Open source software (OSS) governance in the organisation

Going into the century's second decade, Open Source Software (OSS) is ubiquitous. But there remains a disconnect between OSS use and its effective management. In order to ensure that OSS is used in a way which complies with relevant licence requirements and reduces risk (for example, of adverse action from the OSS community and IP leakage through unintended application of the ‘copyleft’ terms of the GPL2); organisations should consider putting in place an effective OSS governance mechanism. OSS governance should take account of the people context, seeking to get buy-in from all stakeholder groups inside and outside the organisation. The high-level OSS strategy should then be agreed between the stakeholders, consistently with other statements of operational strategy. The next level down is the OSS policy statement, which should be clear, brief, event-driven, able to settle 80% of OSS decisions arising day to day and set out what information is to be collected and tracked. Finally, appropriate processes should be put in place to take the strain of OSS governance. Organisations should consider appointing an Open Source Compliance Officer and acquiring a software based indicator tool enabling a number of key governance processes (code review, setting agreed ‘do's and dont's’) to be automated.     

Regulating electronic identity in the European Union: An analysis of the Lisbon Treaty’s competences and legal basis for eID

This paper discusses the feasibility of EU legal action in the field of electronic identity (eID) within the new distribution of legal competences and the provision of novel legal basis engendered by the Treaty of Lisbon. The article attempts to find a ‘legal anchor’ to the idea of a pan-European electronic identity within EU law, looking at the issues of competences and legal basis. After examining various different areas of competence and the most feasible (and probable) candidates for a legal basis supporting an EU legal framework for eID, the paper argues that the latter should be found in the combination of Article 16 TFEU (concerning the right to the protection of personal data) with Article 3 TUE, and Articles 26 and 114 TFEU (concerning the establishment and functioning of the Internal Market), which also constitute the area of competence where an eID legal initiative can be pursued.     

The Creative Commons licences through moral rights provisions in French law

Since 2002, Creative Commons has been continuously evolving in order to create a licensing scheme that not only fulfils the needs of the author but also stays compatible with already existing national copyright laws. The extent of the respect of moral rights provisions has always been highlighted during the licences’ evolution. This Article first examines whether moral rights are expressly mentioned in the licences and if so, what their treatment is. Each element of the moral rights in the French system will be considered in order to verify their compatibility with the Creative Commons licences. In this context, it will be also asserted whether some existing clauses in the licence contradict with the moral rights of authors. The Article will conclude that although a more flexible interpretation of moral rights provisions is needed when dealing with open content licences, it is essential that Creative Commons addresses the aspects of the licences that are identified as problematic in relation to moral rights. Finally, it will be demonstrated that regardless of the legal status of the licences, the authors' responsibility towards their rights is what will ultimately be the safeguard of their creations' path.     

Police investigations in Internet open sources: Procedural-law issues

Analysing large amounts of data goes to the heart of the challenges confronting intelligence and law enforcement professionals today. Increasingly, this involves Internet data that are ‘open source’ or ‘publicly available’. Projects such as the European FP7 VIRTUOSO are developing platforms for open-source intelligence by law enforcement and public security, which open up opportunities for large-scale, automated data gathering and analysis. However, the mere fact that data are publicly available does not imply an absence of restrictions to researching them. This paper investigates one area of legal constraints, namely criminal-procedure law in relation to open-source data gathering by the police. What is the legal basis for this activity? And under what conditions can domestic and foreign open sources be investigated?     

Allocating responsibility among controllers,processors, and “everything in between”: the definition of actors and roles in Directive 95/46/EC

In Opinion 1/2010, the Article 29 Data Protection Working Party has provided additional guidance concerning the concepts of ‘controller’ and ‘processor’ contained in Directive 95/46/EC. This guidance aims to assist practitioners in their determination of whether an entity is acting as a controller or as a processor towards a particular data processing operation. Despite the fact that this opinion is informative, the existing framework still appears to leave room for a considerable amount of legal uncertainty. This uncertainty is attributable in part to the nature of the existing concepts, but also (and perhaps to a larger extent) to their apparent misalignment with current processing realities. In this paper, the author seeks to articulate why the existing concepts often remain difficult to apply in practice, in order to enable a constructive reflection on how these issues might be addressed in the future.     

Hey,you, get off of that cloud?

If the final years of this decade are to be over-shadowed by a ‘credit crunch’ and a global recession, then the IT industry's recent focus on cost and resource efficiency via cloud-computing will increasingly seem pertinent to many businesses. This paper will explore some of the legal and practical risks any business will need to consider in their cloud-computing arrangements.     

