Computer Law & Security Review最新文献_第6页

Investigative genetic genealogy in Europe: Why the “manifestly made public by the data subject” legal basis should be avoided 欧洲的调查基因谱系：为什么应该避免“数据主体明显公开”的法律依据

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2025-01-10 DOI: 10.1016/j.clsr.2025.106106

Taner Kuru

{"title":"Investigative genetic genealogy in Europe: Why the “manifestly made public by the data subject” legal basis should be avoided","authors":"Taner Kuru","doi":"10.1016/j.clsr.2025.106106","DOIUrl":"10.1016/j.clsr.2025.106106","url":null,"abstract":"<div><div>Investigative genetic genealogy has emerged as an effective investigation tool in the last few years, gaining popularity, especially after the arrest of the Golden State Killer. Since then, hundreds of cases have been reported to be solved thanks to this novel and promising technique. Unsurprisingly, this success also led law enforcement authorities in the EU to experiment with it. However, there is an ambiguity on which legal basis in the EU data protection framework should be used to access the personal data of genetic genealogy database users for investigative purposes, which may put the legality and legitimacy of investigative genetic genealogy in Europe at stake. Accordingly, this article examines whether the “manifestly made public by the data subject” legal basis enshrined in Article 10(c) of the Law Enforcement Directive could be used for such purposes. Based on its analysis, the article argues that this legal basis cannot be used for such purposes, given that the personal data in question are not “manifestly made” “public”, and they are not disclosed “by the data subject” in all cases. Therefore, the article concludes by suggesting a way forward to ensure the lawfulness of this investigation method in the EU data protection framework.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106106"},"PeriodicalIF":3.3,"publicationDate":"2025-01-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143138752","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Data rule hanging over platform competition: How does the GDPR affect social media market concentration? 数据规则笼罩着平台竞争：GDPR如何影响社交媒体市场集中度？

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2025-01-08 DOI: 10.1016/j.clsr.2024.106102

Qifan Yang , Yituan Liu

引用次数: 0

Fundamental rights and artificial intelligence impact assessment: A new quantitative methodology in the upcoming era of AI Act 基本权利与人工智能影响评估：即将到来的人工智能法案时代的一种新的定量方法

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2025-01-07 DOI: 10.1016/j.clsr.2024.106101

Samuele Bertaina, Ilaria Biganzoli, Rachele Desiante, Dario Fontanella, Nicole Inverardi, Ilaria Giuseppina Penco, Andrea Claudio Cosentini

{"title":"Fundamental rights and artificial intelligence impact assessment: A new quantitative methodology in the upcoming era of AI Act","authors":"Samuele Bertaina, Ilaria Biganzoli, Rachele Desiante, Dario Fontanella, Nicole Inverardi, Ilaria Giuseppina Penco, Andrea Claudio Cosentini","doi":"10.1016/j.clsr.2024.106101","DOIUrl":"10.1016/j.clsr.2024.106101","url":null,"abstract":"<div><div>The EU Artificial Intelligence Act requires that deployers of Artificial Intelligence (AI) systems perform a Fundamental Rights Impact Assessment (FRIA) for some high-risk AI systems identified in Art. 27 of the regulation. The aim of this work is to offer a comprehensive framework to assess the impact of AI systems on Fundamental Rights (FR) of individuals. In a nutshell, the assessment approach that we propose consists of two stages: (1) an open-ended questionnaire that helps gather the contextual information and the technical features, in order to properly identify potential threats for FR, and (2) a quantitative matrix that considers each right guaranteed by the European Charter of Fundamentals Rights and tries to measure the potential impacts with a traceable and robust procedure. In light of an increasingly pervasive use of AI systems and considering the specificity of such technologies, we believe that a structured and quantitative process for assessing the impact on FR of individuals is still lacking and could be of great importance in discovering and remedying possible violations. Indeed, the proposed framework could allow to: (1) be accountable and transparent in assessing the risks of implementing AI systems that affect people; (2) gain insights to understand if any right is threatened or any group of people is more vulnerable; (3) put in place, if necessary, remediation strategies before the deployment of AI systems through demonstrable mitigative actions, with the aim of being compliant with the regulation and limiting reputational damage.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106101"},"PeriodicalIF":3.3,"publicationDate":"2025-01-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143138749","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A cybersecurity strategy fit for purpose? Introducing the special issue on EU cybersecurity: Collective resilience through regulation 合适的网络安全战略？介绍欧盟网络安全专题：通过监管实现集体弹性

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2025-01-04 DOI: 10.1016/j.clsr.2024.106104

Gijs van Dijck , Irene Kamara , Aaron Martin , Aurelia Tamò-Larrieux , Pieter Wolters

