Computer Law & Security Review最新文献

英文中文

Co-regulating principles for system safety: Agency by design 系统安全协同调节原则：设计代理

IF 3.2 3区社会学 Q1 LAW

Computer Law & Security Review

Pub Date : 2025-10-25 DOI: 10.1016/j.clsr.2025.106224

Benjamin Farrand

Safety in the context of user-focused systems is something that is increasingly being legislated for, albeit in ways that often present them as passive recipients of goods and services. However, an effective safety regime for technological solutions is one that empowers users, providing them with a sense of agency, particularly in the context of vulnerable user groups.

This article argues that we are better able to secure this empowerment through the adoption of Agency by Design principles in the design, implementation, use, and updating of technologies. These principles can form the basis for best practices and international standards as part of a co-regulatory regime, in which technology firms engage more effectively with their diverse users during the design stages of a technology, work with them to produce transparent and intelligible systems for user safety based on granular, user-defined tools, allowing for collaborative identification by users of security threats, with meaningful responses and comprehensive life-cycle policies for maintaining system security.

Using the case studies of intimate partner violence facilitated through smart home devices, the unauthorised use of data in Femtech applications, and the spread of disinformation on social media, this article argues that the adoption of these principles, working within a legal framework for ensuring compliance with international standards and best practices can more readily assure user agency and empowerment than existing approaches.

在以用户为中心的系统中，越来越多的人通过立法来保障安全，尽管其方式往往使用户成为商品和服务的被动接受者。但是，技术解决办法的有效安全制度是赋予用户权力，使他们有一种能动性，特别是在易受害用户群体的情况下。本文认为，通过在技术的设计、实现、使用和更新中采用设计代理原则，我们能够更好地确保这种授权。这些原则可以构成最佳实践和国际标准的基础，作为共同监管制度的一部分，在这种制度下，技术公司在技术设计阶段更有效地与不同的用户接触，与他们合作，基于细粒度的用户定义工具，为用户安全生产透明和可理解的系统，允许用户协作识别安全威胁。具有有意义的响应和用于维护系统安全性的全面生命周期策略。通过智能家居设备促进亲密伴侣暴力的案例研究，Femtech应用程序中未经授权使用数据以及社交媒体上虚假信息的传播，本文认为，采用这些原则，在确保遵守国际标准和最佳实践的法律框架内工作，比现有方法更容易确保用户代理和授权。

{"title":"Co-regulating principles for system safety: Agency by design","authors":"Benjamin Farrand","doi":"10.1016/j.clsr.2025.106224","DOIUrl":"10.1016/j.clsr.2025.106224","url":null,"abstract":"<div><div>Safety in the context of user-focused systems is something that is increasingly being legislated for, albeit in ways that often present them as passive recipients of goods and services. However, an effective safety regime for technological solutions is one that empowers users, providing them with a sense of agency, particularly in the context of vulnerable user groups.</div><div>This article argues that we are better able to secure this empowerment through the adoption of Agency by Design principles in the design, implementation, use, and updating of technologies. These principles can form the basis for best practices and international standards as part of a co-regulatory regime, in which technology firms engage more effectively with their diverse users during the design stages of a technology, work with them to produce transparent and intelligible systems for user safety based on granular, user-defined tools, allowing for collaborative identification by users of security threats, with meaningful responses and comprehensive life-cycle policies for maintaining system security.</div><div>Using the case studies of intimate partner violence facilitated through smart home devices, the unauthorised use of data in Femtech applications, and the spread of disinformation on social media, this article argues that the adoption of these principles, working within a legal framework for ensuring compliance with international standards and best practices can more readily assure user agency and empowerment than existing approaches.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106224"},"PeriodicalIF":3.2,"publicationDate":"2025-10-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145362378","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Proposing ELDA methodology: Ethical and Legal by Design and Assessment for cybersecurity solutions 提出ELDA方法：网络安全解决方案的设计和评估的道德和法律

