Computer Law & Security Review最新文献

{"title":"Non-fungible tokens, tokenization, and ownership","authors":"Janne Kaisto ,&nbsp;Teemu Juutilainen ,&nbsp;Joona Kauranen","doi":"10.1016/j.clsr.2024.105996","DOIUrl":"https://doi.org/10.1016/j.clsr.2024.105996","url":null,"abstract":"<div><p>The emergence of non-fungible tokens (NFTs) in the blockchain environment has prompted many intriguing questions for private law scholars around the world. A question as basic as whether NFTs can be owned has proven difficult in many countries. This is the first research question of our article, which focuses on NFTs created in the Ethereum system by utilizing standard ERC-721. Because these NFTs are identifiable and distinguishable from all other tokens, the notion of owning an NFT is not unthinkable. Yet no universal answer can be offered. Whether NFTs qualify as objects of ownership must be studied at the level of individual legal systems. We argue that NFTs can be owned under Finnish law, with the same probably applying to many other legal systems. Starting with this notion, we pose two further research questions. As the second research question, we ask what problems of a patrimonial law nature may arise in attempts to connect different kinds of rights, even irrevocably, to owning or holding an NFT. Creditor rights seem relatively easy in this respect because most legal systems allow prospective debtors to obligate themselves as they wish. We also study whether a limited liability company could issue an NFT as a share certificate with legal effects corresponding to those of a physical (paper) share certificate. While an affirmative answer could be justified in some legal systems, Finnish law makes it difficult to tokenize a company's shares other than in the framework of a settlement system within the meaning of the European Union's DLT Pilot Regulation. Even greater difficulties arise in attempts to connect the ownership of a (material) thing and of an NFT so that a person who owns a token also owns the thing. Our third and final research question addresses tokenization of digital art, which gives rise to some special questions. We ask what rights the transferee of an NFT can receive in connection with tokenization of digital art. Here, our main finding is that digital art can be meaningfully tokenized even though digital copies are not regarded as possible objects of ownership.</p></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"54 ","pages":"Article 105996"},"PeriodicalIF":2.9,"publicationDate":"2024-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0267364924000633/pdfft?md5=838d6e36f0dd3951b89091ec34f342ef&pid=1-s2.0-S0267364924000633-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141291117","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"From brussels effect to gravity assists: Understanding the evolution of the GDPR-inspired personal information protection law in China","authors":"Wenlong Li ,&nbsp;Jiahong Chen","doi":"10.1016/j.clsr.2024.105994","DOIUrl":"https://doi.org/10.1016/j.clsr.2024.105994","url":null,"abstract":"<div><p>This paper explores the evolution of China's Personal Information Protection Law (PIPL) and situates it within the context of global data protection development. It draws inspiration from the theory of ‘Brussels Effect’ and provides a critical account of its application in non-Western jurisdictions, taking China as a prime example. Our objective is not to provide a comparative commentary on China's legal development but to illuminate the intricate dynamics between the Chinese law and the EU's GDPR. We argue that the trajectory of China's Personal Information Protection Law calls into question the applicability of the Brussels Effect: while the GDPR's imprint on the PIPL is evident, a deeper analysis unveils China's nuanced, non-linear adoption that diverges from many assumptions of the Brussels Effect and similar theories. The evolution of the GDPR-inspired PIPL is not as a straightforward outcome of the Brussels Effect but as a nuanced, intricate interplay of external influence and domestic dynamics. We introduce a complementary theory of ‘gravity assist’, which portrays China's strategic instrumentalisation of the GDPR as a template to shape its unique data protection landscape. Our theoretical framework highlights how China navigates through a patchwork of internal considerations, international standards, and strategic choices, ultimately sculpting a data protection regime that has a similar appearance to the GDPR but aligns with its distinct political, cultural and legal landscape. With a detailed historical and policy analysis of the PIPL, coupled with reasonable speculations on its future avenues, our analysis presents a pragmatic, culturally congruent approach to legal development in China. It signals a trajectory that, while potentially converging at a principled level, is likely to diverge significantly in practice, driven by China's broader socio-political and economic agendas rather than the foundational premises of EU data protection law and its global aspirations. It thus indicates the inherent limitations of applying Brussels Effect and other theoretical frameworks to non-Western jurisdictions, highlighting the imperative for integrating complementary theories to more accurately navigate complex legal landscapes.