Computer Law & Security Review最新文献

{"title":"Scoring the European citizen in the AI era","authors":"Nathan Genicot","doi":"10.1016/j.clsr.2025.106130","DOIUrl":"10.1016/j.clsr.2025.106130","url":null,"abstract":"<div><div>Social scoring is one of the AI practices banned by the AI Act. This ban is explicitly inspired by China, which in 2014 announced its intention to set up a large-scale government project – the Social Credit System – aiming to rate every Chinese citizen according to their good behaviour, using digital technologies and AI. But in Europe, individuals are also scored by public and private bodies in a variety of contexts, such as assessing creditworthiness, monitoring employee productivity, detecting social fraud or terrorist risks, and so on. However, the AI Act does not intend to prohibit these types of scoring, as they would qualify as “high-risk AI systems”, which are authorised while subject to various requirements. One might therefore think that the ban on social scoring will have no practical effect on the scoring practices already in use in Europe, and that it is merely a vague safeguard in case an authoritarian power is tempted to set up such a system on European territory. Contrary to this view, this article argues that the ban has been drafted in a way that is flexible and therefore likely to make it a useful tool, similar and complementary to Article 22 of the General Data Protection Regulation, to protect individuals against certain forms of disproportionate use of AI-based scoring.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"57 ","pages":"Article 106130"},"PeriodicalIF":3.3,"publicationDate":"2025-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143825686","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Solid use case to empower and protect data subjects: Responsibilities under GDPR for governance of personal data stores","authors":"Michiel Fierens ,&nbsp;Harshvardhan J. Pandit ,&nbsp;Aurelia Tamo-Larrieux ,&nbsp;Kimberly Garcia","doi":"10.1016/j.clsr.2025.106133","DOIUrl":"10.1016/j.clsr.2025.106133","url":null,"abstract":"<div><div>Decentralised data governance has emerged as an alternative model in response to the challenges of managing data and privacy in conventional centralised models. ‘Personal Data Stores’ (PDS) are at the forefront of this movement and provide forms of control over storage and management of data to the individual with the goal of empowering them. In this article, we argue how PDS, while being important technological innovations, are challenging to implement in the current regulatory landscape as the interpretation of responsibilities under the GDPR is woefully inadequate for decentralised systems. This represents a challenge to the decentralisation movement and makes it difficult to empower and protect individuals under the GDPR (data subjects) using PDS. A thorough understanding of the technological and legal situation and therefore an interdisciplinary approach is essential to make policymakers aware of any efforts that still need to be made to realise the decentralisation paradigm's goal. We therefore build upon research investigating GDPR compliance in decentralised data storage and management but do so through an interdisciplinary lens applied to an emerging application, Solid, that provides technical specifications for implementing it as the leading PDS implementation. By taking an interdisciplinary approach, we consider the interaction between the legal definitions from the GDPR and the implications of established case law with Solid's technical specifications and its possible implementations. We conclude with recommendations regarding the division of responsibilities for policymakers, authorities, market participants and technical developers to simultaneously protect and empower those involved in the use of PDS, particularly through Solid. Furthermore, the role of decentralised systems such as Solid is discussed, as well as the current unclear regulatory landscape surrounding it in the context of implementing the Data Governance Act (DGA). The implications for further AI development and within data spaces are also considered.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"57 ","pages":"Article 106133"},"PeriodicalIF":3.3,"publicationDate":"2025-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143825685","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The elephant in the room: A global mechanism for E-Sport disputes","authors":"Serkan Kaya ,&nbsp;Eda Şahin-Şengül ,&nbsp;Aybüke Keskin","doi":"10.1016/j.clsr.2025.106128","DOIUrl":"10.1016/j.clsr.2025.106128","url":null,"abstract":"<div><div>The e-sports industry has seen exponential growth, leading to increased disputes among players, teams, and organisers. Traditional dispute resolution methods, such as litigation, often fall short due to their time-consuming nature, the lack of technical expertise of the parties, and the international scope of e-sports disputes. This article highlights the potential of Blockchain Dispute Resolution (BDR) mechanisms to address these challenges. BDR offers several advantages for e-sports dispute resolution, ensuring transparency by recording all transactions and decisions on a public ledger, which can be accessed by all parties involved. This reduces the risk of biased decisions and enhances trust among stakeholders. Additionally, smart contracts can automate the enforcement of agreements, reducing the need for intermediaries and speeding up the resolution process. The article also underscores the importance of developing standardised rules and protocols for blockchain-based dispute resolution in e-sports, as it provides a structured approach for the recognition and enforcement of decisions made through blockchain mechanisms. The article, therefore, argues that the integration of blockchain technology in e-sports not only offers potential solutions for dispute resolution but also opens new avenues for monetisation and fan engagement, exciting the industry and its fans with the possibilities it brings for a more interactive and engaging future.