IF 3.2 3区社会学 Q1 LAW

Computer Law & Security Review

Pub Date : 2025-10-24 DOI: 10.1016/j.clsr.2025.106220

Federica Casarosa, Giovanni Comandé, Jacopo Fortuna

The Guidelines Ethical by Design and Ethics of Use Approaches for Artificial Intelligence have provided an extensive and detailed set of indications grounded on interdisciplinary debate regarding the use of artificial intelligence. This article aims to leverage the intellectual work leading to its ethical approaches to develop a framework adapted to the specificities of cybersecurity. The overall result of this paper is to propose Ethical and Legal by Design and Assessment Guidelines (ELDA) that integrate the ethics questions and the legal questions, arguing that an ethical by design approach cannot be sustained without its big brother: legal by design. Ethics by design can be a policy direction until there is a clearly emerging legal framework. Legal by design in technological domains is often taken for granted, better “assumed as granted” by the need to be lawful. Building on these premises, this text aims to provide initial advice on both perspectives when designing, developing, deploying, or using cybersecurity solutions, regardless of the sector of application.

《人工智能设计伦理指南》和《人工智能使用方法伦理指南》提供了一套广泛而详细的指标，这些指标基于关于人工智能使用的跨学科辩论。本文旨在利用导致其伦理方法的智力工作来开发适应网络安全特殊性的框架。本文的总体结果是提出了整合伦理问题和法律问题的设计与评估准则（ELDA），认为设计的伦理方法离不开它的老大哥：设计的法律。在出现明确的法律框架之前，设计伦理可以成为一种政策方向。在技术领域，设计的合法性常常被认为是理所当然的，更好的说法是“理所当然”，因为需要是合法的。建立在这些前提下，本文的目的是在设计，开发，部署或使用网络安全解决方案时提供初步建议，无论应用部门如何。

引用次数: 0

The European Data Protection Board - a (non)consensual and (un)accountable role? 欧洲数据保护委员会——一个（非）共识和（非）负责任的角色？

IF 3.2 3区社会学 Q1 LAW

Computer Law & Security Review

Pub Date : 2025-10-23 DOI: 10.1016/j.clsr.2025.106217

Lisette Mustert, Cristiana Santos

The European Data Protection Board (EDPB) aims to ensure consistent enforcement of data protection laws across the EU through the adoption of guidelines and opinions. However, two challenges have been identified. First, the EDPB’s proactive engagement in issuing guidance is sometimes inconsistent, which can lead to discrepancies in the application of data protection laws across the EU, particularly as national Data Protection Authorities (DPAs) issue their own guidelines, creating a fragmented landscape. Second, uncertainty remains regarding the consistency of the EDPB’s guidance due to its non-binding nature, which leads to varying interpretations of the GDPR. These challenges raise concerns about the EDPB’s ability to ensure compliance with its mandate. This paper examines whether the EDPB is sufficiently independent when drafting guidance and whether it can be held accountable through political, legal, administrative, or social oversight. This paper argues that while the EDPB should maintain complete independence to fully utilize its technical expertise, it should still be subject to ex post accountability mechanisms. However, certain forms of accountability pose a risk to the Board’s independence. A comparative analysis highlights both horizontal and vertical misalignments between EDPB and national guidelines, suggesting that the EDPB’s role in providing cohesive guidance could be strengthened.

欧洲数据保护委员会（EDPB）旨在通过采纳指导方针和意见，确保在整个欧盟范围内一致地执行数据保护法。然而，已经确定了两个挑战。首先，EDPB在发布指导意见方面的积极参与有时并不一致，这可能导致整个欧盟数据保护法的应用存在差异，特别是当各国数据保护机构（dpa）发布自己的指导意见时，造成了一个碎片化的局面。其次，由于EDPB的非约束性，其指导方针的一致性仍然存在不确定性，这导致了对GDPR的不同解释。这些挑战引起了人们对EDPB是否有能力确保履行其职责的关注。本文考察了EDPB在起草指导意见时是否足够独立，以及是否可以通过政治、法律、行政或社会监督对其问责。本文认为，虽然电建局应保持完全的独立性，以充分利用其技术专长，但它仍应受到事后问责机制的约束。但是，某些形式的问责制对审计委员会的独立性构成威胁。一项比较分析突出了EDPB与国家指南之间的横向和纵向偏差，表明EDPB在提供有凝聚力的指导方面的作用可以得到加强。

