Pub Date : 2025-11-01DOI: 10.1016/j.clsr.2025.106210
Vittoria Caponecchia, Bernardo D’Agostino, Sima Sarv Ahrabi, Giovanni Comandè, Daniele Licari, Andrea Vandin
Process Mining (PM) is a family of data-driven techniques that use data to study the underlying processes generating the data, i.e., the data-generating process. Despite being initially tailored for the engineering and industrial domain, it is becoming popular also in more human-centric domains like the legal and healthcare ones. We present a PM methodology using the fuzzy miner technique aimed at analysing and optimising the complex processes underlying decision making by legal Courts. We consider specifically the domain of civil proceedings, with a focus on divorces. In PM terms, we see a legal proceeding as a process instance, and the different internal phases in which a legal proceeding transits as activities. The studied process is, therefore, the internal process followed by a Court, possibly varying over the years, to handle specific types of proceedings. By leveraging PM techniques, this article compares consensual divorce proceedings within a Court across time, and across Courts. As a case study we take two Courts in Northern Italy. Our PM analysis identifies key performance indicators and uncovers hidden process efficiencies and inefficiencies. The findings highlight the ability of PM to reveal critical process patterns, enabling organisations to make data-driven decisions and implement targeted process improvements.
{"title":"Process Mining for legal Courts: Visualising, analysing and comparing Italian divorce proceedings","authors":"Vittoria Caponecchia, Bernardo D’Agostino, Sima Sarv Ahrabi, Giovanni Comandè, Daniele Licari, Andrea Vandin","doi":"10.1016/j.clsr.2025.106210","DOIUrl":"10.1016/j.clsr.2025.106210","url":null,"abstract":"<div><div>Process Mining (PM) is a family of data-driven techniques that use data to study the underlying processes generating the data, i.e., the data-generating process. Despite being initially tailored for the engineering and industrial domain, it is becoming popular also in more human-centric domains like the legal and healthcare ones. We present a PM methodology using the <strong>fuzzy miner technique</strong> aimed at analysing and optimising the complex processes underlying decision making by legal Courts. We consider specifically the domain of civil proceedings, with a focus on divorces. In PM terms, we see a legal proceeding as a process instance, and the different internal phases in which a legal proceeding transits as activities. The studied process is, therefore, the internal process followed by a Court, possibly varying over the years, to handle specific types of proceedings. By leveraging PM techniques, this article compares consensual divorce proceedings within a Court across time, and across Courts. As a case study we take two Courts in Northern Italy. Our PM analysis identifies key performance indicators and uncovers hidden process efficiencies and inefficiencies. The findings highlight the ability of PM to reveal critical process patterns, enabling organisations to make data-driven decisions and implement targeted process improvements.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106210"},"PeriodicalIF":3.2,"publicationDate":"2025-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145424762","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-11-01DOI: 10.1016/j.clsr.2025.106225
Weiwei Yi , Zihao Li
In recent years, dark patterns, which are interface designs that manipulate user decisions, have raised growing regulatory concern. Yet scholarship on their governance remains fragmented, particularly in how the concept is defined, the harms are understood, and legal responses are framed. This paper offers a systematic review of 65 studies from Law and Human–Computer Interaction, following PRISMA guidelines. It identifies five root problems and layered harms, critiques sectoral regulations for their theoretical and enforcement limits, and synthesises proposed solutions, from doctrinal refinements and accountability measures to technical design interventions. Building on these findings, the paper argues that regulatory progress is hindered by the elusive nature of dark patterns, the difficulty of pinpointing actionable harms, and the expanding scope of the concept. It concludes by advocating a paradigmatic shift towards a proactive framework centred on ‘diligent design’, and outlines directions for collaborative, transdisciplinary research.
