JIPITEC – Journal of Intellectual Property, Information Technology and E-Commerce Law
Not a member yet
417 research outputs found
Sort by
Navigating The Fragmented Online Music Licensing Landscape In Europe A Legislative Compass In Sight?
Online exploitation of musical works allows consumers in the European Union (EU) to enjoy tens of millions of musical works from a place and at a time of their choice. While the Title III of the EU Collective Rights Management (CRM) Directive contributed to re-shaping the EU multi-territorial online music licensing market, it did not adequately facilitate licensing for online use of musical works on a multi-territorial level in the EU. This article seeks to answer the question as to which legislative measures should be introduced to facilitate licensing practices and to lower transaction costs in order to enable market entry of new online music services in Europe. In order to answer this question, this article analyses relevant provisions of the Title III of the CRM Directive and problematic aspects of their application to different licensors. Furthermore, legislative and soft law documents on the EU level as well as cooperation initiatives among CMOs are evaluated in order to assess whether past initiatives can be considered by the EU legislator. Finding answers to these questions seems relevant in the light of possible re-evaluation of multi-territorial licensing practices on the legislative level in April 2021, as foreseen by the CRM Directive
Security Implications of Consortium Blockchains: The Case of Ethereum Networks
By definition, blockchain platforms offer secure and reliable data exchange between stakeholders without a trusted third party. Private and consortium blockchains implement access restrictions, so that sensitive data is kept from the public. However, due to its distributed structure, only one node with faulty configuration can leak all blockchain data. For our study, we scanned the Internet for misconfigured private Ethereum nodes. Overall, we found 1421 nodes belonging to 621 blockchains that are not one of the large Ethereum-based networks. For our analysis, we chose a diverse sample of networks. Then, we analyzed in-depth 4 different networks with 10 to 20 nodes enabling 800 to over 34 million transactions. We used the exposed remote procedure call interface of nodes to extract the complete transaction history and to gain insights into the actors’ behaviors those networks. We used graph visualization tools to picture the networks transactions and to identify stakeholders and activities. Additionally, we decompiled and reverse engineered smart contracts on the networks to infer the purpose of smart contracts, the network, and its participants’ roles. With our research, we show how to reveal confidential information from blockchains, which should not be exposed to the public and could potentially include identities, contract data as well as legal data. Thereby, we illustrate the legal and social implications of data leakage by this distributed and supposedly secure technology. In summary, we show that the large attack surface of private or consortium blockchains poses a threat to the security of those networks. The nodes used in this study were not configured according to the Ethereum guidelines and exposed information directly to the Internet. However, even correctly configured nodes provide an excellent target for attackers as they allow them to gain information about a whole network while only breaching one weak point. Lastly, our study discusses whether (private) blockchain networks can reach a consensus without sharing all data between nodes and what data distribution strategies defend best against weak links in the chain
Imbalanced data as risk factor of discriminating automated decisions: a measurement-based approach
Over the last two decades, the number of organizations -both in the public and private sector- which have automated decisional processes has grown notably. The phenomenon has been enabled by the availability of massive amounts of personal data and the development of software systems that use those data to optimize decisions with respect to certain optimization goals. Today, software systems are involved in a wide realm of decisions that are relevant for the lives of people and the exercise of their rights and freedoms. Illustrative examples are systems that score individuals for their possibility to pay back a debt, recommenders of the best candidates for a job or a house rent advertisement, or tools for automatic moderation of online debates.
While advantages for using algorithmic decision making concern mainly scalability and economic affordability, on the other hand, several critical aspects have emerged, including systematic adverse impact for individuals belonging to minorities and disadvantaged groups. In this context, the terms data and algorithm bias have become familiar to researchers, industry leaders and policy makers, and much ink has been spelled on the concept of algorithm fairness, in order to produce more equitable results and to avoid discrimination. Our approach is different from the main corpus of research on algorithm fairness because we shift the focus from the outcomes of automated decision making systems to its inputs and processes. Instead, we lay the foundations of a risk assessment approach based on a measurable characteristic of input data, i.e. imbalance, which can lead to discriminating automated decisions. We then relate the imbalance to existing standards and risk assessment procedures.
