Computer Law & Security Review最新文献

{"title":"European national News","authors":"Nick Pantlin","doi":"10.1016/j.clsr.2025.106147","DOIUrl":"10.1016/j.clsr.2025.106147","url":null,"abstract":"<div><div>This article tracks developments at the national level in key European countries in the area of IT and communications and provides a concise alerting service of important national developments. It is co-ordinated by Herbert Smith Freehills LLP and contributed to by firms across Europe. This column provides a concise alerting service of important national developments in key European countries. Part of its purpose is to complement the Journal's feature articles and briefing notes by keeping readers abreast of what is currently happening \"on the ground\" at a national level in implementing EU level legislation and international conventions and treaties. Where an item of European National News is of particular significance, CLSR may also cover it in more detail in the current or a subsequent edition.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"57 ","pages":"Article 106147"},"PeriodicalIF":3.3,"publicationDate":"2025-06-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144189435","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The Internet of Forgotten Things: European cybersecurity regulation and the cessation of Internet of Things manufacturers","authors":"Mattis van ‘t Schip","doi":"10.1016/j.clsr.2025.106152","DOIUrl":"10.1016/j.clsr.2025.106152","url":null,"abstract":"<div><div>Many modern consumer devices rely on network connections and cloud services to perform their core functions. This dependency is especially present in Internet of Things (IoT) devices, which combine hardware and software with network connections (e.g., a ‘smart’ doorbell with a camera). This paper argues that current European product legislation, which aims to protect consumers of, inter alia, IoT devices, has a blind spot for an increasing problem in the competitive IoT market: manufacturer cessation. Without the manufacturer’s cloud servers, many IoT devices cannot perform core functions such as data analysis. If an IoT manufacturer ceases their operations, consumers of the manufacturer’s devices are thus often left with an obsolete device and, as the paper shows, hardly any legal remedies. This paper therefore investigates three properties that could support legislators in finding a solution for IoT manufacturer cessation: i) pre-emptive measures, aimed at ii) manufacturer-independent iii) collective control. The paper finally shows how these three properties already align with current legislative processes surrounding data portability, interoperability and open-source software development and analyses whether these processes can provide an adequate remedy for consumers.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"57 ","pages":"Article 106152"},"PeriodicalIF":3.3,"publicationDate":"2025-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144167157","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Privacy in the public: Analysing the EU framework to outline approaches for regulating AI personal data scraping","authors":"Akshita Rohatgi ,&nbsp;Tae Jung Park","doi":"10.1016/j.clsr.2025.106150","DOIUrl":"10.1016/j.clsr.2025.106150","url":null,"abstract":"<div><div>AI models developed using scraped personal data pose an inherent risk of <em>en-masse</em> shadow profiling to the subjects, harming their privacy, autonomy, and dignity. This paper argues that the protection of public personal data is essential to mitigate AI-scraping risks, noting that the EU is among the few to confer such protection. The GDPR regulates both public and non-public personal data similarly but contains exemptions from notice provisions in the case of legitimate interest-based processing. This exemption contributes to the information asymmetry between stakeholders who enforce anti-scraping covenants i.e., data subjects and platforms, versus scrapers. Limited supervisory powers and the lack of other mechanisms to address the problems of enforcing privacy laws in public data contribute to the GDPR’s inefficiency in controlling AI harms. The AI Act strives to plug in GDPR loopholes via reporting obligations on general-purpose AI providers to disclose the sources of their training data. Other jurisdictions could consider the principles and mechanisms of the EU regime as a guide to regulate public data scraping.