{"title":"Mapping the scholarship of the regulation of dark patterns: A systematic review of concepts, regulatory paradigms, and solutions from law and HCI perspectives","authors":"Weiwei Yi , Zihao Li","doi":"10.1016/j.clsr.2025.106225","DOIUrl":"10.1016/j.clsr.2025.106225","url":null,"abstract":"<div><div>In recent years, dark patterns, which are interface designs that manipulate user decisions, have raised growing regulatory concern. Yet scholarship on their governance remains fragmented, particularly in how the concept is defined, the harms are understood, and legal responses are framed. This paper offers a systematic review of 65 studies from Law and Human–Computer Interaction, following PRISMA guidelines. It identifies five root problems and layered harms, critiques sectoral regulations for their theoretical and enforcement limits, and synthesises proposed solutions, from doctrinal refinements and accountability measures to technical design interventions. Building on these findings, the paper argues that regulatory progress is hindered by the elusive nature of dark patterns, the difficulty of pinpointing actionable harms, and the expanding scope of the concept. It concludes by advocating a paradigmatic shift towards a proactive framework centred on ‘diligent design’, and outlines directions for collaborative, transdisciplinary research.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106225"},"PeriodicalIF":3.2,"publicationDate":"2025-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145473808","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-11-01DOI: 10.1016/j.clsr.2025.106226
Chimaobi Umezuruike
Cyber risk events have become a routine occurrence in business operations, and the shipping industry is not left out. Internet technology has been adopted in shipping for onshore and shipboard purposes. Hence, shipping businesses face dual-pronged cyber risks. On the one hand, they are exposed to shipboard cyber risks, and on the other hand, they face onshore cyber exposure much like any other business.
Conventionally, perils of the sea and other offshore risks are handled by traditional marine insurance policies, while onshore business risks are handled by non-marine insurance policies. Both sets of risks had been unique to their classes of insurance. Now, things are muddled as both aspects feature the exposure to cyber risks.
This article analyses the categories of cyber insurance available to the shipowner. It considers the coverage of cyber risks under traditional marine insurance and affirmative cyber insurance. It evaluates how traditional marine insurance tailored for ships' hulls and machinery mitigates some cyber risks and how affirmative cyber insurance covers shipboard and business cyber risks. It examines affirmative cyber insurance policies tailored to the shipping industry and those intended for businesses at large.
Instance policies from each category are analysed to answer what cyber risks may be covered and the policies’ restrictions. This paper is restricted primarily to policies from the UK and the US insurance markets and decided cases from both jurisdictions. It is concluded that shipping businesses require a combination of policies or an extensive hybrid policy to adequately mitigate cyber risks.
{"title":"Cyber risk insurance in the shipping business: What cover is available?","authors":"Chimaobi Umezuruike","doi":"10.1016/j.clsr.2025.106226","DOIUrl":"10.1016/j.clsr.2025.106226","url":null,"abstract":"<div><div>Cyber risk events have become a routine occurrence in business operations, and the shipping industry is not left out. Internet technology has been adopted in shipping for onshore and shipboard purposes. Hence, shipping businesses face dual-pronged cyber risks. On the one hand, they are exposed to shipboard cyber risks, and on the other hand, they face onshore cyber exposure much like any other business.</div><div>Conventionally, perils of the sea and other offshore risks are handled by traditional marine insurance policies, while onshore business risks are handled by non-marine insurance policies. Both sets of risks had been unique to their classes of insurance. Now, things are muddled as both aspects feature the exposure to cyber risks.</div><div>This article analyses the categories of cyber insurance available to the shipowner. It considers the coverage of cyber risks under traditional marine insurance and affirmative cyber insurance. It evaluates how traditional marine insurance tailored for ships' hulls and machinery mitigates some cyber risks and how affirmative cyber insurance covers shipboard and business cyber risks. It examines affirmative cyber insurance policies tailored to the shipping industry and those intended for businesses at large.</div><div>Instance policies from each category are analysed to answer what cyber risks may be covered and the policies’ restrictions. This paper is restricted primarily to policies from the UK and the US insurance markets and decided cases from both jurisdictions. It is concluded that shipping businesses require a combination of policies or an extensive hybrid policy to adequately mitigate cyber risks.