引用次数: 0

The end of open source? Regulating open source under the cyber resilience act and the new product liability directive 开源的终结？根据网络弹性法案和新的产品责任指令规范开源

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2024-12-31 DOI: 10.1016/j.clsr.2024.106105

Liane Colonna

{"title":"The end of open source? Regulating open source under the cyber resilience act and the new product liability directive","authors":"Liane Colonna","doi":"10.1016/j.clsr.2024.106105","DOIUrl":"10.1016/j.clsr.2024.106105","url":null,"abstract":"<div><div>Rooted in idealism, the open-source model leverages collaborative intelligence to drive innovation, leading to major benefits for both industry and society. As open-source software (OSS) plays an increasingly central role in driving the digitalization of society, policymakers are examining the interactions between upstream open-source communities and downstream manufacturers. They aim to leverage the benefits of OSS, such as performance enhancements and adaptability across diverse domains, while ensuring software security and accountability. The regulatory landscape is on the brink of a major transformation with the recent adoption of both the Cyber Resilience Act (CRA) as well as the Product Liability Directive (PLD), raising concerns that these laws could threaten the future of OSS.</div><div>This paper investigates how the CRA and the PDL regulate OSS, specifically exploring the scope of exemptions found in the laws. It further explores how OSS practices might adapt to the evolving regulatory landscape, focusing on the importance of documentation practices to support compliance obligations, thereby ensuring OSS's continued relevance and viability. It concludes that due diligence requirements mandate a thorough assessment of OSS components to ensure their safety for integration into commercial products and services. Documentation practices like security attestations, Software Bill of Materials (SBOMs), data cards and model cards will play an increasingly important role in the software supply chain to ensure that downstream entities can meet their obligations under these new legal frameworks.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106105"},"PeriodicalIF":3.3,"publicationDate":"2024-12-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143138763","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A rabbit hole to innovation land: An empirical examination of the Alice decision 通往创新土地的兔子洞：对爱丽丝决策的实证检验

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2024-12-28 DOI: 10.1016/j.clsr.2024.106103

Hyejin Lee , Young Soo Park , Jaeseog Na , Sung-Pil Park

{"title":"A rabbit hole to innovation land: An empirical examination of the Alice decision","authors":"Hyejin Lee , Young Soo Park , Jaeseog Na , Sung-Pil Park","doi":"10.1016/j.clsr.2024.106103","DOIUrl":"10.1016/j.clsr.2024.106103","url":null,"abstract":"<div><div>The 2014 U.S. Supreme Court ruling in <em>Alice Corp. v. CLS Bank</em> caused a dramatic decline in software patents and marked a major shift in U.S. patent policy. Opponents argue that the <em>Alice decision</em> sounded the death knell for all software patents and deterred software innovation. Proponents suggest that the <em>Alice decision</em> did not stifle software innovation but actually increased research and development (R&D) activity and the value of software patents. After examining the legal and economic background, we find that, contrary to the traditional model, a decrease in the number of patents does not necessarily signify a decrease in innovation, especially when the Factors Reducing Patent Value (FRPV) are prevalent. We present a theoretical framework and an empirical analysis demonstrating that the <em>Alice decision</em> has not negatively affected R&D activity or the patent value of software. Our study demonstrates that the <em>Alice decision</em> has stimulated firms’ innovation activities and increased the value of their patents by restricting the scope of broad and ambiguous patent rights, thereby discouraging the accumulation of excessive patent rights.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106103"},"PeriodicalIF":3.3,"publicationDate":"2024-12-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143138762","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Bridging the gap: Unravelling local government data sharing barriers in Estonia and beyond 弥合差距：消除爱沙尼亚及其他地区的地方政府数据共享障碍

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2024-12-24 DOI: 10.1016/j.clsr.2024.106099

Katrin Rajamäe Soosaar , Anastasija Nikiforova

{"title":"Bridging the gap: Unravelling local government data sharing barriers in Estonia and beyond","authors":"Katrin Rajamäe Soosaar , Anastasija Nikiforova","doi":"10.1016/j.clsr.2024.106099","DOIUrl":"10.1016/j.clsr.2024.106099","url":null,"abstract":"<div><div>Open Government Data (OGD) plays a crucial role in transforming smart cities into sustainable and intelligent entities by enabling analytics, real-time monitoring, and informed decision-making. However, local administrative data remain underutilized due to organizational, technological, and legal barriers, even in advanced countries like Estonia. While Estonia is globally recognized for its digital governance success, its local governments face persistent challenges in OGD adoption. This study explores barriers preventing Estonian municipalities from sharing data, using a qualitative approach through interviews with Estonian municipalities. Drawing on the OGD-adapted Innovation Resistance Theory (IRT) model, it highlights current issues such as limited awareness, skills gaps, and data quality. By identifying overlooked weaknesses in Estonia's open data ecosystem and providing actionable recommendations, this research contributes to a more resilient and sustainable open data ecosystem development. Additionally, by validating the OGD-adapted Innovation Resistance Theory model and proposing a revised version tailored for local government contexts, the study advances theoretical frameworks on data sharing resistance. Ultimately, this study serves as a call to action for policymakers and practitioners to prioritize local OGD initiatives, ensuring the full utilization of OGD in smart city development.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106099"},"PeriodicalIF":3.3,"publicationDate":"2024-12-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143138750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