</p></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"54 ","pages":"Article 105994"},"PeriodicalIF":2.9,"publicationDate":"2024-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S026736492400061X/pdfft?md5=9c7fcdd53bcd61a59b343d95a6550735&pid=1-s2.0-S026736492400061X-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141291116","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"European National News","authors":"Nick Pantlin","doi":"10.1016/j.clsr.2024.105998","DOIUrl":"https://doi.org/10.1016/j.clsr.2024.105998","url":null,"abstract":"<div><p>This article tracks developments at the national level in key European countries in the area of IT and communications and provides a concise alerting service of important national developments. It is co-ordinated by Herbert Smith Freehills LLP and contributed to by firms across Europe. This column provides a concise alerting service of important national developments in key European countries. Part of its purpose is to complement the Journal’s feature articles and briefing notes by keeping readers abreast of what is currently happening \"on the ground\" at a national level in implementing EU level legislation and international conventions and treaties. Where an item of European National News is of particular significance, CLSR may also cover it in more detail in the current or a subsequent edition.</p></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"53 ","pages":"Article 105998"},"PeriodicalIF":2.9,"publicationDate":"2024-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141249410","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Prospective implementation of ai for enhancing European (in)security: Challenges in reasoning of automated travel authorization decisions","authors":"Erzsébet Csatlós","doi":"10.1016/j.clsr.2024.105995","DOIUrl":"https://doi.org/10.1016/j.clsr.2024.105995","url":null,"abstract":"<div><p>The <em>European Travel Information and Authorisation System</em>, along with the automated decision-making system for immigration filtering, is soon to become a guardian controlling entry into Europe. In the digital realm of issuing travel authorisations, a central question arises: does streamlining the process of using an authoritative decision through IT tools and artificial intelligence simplify administrative decision-making, or does it raise more profound legal issues? The pressing question is whether algorithms will ultimately determine human destinies, or if we have not reached that point yet. This paper examines the set of rules for making a decision on the refusal of a travel permit, considering the obligations tied to providing <em>reasons</em> for such decisions. It emphasizes that the rationale should be built upon a combination of factual and legal foundations, which would entail revealing data linked to profiling. While explicit rights for explanations might not be granted, having substantial information gives the ability to contest decisions. To ensure decisions are well-founded, the methodology used for profiling must support these determinations, as general system descriptions are inadequate for clarifying specific cases. Therefore, the paper concludes that the complex interaction between the ETIAS screening process, data protection laws, and national security concerns presents a challenging situation for procedural rights. Fundamental rights, such as accessing records and receiving decision explanations, clash with the necessity to safeguard national security and build a so-called security union for Europe, it establishes a feeling of insecurity about respect for EU values.</p></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"54 ","pages":"Article 105995"},"PeriodicalIF":2.9,"publicationDate":"2024-06-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141250994","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Asia–Pacific developments","authors":"Gabriela Kennedy","doi":"10.1016/j.clsr.2024.105991","DOIUrl":"https://doi.org/10.1016/j.clsr.2024.105991","url":null,"abstract":"<div><p>This column provides a country by country analysis of the latest legal developments, cases and issues relevant to the IT, media and telecommunications' industries in key jurisdictions across the Asia Pacific region. The articles appearing in this column are intended to serve as ‘alerts’ and are not submitted as detailed analyses of cases or legal developments.</p></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"53 ","pages":"Article 105991"},"PeriodicalIF":2.9,"publicationDate":"2024-06-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141244595","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The legal aspects of cybersecurity vulnerability disclosure: To the NIS 2 and beyond","authors":"Jakub Vostoupal ,&nbsp;Václav Stupka ,&nbsp;Jakub Harašta ,&nbsp;František Kasl ,&nbsp;Pavel Loutocký ,&nbsp;Kamil Malinka","doi":"10.1016/j.clsr.2024.105988","DOIUrl":"https://doi.org/10.1016/j.clsr.2024.105988","url":null,"abstract":"<div><p>This paper focuses on the legal aspects of responsible vulnerability disclosure, bug bounty programs and legal risks associated with their implementation in the Czech Republic. Firstly, the authors introduce the basics of vulnerability disclosure procedures, identify different organisational models, and identify risks that may arise on the part of the organisation launching the bug bounty program or the hackers participating in it. The identified risks are divided into those arising from civil law, administrative law, and criminal law. For each identified risk, the authors then propose appropriate technical, organisation or legal solutions that can be applied to eliminate or reduce these risks. Nevertheless, the authors identified two areas that cannot be sufficiently mitigated through existing tools and laws and are likely to require legislative intervention – the matter of safeguarding the anonymity of reporters through confidentiality, and the problematic ability to consent to the testing procedures by the public bodies.