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106226"},"PeriodicalIF":3.2,"publicationDate":"2025-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145424763","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Legal document building refers to the process of producing a legal textual document following a predefined schema with the support of digital, automated tools. Such systems must balance two fundamental requirements: providing targeted drafting assistance while preserving judicial autonomy and decision-making authority, and systematically leveraging existing legal document corpora to enhance consistency and quality in legal documentation. In this paper, we propose a document builder architecture, called JusBuild, designed to assist and support legal practitioners in drafting new legal documents. JusBuild supports the document assembly process by relying on a predefined legal document template and on a corpus of past legal documents. The key features of JusBuild are: (i) the use of a Conditional Random Field (CRF) model for the supervised segmentation of legal documents into functional sections according to a document template; (ii) a vector database storing segmented sections and their semantically meaningful vector representations for efficiently performing semantic search for suggestions retrieval; (iii) the suggestion, at drafting time, of relevant precedent sections retrieved from the vector database and of new, AI-generated sections, using a Large Language Model and Retrieval-Augmented Generation (RAG). A featuring design choice of JusBuild is the “human-in-the-loop” approach, which allows the user (judge) to exercise his/her decision-making freedom and full control in the formulation of the provision in working with the suggestions provided by JusBuild. Thanks to the flexible nature of the architecture, adaptable to a large number of legal contexts, with different document structures and legal matters, JusBuild makes contextualized content generation accurate and efficient for legal practitioners. The application of JusBuild to legal document building in the Italian legal context is discussed. JusBuild validation is provided by considering datasets that differ for document template, language, and judicial matter, to test its applicability and adaptability to different contexts.
{"title":"Enhancing legal document building with Retrieval-Augmented Generation","authors":"Matteo Buffa , Alfio Ferrara , Sergio Picascia , Davide Riva , Silvana Castano","doi":"10.1016/j.clsr.2025.106229","DOIUrl":"10.1016/j.clsr.2025.106229","url":null,"abstract":"<div><div>Legal document building refers to the process of producing a legal textual document following a predefined schema with the support of digital, automated tools. Such systems must balance two fundamental requirements: providing targeted drafting assistance while preserving judicial autonomy and decision-making authority, and systematically leveraging existing legal document corpora to enhance consistency and quality in legal documentation. In this paper, we propose a document builder architecture, called JusBuild, designed to assist and support legal practitioners in drafting new legal documents. JusBuild supports the document assembly process by relying on a predefined legal document template and on a corpus of past legal documents. The key features of JusBuild are: (i) the use of a Conditional Random Field (CRF) model for the supervised segmentation of legal documents into functional sections according to a document template; (ii) a vector database storing segmented sections and their semantically meaningful vector representations for efficiently performing semantic search for suggestions retrieval; (iii) the suggestion, at drafting time, of relevant precedent sections retrieved from the vector database and of new, AI-generated sections, using a Large Language Model and Retrieval-Augmented Generation (RAG). A featuring design choice of JusBuild is the “human-in-the-loop” approach, which allows the user (judge) to exercise his/her decision-making freedom and full control in the formulation of the provision in working with the suggestions provided by JusBuild. Thanks to the flexible nature of the architecture, adaptable to a large number of legal contexts, with different document structures and legal matters, JusBuild makes contextualized content generation accurate and efficient for legal practitioners. The application of JusBuild to legal document building in the Italian legal context is discussed. JusBuild validation is provided by considering datasets that differ for document template, language, and judicial matter, to test its applicability and adaptability to different contexts.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106229"},"PeriodicalIF":3.2,"publicationDate":"2025-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145578862","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-11-01DOI: 10.1016/j.clsr.2025.106227
Marilyne Ordekian , Ingolf Becker , Tyler Moore , Marie Vasek
Centralized cryptocurrency exchanges have quickly become internal components of the digital finance ecosystem, mirroring traditional institutions by offering custody, investments, and transactional services. Despite their increasing prominence, the regulatory oversight has historically been fragmented and inadequate, leaving them largely relying on self-regulation. The resulting environment has been marked by exchange collapses, connections to criminal activities, cyber attacks, and poor operational security. High-profile failures, such as Mt. Gox and FTX, highlight the systemic risks and failure of internal governance models to properly mitigate or protect user funds from cascading risks or security breaches. In response, the European Union introduced the Markets in Crypto-Assets (MiCA) regulation and the Digital Operational Resilience Act (DORA), intending to standardize regulatory oversight and enhance user protection.