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"57 ","pages":"Article 106128"},"PeriodicalIF":3.3,"publicationDate":"2025-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143816763","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Public data authorized operation and the rise of data finance in China: origins, risks, and prospects","authors":"Jingxian Chen (Lecturer)","doi":"10.1016/j.clsr.2025.106132","DOIUrl":"10.1016/j.clsr.2025.106132","url":null,"abstract":"<div><div>This article explores the introduction of public data authorized operation (PDAO) in China and its role in the emergence of data finance, a new revenue model for local governments facing fiscal pressure due to declining land finance. It argues that the shift toward data finance is driven by the local government’s need for alternative fiscal resources, enabled by policies promoting the conditional and paid use of public data. The article examines the risks associated with the revenue-oriented approach to PDAO, such as the erosion of free public data openness, the formation of administrative monopolies, increased costs for data utilization, and the fragmentation of data regulations across regions. The article offers insights into the future of data finance and PDAO in China. It suggests that data finance should not be driven solely by short-term revenue goals but rather should be considered a strategic tool aimed at enhancing the country’s digital infrastructure and fostering long-term innovation. A comprehensive fiscal framework—including clear pricing standards, balanced revenue allocation mechanisms, and robust fiscal oversight—should be established to ensure that funds generated from PDAO are managed legally, transparently, and efficiently.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"57 ","pages":"Article 106132"},"PeriodicalIF":3.3,"publicationDate":"2025-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143816762","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Future themes in regulating artificial intelligence in investment management","authors":"Wojtek Buczynski ,&nbsp;Felix Steffek ,&nbsp;Mateja Jamnik ,&nbsp;Fabio Cuzzolin ,&nbsp;Barbara Sahakian","doi":"10.1016/j.clsr.2025.106111","DOIUrl":"10.1016/j.clsr.2025.106111","url":null,"abstract":"<div><div>We are witnessing the emergence of the “first generation” of AI and AI-adjacent soft and hard laws such as the EU AI Act or South Korea's Basic Act on AI. In parallel, existing industry regulations, such as GDPR, MIFID II or SM&amp;CR, are being “retrofitted” and reinterpreted from the perspective of AI. In this paper we identify and analyze ten novel, “second generation” themes which are likely to become regulatory considerations in the near future: non-personal data, managerial accountability, robo-advisory, generative AI, privacy enhancing techniques (PETs), profiling, emergent behaviours, smart contracts, ESG and algorithm management. The themes have been identified on the basis of ongoing developments in AI, existing regulations and industry discussions. Prior to making any new regulatory recommendations we explore whether novel issues can be solved by existing regulations. The contribution of this paper is a comprehensive picture of emerging regulatory considerations for AI in investment management, as well as broader financial services, and the ways they might be addressed by regulations – future or existing ones.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106111"},"PeriodicalIF":3.3,"publicationDate":"2025-03-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143548373","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The rise of technology courts, or: How technology companies re-invent adjudication for a digital world","authors":"Natali Helberger","doi":"10.1016/j.clsr.2025.106118","DOIUrl":"10.1016/j.clsr.2025.106118","url":null,"abstract":"<div><div>The article “The Rise of Technology Courts” explores the evolving role of courts in the digital world, where technological advancements and artificial intelligence (AI) are transforming traditional adjudication processes. It argues that traditional courts are undergoing a significant transition due to digitization and the increasing influence of technology companies. The paper frames this transformation through the concept of the “sphere of the digital,” which explains how digital technology and AI redefine societal expectations of what courts should be and how they function.</div><div>The article highlights that technology is not only changing the materiality of courts—moving from physical buildings to digital portals—but also affecting their symbolic function as public institutions. It discusses the emergence of AI-powered judicial services, online dispute resolution (ODR), and technology-driven alternative adjudication bodies like the Meta Oversight Board. These developments challenge the traditional notions of judicial authority, jurisdiction, and legal expertise.</div><div>The paper concludes that while these technology-driven solutions offer increased efficiency and accessibility, they also raise fundamental questions about the legitimacy, transparency, and independence of adjudicatory bodies. As technology companies continue to shape digital justice, the article also argues that there are lessons to learn for the role and structure of traditional courts to ensure that human rights and public values are upheld.