A walk in to the cloud and cloudy it remains: The challenges and prospects of ‘processing’ and ‘transferring’ personal data

Cloud computing is an information technology technique that promises greater efficiency and reduced-cost to consumers, businesses and public institutions. However, to the extent it has brought better efficiency and minimal cost, the emergence of cloud computing has posed a significant regulatory challenge on the application of data protection rules particularly on the regime regulating cross-border data flow. The Data Protection Directive (DPD), which dates back to 1995, is at odds with some of the basic technological and business-related features of the cloud. As a result, it is claimed that the Directive hardly offers any help in using the legal bases to ‘process’ and ‘transfer’ data as well as to determine when a transfer to a third country occurs in cloud computing. Despite such assertions, the paper argues that the ECJ's Bodil Lindqvist decision can to a certain extent help to delineate circumstances where transfer should and should not occur in the cloud. Concomitantly, the paper demonstrates that controllers can still make the most of the available possibilities in justifying their ‘processing’ as well as ‘transferring’ of data to a third country in cloud arrangements. In doing so, the paper also portrays the challenges that arise down the road. All legal perspectives are largely drawn from EU level though examples are given from member states and other jurisdictions when relevant.     

‘Modernising’ data protection Convention 108: A safe basis for a global privacy treaty?

Proposals for the reform or ‘modernisation’ of Council of Europe Data Protection Convention 108 have now been forwarded from the Convention's Consultative Committee for consideration by the Council of Ministers. This article assesses the changes proposed, which strengthen the obligations of Parties to implement the Convention as a matter of effective practice, not just as a law on paper. It tightens most of the existing data protection principles, and adds new ones which better align the Convention with the EU Directive (and proposed Regulation). The Convention Committee will have explicit new functions including assessing candidates for accession, and periodically reviewing implementation by existing parties. However, the proposals concerning the required standard for data export limitations are in some respects ill-defined and dangerous for data subjects. The existing standard that personal data can only be exported if the recipient provides ‘adequate’ protection has been abandoned for an undefined requirement of ‘appropriate’ protection. The article situates the risk of abandoning meaningful data export restrictions in the context of the USA's push for ‘interoperability’ of very different data protection standards.     

Obligatory dangerousness criteria in the involuntary commitment and treatment provisions of Australian mental health legislation

Objective

Involuntary commitment and treatment (IC&T) of people affected by mental illness may have reference to considerations of dangerousness and/or need for care. While attempts have been made to classify mental health legislation according to whether IC&T has obligatory dangerousness criteria, there is no standardised procedure for making classification decisions. The aim of this study was to develop and trial a classification procedure and apply it to Australia's mental health legislation.

Method

We developed benchmarks for ‘need for care’ and ‘dangerousness’ and applied these benchmarks to classify the mental health legislation of Australia's 8 states and territories. Our focus was on civil commitment legislation rather than criminal commitment legislation.

Results

One state changed its legislation during the course of the study resulting in two classificatory exercises. In our initial classification, we were able to classify IC&T provisions in legislation from 6 of the 8 jurisdictions as being based on either ‘need for care’ or ‘dangerousness’. Two jurisdictions used a terminology that was outside the established benchmarks. In our second classification, we were also able to successfully classify IC&T provisions in 6 of the 8 jurisdictions. Of the 6 Acts that could be classified, all based IC&T on ‘need for care’ and none contained mandatory ‘dangerousness’ criteria.

Conclusions

The classification system developed for this study provided a transparent and probably reliable means of classifying 75% of Australia's mental health legislation. The inherent ambiguity of the terminology used in two jurisdictions means that further development of classification may not be possible until the meaning of the terms used has been addressed in case law. With respect to the 6 jurisdictions for which classification was possible, the findings suggest that Australia's mental health legislation relies on ‘need for care’ and not on ‘dangerousness’ as the guiding principle for IC&T.     

How virtual are virtual economies? An exploration into the legal, social and economic nature of virtual world economies

Virtual world economies are undoubtedly increasing in growth, participation and importance. Their macroeconomic impact has already been seen as important in the real world economies; however its governance and jurisdiction is unclear. This paper will argue that virtual economies are not actually as virtual as they first appear to be. Secondly the paper argues that because of the real world effects and impacts virtual world economies can have, they should be applicable to real world jurisdictions and regulations. The question that is therefore posed is in which jurisdiction should the legal backbone be placed? The paper will be divided into several parts. Firstly, a background of what virtual worlds are, and what they mean in linguistic definition. Secondly, a review of law economics and history shall be considered to determine that what is once considered ‘other worldly’ is accepted as the norm. Thirdly, the paper will consider a virtual world economy, namely that of Second Life to establish the real world impacts that virtual world economies can have. Fourthly, the paper will consider two case studies of financial crisis occurring in the virtual worlds and the synergies we can draw from the real world. Finally, the paper will conclude with the proposition that legal governance is required and will enable what is already a lucrative business to flourish further within the realms of possibility and not virtually.     

Asia-Pacific news

This column provides a country-by-country analysis of the latest legal developments, cases and issues relevant to the IT, media and telecommunications' industries in key jurisdictions across the Asia Pacific region. The articles appearing in this column are intended to serve as ‘alerts’ and are not submitted as detailed analyses of cases or legal developments.     

Links and copyright law

For at least 15 years, there have been question marks over the legal permissibility of connecting one web resource to another by means of links. The purpose of this paper is to assess where we stand in terms of the legal state on the threshold of the new decade. The substantive argument in this paper is that, fundamentally, there are only two sorts of links. ‘Normal’ links facilitate access to subject matter that has been made available to the public and are visible to users as ‘activatable’ references. ‘Embedding’ links, by contrast, automatically incorporate online material and cause it to become a part of the embedding document. On the grounds of the cumulative judicial custom in the member states of the European Union, this paper proposes that normal links as such should invariably be deemed not to create a state of interference with copyright law. Embedding links, however, may constitute an infringement of the exclusive right of alteration, communication or reproduction enjoyed by the copyright holder, depending on the facts and circumstances.     