This paper presents the first comprehensive interdisciplinary analysis of centralized exchanges under the MiCA and DORA frameworks. Drawing on methods from both law and computer science, we systematically translate regulatory requirements into measurable compliance standards, and develop a novel doctrinal and empirical methodology to evaluate current self-regulatory practices of 75 centralized exchanges operating in Europe. Through a detailed analysis of 143 exchange legal documents, we identify major compliance gaps and regulatory uncertainties. Our findings indicate significant shortcomings in exchange practices relating to asset custody, cybersecurity, and liability. This suggests that serious efforts are needed to change these practices and ensure their alignment with regulatory requirements. Our framework enables a systemic comparison between regulation and practice, and establishes a baseline for evaluating the effectiveness of regulatory measures. This approach can be replicated to study other self-regulating emerging sectors.
{"title":"Raising the bar: Assessing historical cryptocurrency exchange practices in light of the EU’s MiCA and DORA regulation","authors":"Marilyne Ordekian , Ingolf Becker , Tyler Moore , Marie Vasek","doi":"10.1016/j.clsr.2025.106227","DOIUrl":"10.1016/j.clsr.2025.106227","url":null,"abstract":"<div><div>Centralized cryptocurrency exchanges have quickly become internal components of the digital finance ecosystem, mirroring traditional institutions by offering custody, investments, and transactional services. Despite their increasing prominence, the regulatory oversight has historically been fragmented and inadequate, leaving them largely relying on self-regulation. The resulting environment has been marked by exchange collapses, connections to criminal activities, cyber attacks, and poor operational security. High-profile failures, such as Mt. Gox and FTX, highlight the systemic risks and failure of internal governance models to properly mitigate or protect user funds from cascading risks or security breaches. In response, the European Union introduced the Markets in Crypto-Assets (MiCA) regulation and the Digital Operational Resilience Act (DORA), intending to standardize regulatory oversight and enhance user protection.</div><div>This paper presents the first comprehensive interdisciplinary analysis of centralized exchanges under the MiCA and DORA frameworks. Drawing on methods from both law and computer science, we systematically translate regulatory requirements into measurable compliance standards, and develop a novel doctrinal and empirical methodology to evaluate current self-regulatory practices of 75 centralized exchanges operating in Europe. Through a detailed analysis of 143 exchange legal documents, we identify major compliance gaps and regulatory uncertainties. Our findings indicate significant shortcomings in exchange practices relating to asset custody, cybersecurity, and liability. This suggests that serious efforts are needed to change these practices and ensure their alignment with regulatory requirements. Our framework enables a systemic comparison between regulation and practice, and establishes a baseline for evaluating the effectiveness of regulatory measures. This approach can be replicated to study other self-regulating emerging sectors.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106227"},"PeriodicalIF":3.2,"publicationDate":"2025-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145473809","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-11-01DOI: 10.1016/j.clsr.2025.106236
Shujie Feng
The tremendous capacity of AI to generate abundant content at minimum cost will revolutionize all creative endeavors in the literary, artistic and industrial sectors. Whether to protect AI-generated content (AIGC) as copyrightable work is a challenging question common to all countries. While most countries remain attached to the traditional copyright doctrine of absolute human authorship and reluctant to extend copyright protection to AIGC over which AI users have no sufficient control, Chinese courts have recognized the copyrightability of AIGC once AI users’ intellectual investment in the creation process can be shown. This paper explains the political motivation behind the innovative approach of Chinese judges and its favorable support from Chinese scholars, clarifies the Chinese judicial practice, analyzes the significance of its underlying doctrine and evaluates the possible consequences of the Chinese solution for the market. It concludes that the Chinese judicial practice is not a deviation from traditional copyright doctrine, but rather provides a solution to make the traditional standard of human authorship more accessible. The Chinese solution is efficient because it avoids the difficult distinction between users’ and AI’s contribution to AIGC, and it is inclusive of creators assisted by AI as it values the creative genius of humankind instead of physical operation. With that said, for a better balance of interests between prior copyright owners on AIGC and posterior creators, the criteria as well as the burden and standard of proof for determining copyright infringement should be adjusted to protect freedom of creation by human beings.
