题的设计与评估准则（ELDA），认为设计的伦理方法离不开它的老大哥：设计的法律。在出现明确的法律框架之前，设计伦理可以成为一种政策方向。在技术领域，设计的合法性常常被认为是理所当然的，更好的说法是“理所当然”，因为需要是合法的。建立在这些前提下，本文的目的是在设计，开发，部署或使用网络安全解决方案时提供初步建议，无论应用部门如何。

引用次数: 0

From data ownership to data sharing: a new property regime of commercial data in China 从数据所有权到数据共享：中国商业数据的新产权制度

IF 3.2 3区社会学 Q1 LAW

Computer Law & Security Review

Pub Date : 2025-11-01 Epub Date: 2025-10-11 DOI: 10.1016/j.clsr.2025.106213

Wenjia ZHAO , Peicheng WU

The substantial economic benefits embedded in commercial data have driven rapid development of related industries within China’s big data sector, while also triggering disputes over interests and benefits associated with commercial data. The current legal practice in China frequently apply intellectual property laws and anti-unfair competition laws to address conflicts concerning commercial data. However, this paper argues that comprehensive protection of commercial data can only be achieved by establishing a property rights regime — an approach explicitly endorsed in the 2022 policy document, Opinions on Building the Data Basic Regime to Better Exploit the Value of Data Factors. Due to the non-rivalrous and non-exclusive nature of commercial data, as well as the contributions from multiple parties to its creation, there are noticeable challenges in defining clear and enforceable boundaries of exclusive ownership over commercial data, i.e., through the traditional thing-ownership property model in establishing a property regime. Arguably, this paper proposes drawing on the U.S. “bundle of rights” model as a more flexible and context-dependent framework for addressing the construction of property rights for commercial data within the Chinese legal system.

商业数据所蕴含的巨大经济效益，带动了中国大数据领域相关产业的快速发展，同时也引发了商业数据的利益与利益之争。中国目前的法律实践中经常运用知识产权法和反不正当竞争法来解决商业数据的冲突。然而，本文认为，商业数据的全面保护只能通过建立产权制度来实现——这是2022年政策文件《关于建立数据基本制度以更好地发挥数据要素价值的意见》中明确认可的方法。由于商业数据的非竞争性和非排他性，以及多方对其创建的贡献，在定义商业数据的排他性所有权的明确和可执行的边界方面存在明显的挑战，即通过传统的物所有权财产模型建立财产制度。可以说，本文建议借鉴美国的“权利束”模式，将其作为一种更灵活、更具情境依赖性的框架，来解决中国法律体系中商业数据产权的构建问题。

{"title":"From data ownership to data sharing: a new property regime of commercial data in China","authors":"Wenjia ZHAO , Peicheng WU","doi":"10.1016/j.clsr.2025.106213","DOIUrl":"10.1016/j.clsr.2025.106213","url":null,"abstract":"<div><div>The substantial economic benefits embedded in commercial data have driven rapid development of related industries within China’s big data sector, while also triggering disputes over interests and benefits associated with commercial data. The current legal practice in China frequently apply intellectual property laws and anti-unfair competition laws to address conflicts concerning commercial data. However, this paper argues that comprehensive protection of commercial data can only be achieved by establishing a property rights regime — an approach explicitly endorsed in the 2022 policy document, <em>Opinions on Building the Data Basic Regime to Better Exploit the Value of Data Factors.</em> Due to the non-rivalrous and non-exclusive nature of commercial data, as well as the contributions from multiple parties to its creation, there are noticeable challenges in defining clear and enforceable boundaries of exclusive ownership over commercial data, i.e., through the traditional thing-ownership property model in establishing a property regime. Arguably, this paper proposes drawing on the U.S. “bundle of rights” model as a more flexible and context-dependent framework for addressing the construction of property rights for commercial data within the Chinese legal system.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106213"},"PeriodicalIF":3.2,"publicationDate":"2025-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145333103","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0