JIPITEC – Journal of Intellectual Property, Information Technology and E-Commerce Law
Not a member yet
417 research outputs found
Sort by
EU Copyright Law, Artificial Intelligence and ‘Transformative Use’ of Works: The Case of 3D Reconstruction
Full text linkArtificial intelligence (AI) has virtually upended many concerns of EU copyright law. In parallel, three-dimensional (3D) visual content is predicted to be a key contributing factor to the development of new forms of immersive content, much of which is powered by new AI-driven tools. AI-based ‘3D reconstruction’ techniques are unique because, among others, they may autonomously generate an individual piece of 3D visual content, based on specific 2D visual content used as an input. This raises particular copyright questions regarding the copyright-relevant uses of such techniques.
This contribution analyses these forms of use, and the extent to which the acts performed on underlying 2D visual content as training material are copyright-relevant under EU copyright law. In particular, the analysis specifically tackles how those uses interfere with the exclusive right of reproduction, its exceptions and limitations at the input stage, and whether a relation of derivation between 2D and 3D content may be established at the output stage. We highlight avenues through which the training and implementation of 3D reconstruction techniques may in fact not be copyright-relevant and analyse the possibilities through which the implementation of 3D reconstruction techniques may qualify as a form of ‘transformative use’ of 2D visual content, including whether this can be subject to exceptions and limitations
Public or Private Communication? Categorising WhatsApp’s and Telegram’s Group Chat and Channel Functionalities under the DSA
Full text linkMany messaging apps provide functionalities for chat groups and channels. These functionalities are used to share illegal and harmful content. To determine how the DSA’s intermediary liability regimes and due diligence obligations apply to group chat and channels, it is necessary to categorise them in terms of the DSA’s intermediary services types. This paper analyses WhatsApp and Telegram as case studies and asks two questions: First, are WhatsApp’s and Telegram’s group chat and channel functionalities mere conduit, caching, or hosting services? Second, are WhatsApp and Telegram\u27s functionalities that qualify as hosting services also online platform services?
The paper finds that WhatsApp group chats are mere conduit or sometimes caching services but never hosting services. Therefore, WhatsApp group chats cannot be online platform services. To the contrary, WhatsApp channels are hosting services and also qualify as online platform services. Telegram’s analysis concerns four parts of the app: private and public group chats and private and public channels. All these functionalities on Telegram are hosting services. Furthermore, public group chats and channels on Telegram also qualify as online platform services. However, private chat groups and channels on Telegram are not online platform services.
The paper also reflects on the relevance of three specific features that give otherwise private functionalities of messaging apps a semi-public character. The paper concludes that these three specific features do not turn otherwise private chat groups or channels into online platforms, despite giving them a semi-public character. Consequently, the paper reflects on the DSA’s gap regarding online spaces on messaging apps that do not qualify as online platform services, but have a semi-public character and, while being formally private, might lead to public harms. Further research should reflect on possible solutions to the DSA’s gap regarding private group chats and channels on messaging apps with a semi-public character. The conclusion emphasises that any solution should ensure that truly private messaging functionalities will not qualify as online platform services, and are not subjected to content moderation or other third-party interventions, because of the democratic importance of confidentiality of communications
The Cyber Resilience Act and Open-Source Software: A Fine Balancing Act
Full text linkOpen-source software, a type of software that can be publicly accessed, shared, and modified, is an integral part of modern digital infrastructure. Many products, from personal computers to internet-connected devices, run on open-source systems (e.g., Linux). Developers may work voluntarily or for limited compensation on such software. The character of this work, however, does not reduce the impact of cybersecurity incidents within these environments. Proprietary software, meaning software with restrictive license models, regularly implements open-source software: a vulnerability in the open-source software thus directly affects proprietary software too. Recent large-scale vulnerabilities (e.g., Log4j) highlighted this dual nature of open-source software: developers work on projects based on personal passion or ideologies, while the software is often equally as critical as software created and maintained by larger technology enterprises.
