Computer Law & Security Review最新文献

{"title":"Leveraging process mining and event log enrichment in European public procurement analysis: a case study","authors":"Roberto Nai ,&nbsp;Emilio Sulis ,&nbsp;Davide Audrito ,&nbsp;Vittoria Margherita Sofia Trifiletti ,&nbsp;Rosa Meo ,&nbsp;Laura Genga","doi":"10.1016/j.clsr.2025.106144","DOIUrl":"10.1016/j.clsr.2025.106144","url":null,"abstract":"<div><div>This article explores the application of knowledge management and artificial intelligence techniques to refine the examination of administrative procedures, particularly within the realm of public procurement, to enhance the quality and efficiency of public administration. Key challenges in legal procedural studies include managing complexity, ensuring adherence to mandatory timelines, and maintaining regulatory compliance at every procedure stage. Automated process analysis provides a means to address these challenges by automatically extracting reliable of actual processes, offering valuable insights into how legal workflows are executed in practice—insights that are often difficult to obtain through conventional methods. Our re- search focuses on extracting pertinent information from extensive datasets, specifically legal event logs from public procurement procedures. We leverage process mining to analyze temporal events within administrative workflows and propose augmenting the corresponding logs using large language models for event and date extraction from legal texts. Legal experts oversee this methodology to ensure the successful integration of technology into the legal domain. We present a multinational case study applying this knowledge management framework to the Tender Electronic Daily dataset, spanning five European countries from 2016 to 2022. The findings demonstrate that techniques such as information extraction, the use of large language models, and process discovery significantly enhance legal knowledge management. Two domain experts evaluated the methodological approach and discussed the results, confirming its potential to improve compliance monitoring, control flow, and timeliness, thereby bolstering the efficiency of legal procedures.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"57 ","pages":"Article 106144"},"PeriodicalIF":3.3,"publicationDate":"2025-05-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144084200","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Navigating the intersection: How antitrust law can facilitate fair standard essential patent licensing in China","authors":"Yurong Zhang ,&nbsp;Haiyang Duan ,&nbsp;Wei Yang","doi":"10.1016/j.clsr.2025.106146","DOIUrl":"10.1016/j.clsr.2025.106146","url":null,"abstract":"<div><div>The integration of high-quality communication patents into technical standards has intensified competition and raised antitrust concerns in Standard Essential Patent (SEP) licensing. This paper examines China’s antitrust regulation of SEP licensing amid rapid market development and increasing alignment with international practices. Since entering the world stage, China has gone through an initial exploration phase (1992–2012), framework construction phase (2013–2019), and now the rules refinement phase (2020–). The antitrust enforcement rules regulating SEP licensing have become relatively clear. In particular, on November 8, 2024, the Anti-monopoly Guidelines for Standard Essential Patents issued by China’s State Administration for Market Regulation further refined the antitrust enforcement rules in the SEP licensing field. However, China’s antitrust regulation of SEP licensing faces significant challenges despite recent regulatory developments. This paper examines three critical issues: determining market dominance of SEP holders, assessing monopolistic behavior in injunctive relief requests, and establishing benchmarks for excessive or discriminatory pricing. Drawing from US and Europe enforcement experiences while considering China’s context, this study advocates for Chinese enforcement agencies to: (1) prioritize effect-based analysis when establishing SEP holders’ market dominance by examining standard irreplaceability and patent essentiality; (2) refine the criteria for determining whether rights holders have demonstrated clear misconduct when assessing the antitrust implications of injunctive relief requests, and consider these alongside other contextual factors; (3) maintain a clear distinction between excessive pricing and discriminatory pricing when assessing potential FRAND violations. Regarding excessive pricing allegations, antitrust intervention should proceed with caution on a case-by-case basis, integrating multiple factors to determine whether royalty rates significantly and persistently exceed benchmark rates. For discriminatory pricing concerns, authorities must evaluate whether pricing differentials in comparable SEP transactions generate competitive harm; (4) maintain cautious enforcement approaches that balance private and public interests. These recommendations aim to enhance antitrust effectiveness in promoting fair competition and innovation while contributing to a more equitable international patent system.