{"title":"The European Data Protection Board - a (non)consensual and (un)accountable role?","authors":"Lisette Mustert, Cristiana Santos","doi":"10.1016/j.clsr.2025.106217","DOIUrl":"10.1016/j.clsr.2025.106217","url":null,"abstract":"<div><div>The European Data Protection Board (EDPB) aims to ensure consistent enforcement of data protection laws across the EU through the adoption of guidelines and opinions. However, two challenges have been identified. First, the EDPB’s proactive engagement in issuing guidance is sometimes inconsistent, which can lead to discrepancies in the application of data protection laws across the EU, particularly as national Data Protection Authorities (DPAs) issue their own guidelines, creating a fragmented landscape. Second, uncertainty remains regarding the consistency of the EDPB’s guidance due to its non-binding nature, which leads to varying interpretations of the GDPR. These challenges raise concerns about the EDPB’s ability to ensure compliance with its mandate. This paper examines whether the EDPB is sufficiently independent when drafting guidance and whether it can be held accountable through political, legal, administrative, or social oversight. This paper argues that while the EDPB should maintain complete independence to fully utilize its technical expertise, it should still be subject to <em>ex post</em> accountability mechanisms. However, certain forms of accountability pose a risk to the Board’s independence. A comparative analysis highlights both horizontal and vertical misalignments between EDPB and national guidelines, suggesting that the EDPB’s role in providing cohesive guidance could be strengthened.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106217"},"PeriodicalIF":3.2,"publicationDate":"2025-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145362370","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Algorithms for group recognition? Ensuring lawful and rights-based use of new technologies in group refugee recognition 群体识别算法？确保在群体难民识别中合法和基于权利的使用新技术

IF 3.2 3区社会学 Q1 LAW

Computer Law & Security Review

Pub Date : 2025-10-22 DOI: 10.1016/j.clsr.2025.106222

Meltem Ineli-Ciger , Nikolas Feith Tan

This article explores the potential role of new technologies, including Artificial Intelligence (AI), in group-based refugee recognition procedures. While the use of new technologies in individual refugee status determination has attracted significant scholarly interest, their application in the context of group recognition remains largely underexamined. This article argues that group recognition procedures grounded in pre-defined, objective eligibility criteria, rather than assessments of individual credibility or well-founded fear, offer a more structured and legally consistent framework for technological integration. Building on this insight, the article proposes a model for Dynamic Autonomy Group Recognition. In this model, AI tools support the identification of individuals who fall within a recognised group by verifying identity, matching applicants against legally defined group criteria and flagging potential exclusion concerns. Crucially, however, all negative or exclusion decisions remain subject to mandatory human review. The article analyses both the opportunities and risks of this approach and argues that, if carefully designed and properly regulated, Dynamic Autonomy Group Recognition may offer a lawful, principled, and operationally effective means of managing the protection obligations of states, particularly in large-scale displacement.

本文探讨了包括人工智能（AI）在内的新技术在基于群体的难民识别程序中的潜在作用。虽然在确定个人难民地位方面使用新技术引起了重大的学术兴趣，但它们在群体识别方面的应用仍未得到充分研究。本文认为，基于预先定义的、客观的资格标准的群体识别程序，而不是对个人可信度或有充分根据的恐惧的评估，为技术整合提供了一个更有结构和法律上一致的框架。在此基础上，本文提出了一个动态自治群体识别模型。在这个模型中，人工智能工具通过验证身份，将申请人与法律定义的群体标准进行匹配，并标记潜在的排斥问题，来支持识别属于公认群体的个人。然而，至关重要的是，所有负面或排除的决定仍然需要强制性的人工审查。本文分析了这种方法的机遇和风险，并认为，如果精心设计和适当监管，动态自治群体承认可以提供一种合法的、原则性的和操作上有效的方法来管理国家的保护义务，特别是在大规模流离失所的情况下。