The Cyber Resilience Act, the recently proposed European cybersecurity legislation for products, aims to offer a legal response to cybersecurity problems in modern software and hardware. This paper addresses the role of open-source software cybersecurity in the Cyber Resilience Act with specific attention to the difficulties of reconciling cybersecurity responsibilities and open-source products. I show that the Cyber Resilience Act does achieve a balance between regulation for open-source software and advancing cybersecurity, but only through a narrowly applicable and, at times, complex legislative approach
An EU Copyright Framework for Research: Opinion of the European Copyright Society
Full text linkResearch and academic freedom are at the core of the EU project. Yet, the relationship between EU copyright law and research is intricate. Research and education interests have traditionally been recognized within copyright law to some degree, however, the current EU copyright acquis is not really conducive to an effective research environment. This jeopardises the fulfilment of the EU’s ambitions in the field.
Building on the pillars of action of the European Research Area (ERA) Policy Agenda 2022-2024 and its follow-up, the ECS emphasises the need for a copyright framework that fosters research, and supports the call for immediate action on the EU copyright framework to address the most pressing challenges it raises for European researchers and their institutions.
This Opinion stresses the need to ensure a proper balance between IP rights, protected under Article 17(2) CFREU, and the freedom of art and science (Article 13 CFREU), coupled with the ‘right to research’, as enshrined in international legal instruments (UDHR and ICESCR), the objectives of the EU treaties, and the CFREU and ECHR. Various EU and national legal instruments are in place that facilitate access and reuse of scientific works, but these have several shortcomings. They weaken the effective balance between copyright, research policy needs, and the fulfilment of ERA policy goals, including the EU Open Science agenda.
This opinion focuses on the flaws in key provisions aimed at balancing copyright and research needs: the general InfoSoc Directive research exception, the text and data mining exception of the CDSM Directive and national secondary publication rights. It also briefly assesses the interface between copyright and (research) data regulation. We propose several policy interventions to address the identified shortcomings. These include the introduction of an EU-wide secondary publication right with specific characteristics; the amendment of text and data mining exceptions; the creation of a general mandatory research exception overcoming the challenges raised by Article 5(3)(d) InfoSoc; and a more careful legislative drafting to reduce legal complexity and ensure consistency across copyright and data legislation
Synthetic Data, Data Protection and Copyright in an Era of Generative AI
Full text linkData protection, privacy and copyright may be closely aligned, yet distinctly respond to the common element called data – that comprises personal as well as non-personal elements. Data can be of many different types, and when extracted from human-authored works, the expressive form of the work is subject to copyright protection. When personal data are included in a given dataset, it may trigger the application of the EU General Data Protection Regulation. Together, all the different sources form training data, which forms a key input for the training of generative AI models. These models have substantially devoured data to reach their current level of sophistication and capabilities. However, generative AI models are advancing at a rapid pace, such that they are no longer a mere consumer of data; they are also a key producer of new data – one that mimics the original data. This data is known as ‘synthetic data’. Once the currently available models go a step further than their present level of development, follow-on synthetic data may look like independent works, with remote resemblance, if any, to the original data. While on the one hand, this may be a big promise to meet compliance with the 2016 EU General Data Protection Regulation, it heralds notable challenges for the current IPR (particularly copyright and database rights) framework and the accompanying balancing of authors’ and users’ rights. This interplay – considering its inter- and intra-disciplinary complexity – remains under-explored in the literature. This contribution, accordingly, explores the interaction between copyright (and other IPRs), database rights and data protection and privacy in the context of synthetic data and generative AI
The Artificial Intelligence Act: Critical Overview
Full text linkThis article provides a critical overview of the recently approved Artificial Intelligence Act. It starts by presenting the main structure, objectives, and approach of Regulation (EU) 2024/1689. Followed by a definition of key concepts, finally the material and territorial scope, as well asan examination of the timing of application, are analyzed. Although the Regulation does not explicitly set out principles, the main ideas of fairness, accountability, transparency, and equity in AI underly a set of rules of the regulation. This is discussed before looking at the ill-defined set of forbidden AI practices (manipulation and e-exploitation of vulnerabilities, social scoring, biometric identification and classification, and predictive policing). It is highlighted that those rules deal with behaviors rather than AI systems. The qualification and regulation of high-risk AI systems are tackled, alongside the obligation of transparency for certain AI systems, the regulation of general-purpose models, and the rules on certification, supervision, and sanctions. The text concludes that even if the overall framework can be deemed adequate and balanced, the approach is so complex that it risks defeating its own purpose of promoting responsible innovation within the European Union and beyond its borders
The Regulatory Landscape of Health Apps in the European Union
Full text linkDigital tools, including numerous health apps, have become integral to our daily lives. However, the fact that many of these solutions are unregulated raises concerns related to their quality and safety. The current Medical Device Regulation 2017/745 covers devices explicitly designed for medical purposes and does not extend its regulatory scope to wellness applications beyond its intended purpose. Due to the complexity of the regulation, many manufacturers choose to avoid the certification pathway and market their products as wellness apps. As a result of this regulatory stance, the responsibility for preventing harm to users primarily lies with developers, application marketplaces, and consumers themselves. This situation is coupled with increasing consumer skepticism towards the healthcare system and growing reliance on online information, paving the way for uncontrolled and potentially hazardous market development. Real-world examples demonstrate that these non-regulated apps can be harmful; with the market expanding, this issue is likely to worsen.