We believe that the proposed approach can be useful to a variety of stakeholders, e.g. producers and adopters of automated decision making software, policy makers, certification or audit authorities. This would allow for the assessment of the risk level of discriminations when using imbalanced data in decision making software. This assessment should prompt all the involved stakeholders to take appropriate actions to prevent adverse effects. Such discriminations, in fact, pose a significant obstacle to human rights and freedoms, as our societies increasingly rely on automated decision making. This work is intended to help mitigate this problem, and to contribute to the development of software systems that are socially sustainable and are in line with the shared values of our democratic societies.
This paper is also available at https://doi.org/10.5281/zenodo.579518
Internet Of Bodies: Digital Content Directive, And Beyond
“Internet of Bodies” (IoB) is the new frontier of digital technologies challenging our lives as individuals and as a society. The European Union has not yet set up a coherent and complete regulatory framework dealing with the “Internet of Everything”. This paper aims at describing the possible implications of the new technologies in search for responsible legal reactions. After defining IoB and some uncomfortable problems raised by it, the paper faces the topic of what can law and policy do in order to provide a set of rules adequate for supporting sustainable data-driven technologies. The current legal framework is essentially designed by the Digital Content Directive, the Product Liability Directive and the product safety legislation framed into a multilevel layout, as set up by the New Legislative Framework and by the European Standardization System. The article argues that it is within this regulatory framework that new technologies should be controlled, although a substantial institutional revision of co-regulation in the light of plurality and transparency is still desirable
The EU’s system of knowledge-based liability for hosting service providers in respect of illegal user content – between the e-Commerce Directive and the Digital Services Act
Over the past two decades the principle of knowledge-based liability has been the backbone of the EU’s regime regulating the liability of social media companies, online marketplaces, cloud storage providers and many other online service providers that store and disseminate user-generated content. This article traces the origins, identifies the rationale, assesses the continued relevance and discusses the main strengths and shortcomings of this approach. It is argued that, counter-intuitive as it may seem to some, there are good grounds for retaining the key features of the current liability system, which conditionally shields such service providers from liability for their users’ content. Most important is the system’s ability to strike a fair balance between the conflicting rights and interests of the parties involved – not only the service providers and the users, but also the parties aggrieved by the content. That is not to say, however, that the system has no shortcomings. In particular, the system’s effectiveness in terms of tackling illegal user content causing serious ‘public’ harm could be improved, whilst the system also involves significant risks of unjustified removal of user content. These shortcomings do not mean that the current knowledge-based liability system should be discarded. Instead, it should be improved. Not by excluding certain service providers from the scope of the liability exemption or adding conditions, but rather by enacting complementary requirements. Against this background the article assesses to what extent the recently proposed Digital Services Act addresses the identified shortcomings
Competition Problems and Governance of Non-personal Agricultural Machine Data: Comparing Voluntary Initiatives in the US and EU
The arrival of digital data in agriculture opens the possibility to realise productivity gains through precision farming. It also raises questions about the distribution of these gains between farmers and agricultural service providers. Farmers’ control of the data is often perceived as a means to appropriate a larger share of these gains. We show how data-driven agricultural business models lock farm data into machines and devices that reduce competition in downstream agricultural services markets. Personal data protection regulation is not applicable to non-personal agricultural machine data. Voluntary data charters in the EU and US emulate GDPR-like principles to give farmers more control over their data but do not really change market-based outcomes due to their legal design.Third-party platforms are a necessary intermediary because farmers cannot achieve the benefits from applications that depend on economies of scale and scope in data aggregation. Data lock-in, combined with the low marginal value of individual farm data, puts farmers in a weak bargaining position. Neutral intermediaries that are not vertically integrated into agricultural machines, inputs or services may help farmers to circumvent monopolistic data lock-ins. However, unless these neutral intermediaries find a way to generate and monetise economies of scale and scope with their data, their business model may not be sustainable. Regulatory intervention that facilitates portability and interoperability might be useful for farmers to overcome data lock-ins, but designing data access rights is a complicated issue as many parties contribute data in the production process and may claim access rights. Minor changes in who gets access to which data under which conditions may have significant effects on stakeholders. We conclude that digital agriculture still has some way to go to reach equitable and efficient solutions to data access rights. Similar situations are likely to occur in other industries that rely on non-personal machine data
EU Digital Content Directive And Evolution Of Lithuanian Contract Law
Lithuania’s national legislature is once more facing the task of implementing another consumer protection directive into national law. This time it is not as easy as it may seem because by adopting the Digital Content Directive, the European Parliament and the Council intentionally left issues of legal classification of digital content contracts and their systemic ties with other bodies of law, such as intellectual property law, for regulation by national law. Hence, the proper time is now to reconsider basic trends of consumer legislation in Lithuania and to identify systemic challenges of implementation of the Directive.