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"57 ","pages":"Article 106146"},"PeriodicalIF":3.3,"publicationDate":"2025-05-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143947629","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Access revisited: AI training at the intersection of copyright and cybercrime laws","authors":"Célia Filipa Ferreira Matias","doi":"10.1016/j.clsr.2025.106149","DOIUrl":"10.1016/j.clsr.2025.106149","url":null,"abstract":"<div><div>The rise of generative AI (GenAI) poses urgent questions for copyright law, particularly regarding whether AI training infringes on reproduction rights. Some jurisdictions have tried to reduce these uncertainties through new or existing exceptions. Articles 3 and 4 of European Union Directive 2019/790 and sections 243 and 244 of Singapore’s Copyright Act of 2021 are examples. Both exceptions are subject to the condition of ‘lawful access’. The interpretation of this concept, which is vague and undefined by law, is crucial to these exceptions, as it may, ultimately, deprive them of all usefulness. This paper seeks to unpack the meaning of lawful access and its inverse by drawing on other uses of the concept, namely in cybercrime law, and its underlying values. This analysis points towards an understanding of unlawful access as the circumvention of technological restrictions to access, such as paywalls. However, adopting such measures may reduce the content that is freely available in the digital sphere, thereby impoverishing society and depriving creators of a powerful tool for publicising their works. Finally, the paper considers possible solutions to this problem and their drawbacks.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"57 ","pages":"Article 106149"},"PeriodicalIF":3.3,"publicationDate":"2025-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143943002","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Dissecting the commercial profiling of children: A proposed taxonomy and assessment of the GDPR, UCPD, DSA and AI Act in light of the precautionary principle","authors":"Eline L. Leijten ,&nbsp;Simone van der Hof","doi":"10.1016/j.clsr.2025.106143","DOIUrl":"10.1016/j.clsr.2025.106143","url":null,"abstract":"<div><div>Over a decade after the Article 29 Working Party first stated that data controllers should refrain from the processing of children’s data for the purpose of behavioural advertising, children are still profiled at scale for commercial purposes, including behavioural advertising. The United Nations Convention on the Rights of the Child (‘UNCRC’) Committee urges States parties to prohibit profiling children for commercial purposes, as the practice is associated with a panoply of potential children’s rights violations and may cause children significant harm. Yet little scholarship is devoted to seeking granularity in defining what “profiling for commercial purposes” entails. The present article seeks to fill this gap and presents a new taxonomy of the various manifestations in which the commercial profiling of children occurs. This is followed by a children’s rights-based assessment of the six distinguishable manifestations of children’s commercial profiling, highlighting the importance of nuance in the academic and regulatory discourse on the subject. Whereas profiling children to <em>directly</em> monetise their personal data interferes with several children’s rights and likely causes children significant harm (although full scientific evidence thereupon is still lacking), in certain use cases profiling children for <em>indirect</em> commercial purposes may contribute to the exercise of their rights and wellbeing. The article subsequently assesses the EU regulatory framework governing the various manifestations of children’s commercial profiling through the prism of the precautionary principle, a general principle of EU law that justifies the regulation of a practice in the face of scientific uncertainty on the (long-term) harm it may cause. In the field of children’s rights, a strong precautionary approach is the norm, mandating the prohibition of practices that pose (unacceptable levels of) risk to children. The analysis dissects the relevant provisions in the General Data Protection Regulation (‘GDPR’), the Unfair Commercial Practices Directive (‘UCPD’), the Digital Services Act (‘DSA’) and Artificial Intelligence Act (‘AI Act’), to conclude that primarily, yet merely in theory, the GDPR is adequately equipped to uphold children’s rights in this regard, as the fairness and transparency principles that are cornerstones to the GDPR do not allow for the processing of children’s data in the context of the vast majority of children’s commercial profiling practices that remain omnipresent to date.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"57 ","pages":"Article 106143"},"PeriodicalIF":3.3,"publicationDate":"2025-05-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143935962","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Editor's Foreword","authors":"Henry Pearce","doi":"10.1016/j.clsr.2025.106142","DOIUrl":"10.1016/j.clsr.2025.106142","url":null,"abstract":"","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"57 ","pages":"Article 106142"},"PeriodicalIF":3.3,"publicationDate":"2025-05-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143916630","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Principles for the responsible application of Generative AI","authors":"Roger Clarke","doi":"10.1016/j.clsr.2025.106131","DOIUrl":"10.1016/j.clsr.2025.106131","url":null,"abstract":"<div><div>The quest for Artificial Intelligence (AI) has comprised successive waves of excessive enthusiasm followed by long, dispirited lulls. Most recently, during the first 3–4 years of public access to Generative Artificial Intelligence (GenAI), many authors have bought into the bullish atmosphere, replaying consultancies' predictions about gold mines of process efficiency and innovation. A more balanced approach to the technology is needed. Instances of apparently positive results need calm analysis, firstly to distinguish mirages from genuine contributions; secondly, to identify ways to effectively exploit the new capabilities; and thirdly, to formulate guidance for the avoidance and mitigation of negative consequences.