Computer Law & Security Review最新文献_第2页

Investigative genetic genealogy in Europe: Why the “manifestly made public by the data subject” legal basis should be avoided

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2025-01-10 DOI: 10.1016/j.clsr.2025.106106

Taner Kuru

{"title":"Investigative genetic genealogy in Europe: Why the “manifestly made public by the data subject” legal basis should be avoided","authors":"Taner Kuru","doi":"10.1016/j.clsr.2025.106106","DOIUrl":"10.1016/j.clsr.2025.106106","url":null,"abstract":"<div><div>Investigative genetic genealogy has emerged as an effective investigation tool in the last few years, gaining popularity, especially after the arrest of the Golden State Killer. Since then, hundreds of cases have been reported to be solved thanks to this novel and promising technique. Unsurprisingly, this success also led law enforcement authorities in the EU to experiment with it. However, there is an ambiguity on which legal basis in the EU data protection framework should be used to access the personal data of genetic genealogy database users for investigative purposes, which may put the legality and legitimacy of investigative genetic genealogy in Europe at stake. Accordingly, this article examines whether the “manifestly made public by the data subject” legal basis enshrined in Article 10(c) of the Law Enforcement Directive could be used for such purposes. Based on its analysis, the article argues that this legal basis cannot be used for such purposes, given that the personal data in question are not “manifestly made” “public”, and they are not disclosed “by the data subject” in all cases. Therefore, the article concludes by suggesting a way forward to ensure the lawfulness of this investigation method in the EU data protection framework.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106106"},"PeriodicalIF":3.3,"publicationDate":"2025-01-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143138752","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Data rule hanging over platform competition: How does the GDPR affect social media market concentration?

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2025-01-08 DOI: 10.1016/j.clsr.2024.106102

Qifan Yang , Yituan Liu

引用次数: 0

Fundamental rights and artificial intelligence impact assessment: A new quantitative methodology in the upcoming era of AI Act

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2025-01-07 DOI: 10.1016/j.clsr.2024.106101

Samuele Bertaina, Ilaria Biganzoli, Rachele Desiante, Dario Fontanella, Nicole Inverardi, Ilaria Giuseppina Penco, Andrea Claudio Cosentini

{"title":"Fundamental rights and artificial intelligence impact assessment: A new quantitative methodology in the upcoming era of AI Act","authors":"Samuele Bertaina, Ilaria Biganzoli, Rachele Desiante, Dario Fontanella, Nicole Inverardi, Ilaria Giuseppina Penco, Andrea Claudio Cosentini","doi":"10.1016/j.clsr.2024.106101","DOIUrl":"10.1016/j.clsr.2024.106101","url":null,"abstract":"<div><div>The EU Artificial Intelligence Act requires that deployers of Artificial Intelligence (AI) systems perform a Fundamental Rights Impact Assessment (FRIA) for some high-risk AI systems identified in Art. 27 of the regulation. The aim of this work is to offer a comprehensive framework to assess the impact of AI systems on Fundamental Rights (FR) of individuals. In a nutshell, the assessment approach that we propose consists of two stages: (1) an open-ended questionnaire that helps gather the contextual information and the technical features, in order to properly identify potential threats for FR, and (2) a quantitative matrix that considers each right guaranteed by the European Charter of Fundamentals Rights and tries to measure the potential impacts with a traceable and robust procedure. In light of an increasingly pervasive use of AI systems and considering the specificity of such technologies, we believe that a structured and quantitative process for assessing the impact on FR of individuals is still lacking and could be of great importance in discovering and remedying possible violations. Indeed, the proposed framework could allow to: (1) be accountable and transparent in assessing the risks of implementing AI systems that affect people; (2) gain insights to understand if any right is threatened or any group of people is more vulnerable; (3) put in place, if necessary, remediation strategies before the deployment of AI systems through demonstrable mitigative actions, with the aim of being compliant with the regulation and limiting reputational damage.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106101"},"PeriodicalIF":3.3,"publicationDate":"2025-01-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143138749","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

The end of open source? Regulating open source under the cyber resilience act and the new product liability directive

