1,721,083 research outputs found
The EU-US Data Privacy Framework:Is the Dragon Eating its Own Tail?
No full textThe European Commission’s adequacy decision on the EU-US Data Privacy Framework (DPF), adopted on July 10th, 2023, marks a crucial moment in transatlantic data protection. Following an Executive Order issued by President Biden in October 2022, this decision confirms that the United States (US) meets European Union (EU) standards for personal data protection. The decision extends to all transfers from the European Economic Area (EEA) to US entities partici- pating in the framework, promoting privacy rights while facilitating data exchange. Key aspects include oversight of US public authorities’ access to transferred data, the introduction of a dual-tier redress mechanism, and granting new rights to EU individuals, encompassing data access and rectification. However, the EU-US DPF presents both promise and challenges in health data transfers. While streamlining exchange and aligning legal standards, it grapples with the complexities of divergent privacy laws. The recent bill for the introduction of a US federal privacy law empha- sizes the urgent need for ongoing reform. Lingering concerns persist regarding the EU-US DPF’s resilience, especially amid potential legal battles before the Court of Justice of the EU (CJEU). The history of transatlantic data transfers between the EU and the US is riddled with vulnerabilities, reminiscent of the Ouroboros—an ancient symbol of a serpent or dragon eating its own tail—hinting at the looming possibility of the framework facing invalidation once again. This chapter delves into the main requirements of the EU-US DPF and offers insights on how healthcare organizations can navigate it effectively.<br/
A Multidisciplinary Perspective on Cross-Border Health Data Transfers:Privacy, Risks and Solutions
No full textThis chapter serves as an introduction to the complex contemporary regulatory landscape of international health data transfers. It emphasizes the critical role of international data sharing in healthcare, particularly in research, patient care, clinical trials, and public health initiatives. Our goal is to provide a brief examination of the advantages of international health data transfers while delving into the associated inherent risks. These risks are analyzed from various perspectives, and it is suggested they are significantly amplified when sensitive data is involved. To illustrate these risks, we offer concrete hypothetical examples that elucidate ten key risk factors, from data privacy concerns to issues related to reputation and trust. Addition- ally, the chapter provides a global overview of the subsequent chapters within the book, emphasizing raising awareness of regulatory considerations worldwide. We underscore the significance of conducting comprehensive transfer risk assessments, practicing due diligence, implementing safeguards, and utilizing structured transfer tools to ensure secure cross-border data transfers. These measures empower organizations to navigate the complex landscape effectively while upholding the highest standards of data privacy and security
Generative AI and the Future of Contracts, Law, and Design
No full textThis chapter serves as an introduction to this collection by exploring the transformative intersection of Generative AI (GenAI), contracts, law, and design. It highlights how advanced machine learning models are reshaping legal practices, contracts, and contracting. GenAI—a subset of artificial intelligence—uses large datasets to create original content and provide new opportunities for automating legal tasks, enhancing contract accessibility, and promoting proactive legal strategies. The chapter delves into the technological underpinnings of GenAI, including examples such as OpenAI's ChatGPT and DALL·E, Anthropic’s Claude, GitHub Copilot, Google’s Bard and Gemini, and DeepSeek. It also examines the ethical and regulatory implications of AI adoption, focusing on the principles of “Responsible AI,” and discusses the importance of human-centric design in preparing legal tools and solutions intended to drive policy and strategic objectives. Additionally, it provides a brief overview of the book’s content, outlining key topics such as proactive law, contract design, intellectual property, privacy communication, and health data governance. By providing case studies and practical insights, the chapter offers a comprehensive overview of GenAI’s impact on contracting and the legal domain and sets the stage for further discussions on its applications, challenges, and future directions
Legal Design for the Common Good:Proactive Legal Care by Design
No full textMany legal problems are caused by misunderstandings. People do not read complex documents. Even if they do, they may not find what they look for or understand what they find. This chapter shows how proactive legal care can help, not only to deal with challenges of complex legal information, but also to improve access to justice and prevent unnecessary problems. Enhancing clients’ self-care by promoting their legal literacy is a central strategy for this purpose. Changing how documents are framed and presented is another. We propose a new mindset for lawyers, with a focus on the users and on using the law for the advancement of the common good. With this mindset, it becomes natural to look for skills and tools to present legal information in more engaging and actionable ways. Design patterns offer a way to identify and share such tools, for the benefit of lawyers and clients alike. <br/
The Rise of Robotics & AI: Technological Advances & Normative Dilemmas
No full textComputer science, robotics and AI have all developed rapidly in recent years, bringing profound changes to all aspects of human life. However, the emergence and proliferation of these new technologies has not occurred within the bounds of traditional organizational, ethical and regulatory systems. We have reached an inflection point, where we need to pursue new business models and normative frameworks to underpin these fast-developing technologies. This introductory chapter briefly maps the evolution of these different technologies and argues for a new, more forward-oriented approach to the business and normative challenges that are created. The discussion ends with a review of the chapters that comprise this volume
Social Media Platforms as Public Health Arbiters:Global Ethical Considerations on Privacy, Legal and Cultural Issues Associated with Suicide Detection Algorithms