This article investigates the legal framework governing health apps in the European Union. We identify regulatory gaps and associated risks for public health, and propose measures to mitigate these challenges. Policymakers are advised to introduce updates to the General Product Safety Regulation or adopt national-level regulation as a short-term measure. Additionally, the author proposes revising the role and increasing the responsibilities of app marketplaces to prevent harmful apps from entering or operating in the market. Regulatory incentives, such as government reimbursement schemes, are suggested at the national level unless EU initiatives are introduced
Technical Challenges of Rightsholders’ Opt-out From Gen AI Training after Robert Kneschke v. LAION
Full text linkThis paper explores the evolving legal landscape surrounding generative AI model training on publicly available - often copyrighted - data, spotlighting the challenges in the wake of recent decision of German Court in Robert Kneschke v. LAION. On top of already explored implementation of copyright reservations by machine-to-machine and human-to-machine communication, this paper explores potential gaps and technical challenges stemming from the text and data mining exception including technical issues surrounding Robots.txt as well as data memorisation and regurgitation of verbatim snippets in AI outputs.
The Robert Kneschke v. LAION case exemplifies how non-profit organizations may leverage the TDM exceptions and offers insights that could influence commercial development of Gen AI. While the TDM exceptions may seem workable in theory, implementing them in practice presents a variety of practical challenges. Practical implications, such as requirements for “machine-readable” opt-out options for rightsholders considering current technological landscape, may ultimately reduce the practical benefits of these exceptions. Dataset creation and AI model training in practices occurs via chain of parties from copyright holders, licensors or publishers, non-profit organisations populating datasets to commercial AI developers which may bring additional interpretational issues and gaps when applying exception for research purposes or searching for validly applied opt-out. This paper discusses legal requirements and interpretation introduced by Robert Kneschke v. LAION and presents practical and technical implications stemming from the TDM exceptions and suggests possible outcomes thereof. 
Clouds Connecting Europe: Interoperability in the EU Data Act
Full text linkInteroperability, describing the ability of systems to work together, is a cornerstone of Europe’s vision for a connected digital economy, and the Data Act takes a bold step in this direction. Articles 33-35 of said Act contain far-reaching interoperability mandates for data spaces and data processing services, including cloud services. However, the provisions’ unclear language and structural complexities present interpretative challenges. For instance, the meaning of central terms like “data space” and “data processing service” remain ambiguous. To address these challenges, we propose an effects-oriented method emphasising an interdisciplinary analysis of the regulated industry and alignment of various legislative objectives with the effects of interoperability as a policy tool.
Applying this method, we find that the term “data space” must be interpreted restrictively in light of the public interest objectives of the relevant provision, namely as a platform that enables broad data sharing. Similarly, we argue that understanding the term “data processing service” is predicated on the insight that the technical terms used in the statutory definition are reflections of specific economic effects which characterize cloud markets (e.g. lock-in effects and the importance of amortisation). In order to reliably apply the definition, the technical terms must be evaluated in light of these economic effects as a set of interdependent factors in a global assessment, whereby a stronger degree in one dimension can offset weaker degrees in other dimensions.
We argue that this stringent effects-oriented approach is necessary for the Data Act to achieve its goals of strengthening Europe’s digital economy by enabling seamless cloud environments and shaping a more open and innovative digital landscape