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"57 ","pages":"Article 106150"},"PeriodicalIF":3.3,"publicationDate":"2025-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144123562","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"AI-driven alternative and online dispute resolution in the European Union: An analysis of the legal framework and a proposed categorization","authors":"Aura Esther Vilalta Nicuesa,&nbsp;Marian Gili Saldaña","doi":"10.1016/j.clsr.2025.106145","DOIUrl":"10.1016/j.clsr.2025.106145","url":null,"abstract":"<div><div>This paper focuses on the impact of the new EU AI Act in alternative and online dispute resolution. After briefly analysing the state of the art regarding international regulations on artificial intelligence (AI) and the strategy followed in the European Union (EU) in the field of dispute resolution, the research provides a critical discursive overview of the international existing legal guidelines and frameworks for the use of AI in dispute resolution, aiming to identify the different levels of risk addressed by the EU IA Act in this context. The paper also offers forward-looking reflections intended to contribute to the improvement of the current legal framework on AI applied to dispute resolution in the EU. To this end, it identifies various AI tools applicable to the justice sector, highlighting their main advantages and limitations. It then outlines the most relevant hard law and soft law instruments at both international and European levels, with a particular focus on the strategy implemented by the EU leading to the adoption of the current EU AI Act. The study also reviews initiatives carried out by organisations to promote the ethical use of AI in judicial systems and examines the legislative approach adopted by the EU to regulate AI in the field of justice. Finally, the paper proposes a new categorisation of AI-assisted alternative and online dispute resolution mechanisms based on their degree of risk and autonomy.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"57 ","pages":"Article 106145"},"PeriodicalIF":3.3,"publicationDate":"2025-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144115771","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The decentralisation defence","authors":"Ilya Kokorin","doi":"10.1016/j.clsr.2025.106148","DOIUrl":"10.1016/j.clsr.2025.106148","url":null,"abstract":"<div><div>This article explores the phenomenon of the decentralisation defence, which refers to instances where ‘decentralisation’ is invoked either as a shield against liability or as insulation from the reach of the law. This defence is rooted in the technological features of distributed ledger technology and smart contracts built on the blockchain settlement layer, including pseudonymity, programmability, immutability and decentralisation. Together, these features enable transactions while reducing reliance on centralised intermediaries. Although major decentralised finance (DeFi) applications, such as decentralised crypto exchanges, are not harmful per se, their misuse by bad actors creates risks for market participants. The recent cases of <em>Uniswap Labs</em> and <em>Tornado Cash</em> illustrate that the decentralisation defence can result in unaddressed harms and produce other negative externalities. These outcomes have prompted efforts to identify regulatory hooks along the centralisation vectors. The search for a responsible party in blockchain-enabled decentralised arrangements resembles processes observed with two other key technological advancements in the digital space – the internet and artificial intelligence. Drawing inspiration from the modern EU regulation of these transformative technologies, this article focuses on the role of user interfaces as DeFi gatekeepers, and software developers engaged in the creation of smart contract code and blockchain protocols.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"57 ","pages":"Article 106148"},"PeriodicalIF":3.3,"publicationDate":"2025-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144105419","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Mapping South Korea’s digital asset regulatory landscape: From criminal code to the recently implemented virtual asset user protection act","authors":"WooJung Jon,&nbsp;Wonsuk Yang","doi":"10.1016/j.clsr.2025.106140","DOIUrl":"10.1016/j.clsr.2025.106140","url":null,"abstract":"<div><div>Historically, South Korea addressed digital assets only indirectly through the Criminal Code (fraud, unauthorized fundraising), anti-money laundering regulations, and the Capital Markets Act’s securities provisions, leaving gaps in investor protection and market integrity. In response, the Virtual Asset User Protection Act (VAUPA) was enacted in 2023 and implemented in July 2024, establishing a dedicated regulatory regime for crypto-assets not classified as securities. VAUPA defines virtual assets broadly, prohibits unfair trading practices, and imposes strict obligations on virtual asset service providers, filling regulatory gaps that prior statutes and the Capital Markets Act left unaddressed. This reform created a dual regulatory structure: tokenized assets deemed securities remain governed by the Capital Markets Act, while other virtual assets fall under VAUPA. This article examines the legal interpretation and regulatory coherence of South Korea’s evolving framework, evaluating whether VAUPA effectively enhances investor protection and regulatory clarity. By mapping this evolution, it contributes to the academic understanding of digital asset law and offers insights relevant to global regulatory debates.