{"title":"The copyrightability of AI-generated content: A doctrinal exploration of the pioneering chinese judicial practice","authors":"Shujie Feng","doi":"10.1016/j.clsr.2025.106236","DOIUrl":"10.1016/j.clsr.2025.106236","url":null,"abstract":"<div><div>The tremendous capacity of AI to generate abundant content at minimum cost will revolutionize all creative endeavors in the literary, artistic and industrial sectors. Whether to protect AI-generated content (AIGC) as copyrightable work is a challenging question common to all countries. While most countries remain attached to the traditional copyright doctrine of absolute human authorship and reluctant to extend copyright protection to AIGC over which AI users have no sufficient control, Chinese courts have recognized the copyrightability of AIGC once AI users’ intellectual investment in the creation process can be shown. This paper explains the political motivation behind the innovative approach of Chinese judges and its favorable support from Chinese scholars, clarifies the Chinese judicial practice, analyzes the significance of its underlying doctrine and evaluates the possible consequences of the Chinese solution for the market. It concludes that the Chinese judicial practice is not a deviation from traditional copyright doctrine, but rather provides a solution to make the traditional standard of human authorship more accessible. The Chinese solution is efficient because it avoids the difficult distinction between users’ and AI’s contribution to AIGC, and it is inclusive of creators assisted by AI as it values the creative genius of humankind instead of physical operation. With that said, for a better balance of interests between prior copyright owners on AIGC and posterior creators, the criteria as well as the burden and standard of proof for determining copyright infringement should be adjusted to protect freedom of creation by human beings.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106236"},"PeriodicalIF":3.2,"publicationDate":"2025-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145623493","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-25DOI: 10.1016/j.clsr.2025.106224
Benjamin Farrand
Safety in the context of user-focused systems is something that is increasingly being legislated for, albeit in ways that often present them as passive recipients of goods and services. However, an effective safety regime for technological solutions is one that empowers users, providing them with a sense of agency, particularly in the context of vulnerable user groups.
This article argues that we are better able to secure this empowerment through the adoption of Agency by Design principles in the design, implementation, use, and updating of technologies. These principles can form the basis for best practices and international standards as part of a co-regulatory regime, in which technology firms engage more effectively with their diverse users during the design stages of a technology, work with them to produce transparent and intelligible systems for user safety based on granular, user-defined tools, allowing for collaborative identification by users of security threats, with meaningful responses and comprehensive life-cycle policies for maintaining system security.
Using the case studies of intimate partner violence facilitated through smart home devices, the unauthorised use of data in Femtech applications, and the spread of disinformation on social media, this article argues that the adoption of these principles, working within a legal framework for ensuring compliance with international standards and best practices can more readily assure user agency and empowerment than existing approaches.