‘It's not personal, it's strictly business’: Behavioural insurance and the impacts of non-personal data on individuals, groups and societies “这不是个人的，这是严格的商业”：行为保险和非个人数据对个人、团体和社会的影响

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2024-12-23 DOI: 10.1016/j.clsr.2024.106096

Zofia Bednarz , Kelly Lewis , Jathan Sadowski

{"title":"‘It's not personal, it's strictly business’: Behavioural insurance and the impacts of non-personal data on individuals, groups and societies","authors":"Zofia Bednarz , Kelly Lewis , Jathan Sadowski","doi":"10.1016/j.clsr.2024.106096","DOIUrl":"10.1016/j.clsr.2024.106096","url":null,"abstract":"<div><div>This article uses the case study of an insurance product linked to a health and wellbeing program—the Vitality scheme—as a lens to examine the limited regulation of collection and use of non-personal (de-identified/anonymised) information and the impacts it has on individuals, as well as society at large. Vitality is an incentive-based engagement program that mobilises online assessment tools, preventive health screening, and physical activity and wellness tracking through smart fitness technologies and apps. Vitality then uses the data generated through these activities, mainly in an aggregated, non-personal form, to make projections about changes in behaviour and future health outcomes, aiming at reducing risk in the context of health, life, and other insurance products. Non-personal data has been traditionally excluded from the scope of legal protections, and in particular privacy and data regimes, as it is thought not to contain information about specific, identifiable people, and thus its potential to affect individuals in any meaningful way has been understood to be minimal. However, digitalisation and ensuing ubiquitous data collection are proving these traditional assumptions wrong. We show how the response of the legal systems is limited in relation to non-personal information collection and use, and we argue that irrespective of the (possibly) beneficial nature of insurance innovation, the current lack of comprehensive regulation of non-personal data use potentially leads to individual, collective and societal data harms, as the example of the Vitality scheme illustrates.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106096"},"PeriodicalIF":3.3,"publicationDate":"2024-12-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143138761","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Preventing the dissemination of child sexual abuse material (CSAM) with surveillance technologies: The case of EU Regulation 2021/1232 用监控技术防止儿童性虐待材料（CSAM）的传播：以欧盟法规2021/1232为例

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2024-12-21 DOI: 10.1016/j.clsr.2024.106097

Marcin Rojszczak

{"title":"Preventing the dissemination of child sexual abuse material (CSAM) with surveillance technologies: The case of EU Regulation 2021/1232","authors":"Marcin Rojszczak","doi":"10.1016/j.clsr.2024.106097","DOIUrl":"10.1016/j.clsr.2024.106097","url":null,"abstract":"<div><div>Online services are increasingly being used to distribute child sexual abuse material. Recognising this problem and responding to public pressure, legislators are introducing new electronic surveillance measures – to be used by private service providers in the performance of public tasks. An example of such a measure is EU Regulation 2021/1232, which provides the legal framework for technology providers to monitor electronic correspondence in order to identify cases of child sexual abuse and subsequently report them to law enforcement authorities.</div><div>Creating a legal framework for monitoring a large share of electronic communications causes such provisions to be part of a general norm instead of an exception – which is what interference with the secrecy of communications should be. This leads to questions about the necessity and proportionality of such a practice.</div><div>This article examines the genesis and purpose of the introduction of the Regulation, as well as the key concerns regarding its compatibility with EU law. It also explores the fundamental dilemma of whether modern surveillance measures are the right and necessary tools to not only fight but also to prevent the most serious crimes.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106097"},"PeriodicalIF":3.3,"publicationDate":"2024-12-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143138760","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Corrigendum to “(Let's) playing by the rules: A choice of law rule for communication of copyright material from video games to the public, through Let's Plays” [Computer Law & Security Review 49 (2023) 105828] “（Let’s）按规则行事：通过Let’s Plays向公众传播视频游戏版权材料的法律规则选择”的勘误表[计算机法律与安全评论49 (2023)105828]

IF 3.3 3区社会学

Computer Law & Security Review Pub Date : 2024-12-20 DOI: 10.1016/j.clsr.2024.106077

Joseph Lau

引用次数: 0