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106118"},"PeriodicalIF":3.3,"publicationDate":"2025-03-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143548374","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"","authors":"Kevin Macnish","doi":"10.1016/j.clsr.2025.106109","DOIUrl":"10.1016/j.clsr.2025.106109","url":null,"abstract":"","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106109"},"PeriodicalIF":3.3,"publicationDate":"2025-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143529187","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Assessing the (severity of) impacts on fundamental rights","authors":"Gianclaudio Malgieri ,&nbsp;Cristiana Santos","doi":"10.1016/j.clsr.2025.106113","DOIUrl":"10.1016/j.clsr.2025.106113","url":null,"abstract":"<div><div>\"Risk to fundamental rights,\", \"impact on fundamental rights\", \"harm to fundamental rights\" and \"non-material damages\" are all terms referring to similar problems, though inherently ambiguous and very problematic, especially in the age of AI-based technologies and digital platforms. Traditionally, legal and social sciences have two different approaches to analysing the impacts on fundamental rights: the rights-based approach and the risk of harm-based approach to fundamental rights. The rights-based approach is binary, focusing on whether rights and obligations are respected or violated. In contrast, a harm-based approach focuses on the anticipation of undesired events and measuring their likelihood and severity. However, focusing solely on \"harms'' or \"damages'' is reductionist, while existing impact assessment models often use vague terms like \"gravity\", \"intensity,\" and \"magnitude\", which do not effectively help measure interferences with fundamental rights. Without operational criteria to measure these risks, most EU digital strategies demanding impact and risk assessments fail. Examples include the Data Protection Impact Assessment (DPIA) in the GDPR, Fundamental Rights Impact Assessments (FRIA) in the AI Act, and systemic risk assessments in the Digital Services Act (DSA). We posit that interferences with fundamental rights are seen as a spectrum that ranges from social contacts to violations, and these interferences can and should be measured. Thus, this article proposes a rights-based approach, combining it with elements from the harm approach and proposes an actionable parameter-based framework (also based on social meaning theories and social perception methodologies) to assess impacts on fundamental rights. The proposed multi-metric approach ensures a comprehensive assessment of the <em>severity</em> of impacts on fundamental rights within EU law, particularly in GDPR, DSA, and AI Act. This approach aims to inform policymaking, prioritise high-risk scenarios and propose mitigation measures in digital markets. This is especially important for detecting and addressing human vulnerabilities in interactions with digital technologies.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106113"},"PeriodicalIF":3.3,"publicationDate":"2025-02-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143520485","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Asia-Pacific Developments","authors":"Gabriela Kennedy ,&nbsp;Joanna Wong ,&nbsp;Justin Lai ,&nbsp;James North ,&nbsp;Philip Catania ,&nbsp;Michael do Rozario ,&nbsp;Jack Matthews ,&nbsp;Arun Babu ,&nbsp;Gayathri Poti ,&nbsp;Ishita Vats ,&nbsp;Kiyoko Nakaoka ,&nbsp;Lam Chung Nian ,&nbsp;Emma Choe","doi":"10.1016/j.clsr.2025.106116","DOIUrl":"10.1016/j.clsr.2025.106116","url":null,"abstract":"<div><div>This column provides a country by country analysis of the latest legal developments, cases and issues relevant to the IT, media and telecommunications' industries in key jurisdictions across the Asia Pacific region. The articles appearing in this column are intended to serve as ‘alerts’ and are not submitted as detailed analyses of cases or legal developments.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106116"},"PeriodicalIF":3.3,"publicationDate":"2025-02-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143601100","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"European national news","authors":"Nick Pantlin","doi":"10.1016/j.clsr.2025.106114","DOIUrl":"10.1016/j.clsr.2025.106114","url":null,"abstract":"<div><div>This article tracks developments at the national level in key European countries in the area of IT and communications and provides a concise alerting service of important national developments. It is co-ordinated by Herbert Smith Freehills LLP and contributed to by firms across Europe. This column provides a concise alerting service of important national developments in key European countries. Part of its purpose is to complement the Journal's feature articles and briefing notes by keeping readers abreast of what is currently happening “on the ground” at a national level in implementing EU level legislation and international conventions and treaties. Where an item of European National News is of particular significance, CLSR may also cover it in more detail in the current or a subsequent edition.</div><div>© 2025 Herbert Smith Freehills LLP. Published by Elsevier Ltd. All rights reserved.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106114"},"PeriodicalIF":3.3,"publicationDate":"2025-02-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143600490","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}