Computer Law & Security Review最新文献

The rapid proliferation of Artificial Intelligence (AI) applications in various domains of our lives has prompted a need for a shift towards a human-centered and trustworthy approach to AI. In this study we employ the Assessment List for Trustworthy Artificial Intelligence (ALTAI) checklist to evaluate the trustworthiness of Artificial Intelligence for Student Performance Prediction (AI4SPP), an AI-powered system designed to detect students at risk of school failure. We strongly support the ethical and legal development of AI and propose an implementation design where the user can choose to have access to each level of a three-tier outcome bundle: the AI prediction alone, the prediction along with its confidence level, and, lastly, local explanations for each grade prediction together with the previous two information. AI4SPP aims to raise awareness among educators and students regarding the factors contributing to low school performance, thereby facilitating the implementation of interventions not only to help students, but also to address biases within the school community. However, we also emphasize the ethical and legal concerns that could arise from a misuse of the AI4SPP tool. First of all, the collection and analysis of data, which is essential for the development of AI models, may lead to breaches of privacy, thus causing particularly adverse consequences in the case of vulnerable individuals. Furthermore, the system’s predictions may be influenced by unacceptable discrimination based on gender, ethnicity, or socio-economic background, leading to unfair actions. The ALTAI checklist serves as a valuable self-assessment tool during the design phase of AI systems, by means of which commonly overlooked weaknesses can be highlighted and addressed. In addition, the same checklist plays a crucial role throughout the AI system life cycle. Continuous monitoring of sensitive features within the dataset, alongside survey assessments to gauge users’ responses to the systems, is essential for gathering insights and intervening accordingly. We argue that adopting a critical approach to AI development is essential for societal progress, believing that it can evolve and accelerate over time without impeding openness to new technologies. By aligning with ethical principles and legal requirements, AI systems can make significant contributions to education while mitigating potential risks and ensuring a fair and inclusive learning environment.

The right to learn is a fundamental human right that can be summarized as a personal entitlement to acquire knowledge, increase one's wisdom, and fully develop inherent capacity through various learning approaches and activities. With the advent of the information age, the notion of right to education is unable to meet the needs of the development of human beings and society. Thus, introducing a concept with a rich connotation, namely, the right to learn is necessary. However, this right has not been stipulated and protected by constitutional law in most countries. The development of digital technology and artificial intelligence not only brings great opportunities for its realization, but also poses challenges to this right. In China, the economic and digital gap has led to the unequal and uneven development of the right to learn, while the rigid internet review system and expectations of digital copyright protection have hindered this right. To address these challenges in the information era, the government should address the right to learn as a fundamental right and establish a protection system in China's education law. Moreover, it should improve the fair use of the copyright system and strike a balance between the right to learn and copyright. In addition, emerging management rights and the equitable distribution of e-learning resources and digital infrastructure are essential to the right to learn.

On 15 August 2023, China's new rules on generative artificial intelligence (AI) entered into force. This article explores the underlying reasons and context for this rapid regulatory development. It argues that China's swift adoption of the Interim Measures on generative AI has been enabled by its traditional approach to digital policy, together with its renewed system of governance and the extensive work that Chinese regulators had conducted on AI ethics and relevant principles. The article also analyses some of the substantial rules laid down by the Interim Measures, offering scholars and policymakers working on generative AI regulation in other jurisdictions the possibility to engage with the solutions chosen by the Chinese regulators. To this end, the article brielfy presents key provisions regarding training data and IP rights; labelling of synthetic content; algorithm registration; accountability for content; and the applicability of existing laws to generative AI. It compares these aspects of the Interim Measures with examples from the European Union and the United States.

The freedoms of thought (and opinion) are considered as absolute rights within the human rights law framework. Though found in separate provisions within the human rights instruments, the content and contours of these freedoms are largely interchangeable and overlap. The freedom of thought (and opinion) consists of three elements, namely, that thoughts and opinions can be kept private; thoughts cannot be manipulated with; and that one should not be punished for one's own thoughts. However, artificial intelligence (AI) driven systems increasingly deployed within online platforms facilitate the granular targeting and tailoring of choice architectures to the particularities of each individual, according to what is revealed or inferred by the AI system. This can enable platforms to shape the horizons of possibilities at scale for many individuals at once, enabling the power to modulate thoughts, expressions and actions. Drawing from literature on moral ethics and specifically the nascent field of the ethics of online manipulation, the aim of the article is to theorise the concept of manipulation and punishment in the context of the affordances of AI systems and examine when and how it impacts or breaches the freedoms of thought and opinion. The article argues that manipulation has to be conceived of as an objective concept, without hinging upon the eventuation of subjective effects on individuals, in order for the right to have practical meaning and import in the age of AI. Further, the term punishment has to be re-conceptualised to go beyond state sanctioned actions to include harms to autonomy conditions. This engages the fundamental concept of human dignity that lies as the normative foundation of the human rights framework. As novel material affordances increasingly structure and modulate the conditions for human interaction and communication, the focus of human rights protection has to shift from negative to positive obligations in order to ensure that conditions of possibilities for the freedoms of thought and opinion can take hold and be exercised in the first place. It concludes by proposing three steps that can be taken in order to afford autonomy conditions in line with the respect for these freedoms.

