Computer Law & Security Review最新文献_第3页

To err is human: Managing the risks of contracting AI systems 人孰能无过：管理承包人工智能系统的风险

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2025-01-30 DOI: 10.1016/j.clsr.2025.106110

Maarten Herbosch

{"title":"To err is human: Managing the risks of contracting AI systems","authors":"Maarten Herbosch","doi":"10.1016/j.clsr.2025.106110","DOIUrl":"10.1016/j.clsr.2025.106110","url":null,"abstract":"<div><div>Artificial intelligence (AI) increasingly influences contract law. Applications like virtual home assistants can form contracts on behalf of users, while other AI tools can assist parties in deciding whether to contract. The advent of Generative AI has further accelerated and broadened the proliferation of such applications. However, AI systems are inherently imperfect, sometimes leading to unexpected or undesirable contracts, raising concerns about the legal protection of AI deployers.</div><div>Some authors have suggested that autonomous AI deployment cannot lead to a legally binding contract in the absence of a human “intent”. Others have argued that the system deployer is completely unprotected in cases of undesirable AI output. They argue that that deployment implies that the deployer should bear the risk of any mistake.</div><div>This article challenges these views by leveraging existing contract formation and mistake frameworks. Traditional analysis demonstrates that AI deployment can produce valid contracts. It also suggests that deployers may invoke the unilateral mistake doctrine, drawing parallels to clerical errors in human contracts. While AI outputs are probabilistic and unpredictable, similar characteristics apply to human decision-making. The potential benefits of AI development justify affording AI deployers protections analogous to those provided in traditional scenarios.</div><div>To enhance protection, deployers should use high-performing systems with safeguards such as oversight mechanisms and registration tools. As industry standards evolve, these safeguards will become more defined. The analysis concludes that current contract law frameworks are flexible enough to accommodate AI systems, negating the need for a complete overhaul.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106110"},"PeriodicalIF":3.3,"publicationDate":"2025-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143138754","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Generative AI, copyright and the AI Act 生成人工智能，版权和人工智能法案

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2025-01-29 DOI: 10.1016/j.clsr.2025.106107

João Pedro Quintais

{"title":"Generative AI, copyright and the AI Act","authors":"João Pedro Quintais","doi":"10.1016/j.clsr.2025.106107","DOIUrl":"10.1016/j.clsr.2025.106107","url":null,"abstract":"<div><div>This paper provides a critical analysis of the Artificial Intelligence (AI) Act's implications for the European Union (EU) copyright acquis, aiming to clarify the complex relationship between AI regulation and copyright law while identifying areas of legal ambiguity and gaps that may influence future policymaking. The discussion begins with an overview of fundamental copyright concerns related to generative AI, focusing on issues that arise during the input, model, and output stages, and how these concerns intersect with the text and data mining (TDM) exceptions under the Copyright in the Digital Single Market Directive (CDSMD).</div><div>The paper then explores the AI Act's structure and key definitions relevant to copyright law. The core analysis addresses the AI Act's impact on copyright, including the role of TDM in AI model training, the copyright obligations imposed by the Act, requirements for respecting copyright law—particularly TDM opt-outs—and the extraterritorial implications of these provisions. It also examines transparency obligations, compliance mechanisms, and the enforcement framework. The paper further critiques the current regime's inadequacies, particularly concerning the fair remuneration of creators, and evaluates potential improvements such as collective licensing and bargaining. It also assesses legislative reform proposals, such as statutory licensing and AI output levies, and concludes with reflections on future directions for integrating AI governance with copyright protection.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106107"},"PeriodicalIF":3.3,"publicationDate":"2025-01-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143138753","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Investigative genetic genealogy in Europe: Why the “manifestly made public by the data subject” legal basis should be avoided 欧洲的调查基因谱系：为什么应该避免“数据主体明显公开”的法律依据

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2025-01-10 DOI: 10.1016/j.clsr.2025.106106