The Distance Selling Directive: Points for Future Revision

The EU Distance Selling Directive that was implemented in UK law in the Consumer Protection (Distance Selling) Regulations 2000 has provided guidelines for the protection of consumers undertaking distance transactions. The following paper discusses the provisions of the Directive with particular reference to e-commerce via the Internet, highlighting some possible areas for further consideration. Articles within the Distance Selling Directive are examined for problems of legal interpretation and implementation. There is discussion of: Article 2 (Definitions) and difficulties with its fundamental concepts of 'supplier' and 'consumer'; unnecessary exemptions in Article 3 (Exemptions); the 'local taxes' headache (and others) in Article 4 (Prior Information) and using e-mail under Article 5 (Written Confirmation of Contract). Under Article 6 (Right of Withdrawal), the 'cooling off period', exempted goods and services, refunds and reclaiming goods, and for Article 7 (Performance) substitute goods and contract law implications, are investigated. Finally Article 8 (Payment by Card) looks at protection against fraudulent card use.     

Public security versus privacy in technology law: A balancing act?

Technology invades a person's privacy but this has been justified in law on public security grounds. The more technology advances, the more difficult it is to control its privacy intrusive use. This paper argues that there are a number of difficulties posed by such use concerning the respect of one's privacy. The meaning of ‘public security’ is not entirely clear and there are various laws which authorise the invasion of privacy for public security reasons. Technology is developing at such a fast pace and in a more diffused manner without taking on board its privacy implications whilst technological privacy enhancement mechanisms are not catching up. The law of privacy is not sufficiently elaborate and is slow in coming to terms to deal with these novel situations posed by rapid technological advances. The paper thus develops universally legally binding minimum core principles that could be applied indiscriminately to all privacy intrusive technology.     

Creative Commons Licences,the Copyright Regime and the Online Community: Is there a Fatal Disconnect?

Creative works on the Internet (online works) present challenges to the traditional copyright model. Creative Commons licences are one response to these challenges. Despite the many positive features of Creative Commons licences, certain aspects have attracted criticism. The flaws in Creative Commons licences are a symptom of a broader failure of the copyright system itself to engage with the community. Creative Commons licences operate within the traditional copyright model, despite having some resonance with a developing copyright paradigm. Yet many concepts of copyright are not understood by the wider community; indeed, some remain a source of ongoing debate within the legal academy. Furthermore, there is evidence that community norms and expectations in relation to online works conflict with the legal environment provided by copyright law. The author argues that until these issues are addressed, an attempt to reconceptualise the legal environment by working within its constraints is unlikely to be successful.     

Commons as possessions: The path to protection of the commons in the ECHR system

The ‘commons’ is not mentioned in the texts of the European Convention on Human Rights (ECHR) or Article 1 of Protocol No. 1 (P‐1). This essay argues that ‘possessions’ — which does appear in the latter — should be interpreted by the European Court of Human Rights (ECtHR) to protect commons against national governments' undue interferences. The argument comprises two parts. First, we analyse the polysemic term ‘possessions’ to show how the current understanding of this category is marred by flawed assumptions and by false dichotomies. Then, we propose an ‘ecological’ construction of legal relationships between subjects and objects. We find support in the ECtHR case law on Article 8. We argue this approach should be extended to Article 1 P‐1: once disentangled from possessive individualism and market paradigms, ‘possessions’ encompass the commons and the category offers a solid legal basis toward the justiciability in Strasbourg of privatisations.     

Legal developments and industry issues relevant to IT,media and telecommunications law in key jurisdictions across the Asia Pacific

This column provides a country by country analysis of the latest legal developments, cases and issues relevant to the IT, media and telecommunications' industries in key jurisdictions across the Asia Pacific region. The articles appearing in this column are intended to serve as ‘alerts’ and are not submitted as detailed analyses of cases or legal developments.     

Legal developments and industry issues relevant to IT,media and telecommunications law in key jurisdictions across the Asia Pacific

This column provides a country by country analysis of the latest legal developments, cases and issues relevant to the IT, media and telecommunications' industries in key jurisdictions across the Asia Pacific region. The articles appearing in this column are intended to serve as ‘alerts’ and are not submitted as detailed analyses of cases or legal developments.     

Asia-Pacific news

This column provides a country by country analysis of the latest legal developments, cases and issues relevant to the IT, media and telecommunications' industries in key jurisdictions across the Asia Pacific region. The articles appearing in this column are intended to serve as ‘alerts’ and are not submitted as detailed analyses of cases or legal developments.     

Asia-Pacific news

This column provides a country by country analysis of the latest legal developments, cases and issues relevant to the IT, media and telecommunications' industries in key jurisdictions across the Asia Pacific region. The articles appearing in this column are intended to serve as ‘alerts’ and are not submitted as detailed analyses of cases or legal developments.