{"title":"Algorithms for group recognition? Ensuring lawful and rights-based use of new technologies in group refugee recognition","authors":"Meltem Ineli-Ciger , Nikolas Feith Tan","doi":"10.1016/j.clsr.2025.106222","DOIUrl":"10.1016/j.clsr.2025.106222","url":null,"abstract":"<div><div>This article explores the potential role of new technologies, including Artificial Intelligence (AI), in group-based refugee recognition procedures. While the use of new technologies in individual refugee status determination has attracted significant scholarly interest, their application in the context of group recognition remains largely underexamined. This article argues that group recognition procedures grounded in pre-defined, objective eligibility criteria, rather than assessments of individual credibility or well-founded fear, offer a more structured and legally consistent framework for technological integration. Building on this insight, the article proposes a model for <em>Dynamic Autonomy Group Recognition</em>. In this model, AI tools support the identification of individuals who fall within a recognised group by verifying identity, matching applicants against legally defined group criteria and flagging potential exclusion concerns. Crucially, however, all negative or exclusion decisions remain subject to mandatory human review. The article analyses both the opportunities and risks of this approach and argues that, if carefully designed and properly regulated, <em>Dynamic Autonomy Group Recognition</em> may offer a lawful, principled, and operationally effective means of managing the protection obligations of states, particularly in large-scale displacement.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106222"},"PeriodicalIF":3.2,"publicationDate":"2025-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145362492","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Asia–Pacific developments 亚太地区的发展

IF 3.2 3区社会学 Q1 LAW

Computer Law & Security Review

Pub Date : 2025-10-22 DOI: 10.1016/j.clsr.2025.106218

Gabriela Kennedy

This column provides a country by country analysis of the latest legal developments, cases and issues relevant to the IT, media and telecommunications' industries in key jurisdictions across the Asia Pacific region. The articles appearing in this column are intended to serve as ‘alerts’ and are not submitted as detailed analyses of cases or legal developments.

本专栏对亚太地区主要司法管辖区与IT、媒体和电信行业相关的最新法律发展、案例和问题进行逐个国家的分析。本专栏的文章旨在作为“警示”，而不是作为案例或法律发展的详细分析提交。

引用次数: 0

Changing lenses on lenses –Function creep with public camera surveillance in the Netherlands? 镜头换镜头-荷兰公共摄像头监控的功能蠕变？

IF 3.2 3区社会学 Q1 LAW

Computer Law & Security Review

Pub Date : 2025-10-17 DOI: 10.1016/j.clsr.2025.106221

Nanou van Iersel , Francien Dechesne

The paper explores the notion of function creep – a gradual transformation of a data processing system’s original purpose or activities – in the context of public camera surveillance in the Netherlands. Public camera surveillance here refers to digital cameras (e.g., CCTV), possibly with artificial intelligence (AI) extension(s) (e.g., for automatic violence detection), controlled by Dutch law enforcement agencies for public safety purposes. The paper is structured around three pillars: technology, law and practice. The technology pillar highlights relevant technical characteristics of camera surveillance that afford function creep, after which the law pillar maps out legal frameworks related to (preventing) function creep (notably, the principle of purpose limitation). The final pillar, practice, draws on qualitative empirical data collected from Dutch law enforcement organizations. With this three-dimensional approach, the paper illustrates how function creep occurs, the accountability challenges it poses and potential ways of resolving them.

本文探讨了功能蠕变的概念-数据处理系统的原始目的或活动的逐渐转变-在荷兰的公共摄像头监控的背景下。这里的公共摄像头监控是指由荷兰执法机构控制的数字摄像头（例如闭路电视），可能带有人工智能（AI）扩展（例如用于自动暴力检测），用于公共安全目的。本文围绕三大支柱展开：技术、法律和实践。技术支柱强调了导致功能蔓延的摄像头监控的相关技术特征，之后，法律支柱制定了与（防止）功能蔓延相关的法律框架（特别是目的限制原则）。最后一个支柱是实践，它借鉴了从荷兰执法组织收集的定性经验数据。通过这种三维的方法，本文说明了功能蠕变是如何发生的，它所带来的责任挑战以及解决它们的潜在方法。

引用次数: 0

Proprietary data, open data, data commons: Who owns the data? How to best reconcile conflicting interests in exploiting the value of data and protecting against its risks 专有数据、开放数据、数据共享：谁拥有这些数据？在利用数据价值和防范数据风险方面，如何最好地调和利益冲突