Taner Kuru

{"title":"Investigative genetic genealogy in Europe: Why the “manifestly made public by the data subject” legal basis should be avoided","authors":"Taner Kuru","doi":"10.1016/j.clsr.2025.106106","DOIUrl":"10.1016/j.clsr.2025.106106","url":null,"abstract":"<div><div>Investigative genetic genealogy has emerged as an effective investigation tool in the last few years, gaining popularity, especially after the arrest of the Golden State Killer. Since then, hundreds of cases have been reported to be solved thanks to this novel and promising technique. Unsurprisingly, this success also led law enforcement authorities in the EU to experiment with it. However, there is an ambiguity on which legal basis in the EU data protection framework should be used to access the personal data of genetic genealogy database users for investigative purposes, which may put the legality and legitimacy of investigative genetic genealogy in Europe at stake. Accordingly, this article examines whether the “manifestly made public by the data subject” legal basis enshrined in Article 10(c) of the Law Enforcement Directive could be used for such purposes. Based on its analysis, the article argues that this legal basis cannot be used for such purposes, given that the personal data in question are not “manifestly made” “public”, and they are not disclosed “by the data subject” in all cases. Therefore, the article concludes by suggesting a way forward to ensure the lawfulness of this investigation method in the EU data protection framework.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106106"},"PeriodicalIF":3.3,"publicationDate":"2025-01-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143138752","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Data rule hanging over platform competition: How does the GDPR affect social media market concentration? 数据规则笼罩着平台竞争：GDPR如何影响社交媒体市场集中度？

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2025-01-08 DOI: 10.1016/j.clsr.2024.106102

Qifan Yang , Yituan Liu

引用次数: 0

Fundamental rights and artificial intelligence impact assessment: A new quantitative methodology in the upcoming era of AI Act 基本权利与人工智能影响评估：即将到来的人工智能法案时代的一种新的定量方法

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2025-01-07 DOI: 10.1016/j.clsr.2024.106101

Samuele Bertaina, Ilaria Biganzoli, Rachele Desiante, Dario Fontanella, Nicole Inverardi, Ilaria Giuseppina Penco, Andrea Claudio Cosentini

{"title":"Fundamental rights and artificial intelligence impact assessment: A new quantitative methodology in the upcoming era of AI Act","authors":"Samuele Bertaina, Ilaria Biganzoli, Rachele Desiante, Dario Fontanella, Nicole Inverardi, Ilaria Giuseppina Penco, Andrea Claudio Cosentini","doi":"10.1016/j.clsr.2024.106101","DOIUrl":"10.1016/j.clsr.2024.106101","url":null,"abstract":"<div><div>The EU Artificial Intelligence Act requires that deployers of Artificial Intelligence (AI) systems perform a Fundamental Rights Impact Assessment (FRIA) for some high-risk AI systems identified in Art. 27 of the regulation. The aim of this work is to offer a comprehensive framework to assess the impact of AI systems on Fundamental Rights (FR) of individuals. In a nutshell, the assessment approach that we propose consists of two stages: (1) an open-ended questionnaire that helps gather the contextual information and the technical features, in order to properly identify potential threats for FR, and (2) a quantitative matrix that considers each right guaranteed by the European Charter of Fundamentals Rights and tries to measure the potential impacts with a traceable and robust procedure. In light of an increasingly pervasive use of AI systems and considering the specificity of such technologies, we believe that a structured and quantitative process for assessing the impact on FR of individuals is still lacking and could be of great importance in discovering and remedying possible violations. Indeed, the proposed framework could allow to: (1) be accountable and transparent in assessing the risks of implementing AI systems that affect people; (2) gain insights to understand if any right is threatened or any group of people is more vulnerable; (3) put in place, if necessary, remediation strategies before the deployment of AI systems through demonstrable mitigative actions, with the aim of being compliant with the regulation and limiting reputational damage.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106101"},"PeriodicalIF":3.3,"publicationDate":"2025-01-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143138749","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A cybersecurity strategy fit for purpose? Introducing the special issue on EU cybersecurity: Collective resilience through regulation 合适的网络安全战略？介绍欧盟网络安全专题：通过监管实现集体弹性