</div><div>This article's first contribution is to ground the evaluation of GenAI's pathway, applications, impacts, implications and risks in a sufficiently deep appreciation of the technology's nature and key features. A wide range of sources is drawn on, in order to present descriptions of the processes involved in text-based GenAI. From those processes, 20 key characteristics are abstracted that together give rise to the promise and the threats GenAI embodies.</div><div>The effects of GenAI derive not from the technological features alone, but also from the patterns within which it is put to use. By mapping usage patterns across to domains of application, the phenomenon's impacts and implications can be more reliably delineated. The analysis provides a platform whereby the article's final contribution can be made. Previously-formulated principles for the responsible application of AI of all kinds are applied in the particular context of GenAI.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"57 ","pages":"Article 106131"},"PeriodicalIF":3.3,"publicationDate":"2025-05-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143906660","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Comparative analysis of trademark protection in the metaverse and registration of virtual goods and NFTs","authors":"WooJung Jon,&nbsp;Sung-Pil Park","doi":"10.1016/j.clsr.2025.106137","DOIUrl":"10.1016/j.clsr.2025.106137","url":null,"abstract":"<div><div>This study presents a comparative analysis of trademark protection in the metaverse and the registration of virtual goods and non‐fungible tokens (NFTs) across three distinct legal systems: those of the United States, the United Kingdom, and South Korea. Drawing on recent case law and evolving administrative guidelines, this study examines how traditional trademark doctrines—such as the likelihood‐of‐confusion standard in the U.S. under the Lanham Act, source-identifying function under the UK Trade Marks Act 1994, and proactive legislative reforms implemented by the Korean Intellectual Property Office—are being adapted to address the challenges posed by digital and virtual environments. Specifically, this study analyzes landmark cases such as <em>Hermès International v. Rothschild</em> and <em>Yuga Labs, Inc. v. Ripps</em>, which illustrate the extension of trademark protection to NFTs and other digital assets, as well as the interplay between trademark rights and freedom of expression. It also evaluates recent updates to international classification frameworks—including the 2024 Nice Classification and the Madrid Protocol—and discusses their implications for ensuring uniformity and effective enforcement of trademarks in a borderless digital market. The findings reveal that while each jurisdiction applies its own legal traditions to metaverse trademark disputes, all share a common policy objective: to prevent consumer confusion and safeguard brand integrity in an increasingly digital economy. Ultimately, the study advocates for proactive registration of trademarks as virtual goods and NFTs to streamline enforcement and enhance legal certainty, thereby fostering innovation and facilitating global trade in virtual environments.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"57 ","pages":"Article 106137"},"PeriodicalIF":3.3,"publicationDate":"2025-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143903433","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"From theory to practice: Data minimisation and technical review of verifiable credentials under the GDPR","authors":"Qifan Yang ,&nbsp;Cristian Lepore ,&nbsp;Jessica Eynard ,&nbsp;Romain Laborde","doi":"10.1016/j.clsr.2025.106138","DOIUrl":"10.1016/j.clsr.2025.106138","url":null,"abstract":"<div><div>Data minimisation is a fundamental principle of personal data processing under the European Union’s General Data Protection Regulation (GDPR). Article 5(1) of the GDPR defines three core elements of data minimisation: adequacy, relevance, and necessity in relation to the purposes. Adequacy concerns the relationship between personal data and the purposes of processing, which minimises data collection to an adequate level in relation to the purposes. Relevance requires objective, logical, and sufficiently close links between personal data and the objective pursued, and the controller should demonstrate this relevance in the context of necessity. Necessity in relation to the purposes limits personal data processing to a specific accuracy level of the purposes, considering appropriateness, effectiveness, and intrusiveness. Our legal analyses provide a framework linking each legal element to specific technical requirements. In the context of Verifiable Credentials, Selective Disclosure and Zero-Knowledge Proofs contribute to the technical requirements of data minimisation. Our evaluation of credential types reveals that SD-JWT, JSON-LD BBS+, AnonCreds, and mDOC support Selective Disclosure, and JSON-LD with BBS+ signature and AnonCreds enable Zero-Knowledge Proofs. These findings show JSON-based credentials have significant potential to enhance data minimisation in the future.