IF 3.2 3区社会学 Q1 LAW

Computer Law & Security Review

Pub Date : 2025-10-14 DOI: 10.1016/j.clsr.2025.106214

Luisa Kruse , Max von Grafenstein

The European data strategy aims to make the EU a leader in a data-driven world. To this aim, the EU is creating a single market for data where 1) data can flow across sectors for the benefit of all; 2) European laws like data protection and competition law are fully respected; and 3) the rules for access and use of data are fair, practical and clear. In order to structure the corresponding initiatives of legislators and public authorities, it is important to clarify the data ownership models on which the initiatives are based: Proprietary data models, open data models or so-called data commons models. Based on a literature analysis, this article first provides an overview of the discussed economic and social advantages and disadvantages of proprietary and open data models and, against this background, clarifies the concept of the data commons. In doing so, this article understands the data commons concept to mean that everyone has an equal right in principle to exploit the value of data and control its associated risks. Based on this understanding, purely technical power of the data holder to exclude others from “her” data does not mean that she has a superior or even exclusive right to generate value from the data. By means of legal mechanisms, the competent legislator or public authorities may therefore counteract such purely de facto powers of data holders by opening their technical access control over data for other parties and define the conditions of its use. In doing so, the interests of the data holder in keeping the data for themselves must be weighed up against the interests of data users in using the data as well as the interests in controlling the related risks of all parties affected by this use. While this balancing exercise may be established, in a more or less general manner, by the European or national legislator or even by municipalities, data intermediaries will have to play a central role in ensuring that this balancing of interest is resolved in specific cases. Data intermediaries may do this not only by specifying the general data usage rules provided by the legislators and municipalities in the form of context-specific access and use conditions but above all by monitoring compliance with these conditions.

欧洲数据战略旨在使欧盟成为数据驱动世界的领导者。为了实现这一目标，欧盟正在创建一个单一的数据市场，在这个市场中，1)数据可以跨部门流动，造福所有人；2)数据保护和竞争法等欧洲法律得到充分尊重；3)数据获取和使用规则公平、实用、清晰。为了构建立法者和公共当局的相应举措，必须澄清这些举措所基于的数据所有权模型：专有数据模型、开放数据模型或所谓的数据共享模型。在文献分析的基础上，本文首先概述了所讨论的专有和开放数据模型的经济和社会优点和缺点，并在此背景下澄清了数据公地的概念。在这样做的过程中，本文将数据公地概念理解为，原则上每个人都有利用数据价值和控制相关风险的平等权利。基于这种理解，数据持有者排除他人使用“她的”数据的纯粹技术权力并不意味着她拥有从数据中产生价值的优越甚至排他性权利。因此，通过法律机制，主管立法者或公共当局可以通过向其他各方开放其对数据的技术访问控制并确定其使用条件来抵消数据持有人的这种纯粹事实上的权力。在这样做时，必须权衡资料持有人为自己保留该等资料的利益与资料使用者使用该等资料的利益，以及控制受该等使用影响的各方的相关风险的利益。虽然欧洲或国家立法者甚至市政当局可能以或多或少一般的方式建立这种平衡，但数据中介机构必须在确保在具体情况下解决这种利益平衡方面发挥核心作用。数据中介机构不仅可以通过指定立法者和市政当局以具体情况的访问和使用条件的形式提供的一般数据使用规则来做到这一点，而且最重要的是通过监测这些条件的遵守情况来做到这一点。