</p></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"53 ","pages":"Article 105988"},"PeriodicalIF":2.9,"publicationDate":"2024-06-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141244594","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The EU Regulatory approach(es) to AI liability, and its Application to the financial services market","authors":"Maria Lillà Montagnani ,&nbsp;Marie-Claire Najjar ,&nbsp;Antonio Davola","doi":"10.1016/j.clsr.2024.105984","DOIUrl":"https://doi.org/10.1016/j.clsr.2024.105984","url":null,"abstract":"<div><p>The continued progress of Artificial Intelligence (AI) can benefit different aspects of society and various fields of the economy, yet pose crucial risks to both those who offer such technologies and those who use them. These risks are emphasized by the unpredictability of developments in AI technology (such as the increased level of autonomy of self-learning systems), which renders it even more difficult to build a comprehensive legal framework accounting for all potential legal and ethical issues arising from the use of AI. As such, enforcement authorities are facing increased difficulties in checking compliance with applicable legislation and assessing liability, due to the specific features of AI, – namely: complexity, opacity, autonomy, unpredictability, openness, data-drivenness, and vulnerability. These problems are particularly significant in areas, such as financial markets, in which consequences arising from malfunctioning of AI systems are likely to have a major impact both in terms of individuals' protection, and of overall market stability. This scenario challenges policymaking in an increasingly digital and global context, where it becomes difficult for regulators to predict and face the impact of AI systems on economy and society, to make sure that they are human-centric, ethical, explainable, sustainable and respectful of fundamental rights and values. The European Union has been dedicating increased attention to filling the gap between the existing legal framework and AI. Some of the legislative proposals in consideration call for preventive legislation and introduce obligations on different actors – such as the AI Act – while others have a compensatory scope and seek to build a liability framework – such as the proposed AI Liability Directive and revised Product Liability Directive. At the same time, cross-sectorial regulations shall coexist with sector-specific initiatives, and the rules they establish. The present paper starts by assessing the fit of the existing European liability regime(s) with the constantly evolving AI landscape, by identifying the normative foundations on which a liability regime for such technology should be built on. It then addresses the proposed additions and revisions to the legislation, focusing on how they seek to govern AI systems, with a major focus on their implications on highly-regulated complex systems such as financial markets. Finally, it considers potential additional measures that could continue to strike a balance between the interests of all parties, namely by seeking to reduce the inherent risks that accompany the use of AI and to leverage its major benefits for our society and economy.</p></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"53 ","pages":"Article 105984"},"PeriodicalIF":2.9,"publicationDate":"2024-05-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0267364924000517/pdfft?md5=f07f39582f3ead443d3362d92bf7c60f&pid=1-s2.0-S0267364924000517-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141244593","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Reporting cybersecurity to stakeholders: A review of CSRD and the EU cyber legal framework","authors":"Clara Boggini","doi":"10.1016/j.clsr.2024.105987","DOIUrl":"https://doi.org/10.1016/j.clsr.2024.105987","url":null,"abstract":"<div><p>The purpose of this article is to explain, through a doctrinal review of the EU sustainability and cybersecurity legal framework, how the cybersecurity obligations contribute to the cybersecurity content and quality of the sustainability reporting. Previous studies are limited to voluntary cybersecurity disclosure in annual reports because they date back to before the adoption of CSRD. The CSRD harmonized sustainability reporting in the EU and introduced the ESRS, the standards for sustainability disclosure. As stated in the ESRS S4, the sustainability reporting should now address how the company manages the risks linked to data usage and data collection. Therefore, cybersecurity measures must be included in the sustainability report. This information can be used by stakeholders to assess the risk appetite and the potential long-term profitability of the company. The cybersecurity measures adopted by companies must comply with the cybersecurity obligations of the EU legal framework. While it is out of the scope of these cybersecurity obligations to inform ex ante the stakeholders of a company of how the company is managing cyber risks, these same obligations can improve the quality and content of the sustainability discourse.