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2024-12-31 DOI: 10.1016/j.clsr.2024.106105

Liane Colonna

{"title":"The end of open source? Regulating open source under the cyber resilience act and the new product liability directive","authors":"Liane Colonna","doi":"10.1016/j.clsr.2024.106105","DOIUrl":"10.1016/j.clsr.2024.106105","url":null,"abstract":"<div><div>Rooted in idealism, the open-source model leverages collaborative intelligence to drive innovation, leading to major benefits for both industry and society. As open-source software (OSS) plays an increasingly central role in driving the digitalization of society, policymakers are examining the interactions between upstream open-source communities and downstream manufacturers. They aim to leverage the benefits of OSS, such as performance enhancements and adaptability across diverse domains, while ensuring software security and accountability. The regulatory landscape is on the brink of a major transformation with the recent adoption of both the Cyber Resilience Act (CRA) as well as the Product Liability Directive (PLD), raising concerns that these laws could threaten the future of OSS.</div><div>This paper investigates how the CRA and the PDL regulate OSS, specifically exploring the scope of exemptions found in the laws. It further explores how OSS practices might adapt to the evolving regulatory landscape, focusing on the importance of documentation practices to support compliance obligations, thereby ensuring OSS's continued relevance and viability. It concludes that due diligence requirements mandate a thorough assessment of OSS components to ensure their safety for integration into commercial products and services. Documentation practices like security attestations, Software Bill of Materials (SBOMs), data cards and model cards will play an increasingly important role in the software supply chain to ensure that downstream entities can meet their obligations under these new legal frameworks.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106105"},"PeriodicalIF":3.3,"publicationDate":"2024-12-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143138763","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A rabbit hole to innovation land: An empirical examination of the Alice decision

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2024-12-28 DOI: 10.1016/j.clsr.2024.106103

Hyejin Lee , Young Soo Park , Jaeseog Na , Sung-Pil Park

{"title":"A rabbit hole to innovation land: An empirical examination of the Alice decision","authors":"Hyejin Lee , Young Soo Park , Jaeseog Na , Sung-Pil Park","doi":"10.1016/j.clsr.2024.106103","DOIUrl":"10.1016/j.clsr.2024.106103","url":null,"abstract":"<div><div>The 2014 U.S. Supreme Court ruling in <em>Alice Corp. v. CLS Bank</em> caused a dramatic decline in software patents and marked a major shift in U.S. patent policy. Opponents argue that the <em>Alice decision</em> sounded the death knell for all software patents and deterred software innovation. Proponents suggest that the <em>Alice decision</em> did not stifle software innovation but actually increased research and development (R&D) activity and the value of software patents. After examining the legal and economic background, we find that, contrary to the traditional model, a decrease in the number of patents does not necessarily signify a decrease in innovation, especially when the Factors Reducing Patent Value (FRPV) are prevalent. We present a theoretical framework and an empirical analysis demonstrating that the <em>Alice decision</em> has not negatively affected R&D activity or the patent value of software. Our study demonstrates that the <em>Alice decision</em> has stimulated firms’ innovation activities and increased the value of their patents by restricting the scope of broad and ambiguous patent rights, thereby discouraging the accumulation of excessive patent rights.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106103"},"PeriodicalIF":3.3,"publicationDate":"2024-12-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143138762","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Bridging the gap: Unravelling local government data sharing barriers in Estonia and beyond

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2024-12-24 DOI: 10.1016/j.clsr.2024.106099