{"title":"Proprietary data, open data, data commons: Who owns the data? How to best reconcile conflicting interests in exploiting the value of data and protecting against its risks","authors":"Luisa Kruse , Max von Grafenstein","doi":"10.1016/j.clsr.2025.106214","DOIUrl":"10.1016/j.clsr.2025.106214","url":null,"abstract":"<div><div>The European data strategy aims to make the EU a leader in a data-driven world. To this aim, the EU is creating a single market for data where 1) data can flow across sectors for the benefit of all; 2) European laws like data protection and competition law are fully respected; and 3) the rules for access and use of data are fair, practical and clear. In order to structure the corresponding initiatives of legislators and public authorities, it is important to clarify the data ownership models on which the initiatives are based: Proprietary data models, open data models or so-called data commons models. Based on a literature analysis, this article first provides an overview of the discussed economic and social advantages and disadvantages of proprietary and open data models and, against this background, clarifies the concept of the data commons. In doing so, this article understands the data commons concept to mean that everyone has an equal right in principle to exploit the value of data and control its associated risks. Based on this understanding, purely technical power of the data holder to exclude others from “her” data does not mean that she has a superior or even exclusive right to generate value from the data. By means of legal mechanisms, the competent legislator or public authorities may therefore counteract such purely de facto powers of data holders by opening their technical access control over data for other parties and define the conditions of its use. In doing so, the interests of the data holder in keeping the data for themselves must be weighed up against the interests of data users in using the data as well as the interests in controlling the related risks of all parties affected by this use. While this balancing exercise may be established, in a more or less general manner, by the European or national legislator or even by municipalities, data intermediaries will have to play a central role in ensuring that this balancing of interest is resolved in specific cases. Data intermediaries may do this not only by specifying the general data usage rules provided by the legislators and municipalities in the form of context-specific access and use conditions but above all by monitoring compliance with these conditions.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106214"},"PeriodicalIF":3.2,"publicationDate":"2025-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145333154","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

From data ownership to data sharing: a new property regime of commercial data in China 从数据所有权到数据共享：中国商业数据的新产权制度

IF 3.2 3区社会学 Q1 LAW

Computer Law & Security Review

Pub Date : 2025-10-11 DOI: 10.1016/j.clsr.2025.106213

Wenjia ZHAO , Peicheng WU

The substantial economic benefits embedded in commercial data have driven rapid development of related industries within China’s big data sector, while also triggering disputes over interests and benefits associated with commercial data. The current legal practice in China frequently apply intellectual property laws and anti-unfair competition laws to address conflicts concerning commercial data. However, this paper argues that comprehensive protection of commercial data can only be achieved by establishing a property rights regime — an approach explicitly endorsed in the 2022 policy document, Opinions on Building the Data Basic Regime to Better Exploit the Value of Data Factors. Due to the non-rivalrous and non-exclusive nature of commercial data, as well as the contributions from multiple parties to its creation, there are noticeable challenges in defining clear and enforceable boundaries of exclusive ownership over commercial data, i.e., through the traditional thing-ownership property model in establishing a property regime. Arguably, this paper proposes drawing on the U.S. “bundle of rights” model as a more flexible and context-dependent framework for addressing the construction of property rights for commercial data within the Chinese legal system.

商业数据所蕴含的巨大经济效益，带动了中国大数据领域相关产业的快速发展，同时也引发了商业数据的利益与利益之争。中国目前的法律实践中经常运用知识产权法和反不正当竞争法来解决商业数据的冲突。然而，本文认为，商业数据的全面保护只能通过建立产权制度来实现——这是2022年政策文件《关于建立数据基本制度以更好地发挥数据要素价值的意见》中明确认可的方法。由于商业数据的非竞争性和非排他性，以及多方对其创建的贡献，在定义商业数据的排他性所有权的明确和可执行的边界方面存在明显的挑战，即通过传统的物所有权财产模型建立财产制度。可以说，本文建议借鉴美国的“权利束”模式，将其作为一种更灵活、更具情境依赖性的框架，来解决中国法律体系中商业数据产权的构建问题。

{"title":"From data ownership to data sharing: a new property regime of commercial data in China","authors":"Wenjia ZHAO , Peicheng WU","doi":"10.1016/j.clsr.2025.106213","DOIUrl":"10.1016/j.clsr.2025.106213","url":null,"abstract":"<div><div>The substantial economic benefits embedded in commercial data have driven rapid development of related industries within China’s big data sector, while also triggering disputes over interests and benefits associated with commercial data. The current legal practice in China frequently apply intellectual property laws and anti-unfair competition laws to address conflicts concerning commercial data. However, this paper argues that comprehensive protection of commercial data can only be achieved by establishing a property rights regime — an approach explicitly endorsed in the 2022 policy document, <em>Opinions on Building the Data Basic Regime to Better Exploit the Value of Data Factors.</em> Due to the non-rivalrous and non-exclusive nature of commercial data, as well as the contributions from multiple parties to its creation, there are noticeable challenges in defining clear and enforceable boundaries of exclusive ownership over commercial data, i.e., through the traditional thing-ownership property model in establishing a property regime. Arguably, this paper proposes drawing on the U.S. “bundle of rights” model as a more flexible and context-dependent framework for addressing the construction of property rights for commercial data within the Chinese legal system.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106213"},"PeriodicalIF":3.2,"publicationDate":"2025-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145333103","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