{"title":"Co-regulating principles for system safety: Agency by design","authors":"Benjamin Farrand","doi":"10.1016/j.clsr.2025.106224","DOIUrl":"10.1016/j.clsr.2025.106224","url":null,"abstract":"<div><div>Safety in the context of user-focused systems is something that is increasingly being legislated for, albeit in ways that often present them as passive recipients of goods and services. However, an effective safety regime for technological solutions is one that empowers users, providing them with a sense of agency, particularly in the context of vulnerable user groups.</div><div>This article argues that we are better able to secure this empowerment through the adoption of Agency by Design principles in the design, implementation, use, and updating of technologies. These principles can form the basis for best practices and international standards as part of a co-regulatory regime, in which technology firms engage more effectively with their diverse users during the design stages of a technology, work with them to produce transparent and intelligible systems for user safety based on granular, user-defined tools, allowing for collaborative identification by users of security threats, with meaningful responses and comprehensive life-cycle policies for maintaining system security.</div><div>Using the case studies of intimate partner violence facilitated through smart home devices, the unauthorised use of data in Femtech applications, and the spread of disinformation on social media, this article argues that the adoption of these principles, working within a legal framework for ensuring compliance with international standards and best practices can more readily assure user agency and empowerment than existing approaches.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106224"},"PeriodicalIF":3.2,"publicationDate":"2025-10-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145362378","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-24DOI: 10.1016/j.clsr.2025.106220
Federica Casarosa, Giovanni Comandé, Jacopo Fortuna
The Guidelines Ethical by Design and Ethics of Use Approaches for Artificial Intelligence have provided an extensive and detailed set of indications grounded on interdisciplinary debate regarding the use of artificial intelligence. This article aims to leverage the intellectual work leading to its ethical approaches to develop a framework adapted to the specificities of cybersecurity. The overall result of this paper is to propose Ethical and Legal by Design and Assessment Guidelines (ELDA) that integrate the ethics questions and the legal questions, arguing that an ethical by design approach cannot be sustained without its big brother: legal by design. Ethics by design can be a policy direction until there is a clearly emerging legal framework. Legal by design in technological domains is often taken for granted, better “assumed as granted” by the need to be lawful. Building on these premises, this text aims to provide initial advice on both perspectives when designing, developing, deploying, or using cybersecurity solutions, regardless of the sector of application.
{"title":"Proposing ELDA methodology: Ethical and Legal by Design and Assessment for cybersecurity solutions","authors":"Federica Casarosa, Giovanni Comandé, Jacopo Fortuna","doi":"10.1016/j.clsr.2025.106220","DOIUrl":"10.1016/j.clsr.2025.106220","url":null,"abstract":"<div><div>The Guidelines Ethical by Design and Ethics of Use Approaches for Artificial Intelligence have provided an extensive and detailed set of indications grounded on interdisciplinary debate regarding the use of artificial intelligence. This article aims to leverage the intellectual work leading to its ethical approaches to develop a framework adapted to the specificities of cybersecurity. The overall result of this paper is to propose Ethical and Legal by Design and Assessment Guidelines (ELDA) that integrate the ethics questions and the legal questions, arguing that an ethical by design approach cannot be sustained without its big brother: legal by design. Ethics by design can be a policy direction until there is a clearly emerging legal framework. Legal by design in technological domains is often taken for granted, better “assumed as granted” by the need to be lawful. Building on these premises, this text aims to provide initial advice on both perspectives when designing, developing, deploying, or using cybersecurity solutions, regardless of the sector of application.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106220"},"PeriodicalIF":3.2,"publicationDate":"2025-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145362493","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-23DOI: 10.1016/j.clsr.2025.106217
Lisette Mustert, Cristiana Santos
The European Data Protection Board (EDPB) aims to ensure consistent enforcement of data protection laws across the EU through the adoption of guidelines and opinions. However, two challenges have been identified. First, the EDPB’s proactive engagement in issuing guidance is sometimes inconsistent, which can lead to discrepancies in the application of data protection laws across the EU, particularly as national Data Protection Authorities (DPAs) issue their own guidelines, creating a fragmented landscape. Second, uncertainty remains regarding the consistency of the EDPB’s guidance due to its non-binding nature, which leads to varying interpretations of the GDPR. These challenges raise concerns about the EDPB’s ability to ensure compliance with its mandate. This paper examines whether the EDPB is sufficiently independent when drafting guidance and whether it can be held accountable through political, legal, administrative, or social oversight. This paper argues that while the EDPB should maintain complete independence to fully utilize its technical expertise, it should still be subject to ex post accountability mechanisms. However, certain forms of accountability pose a risk to the Board’s independence. A comparative analysis highlights both horizontal and vertical misalignments between EDPB and national guidelines, suggesting that the EDPB’s role in providing cohesive guidance could be strengthened.