Katrin Rajamäe Soosaar , Anastasija Nikiforova

{"title":"Bridging the gap: Unravelling local government data sharing barriers in Estonia and beyond","authors":"Katrin Rajamäe Soosaar , Anastasija Nikiforova","doi":"10.1016/j.clsr.2024.106099","DOIUrl":"10.1016/j.clsr.2024.106099","url":null,"abstract":"<div><div>Open Government Data (OGD) plays a crucial role in transforming smart cities into sustainable and intelligent entities by enabling analytics, real-time monitoring, and informed decision-making. However, local administrative data remain underutilized due to organizational, technological, and legal barriers, even in advanced countries like Estonia. While Estonia is globally recognized for its digital governance success, its local governments face persistent challenges in OGD adoption. This study explores barriers preventing Estonian municipalities from sharing data, using a qualitative approach through interviews with Estonian municipalities. Drawing on the OGD-adapted Innovation Resistance Theory (IRT) model, it highlights current issues such as limited awareness, skills gaps, and data quality. By identifying overlooked weaknesses in Estonia's open data ecosystem and providing actionable recommendations, this research contributes to a more resilient and sustainable open data ecosystem development. Additionally, by validating the OGD-adapted Innovation Resistance Theory model and proposing a revised version tailored for local government contexts, the study advances theoretical frameworks on data sharing resistance. Ultimately, this study serves as a call to action for policymakers and practitioners to prioritize local OGD initiatives, ensuring the full utilization of OGD in smart city development.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106099"},"PeriodicalIF":3.3,"publicationDate":"2024-12-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143138750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

‘It's not personal, it's strictly business’: Behavioural insurance and the impacts of non-personal data on individuals, groups and societies

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2024-12-23 DOI: 10.1016/j.clsr.2024.106096

Zofia Bednarz , Kelly Lewis , Jathan Sadowski

{"title":"‘It's not personal, it's strictly business’: Behavioural insurance and the impacts of non-personal data on individuals, groups and societies","authors":"Zofia Bednarz , Kelly Lewis , Jathan Sadowski","doi":"10.1016/j.clsr.2024.106096","DOIUrl":"10.1016/j.clsr.2024.106096","url":null,"abstract":"<div><div>This article uses the case study of an insurance product linked to a health and wellbeing program—the Vitality scheme—as a lens to examine the limited regulation of collection and use of non-personal (de-identified/anonymised) information and the impacts it has on individuals, as well as society at large. Vitality is an incentive-based engagement program that mobilises online assessment tools, preventive health screening, and physical activity and wellness tracking through smart fitness technologies and apps. Vitality then uses the data generated through these activities, mainly in an aggregated, non-personal form, to make projections about changes in behaviour and future health outcomes, aiming at reducing risk in the context of health, life, and other insurance products. Non-personal data has been traditionally excluded from the scope of legal protections, and in particular privacy and data regimes, as it is thought not to contain information about specific, identifiable people, and thus its potential to affect individuals in any meaningful way has been understood to be minimal. However, digitalisation and ensuing ubiquitous data collection are proving these traditional assumptions wrong. We show how the response of the legal systems is limited in relation to non-personal information collection and use, and we argue that irrespective of the (possibly) beneficial nature of insurance innovation, the current lack of comprehensive regulation of non-personal data use potentially leads to individual, collective and societal data harms, as the example of the Vitality scheme illustrates.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106096"},"PeriodicalIF":3.3,"publicationDate":"2024-12-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143138761","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Preventing the dissemination of child sexual abuse material (CSAM) with surveillance technologies: The case of EU Regulation 2021/1232

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2024-12-21 DOI: 10.1016/j.clsr.2024.106097

Marcin Rojszczak

{"title":"Preventing the dissemination of child sexual abuse material (CSAM) with surveillance technologies: The case of EU Regulation 2021/1232","authors":"Marcin Rojszczak","doi":"10.1016/j.clsr.2024.106097","DOIUrl":"10.1016/j.clsr.2024.106097","url":null,"abstract":"<div><div>Online services are increasingly being used to distribute child sexual abuse material. Recognising this problem and responding to public pressure, legislators are introducing new electronic surveillance measures – to be used by private service providers in the performance of public tasks. An example of such a measure is EU Regulation 2021/1232, which provides the legal framework for technology providers to monitor electronic correspondence in order to identify cases of child sexual abuse and subsequently report them to law enforcement authorities.</div><div>Creating a legal framework for monitoring a large share of electronic communications causes such provisions to be part of a general norm instead of an exception – which is what interference with the secrecy of communications should be. This leads to questions about the necessity and proportionality of such a practice.</div><div>This article examines the genesis and purpose of the introduction of the Regulation, as well as the key concerns regarding its compatibility with EU law. It also explores the fundamental dilemma of whether modern surveillance measures are the right and necessary tools to not only fight but also to prevent the most serious crimes.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106097"},"PeriodicalIF":3.3,"publicationDate":"2024-12-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143138760","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Searching for the appropriate legal basis for personal data processing for cybersecurity purposes under the NIS 2 Directive: Legal obligation and/or legitimate interest?

