Computer Law & Security Review最新文献

In a context of high pressure on national asylum systems and a strive for efficiency, public authorities in Europe are increasingly exploring the potential of artificial intelligence-driven technologies in the asylum process. The use of this technology in the field of asylum is a growing but contentious topic, which raises important normative questions and concerns. In this context, this paper aims to analyse the potential implications for fair asylum procedures when artificial intelligence (AI) assists decision-making. Fair asylum procedures, or due process, are a central condition for guaranteeing the right to asylum and preventing unlawful refoulement, and overall ensuring trust in the asylum adjudication system. After revisiting the theoretical foundations of the concept of fair procedures, this paper develops a normative framework that can guide further reflection on the use of AI in asylum procedures. It thereby analyses the concepts that are key to the debate on the use of AI in decision-making: accuracy, efficiency but also participation. Then, drawing on scholarship in both political science and computer science, it explores potential challenges for the core values of fair procedures, considering both technical and non-technical challenges. This paper concludes that while AI promises efficiency gains for the administration, it identifies important challenges for accuracy and participation. On the basis of these considerations, it highlights the questions that should be asked and answered in order to protect the core values of fair asylum procedures.

The issue surrounding the nature and function of smart contracts in the context of legal relationships has garnered significant attention from the European and national legislators, regulatory bodies and legal scholarship. Sections I and II of this essay give an account of the results of the ongoing doctrinal debate, which is not univocal. The objective is to provide an assessment of both the advantages and limitations associated with smart legal contracts. In Section III, the authors introduce a novel negotiation process termed "contracts on chain". This process enables parties to engage in negotiations, formalize agreements and execute contracts directly on the blockchain. Consequently, this negotiation approach serves as a potential bridge between the realms of Web 2 and Web 3. Further, it offers a user experience akin to online contracts but benefits from the inherent capabilities of third-generation blockchains. Albeit on-chain contracts can be deployed on both private and public blockchains, the authors express a preference for their use on the public blockchain within a "logical platform". This choice allows to enhance regulatory compliance and mitigate the effects of decentralization on liability regimes, while simultaneously optimizing the efficiency gains of public blockchains. Notably, this approach ensures a level of protection commensurate with that offered by private blockchains. The ultimate goal of this innovative process is to streamline the ongoing technological transition and cultivate greater trust within the market for emerging technologies.

This paper analyses the readiness of South African information and communication technology (ICT) infrastructure for the implementation of Fourth Industrial Revolution technologies, which has been highly prioritised by policymakers in recent years. The discussion is centred around examples of smart cities and connectivity. Opportunities have been identified in the form of complimentary bottom-up initiatives. The analysis of the current state of internet access in South Africa, underlying infrastructure and policy developments are essential for understanding the bottlenecks for proceeding with the digital transformation agenda.

This column provides a country by country analysis of the latest legal developments, cases and issues relevant to the IT, media and telecommunications' industries in key jurisdictions across the Asia Pacific region. The articles appearing in this column are intended to serve as ‘alerts’ and are not submitted as detailed analyses of cases or legal developments.

Privacy in apps is a topic of widespread interest because many apps collect and share large amounts of highly sensitive information. In response, the Chinese legislator introduced a range of new data protection laws over recent years, notably the Personal Information Protection Law (PIPL) in 2021. So far, there exists limited research on the impacts of these new laws on apps’ privacy practices. To address this gap, this paper analyses data collection in pairs of 634 Chinese iOS apps, one version from early 2020 and one from late 2021.

Our work finds that many more apps now implement consent. Yet, those end-users that decline consent will often be forced to exit the app. Fewer apps now collect data without consent but many still integrate tracking libraries. Market concentration in app data collection has seen limited change. At the same time, there exists a larger number of influential and equal market participants than in the West. Among them, Apple was the only relevant foreign company.

We see our findings characteristic of a first iteration at Chinese data regulation with room for improvement. With the help of enhanced technological capabilities, we expect increased enforcement of the new data rules. There is also room to refine the new laws and make them more targeted at mobile apps and the online sphere, particularly through clear and up-to-date technical specifications for software developers. As such, our findings could also be motivation for non-Chinese policy- and lawmakers to enhance their own data protection regimes.