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2025-01-04 DOI: 10.1016/j.clsr.2024.106104

Gijs van Dijck , Irene Kamara , Aaron Martin , Aurelia Tamò-Larrieux , Pieter Wolters

引用次数: 0

The end of open source? Regulating open source under the cyber resilience act and the new product liability directive 开源的终结？根据网络弹性法案和新的产品责任指令规范开源

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2024-12-31 DOI: 10.1016/j.clsr.2024.106105

Liane Colonna

{"title":"The end of open source? Regulating open source under the cyber resilience act and the new product liability directive","authors":"Liane Colonna","doi":"10.1016/j.clsr.2024.106105","DOIUrl":"10.1016/j.clsr.2024.106105","url":null,"abstract":"<div><div>Rooted in idealism, the open-source model leverages collaborative intelligence to drive innovation, leading to major benefits for both industry and society. As open-source software (OSS) plays an increasingly central role in driving the digitalization of society, policymakers are examining the interactions between upstream open-source communities and downstream manufacturers. They aim to leverage the benefits of OSS, such as performance enhancements and adaptability across diverse domains, while ensuring software security and accountability. The regulatory landscape is on the brink of a major transformation with the recent adoption of both the Cyber Resilience Act (CRA) as well as the Product Liability Directive (PLD), raising concerns that these laws could threaten the future of OSS.</div><div>This paper investigates how the CRA and the PDL regulate OSS, specifically exploring the scope of exemptions found in the laws. It further explores how OSS practices might adapt to the evolving regulatory landscape, focusing on the importance of documentation practices to support compliance obligations, thereby ensuring OSS's continued relevance and viability. It concludes that due diligence requirements mandate a thorough assessment of OSS components to ensure their safety for integration into commercial products and services. Documentation practices like security attestations, Software Bill of Materials (SBOMs), data cards and model cards will play an increasingly important role in the software supply chain to ensure that downstream entities can meet their obligations under these new legal frameworks.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106105"},"PeriodicalIF":3.3,"publicationDate":"2024-12-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143138763","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A rabbit hole to innovation land: An empirical examination of the Alice decision 通往创新土地的兔子洞：对爱丽丝决策的实证检验

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2024-12-28 DOI: 10.1016/j.clsr.2024.106103

Hyejin Lee , Young Soo Park , Jaeseog Na , Sung-Pil Park

{"title":"A rabbit hole to innovation land: An empirical examination of the Alice decision","authors":"Hyejin Lee , Young Soo Park , Jaeseog Na , Sung-Pil Park","doi":"10.1016/j.clsr.2024.106103","DOIUrl":"10.1016/j.clsr.2024.106103","url":null,"abstract":"<div><div>The 2014 U.S. Supreme Court ruling in <em>Alice Corp. v. CLS Bank</em> caused a dramatic decline in software patents and marked a major shift in U.S. patent policy. Opponents argue that the <em>Alice decision</em> sounded the death knell for all software patents and deterred software innovation. Proponents suggest that the <em>Alice decision</em> did not stifle software innovation but actually increased research and development (R&D) activity and the value of software patents. After examining the legal and economic background, we find that, contrary to the traditional model, a decrease in the number of patents does not necessarily signify a decrease in innovation, especially when the Factors Reducing Patent Value (FRPV) are prevalent. We present a theoretical framework and an empirical analysis demonstrating that the <em>Alice decision</em> has not negatively affected R&D activity or the patent value of software. Our study demonstrates that the <em>Alice decision</em> has stimulated firms’ innovation activities and increased the value of their patents by restricting the scope of broad and ambiguous patent rights, thereby discouraging the accumulation of excessive patent rights.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106103"},"PeriodicalIF":3.3,"publicationDate":"2024-12-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143138762","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Bridging the gap: Unravelling local government data sharing barriers in Estonia and beyond 弥合差距：消除爱沙尼亚及其他地区的地方政府数据共享障碍