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"57 ","pages":"Article 106140"},"PeriodicalIF":3.3,"publicationDate":"2025-05-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144105418","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Leveraging process mining and event log enrichment in European public procurement analysis: a case study","authors":"Roberto Nai ,&nbsp;Emilio Sulis ,&nbsp;Davide Audrito ,&nbsp;Vittoria Margherita Sofia Trifiletti ,&nbsp;Rosa Meo ,&nbsp;Laura Genga","doi":"10.1016/j.clsr.2025.106144","DOIUrl":"10.1016/j.clsr.2025.106144","url":null,"abstract":"<div><div>This article explores the application of knowledge management and artificial intelligence techniques to refine the examination of administrative procedures, particularly within the realm of public procurement, to enhance the quality and efficiency of public administration. Key challenges in legal procedural studies include managing complexity, ensuring adherence to mandatory timelines, and maintaining regulatory compliance at every procedure stage. Automated process analysis provides a means to address these challenges by automatically extracting reliable of actual processes, offering valuable insights into how legal workflows are executed in practice—insights that are often difficult to obtain through conventional methods. Our re- search focuses on extracting pertinent information from extensive datasets, specifically legal event logs from public procurement procedures. We leverage process mining to analyze temporal events within administrative workflows and propose augmenting the corresponding logs using large language models for event and date extraction from legal texts. Legal experts oversee this methodology to ensure the successful integration of technology into the legal domain. We present a multinational case study applying this knowledge management framework to the Tender Electronic Daily dataset, spanning five European countries from 2016 to 2022. The findings demonstrate that techniques such as information extraction, the use of large language models, and process discovery significantly enhance legal knowledge management. Two domain experts evaluated the methodological approach and discussed the results, confirming its potential to improve compliance monitoring, control flow, and timeliness, thereby bolstering the efficiency of legal procedures.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"57 ","pages":"Article 106144"},"PeriodicalIF":3.3,"publicationDate":"2025-05-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144084200","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Navigating the intersection: How antitrust law can facilitate fair standard essential patent licensing in China","authors":"Yurong Zhang ,&nbsp;Haiyang Duan ,&nbsp;Wei Yang","doi":"10.1016/j.clsr.2025.106146","DOIUrl":"10.1016/j.clsr.2025.106146","url":null,"abstract":"<div><div>The integration of high-quality communication patents into technical standards has intensified competition and raised antitrust concerns in Standard Essential Patent (SEP) licensing. This paper examines China’s antitrust regulation of SEP licensing amid rapid market development and increasing alignment with international practices. Since entering the world stage, China has gone through an initial exploration phase (1992–2012), framework construction phase (2013–2019), and now the rules refinement phase (2020–). The antitrust enforcement rules regulating SEP licensing have become relatively clear. In particular, on November 8, 2024, the Anti-monopoly Guidelines for Standard Essential Patents issued by China’s State Administration for Market Regulation further refined the antitrust enforcement rules in the SEP licensing field. However, China’s antitrust regulation of SEP licensing faces significant challenges despite recent regulatory developments. This paper examines three critical issues: determining market dominance of SEP holders, assessing monopolistic behavior in injunctive relief requests, and establishing benchmarks for excessive or discriminatory pricing. Drawing from US and Europe enforcement experiences while considering China’s context, this study advocates for Chinese enforcement agencies to: (1) prioritize effect-based analysis when establishing SEP holders’ market dominance by examining standard irreplaceability and patent essentiality; (2) refine the criteria for determining whether rights holders have demonstrated clear misconduct when assessing the antitrust implications of injunctive relief requests, and consider these alongside other contextual factors; (3) maintain a clear distinction between excessive pricing and discriminatory pricing when assessing potential FRAND violations. Regarding excessive pricing allegations, antitrust intervention should proceed with caution on a case-by-case basis, integrating multiple factors to determine whether royalty rates significantly and persistently exceed benchmark rates. For discriminatory pricing concerns, authorities must evaluate whether pricing differentials in comparable SEP transactions generate competitive harm; (4) maintain cautious enforcement approaches that balance private and public interests. These recommendations aim to enhance antitrust effectiveness in promoting fair competition and innovation while contributing to a more equitable international patent system.