</p></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"53 ","pages":"Article 105987"},"PeriodicalIF":2.9,"publicationDate":"2024-05-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0267364924000542/pdfft?md5=3fdd089b41814b71824a24238c5e50a8&pid=1-s2.0-S0267364924000542-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141097445","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cyber operations and automatic hack backs under international law on necessity","authors":"Samuli Haataja","doi":"10.1016/j.clsr.2024.105992","DOIUrl":"https://doi.org/10.1016/j.clsr.2024.105992","url":null,"abstract":"<div><p>This article examines the use of automatic hack backs under international law on necessity. Hack backs are a form of active defence measure adopted in response to cybersecurity threats that involve effects outside the victim's systems or networks designed to mitigate or prevent the cybersecurity threat. Automatic hack backs are systems that, once activated, are capable of performing these functions without direct human control. The plea of necessity under international law on State responsibility provides a basis on which States can adopt measures that would otherwise be unlawful in order to respond to cyber operations that constitute a grave and imminent against their essential interests. This article argues that the use of automatic hack backs can be justified on the basis of necessity, however, the system would need to be capable of making a range of complex assessments to ensure it meets the strict criteria required by international law. The complexity of systems capable of making these assessments carries a risk unintended effects and escalation of conflict at machine speed.</p></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"53 ","pages":"Article 105992"},"PeriodicalIF":2.9,"publicationDate":"2024-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0267364924000591/pdfft?md5=6126e1fe75cd581a5ca4f042e65cd4e6&pid=1-s2.0-S0267364924000591-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141083636","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The ALTAI checklist as a tool to assess ethical and legal implications for a trustworthy AI development in education","authors":"Andrea Fedele ,&nbsp;Clara Punzi ,&nbsp;Stefano Tramacere","doi":"10.1016/j.clsr.2024.105986","DOIUrl":"https://doi.org/10.1016/j.clsr.2024.105986","url":null,"abstract":"<div><p>The rapid proliferation of Artificial Intelligence (AI) applications in various domains of our lives has prompted a need for a shift towards a human-centered and trustworthy approach to AI. In this study we employ the Assessment List for Trustworthy Artificial Intelligence (ALTAI) checklist to evaluate the trustworthiness of <em>Artificial Intelligence for Student Performance Prediction</em> (AI4SPP), an AI-powered system designed to detect students at risk of school failure. We strongly support the ethical and legal development of AI and propose an implementation design where the user can choose to have access to each level of a three-tier outcome bundle: the AI prediction alone, the prediction along with its confidence level, and, lastly, local explanations for each grade prediction together with the previous two information. AI4SPP aims to raise awareness among educators and students regarding the factors contributing to low school performance, thereby facilitating the implementation of interventions not only to help students, but also to address biases within the school community. However, we also emphasize the ethical and legal concerns that could arise from a misuse of the AI4SPP tool. First of all, the collection and analysis of data, which is essential for the development of AI models, may lead to breaches of privacy, thus causing particularly adverse consequences in the case of vulnerable individuals. Furthermore, the system’s predictions may be influenced by unacceptable discrimination based on gender, ethnicity, or socio-economic background, leading to unfair actions. The ALTAI checklist serves as a valuable self-assessment tool during the design phase of AI systems, by means of which commonly overlooked weaknesses can be highlighted and addressed. In addition, the same checklist plays a crucial role throughout the AI system life cycle. Continuous monitoring of sensitive features within the dataset, alongside survey assessments to gauge users’ responses to the systems, is essential for gathering insights and intervening accordingly. We argue that adopting a critical approach to AI development is essential for societal progress, believing that it can evolve and accelerate over time without impeding openness to new technologies. By aligning with ethical principles and legal requirements, AI systems can make significant contributions to education while mitigating potential risks and ensuring a fair and inclusive learning environment.</p></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"53 ","pages":"Article 105986"},"PeriodicalIF":2.9,"publicationDate":"2024-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0267364924000530/pdfft?md5=a59d3a1ec42519e7b4cdf7cbbe00551c&pid=1-s2.0-S0267364924000530-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141067681","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}