{"title":"The European Data Protection Board - a (non)consensual and (un)accountable role?","authors":"Lisette Mustert, Cristiana Santos","doi":"10.1016/j.clsr.2025.106217","DOIUrl":"10.1016/j.clsr.2025.106217","url":null,"abstract":"<div><div>The European Data Protection Board (EDPB) aims to ensure consistent enforcement of data protection laws across the EU through the adoption of guidelines and opinions. However, two challenges have been identified. First, the EDPB’s proactive engagement in issuing guidance is sometimes inconsistent, which can lead to discrepancies in the application of data protection laws across the EU, particularly as national Data Protection Authorities (DPAs) issue their own guidelines, creating a fragmented landscape. Second, uncertainty remains regarding the consistency of the EDPB’s guidance due to its non-binding nature, which leads to varying interpretations of the GDPR. These challenges raise concerns about the EDPB’s ability to ensure compliance with its mandate. This paper examines whether the EDPB is sufficiently independent when drafting guidance and whether it can be held accountable through political, legal, administrative, or social oversight. This paper argues that while the EDPB should maintain complete independence to fully utilize its technical expertise, it should still be subject to <em>ex post</em> accountability mechanisms. However, certain forms of accountability pose a risk to the Board’s independence. A comparative analysis highlights both horizontal and vertical misalignments between EDPB and national guidelines, suggesting that the EDPB’s role in providing cohesive guidance could be strengthened.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106217"},"PeriodicalIF":3.2,"publicationDate":"2025-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145362370","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-22DOI: 10.1016/j.clsr.2025.106222
Meltem Ineli-Ciger , Nikolas Feith Tan
This article explores the potential role of new technologies, including Artificial Intelligence (AI), in group-based refugee recognition procedures. While the use of new technologies in individual refugee status determination has attracted significant scholarly interest, their application in the context of group recognition remains largely underexamined. This article argues that group recognition procedures grounded in pre-defined, objective eligibility criteria, rather than assessments of individual credibility or well-founded fear, offer a more structured and legally consistent framework for technological integration. Building on this insight, the article proposes a model for Dynamic Autonomy Group Recognition. In this model, AI tools support the identification of individuals who fall within a recognised group by verifying identity, matching applicants against legally defined group criteria and flagging potential exclusion concerns. Crucially, however, all negative or exclusion decisions remain subject to mandatory human review. The article analyses both the opportunities and risks of this approach and argues that, if carefully designed and properly regulated, Dynamic Autonomy Group Recognition may offer a lawful, principled, and operationally effective means of managing the protection obligations of states, particularly in large-scale displacement.
{"title":"Algorithms for group recognition? Ensuring lawful and rights-based use of new technologies in group refugee recognition","authors":"Meltem Ineli-Ciger , Nikolas Feith Tan","doi":"10.1016/j.clsr.2025.106222","DOIUrl":"10.1016/j.clsr.2025.106222","url":null,"abstract":"<div><div>This article explores the potential role of new technologies, including Artificial Intelligence (AI), in group-based refugee recognition procedures. While the use of new technologies in individual refugee status determination has attracted significant scholarly interest, their application in the context of group recognition remains largely underexamined. This article argues that group recognition procedures grounded in pre-defined, objective eligibility criteria, rather than assessments of individual credibility or well-founded fear, offer a more structured and legally consistent framework for technological integration. Building on this insight, the article proposes a model for <em>Dynamic Autonomy Group Recognition</em>. In this model, AI tools support the identification of individuals who fall within a recognised group by verifying identity, matching applicants against legally defined group criteria and flagging potential exclusion concerns. Crucially, however, all negative or exclusion decisions remain subject to mandatory human review. The article analyses both the opportunities and risks of this approach and argues that, if carefully designed and properly regulated, <em>Dynamic Autonomy Group Recognition</em> may offer a lawful, principled, and operationally effective means of managing the protection obligations of states, particularly in large-scale displacement.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106222"},"PeriodicalIF":3.2,"publicationDate":"2025-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145362492","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号