No full textThe emergence of Facebook’s suicide prevention algorithm has prompted discussion around whether social media platforms have a role to play in public health surveillance. Concerns have been raised about an entity that is not a public interest health authority collecting and acting on the private health information of its users, particularly sensitive data like an individual’s mental health status. Mental illnesses are still heavily stigmatised, despite continued efforts to normalise these conditions in some areas of the world. Depending on a user’s geographic location, the ramifications of the suicide detection algorithms generating false positives for suicide risk could have severe consequences. The present chapter continues this discourse by examining the ethical implications of Facebook’s suicide prevention algorithm from privacy, legal, and cultural perspectives
Disruptive Technologies Shaping the Law of the Future
No full textTechnology is transforming our lives and the way we perceive reality so quickly that we are often unaware of its effects on the relationship between law and society. As an emerging field, a key aim of IT Law is finding the best way of harnessing different cutting-edge technologies and at the same time reducing the ever-growing gap between new technology and various legal systems. Therefore, this chapter deals with introducing and describing several limiting legal issues that have been exacerbated by emerging technologies and the Internet’s fast growing and dynamic nature. It follows from this chapter that we could expect disruptive technology and innovation to be integral components to the analysis of law in the future
Smart Contracts and Smart Disclosure:Coding a GDPR Compliance Framework
No full textThis chapter analyses some of the main legal requirements laid down in the new European General Data Protection Regulation (GDPR) with regard to hybrid Cloud Computing transformations. The GDPR imposes several restrictions on the storing, accessing, processing and transferring of personal data. This has generated some concerns with regard to its practicability and flexibility given the dynamic nature of the Internet. The current architecture and technical features of the Cloud do not allow adequate control for end-users. Therefore, in order for the Cloud adopters to be legally compliant, the design of Cloud Computing architectures should include additional automated capabilities and certain nudging techniques to promote better choices. This chapter explains how to fine tune and effectively embed these legal requirements at the earlier stages of the architectural design of the computer code. This automated process focuses on Smart Contracts and Service Level Agreements (SLAs) frameworks, which include selection tools that take an information schema and a pseudo-code that follows a programming logic to process information based on that schema. The pseudo-code is essentially the easiest way to write and design computer code, which can check automatically the legal compliance of the contractual framework. It contains a set of legal questions that have been specifically designed to urge Cloud providers to disclose relevant information and comply with the legal requirements established by the GDPR
Supplementary Measures and Appropriate Safeguards for International Transfers of Health Data after Schrems II
No full textIn July 2020, the Court of Justice of the European Union (CJEU) in Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems (“Schrems II”) invalidated the EU-US Privacy Shield adequacy decision but found that Standard Contracting Clauses (SCCs) are a valid mechanism to enable GDPR-compliant transfers of personal data from the EU to jurisdictions outside the EU/EEA, as long as various unspecified “supplementary measures” are in place to compensate for any gaps in data protection arising from the third country law or practises. The effect of this decision has been to place regulators, scholars, and data protection professionals under greater pressure to identify and explain these “supplementary measures” to facilitate cross-border transfers of personal data. This chapter critically examines the current framework for cross-border transfers after Schrems II, including the new SCCs adopted by the European Commission, as well as the current European Data Protection Board (EDPB) guidance on “supplementary measures.” We argue that the so-called “supplementary measures” are not “supplementary” and that the CJEU’s characterization of such measures as “supplementary” undermines the original clarity of GDPR with regards to the required standards for security of processing as well as the available mechanisms for cross-border transfers of personal data. We conclude that despite the legal uncertainty introduced by the CJEU several post-Schrem II developments have been helpful to increase awareness and improve the overall safeguards associated with cross-border transfers of personal data. These include the new SCCs and an increased understanding of capabilities and limitations of the technical and organisational measures, including encryption, pseudonymisation, and multi-party processing. Technical solutions such as multiparty homomorphic encryption (HE) that combine these three technical measures while still allowing for the possibility to query and analyse encrypted data without decrypting it have significant potential to provide effective security measures that facilitate cross-borders transfers of personal data in high-risk settings
The Dynamic Context & Multiple Challenges of Data Sharing
No full textThis chapter outlines the dynamic context and multiple challenges of data sharing in the contemporary data ecosystem, specifically as it relates to healthcare. Here, we define ‘data sharing’ as the practice of sharing health-related data between a number of data controllers and processors. Data collected in this manner can come from the provision of health, clinical trials, observational studies, public health surveillance programs, and other health data collection methods. Several justifications for such sharing are introduced. Our main contention is that the regulatory environment today is an increasingly complex and rapidly evolving combination of norms and principles. To navigate it successfully requires careful analysis and judgment from all stakeholders across diverse fields of law and technology. The purpose of this volume, therefore, is to offer a series of case studies that integrate theoretical and practical perspectives and illustrate how to effectively navigate this rapidly evolving space
- …