Standard essential patent (SEP)-related disputes frequently involve parallel litigation cases in various jurisdictions in the world. With the rapid advancement of the telecommunication industry, Chinese companies are more and more embroiled in such global dispute, particularly with the issue of fair, reasonable, and non-discriminatory (FRAND) rate determination by the courts. Chinese courts are actively asserting jurisdiction over global FRAND disputes. It is important to note that within the framework of Chinese court practice, the court should further improve its trial procedures to ensure that parties have reasonable expectations regarding rate determination result on the merits and the procedural due process. This article reviews the judicial practice in China regarding the cases of FRAND rate dispute, summarizing the characteristics and recent development in the court practice. The article outlines how Chinese courts apply comparable license and top-down approach to calculate the FRAND rate. Notably, Chinese courts have taken a more flexible and pragmatic approach when addressing this issue, tailoring their decisions based on the circumstances in individual case. Additionally, it discusses the possibility of Article 24 in the Judicial Interpretation II as the legal basis for determining the global FRAND rate, as well as how the requirement for good-faith negotiation is interpreted by the court and whether the regional discount is reasonable in the context of the global FRAND rate. Consequently, the article argues that the courts should consider harmonizing its practice with prevailing norms in international jurisdictions. Several recommendations for optimizing the trial procedure also proposed, thereby ensuring scientific rigor and transparency of the rate calculation.

Menstrual cycle tracking applications (‘apps’) are smartphone or tablet apps that allow users to log data pertaining to their period. Using a lens of privacy focussed on intimacy, it will be argued that the control-based harms and intimate harms emerging from these apps require moving from an information privacy law model based on control to one that acknowledges the deeper connection between intimacy and privacy. We examine the privacy policies of 20 menstrual cycle tracking apps to investigate how the control-based protections of the Privacy Act apply. Our findings demonstrate that there are many deficiencies in app privacy policies which give rise to critical questioning about the application of the Australian Privacy Act’s control approach. We argue that the current gender-agnostic approach of information privacy law's control approach does not adequately protect app users and their intimate information. Intimate harms rethink the application of information privacy law by extending its reach beyond the traditional control harms contemplated by the Act and examine how menstrual cycle tracking apps disrupt users’ intimate spheres and relationships. To adequately protect app users from these deeper intimate harms, we contend that information privacy law moves beyond the procedural-based control approach to an information privacy model that is relational, context-dependant and acknowledges the connection between intimacy and privacy.

The fragmentation of the Dutch cybersecurity government landscape is a widely discussed phenomenon among politicians, policy makers, and cybersecurity specialists. Remarkably though, a negative narrative is underlying the idea of fragmentation, suggesting that we are dealing with a serious problem. A problem that has the potential of impeding cybersecurity governance in the Netherlands. This research zooms in on how cybersecurity governance is organised within the central government, and which organisations are concerned with the creation, implementation, and oversight of cybersecurity policies vis à vis Dutch society. This article provides an overview of all central government organisations (de Rijksoverheid) that are involved in cybersecurity governance on a strategic level. This research provides the first step in doctoral research into the possible implications of the fragmentation of cybersecurity governance in the Dutch central government, and how this fragmentation could potentially impact policy creation, implementation, and oversight. Based on the mapping of this governance landscape, it set out to measure fragmentation based on the number of units or organisations that are concerned with cybersecurity governance in the central government on a strategic level. This study has found that based on Boyne's (1992) notion of fragmentation and the Dutch governments’ definition of tiers, the Dutch cybersecurity governance landscape could indeed, when meticulously following Boyne's counting procedure, be regarded as fragmented.

This article proposes a new paradigm in the consideration of privacy in pornographic works in copyright enforcement actions. It focuses particularly on attempts to threaten individuals with copyright infringement action based on a speculative invoicing model. We approach this issue from the perspective of the right to sexual privacy of alleged infringers, which, as we argue, is particularly pertinent for pornographic works. The courts in England and Wales have broadly recognised the role of individual privacy and embarrassment caused to alleged infringers in the leading cases of Golden Eye and subsequently in Mircom, but the law remains unclear with no real recognition of, or meaningful mechanisms in place to address, the underlying issues. The article points out that this is due to a fundamental lack of appreciation of sexual privacy at a conceptual level in the context of consumption of pornography in the internet age, and consequent failure to consider this in copyright enforcement proceedings. We argue that the law should achieve a balance between the right holder's interest and the sexual privacy of alleged infringers, and copyright enforcement actions need to be approached with this in mind. This calls for a fundamental reconceptualisation of the right to privacy, and we call upon the courts to recognise and balance the sexual privacy rights of the alleged infringers of copyright in pornographic works with the interests of the right holders in certain copyright enforcement actions to achieve fair and equitable outcomes.