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2024-12-19 DOI: 10.1016/j.clsr.2024.106098

Eyup Kun

{"title":"Searching for the appropriate legal basis for personal data processing for cybersecurity purposes under the NIS 2 Directive: Legal obligation and/or legitimate interest?","authors":"Eyup Kun","doi":"10.1016/j.clsr.2024.106098","DOIUrl":"10.1016/j.clsr.2024.106098","url":null,"abstract":"<div><div>This paper provides a thorough examination of the most appropriate legal basis under the General Data Protection Regulation (GDPR) for personal data processing by essential and important entities while taking cybersecurity risk management measures as stipulated by the NIS 2 Directive such as using insider-threat detection technologies.</div><div>It examines the feasibility of consent, legal obligation, public interest, and legitimate interest under Article 6 of the GDPR as possible legal grounds for data processing. It argues that consent under Article 6(1)(a) of and public interest under Article 6(1)(e) of the GDPR are not the most appropriate ones. Given the limits of consent and public interest as possible legal grounds, the focus of the analysis turns to legal obligation and legitimate interest as more appropriate legal grounds for processing personal data for cybersecurity risk management measures by essential and important entities. It assesses the appropriateness of those two bases for the processing of non-special categories of personal data, special categories of personal data and solely automated decision-making respectively.</div><div>It argues that legal obligation under Article 6(1)(c) of the GDPR as a legal basis for cybersecurity is a missed opportunity under the NIS 2 Directive. The NIS 2 Directive does not meet the standards for establishing a legal obligation as a legal basis for personal data processing although it acknowledges the necessity of such processing. This argument is based on that it fails to clearly define the scope of personal data processing. This failure not only challenges the implementation of the Directive but also poses risks to private and family life (Article 7) and the right to data protection (Article 8) of the Charter of Fundamental Rights of the European Union.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106098"},"PeriodicalIF":3.3,"publicationDate":"2024-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143138545","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Biometric data landscape in Southeast Asia: Challenges and opportunities for effective regulation

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2024-12-17 DOI: 10.1016/j.clsr.2024.106095

Abigail Chiu Mei Lim , Lynnette Hui Xian Ng , Araz Taeihagh

{"title":"Biometric data landscape in Southeast Asia: Challenges and opportunities for effective regulation","authors":"Abigail Chiu Mei Lim , Lynnette Hui Xian Ng , Araz Taeihagh","doi":"10.1016/j.clsr.2024.106095","DOIUrl":"10.1016/j.clsr.2024.106095","url":null,"abstract":"<div><div>Technology evolves at a breakneck pace. As a result, legislatures are often unable to enact laws that can keep pace with technological changes. The dissonance between the state of the law and the state of technology intensifies with respect to biometric data because the purposes of biometric data use evolve, the types of biometric data expand, and its collection, processing and use have shifted from conventional biometric systems to online platforms. This dissonance is exemplified in the Association of Southeast Asian Nations, where no regional legal instrument regulates biometric data even though governmental agencies, private entities and social media platforms actively employ biometric data and artificial intelligence systems. At national level, only five countries, Malaysia, Singapore, Indonesia, Thailand, and the Philippines, have enacted omnibus data protection legislations that afford some protection to biometric data and govern its use. This article analyses these data protection legislations and assesses their suitability in protecting and governing biometric data in the contemporary era. It identifies common trends amongst the five countries and concludes that more needs to be done to protect biometric data and rights of data subjects. Thereafter, it makes recommendations for changes to improve the state of biometric regulation in Southeast Asia.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106095"},"PeriodicalIF":3.3,"publicationDate":"2024-12-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143138758","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0