Although the digitalisation of healthcare is an ongoing process that dates back to more than two decades ago, it has gained more momentum with the COVID-19 pandemic. Recent developments in this sector include the adoption of wearable devices based on Internet of Things technology. The possibility of connecting devices that can work outside the physical boundaries of a hospital and follow patients at home, i.e. during their day-to-day life, has several obvious advantages. However, the digitalisation of the health sector through increased adoption of connected devices does not exclude vulnerabilities, particularly risks concerning the protection of patients’ data and the security of networks and information systems. Connected devices can gather, process, and store personal patient health data. Failure to safeguard the integrity and security of these data may affect the patients’ identity and finances and put their lives at risk. The presence of an IoT device in a healthcare setting may affect and reduce the level of network security of the overall system as it may provide an access point for an unlawful hacking attack. Although IoT technologies in the health sector are becoming increasingly pervasive, the European legal framework applicable to them is not clearly defined. This is extremely relevant in the case of cybersecurity, where the legal point of reference is the General Data Protection Regulation, addressing the measures and requirements applicable in case of data breaches, and the Medical Device Regulation, providing provisions focused on the security of data relevant to IoT defined as medical devices. The most recent interventions that address health data processing and cybersecurity are the proposed Cyber Resilience Act and the Health Data Space Regulation. The two acts provide measures and requirements applicable to IoT from two perspectives. Yet, they add complexities and some inconsistencies that may hamper the effectiveness of the overall cybersecurity framework.

This article assesses whether the rules of the General Data Protection Regulation (GDPR) apply to cameras installed in vehicles, as well as how their use can be GDPR compliant and who is ultimately responsible for this. With the adoption of the GDPR, citizens of the EU now benefit from increased protection of their privacy, as the purpose of the Regulation is to lay down rules on the protection of natural persons in connection with the processing of personal data. The Regulation sets out several conditions for when and how personal data may be processed. These are reviewed in the following with a focus on cameras in cars.

Bitcoin was presented in 2008 as a technology-driven alternative to the weaknesses of the traditional monetary, payment and financial systems dramatically highlighted by the Global Financial Crisis of 2008. The underlying technology – blockchain and distributed ledger technology – was posed as a technological solution to the problems of trust, confidence, transparency and behaviour traditionally addressed in finance through a framework of law, regulation and institutions (including markets and the state). Cryptocurrencies, blockchain, distributed ledger technology and decentralised finance were designed to address the weaknesses and risks in traditional finance. Yet fifteen years of evolution culminating in the Crypto Winter of 2022–23 have demonstrated that crypto is neither special nor immune and has come to feature all the classic problems of traditional finance. As the crypto ecosystem has evolved, the market failures and externalities of traditional finance have emerged – a process we term the ‘financialisation’ of crypto. These include conflicts of interests, information asymmetries, centralisation and interconnections, over-enthusiastic market participants, plus agency, operational and financial risks. We argue that (a) in order to develop successfully going forward, the crypto ecosystem needs to assimilate the centuries of experience of underpinning traditional finance with law and regulation, and (b) in the aftermath of the Crypto Winter, an international consensus is crystalising in respect of the regulation of the crypto ecosystem. We argue regulatory systems are now being instituted to ensure the proper functioning of crypto and its interconnections with traditional finance. The lessons of the financialisation of crypto also apply more broadly: appropriately designed regulatory systems are central to financial market functioning and development.

This paper delves into two legal models for zero-knowledge proof protocols in the context of the eIDAS 2.0 Regulation: a trust service or a software product. The ARIES: reliAble euRopean Identity EcoSystem EU project highlighted the need for a legal framework for stakeholders to accept proof of the existence of user data with legal certainty, while Hyperledger Indy shows that ZKP solutions are currently commercialized, stressing deficiencies in the eIDAS 2.0. An overview of ZKP applied to identity, its relationship to the European Digital Identity Wallet and the electronic attestations of attributes, both introduced by the eIDAS 2.0, and Self-Sovereign Identity systems, leads to the central question of proof of the existence of user-held data as a trust service or as a software product and its data privacy implications for each approach. Finally, we outline a possible solution based on the product approach for future work. Our findings reveal that ZKP technology must have legal value and a presumption system to be effective. However, the path we take could lead us either to develop a system of surveillance and control in electronic environments or to build an environment where we share not the data itself but proof of its existence.

This article provides a critical analysis of the China's legal framework of children's personal information protection in the digital era. It demonstrates that Chinese lawmakers adopt a dual-protection paradigm consisting of data privacy law and family law to protect children's personal information. In the field of data privacy law, China's Personal Information Protection Law regards children's personal information as sensitive information, and provides all contexts-based protection through the parental consent system, resulting in severe restrictions on children's freedom of access to information and their evolving capacities. In the field of family law, the Minors Protection Law fragments the right to informational self-determination of children while applying hard legal paternalism with respect to the online live-broadcast for children, limiting children's fundamental right to freedom of expression and depriving parents of the right to the custody of their children. Based on research in developmental psychology, this article argues that different legal frameworks should be adopted according to different age groups of children to protect the best interest of the child. In this way, the balance between the protection and informational self-determination of children in the digital era can be achieved.