Computer Law & Security Review最新文献

This article aims to engage with the scholarly debate on the introduction of a new fundamental right to cybersecurity in EU law. In particular, the legal analysis focuses on three legal challenges brought about by a theoretical framework for development of a new right to cybersecurity. They regard: i) the need for a new right to cybersecurity against the background of the existing fundamental right to security (Art. 6 EU Charter of Fundamental Rights, CFR); ii) the actual content of this new right; and, iii) how such a new right could be implemented. The article concludes by advocating for the need of acknowledging a new right to cybersecurity in EU law.

The devastating COVID-19 pandemic saw that the livestreaming e-commerce, which is a brand-new e-commerce model by combining online shopping with livestreams, emerged prominently in China. It shares some commonalities with other forms of e-commerce and traditional shopping channels like TV shopping one way or another, but the former is a disruptive iteration of the latter. Nonetheless, the arrival of livestreaming e-commerce also brings about significant regulatory challenges, due to opportunistic livestreamers coupled with other issues, resulting in all kinds of market failure acts, with false or misleading representations figuring most prominently. This is reflected by a landmark case occurring during the pandemic, in which Xin Ba as one of the most influential livestreamers sold cubilose products via Kuaishou, China's leading livestreaming e-commerce platform, in a false or misleading way. When the cubilose products touted as luxury foods were later proven to contain nothing but water and sugar, it attracted considerable public attention due to the large number of consumers affected and huge transactions it generated. This scandal was followed by an administrative investigation and a civil investigation. The Paper has an in-depth analysis of legal issues surrounding these investigations mainly centered on how Xin Ba as a livestreamer is liable for what, and finds that the laws applied to livestreaming e-commerce demonstrate legal inconsistencies and gaps, which a corresponding legal reform is proposed to address. As a way forward, the Paper also examines the issue of platform liabilities, a topic under-discussed under the landmark case. Upon the above deep analyses, the Paper concludes.

Can the Data Protection Impact Assessment (DPIA) under Article 35 General Data Protection Regulation (GDPR) address the power imbalances between those in control of information and the most vulnerable and marginalised persons to whom this information refers? Put another way, can DPIA be considered a feminist tool?

Whilst data protection scholars and regulators consider DPIA a promising instrument for the protection of the fundamental rights threatened by personal data processing, particularly when performed by automated systems, a feminist critique thereof, essential to comprehensively evaluate whether such optimism is justified, is still missing. This contribution addresses this knowledge gap using a combination of doctrinal and non-doctrinal analysis, feminist legal methods and intersectionality.

Building on the state of the art about DPIA, I revisit its advantages and drawbacks through feminist lenses, concluding that DPIA cannot be considered a feminist tool as such. Yet, it could still serve feminist goals and become an empowering instrument for data subjects. For that, my proposals are to incorporate feminist legal methods and intersectionality principles in the process and to conceptualise a “right to DPIA”.

This paper examines the complex issue of harmful but legal content (HBLC) moderation on the internet, focusing on the contentious nature of specific content categories regulation and the emergence of an alternative approach, regulating these categories under the umbrella of HBLC. It highlights the fundamental difference between legal and illegal content and the irony when platforms face more liability than the principal poster for failing to take down legal, albeit harmful content, posted by third parties. Instead, it argues that platforms should be held accountable for amplifying harmful content due to the role of their recommender systems in promoting this content for engagement purposes. While challenging to conceptualise, the concept of amplification regulation is scrutinised in relation to HBLC and the potential ways of implementing such regulation are examined. Furthermore, the paper delves into the dynamic between the State and online platforms in the context of HBLC and amplification regulation, emphasising the need for a balanced approach tailored to each jurisdiction's context.

In light of the dissolution of the traditional boundaries separating the fields of law, technology and society, this article puts forward an interdisciplinary norms and values approach to the study of technology law. It explains the core concepts of norms and values and their significance to legal research and other disciplines. The article further sets out the qualitative, inductive and interpretivist methodology and methods necessitated by this socio-legal approach. It then applies the norms and values approach to the cases of hacking and encryption to illustrate its substantial benefits and contributions to the development of technology law and policy.