European national news 欧洲国家新闻

IF 3.2 3区社会学 Q1 LAW

Computer Law & Security Review

Pub Date : 2025-10-11 DOI: 10.1016/j.clsr.2025.106216

Nick Pantlin

This article tracks developments at the national level in key European countries in the area of IT and communications and provides a concise alerting service of important national developments. It is co-ordinated by Herbert Smith Freehills Kramer LLP and contributed to by firms across Europe. This column provides a concise alerting service of important national developments in key European countries. Part of its purpose is to complement the Journal's feature articles and briefing notes by keeping readers abreast of what is currently happening “on the ground” at a national level in implementing EU level legislation and international conventions and treaties. Where an item of European National News is of particular significance, CLSR may also cover it in more detail in the current or a subsequent edition.

本文跟踪了欧洲主要国家在信息技术和通信领域的国家一级的发展，并提供了重要的国家发展的简明警报服务。它由赫伯特·史密斯·弗里希尔斯·克莱默律师事务所协调，并由欧洲各地的公司提供资金。本专栏为欧洲主要国家的重要国家发展提供简明的预警服务。它的部分目的是补充《华尔街日报》的专题文章和简报，让读者了解当前在国家层面上实施欧盟立法和国际公约和条约的“实地”情况。如果某项欧洲国家新闻具有特别重要的意义，CLSR也可能在当前或以后的版本中对其进行更详细的报道。©2025 Herbert Smith Freehills Kramer LLP。Elsevier Ltd.出版。版权所有。

引用次数: 0

Smartphone decryption via forced fingerprinting and the right against self-incrimination: The German federal court (BGH) addresses the problem 智能手机通过强制指纹解密和反对自证其罪的权利：德国联邦法院（BGH）解决了这个问题

IF 3.2 3区社会学 Q1 LAW

Computer Law & Security Review

Pub Date : 2025-10-10 DOI: 10.1016/j.clsr.2025.106215

Javier Escobar Veas

Due to their storage capacity and evidentiary potential, smartphones are often seen as key sources of evidence in criminal investigations. In March 2025, the German Federal Court addressed the question of whether compelled smartphone decryption through forced fingerprinting violates the right against self-incrimination. During a search and seizure operation, the police forced the defendant’s right index finger on the fingerprint sensors of two smartphones to unlock them. The Court ruled that no violation had occurred, as the police did not require the defendant’s active cooperation. This note examines the BGH's reasoning and situates it within the comparative debate. The note argues that the decision is relevant because it affirms the “active cooperation” approach and avoids the problematic distinction between testimonial and physical evidence. Compared with the approaches of the European Court of Human Rights and the United States Supreme Court, the BGH's framework offers greater clarity and predictability, as well as broader protection.

由于其存储容量和证据潜力，智能手机经常被视为刑事调查的关键证据来源。2025年3月，德国联邦法院审理了一个问题，即通过强制指纹强制解密智能手机是否侵犯了反对自证其罪的权利。在一次搜查和扣押行动中，警方将被告的右手食指按在两部手机的指纹传感器上，以解锁手机。法院裁定没有发生违法行为，因为警方没有要求被告积极配合。本文考察了BGH的推理，并将其置于比较辩论之中。该说明认为，该决定是相关的，因为它肯定了“积极合作”的做法，并避免了证词和物证之间有问题的区分。与欧洲人权法院和美国最高法院的做法相比，BGH的框架提供了更大的清晰度和可预测性，以及更广泛的保护。

引用次数: 0

首页上一页

下一页尾页

类型

全部化学•材料生命科学医学物理工程技术环境•农林材料科学地球科学法学管理学化学环境科学与生态学计算机科学教育学经济学农林科学人文科学生物学数学物理与天体物理心理学综合性期刊其他工业工程理学历史学农学文学信息工程

数据库

全部 ACS Publications Elsevier ieeexplore Springer The Royal Society of Chemistry Wiley

期刊

Computer Law & Security Review

全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.

﹀