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"57 ","pages":"Article 106146"},"PeriodicalIF":3.3,"publicationDate":"2025-05-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143947629","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Access revisited: AI training at the intersection of copyright and cybercrime laws","authors":"Célia Filipa Ferreira Matias","doi":"10.1016/j.clsr.2025.106149","DOIUrl":"10.1016/j.clsr.2025.106149","url":null,"abstract":"<div><div>The rise of generative AI (GenAI) poses urgent questions for copyright law, particularly regarding whether AI training infringes on reproduction rights. Some jurisdictions have tried to reduce these uncertainties through new or existing exceptions. Articles 3 and 4 of European Union Directive 2019/790 and sections 243 and 244 of Singapore’s Copyright Act of 2021 are examples. Both exceptions are subject to the condition of ‘lawful access’. The interpretation of this concept, which is vague and undefined by law, is crucial to these exceptions, as it may, ultimately, deprive them of all usefulness. This paper seeks to unpack the meaning of lawful access and its inverse by drawing on other uses of the concept, namely in cybercrime law, and its underlying values. This analysis points towards an understanding of unlawful access as the circumvention of technological restrictions to access, such as paywalls. However, adopting such measures may reduce the content that is freely available in the digital sphere, thereby impoverishing society and depriving creators of a powerful tool for publicising their works. Finally, the paper considers possible solutions to this problem and their drawbacks.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"57 ","pages":"Article 106149"},"PeriodicalIF":3.3,"publicationDate":"2025-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143943002","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Dissecting the commercial profiling of children: A proposed taxonomy and assessment of the GDPR, UCPD, DSA and AI Act in light of the precautionary principle","authors":"Eline L. Leijten ,&nbsp;Simone van der Hof","doi":"10.1016/j.clsr.2025.106143","DOIUrl":"10.1016/j.clsr.2025.106143","url":null,"abstract":"<div><div>Over a decade after the Article 29 Working Party first stated that data controllers should refrain from the processing of children’s data for the purpose of behavioural advertising, children are still profiled at scale for commercial purposes, including behavioural advertising. The United Nations Convention on the Rights of the Child (‘UNCRC’) Committee urges States parties to prohibit profiling children for commercial purposes, as the practice is associated with a panoply of potential children’s rights violations and may cause children significant harm. Yet little scholarship is devoted to seeking granularity in defining what “profiling for commercial purposes” entails. The present article seeks to fill this gap and presents a new taxonomy of the various manifestations in which the commercial profiling of children occurs. This is followed by a children’s rights-based assessment of the six distinguishable manifestations of children’s commercial profiling, highlighting the importance of nuance in the academic and regulatory discourse on the subject. Whereas profiling children to <em>directly</em> monetise their personal data interferes with several children’s rights and likely causes children significant harm (although full scientific evidence thereupon is still lacking), in certain use cases profiling children for <em>indirect</em> commercial purposes may contribute to the exercise of their rights and wellbeing. The article subsequently assesses the EU regulatory framework governing the various manifestations of children’s commercial profiling through the prism of the precautionary principle, a general principle of EU law that justifies the regulation of a practice in the face of scientific uncertainty on the (long-term) harm it may cause. In the field of children’s rights, a strong precautionary approach is the norm, mandating the prohibition of practices that pose (unacceptable levels of) risk to children. The analysis dissects the relevant provisions in the General Data Protection Regulation (‘GDPR’), the Unfair Commercial Practices Directive (‘UCPD’), the Digital Services Act (‘DSA’) and Artificial Intelligence Act (‘AI Act’), to conclude that primarily, yet merely in theory, the GDPR is adequately equipped to uphold children’s rights in this regard, as the fairness and transparency principles that are cornerstones to the GDPR do not allow for the processing of children’s data in the context of the vast majority of children’s commercial profiling practices that remain omnipresent to date.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"57 ","pages":"Article 106143"},"PeriodicalIF":3.3,"publicationDate":"2025-05-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143935962","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}