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2024-12-24 DOI: 10.1016/j.clsr.2024.106099

Katrin Rajamäe Soosaar , Anastasija Nikiforova

{"title":"Bridging the gap: Unravelling local government data sharing barriers in Estonia and beyond","authors":"Katrin Rajamäe Soosaar , Anastasija Nikiforova","doi":"10.1016/j.clsr.2024.106099","DOIUrl":"10.1016/j.clsr.2024.106099","url":null,"abstract":"<div><div>Open Government Data (OGD) plays a crucial role in transforming smart cities into sustainable and intelligent entities by enabling analytics, real-time monitoring, and informed decision-making. However, local administrative data remain underutilized due to organizational, technological, and legal barriers, even in advanced countries like Estonia. While Estonia is globally recognized for its digital governance success, its local governments face persistent challenges in OGD adoption. This study explores barriers preventing Estonian municipalities from sharing data, using a qualitative approach through interviews with Estonian municipalities. Drawing on the OGD-adapted Innovation Resistance Theory (IRT) model, it highlights current issues such as limited awareness, skills gaps, and data quality. By identifying overlooked weaknesses in Estonia's open data ecosystem and providing actionable recommendations, this research contributes to a more resilient and sustainable open data ecosystem development. Additionally, by validating the OGD-adapted Innovation Resistance Theory model and proposing a revised version tailored for local government contexts, the study advances theoretical frameworks on data sharing resistance. Ultimately, this study serves as a call to action for policymakers and practitioners to prioritize local OGD initiatives, ensuring the full utilization of OGD in smart city development.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106099"},"PeriodicalIF":3.3,"publicationDate":"2024-12-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143138750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

‘It's not personal, it's strictly business’: Behavioural insurance and the impacts of non-personal data on individuals, groups and societies “这不是个人的，这是严格的商业”：行为保险和非个人数据对个人、团体和社会的影响

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2024-12-23 DOI: 10.1016/j.clsr.2024.106096

Zofia Bednarz , Kelly Lewis , Jathan Sadowski

{"title":"‘It's not personal, it's strictly business’: Behavioural insurance and the impacts of non-personal data on individuals, groups and societies","authors":"Zofia Bednarz , Kelly Lewis , Jathan Sadowski","doi":"10.1016/j.clsr.2024.106096","DOIUrl":"10.1016/j.clsr.2024.106096","url":null,"abstract":"<div><div>This article uses the case study of an insurance product linked to a health and wellbeing program—the Vitality scheme—as a lens to examine the limited regulation of collection and use of non-personal (de-identified/anonymised) information and the impacts it has on individuals, as well as society at large. Vitality is an incentive-based engagement program that mobilises online assessment tools, preventive health screening, and physical activity and wellness tracking through smart fitness technologies and apps. Vitality then uses the data generated through these activities, mainly in an aggregated, non-personal form, to make projections about changes in behaviour and future health outcomes, aiming at reducing risk in the context of health, life, and other insurance products. Non-personal data has been traditionally excluded from the scope of legal protections, and in particular privacy and data regimes, as it is thought not to contain information about specific, identifiable people, and thus its potential to affect individuals in any meaningful way has been understood to be minimal. However, digitalisation and ensuing ubiquitous data collection are proving these traditional assumptions wrong. We show how the response of the legal systems is limited in relation to non-personal information collection and use, and we argue that irrespective of the (possibly) beneficial nature of insurance innovation, the current lack of comprehensive regulation of non-personal data use potentially leads to individual, collective and societal data harms, as the example of the Vitality scheme illustrates.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106096"},"PeriodicalIF":3.3,"publicationDate":"2024-12-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143138761","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0