Within the internal structure of Lithuanian civil law, consumer relations belong to the subject matter of the law of obligations. Most often consumer legal relations arise from the contract, less often – in cases of defective production – from the tort. The author proposes to extract almost all consumer private law rules (leaving untouched only marginal exceptions such as private international law rules) from Lithuanian Civil Code and other statutes to a newly created Book 7 “Consumer law”. From one side, it could facilitate concentration and systematization of whole consumer private law in one place, without impairing coherence of other sections in Lithuanian Civil Code. From another side, this option would still maintain consumer law within the scope of Lithuanian Civil Code and influence of civil law doctrine, thus avoiding legal dualism and preventing insufficient academic attention.
According to its legal nature, movable and controllable digital content under Lithuanian law may be treated and protected as a novel form of property. However, normative content of existing Lithuanian Civil Code regarding contractual rules is not specifically tailored for digital goods. In general, Digital Content Directive rules are far more developed and detailed than current Lithuanian Civil Code rules on consumer sales, which transpose various EU directives and are applicable mostly for the sale of tangible goods. Therefore, contracts for supply of digital content deserve to be named sui generis by their nature and should be classified and regulated separately from other nominate contracts. Such a solution would overcome the full set of problems related to complex characterization and cross application of various rules regulating other types of contracts.
Despite that, the Lithuanian Pre-draft mostly reflects a cautious and conservative approach for implementation of the Digital Content Directive within Lithuanian private law. However, Digital Content Directive should significantly enhance protection of consumer rights in Lithuania. Legal innovations and rules specifically tailored for a digital environment will lead to optimization and development of the existing contractual regime. In turn, all this should provide legal certainty on rights and duties of the trader and consumer with the obvious benefit for development of digital markets
Smart Contracting And The New Digital Directives: Some Initial Thoughts
In this article, smart contracting meets Directive (EU) 2019/770 on certain aspects concerning contracts for the supply of digital content and digital services, and as the Directive (EU) 2019/771 regarding certain aspects of contracts for the sale of goods. Much has been written about smart contracting and the two directives. What has been missing, however, are contributions that explicitly address the question of whether the two directives are really “smart contracts ready”. The present article is intended to fill this gap and to serve as an incentive to take a closer look at this topic
Exploring the limits of joint control: the case of COVID-19 digital proximity tracing solutions
Referring to the judgment of the CJEU in Fashion-ID, some scholars have anticipated that, “at this rate everyone will be a [joint] controller of personal data”. This contribution follows this arguably provocative, but not entirely implausible, line of thinking. In the first part of the article, we highlight the ambiguities inherent to the concept of “joint control” and confront them with those pertaining to the notion of “identifiability”. In the second part, we investigate the effects of the broad legal test for joint control on the role of the individual user of BLE-based COVID-19 digital proximity tracing solutions. This offers the possibility to examine, at a theoretical level, whether the impact of the broad notion of joint control differs depending on the architecture of the system (i.e. centralized or decentralized). We found out that the strict application of the joint controllership test could lead to unexpected and, most likely, unintended results. First, an app user could, in theory, qualify as a joint controller with a national health authority regardless of the protocol’s architecture. Second, an actor could, again in theory, be considered as a joint controller of data that is not personal from that actor’s perspective