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"57 ","pages":"Article 106138"},"PeriodicalIF":3.3,"publicationDate":"2025-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143906661","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Generative AI and the future of marketing: A consumer protection perspective","authors":"Bram Duivenvoorde","doi":"10.1016/j.clsr.2025.106141","DOIUrl":"10.1016/j.clsr.2025.106141","url":null,"abstract":"<div><div>Generative AI has the potential to be the biggest disruption in marketing since the emergence of digital commerce in the early 2000s. This article will focus on three ways in which generative AI is expected to change marketing. First, generative AI enables companies to automatically create advertising copy and images, potentially leading to significant cost reductions. Secondly, generative AI offers possibilities to improve and automate personalised marketing, potentially enabling companies to send the right persuasive message at the right time to each potential customer. Thirdly, generative AI potentially offers possibilities to market products to consumers via generative AI chatbots. These developments offer potential advantages but also bear risks for consumers. For example, deepfakes in advertising can mislead consumers, AI-generated personalised marketing can exploit consumer vulnerabilities, and B2C chatbots can deceive consumers by providing biased advice. This article shows that EU law does in principle provide protection to consumers in relation to AI-generated marketing, but is also likely to fall short in effectively protecting consumers against the identified risks in several ways.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"57 ","pages":"Article 106141"},"PeriodicalIF":3.3,"publicationDate":"2025-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143895565","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Artificial intelligence, human vulnerability and multi-level resilience","authors":"Sue Anne Teo","doi":"10.1016/j.clsr.2025.106134","DOIUrl":"10.1016/j.clsr.2025.106134","url":null,"abstract":"&lt;div&gt;&lt;div&gt;Artificial intelligence (AI) is increasing being deployed across various sectors in society. While bringing progress and promise to scientific discovery, public administration, healthcare, transportation and human well-being generally, artificial intelligence can also exacerbate existing forms of human vulnerabilities and can introduce new vulnerabilities through the interplay of AI inferences, predictions and content that is generated. This underpins the anxiety of policymakers in terms of managing potential harms and vulnerabilities and the harried landscape of governance and regulatory modalities, including through the European Union’s effort to be the first in the world to comprehensively regulate AI.&lt;/div&gt;&lt;div&gt;This article examines the adequacy of the existing theories of human vulnerability in countering the challenges posed by artificial intelligence, including through how vulnerability is theorised and addressed within human rights law and within existing legislative efforts such as the EU AI Act. Vulnerability is an element that informs the contours of groups and populations that are protected, for example under non-discrimination law and privacy law. A critical evaluation notes that while human vulnerability is taken into account in governing and regulating AI systems, the vulnerability lens that informs legal responses is one that is particularistic, static and identifiable. In other words, the law demands that vulnerabilities are known in advance in order for meaningful parameters of protection to be designed around them. The individual, as the subject of legal protection, is also expected to be able to identify the harms suffered and therein seek for accountability.&lt;/div&gt;&lt;div&gt;However, AI can displace this straightforward framing and the legal certainty that implicitly underpins how vulnerabilities are dealt with under the law. Through data-driven inferential insights of predictive AI systems and content generation enabled by general purpose AI models, novel forms of dynamic, unforeseeable and emergent forms of vulnerability can arise that cannot be adequately encompassed within existing legal responses. Instead, it requires an expansion of not only the types of legal responses offered but also of vulnerability theory itself and the measures of resilience that should be taken to address the exacerbation of existing vulnerabilities and but also of emergent ones.&lt;/div&gt;&lt;div&gt;The article offers a re-theorisation of human vulnerability in the age of AI as one informed by the universalist idea of vulnerability theorised by Martha Fineman. A new conceptual framework is offered, through an expanded understanding that sketches out the human condition in this age as one of ‘algorithmic vulnerability.’ It finds support for this new condition through a vector of convergence from the growing vocabularies of harm, the regulatory direction and drawing from scholarship on emerging vulnerabilities. The article proposes the framework of multi-","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"57 ","pages":"Article 106134"},"PeriodicalIF":3.3,"publicationDate":"2025-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143868552","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}