The EU has adopted a hybrid governance approach to address the challenges posed by Artificial Intelligence (AI), emphasizing the role of harmonized European standards (HES). Despite advantages in expertise and flexibility, HES processes face legitimacy problems and struggle with epistemic gaps in the context of AI. This article addresses the problems that characterize HES processes by outlining the conceptual need, theoretical basis, and practical application of experimental standardization, which is defined as an ex-ante evaluation method that can be used to test standards for their effects and effectiveness. Experimental standardization is based on theoretical and practical developments in experimental governance, legislation, and innovation. Aligned with ideas and frameworks like Science for Policy and evidence-based policymaking, it enables co-creation between science and policymaking. We apply the proposed concept in the context of HES processes, where we submit that experimental standardization contributes to increasing throughput and output legitimacy, addressing epistemic gaps, and generating new regulatory knowledge.

The EU General Data Protection Regulation (GDPR) contains several data subject rights, but for many of these rights it is not entirely clear how they should work in practice, especially in digital environments. Most data subject rights apply to personal data obtained directly or indirectly from the data subject. This is often personal data that data subjects already are familiar with, i.e., things they already know about themselves. Unclear, however, is to what extent ascribed personal data, such as inferred data and categories or profiles in which data subjects are placed by data controllers, are within the scope of these rights. Such ascribed personal data often concerns novel information, generated by data controllers, and includes insights into how controllers view and assess them, which may have practical and legal impact on data subjects. Given these characteristics, the ascribed personal data may be much more interesting to data subjects, so it appears beneficial, from the policy perspective, to have this novel information included in the scope of data subject rights. If data subject rights do not apply to inferred data and profiles, invoking these rights is unlikely to be informative and provide meaningful information for data subjects, particularly in complex, digital environments. However, if data subject rights do apply to inferred data and profiles, the scope of these rights may be hard to delineate and they may quickly interfere with rights and freedoms of others, including trade secrets of data controllers and privacy rights of other data subjects. In this article, we investigate the implications of applying data subject rights to inferred data and profiles. For each data subject right in the GDPR, we assess which types of personal data could and perhaps should be in scope, based on grammatical and teleological legal analyses as well as practical considerations. While the area of data subject rights received significant academic attention in the past years, our article contributes to the discussion by providing a systematic, holistic framework to consider the scope of the rights in relation to ascribed data.

India is going through a transformative phase in its digital journey. A large part of this is enfolding in the field of digital public infrastructures as the ‘India Stack’ branded suite of technological solutions permeates through areas like digital identity, instant payments, digital commerce, and consent management. The paper traces the socio-technical imaginaries that have fueled India's digital transformation strategy and how India Stack acquired its central place in that scheme. Drawing upon India's performance on global ICT-related indices and the OECD's Good Practice Principles for Public Service Design and Delivery, the paper also examines how the country is faring in translating its visions of digital transformation into outcomes. It identifies reliance on coercive digital adoption strategies, lack of participative decision-making, and insufficient accountability safeguards as some of the fault lines in India's path to fair and equitable digital transformation.

The dynamic development of modern technologies has changed the rules of the game in the financial market, including the insurance sector. While introducing digital business models may bring certain advantages for insurers, there is a widespread expectation of consumers to manage their financial affairs anytime and anywhere. This article sets out by demonstrating recent phenomena on the insurance market arising from its digitalisation, i.e., automation, personalisation, insurance on-demand, machine learning & artificial intelligence, Big Data, concluding distance contracts; along with the threats to consumer safety they pose a cyber risk that may materialise at different stages of the digital insurance selling process. Further, to provide insights into how modern digital insurance markets work, the article presents the results of a study conducted by the authors on a representative sample of 2,136 respondents from Poland. The study allows one to identify certain behaviour patterns of customers in their dealings with providers of insurance products and services as well as their approach to technological innovations introduced by the traders. Crucially, the study shows that insurance consumers have a positive attitude towards the use of modern technologies in insurance, however, their knowledge on this subject is still limited. Specifically, insurance consumers tend to be more afraid of cyber risks than any legal risks resulting from deploying new technologies in the insurance sector. In conclusion, the article maps out key regulatory challenges related to ensuring consumer protection on digital insurance markets.