Singapore's cybersecurity strategy

Imminent cybersecurity threats of a massive global scale have led countries to review and strengthen their national cybersecurity strategies and to enact new and bolder legislation that is both comprehensive and far-reaching. This paper discusses how Singapore's enactment of the Cybersecurity Act 2018 is one such attempt to foster a secure and resilient national infocomm environment against cyberattacks.     

Free movement of patients: Directive 2011/24 on the application of patients' rights in cross-border healthcare

This contribution comments on Directive 2011/24, providing a legal framework for cross border healthcare 13 years after the famous Kohll and Decker case law. The Directive contains provisions concerning the reimbursement of costs, the responsibilities of the Member States and their mutual cooperation in healthcare. Analysing the (potential) impact of the Directive 2011/24 on EU healthcare systems, patients and healthcare providers, it becomes clear that the impact of the Directives reaches far beyond patient mobility. The Directive creates patients' rights, pays attention to the quality and safety of healthcare services and creates an excessive structure of cooperation in the field of healthcare. The European Union seems ready to use its economies of scale to improve healthcare for all European patients.     

Market introduction of innovative high risk medical devices: towards a recast of the directive concerning medical devices

The European Conformity (CE) marking grants early market introduction to innovative high risk medical devices based on safety and device performance only, without any requirement to demonstrate clinical efficacy or effectiveness. Hence healthcare providers, patients and payers are informed neither about the added clinical value compared to an existing medical device nor about the risks incurred by using such innovations. In addition there is a lack of coherence and uniformity of approach in the assessment of high risk medical devices. These gaps may put the health and safety of patients in danger. The European Commission, in concert with Competent Authorities, industry, Notified Bodies, and other stakeholders, is working on a "recast" of the directives regulating medical devices. This article identifies and discusses the critical points of the pre-market clinical evaluation of innovative high-risk medical devices in the European legal framework and compares it with the USA.     

Reforming residency: modernizing resident education and training to promote quality and safety in healthcare

The goal of medical residency is to provide the best clinical education for future practice, while increasing quality and safety in current and future healthcare. This goal is not being met. Traditional residency programs often continue to utilize individually oriented, shame-and-blame approaches that do not recognize the systems nature of outcomes, care, and patient safety. Appropriate substantive methods, content, and training tools are also lacking, while residents continue to labor in a poor working environment. All these factors create a system that serves no one-not the resident, the patient, or the system in which both interact. Residency reforms are proposed to address these imperative concerns.     

An analysis of cybersecurity in Dutch annual reports of listed companies

In this paper we study the disclosure of cybersecurity information in Dutch annual reports, such as cybersecurity measures and cyber incidents, from a financial law and economics perspective. We start our discussion with an analysis of the requirements in financial law to disclose cybersecurity information in annual reports. Hereafter, we discuss the incentives for the board regarding disclosing cybersecurity related information and its effect on stakeholders and shareholders. We draft hypotheses regarding the actual disclosure of cybersecurity information and propose a research design of an exploring empirical study. The results of our study show that although there is no strict legal obligation to do so, 87% of the companies mention cybersecurity or similar words in their annual report in 2018. However, only 4 out of 75 companies disclosed more than six specific cybersecurity measures, while openness would generate the highest surplus for society from a social welfare perspective. Some major Dutch banks and employment agencies did not disclose any specific information with regard to their cybersecurity strategy, while those companies are highly vulnerable for cybersecurity incidents. This hampers the protection of creditors, investors and other stakeholders. Our analysis aims to propel the debate on stimulation of self-regulation or possible obligations in financial law concerning cybersecurity in annual reports.     

The new JCAHO patient safety standards and the disclosure of unanticipated outcomes. Joint Commission on Accreditation of Healthcare Organizations

This article looks at the newly-issued JCAHO standards and their increased focus on patient safety in performance standards for healthcare organizations. As part of these standards, hospitals are required to inform patients of outcomes of care, including unanticipated outcomes. This article examines this requirement and suggests varying interpretations of it. After looking at the current legal and ethical standards requiring disclosure of errors or negligent acts, the article suggests that hospitals are faced with many difficulties in implementing the standard. Specifically, the article argues that more details are necessary regarding what events must be reported and what hospitals are required to do when members of the medical staff refuse to inform patients of medical error.     

Defence against the dark artefacts: Smart home cybercrimes and cybersecurity standards

This paper analyses the assumptions underpinning a range of emerging EU and UK smart home cybersecurity standards. We use internet of things (IoT) case studies (such as the Mirai Botnet affair) and the criminological concept of ‘routine activity theory’ to situate our critique. Our study shows that current cybersecurity standards mainly assume smart home environments are (and will continue to be) underpinned by cloud architectures. This is a shortcoming in the longevity of standards. This paper argues that edge computing approaches, such as personal information management systems, are emerging for the IoT and challenge the cloud focused assumptions of these standards. In edge computing, data can be stored in a decentralised manner, locally and analysed on the client using federated learning. This can have advantages for security, privacy and legal compliance, over centralised cloud-based approaches, particularly around cross border data flows and edge based security analytics. As a consequence, standards should start to reflect the increased interest in this trend to make them more aspirational and responsive for the long term; as ultimately, current IoT architectures are a choice, as opposed to inherent. Our paper unpacks the importance of the adoption of edge computing models which could enable better management of external cyber-criminality threats in smart homes. We also briefly discuss challenges of building smart homes that can accommodate the complex nature of everyday life in the home. In addition to technical aspects, the social and interactional complexities of the home mean internal threats can also emerge. As these human factors remain unresolved in current approaches to smart home cybersecurity, a user's security can be impacted by such technical design choices.     

Illuminating the health and safety of luminol

Luminol is a reagent that is used to enhance areas of non-visible bloodstaining and it is one of the most sensitive of such reagents available to the forensic scientist. However, its use, particularly within the UK and some other European countries, has been limited, predominantly due to concerns about the health and safety of the reagent. This paper reviews the literature currently available regarding the health and safety of luminol, and in the authors' view demonstrates that there are no significant health and safety concerns with the preparation of luminol solution and its application at the crime scene or in the laboratory, providing suitable precautions are taken.     

Public charge,legal estrangement,and renegotiating situational trust in the US healthcare safety net

US immigration law increasingly excludes many immigrants materially and symbolically from vital safety-net resources. Existing scholarship has emphasized the public charge rule as a key mechanism for enacting these exclusionary trends, but less is known about how recent public charge uncertainty has shaped how noncitizens and healthcare workers negotiate safety-net resources. Drawing on ethnographic observations and interviews with 80 safety-net workers and patients in three US states from 2015 to 2020, I argue that intensifying anti-immigrant rhetoric surrounding public charge has extended a sense of surveillance into clinical spaces in previously unexamined ways. Drawing on theories of medical legal violence, system avoidance, and legal estrangement, I demonstrate how these dynamics undermined immigrants' health chances and compromised clinic workers' efforts to facilitate care. I also reveal how participants responded to this insinuation of legal violence in healthcare spaces by promoting situational trust in specific procedures and institutions.     

The implementation of quality and safety measures: from rhetoric to reality

The evolution of American healthcare is the history of recurrent attempts to enhance quality of care. The latest wave of debate in this area was sparked by the 1999 Institute of Medicine Report, To Err is Human. In the current debate over how best to improve safety and quality, however, there has been a disconnect between the theoretical optimum and the practical possibilities. The author examines the history of our nation's efforts at healthcare improvement over the years, and concludes that the present debate will likely lead to improvements--but only after a messy (and necessary) political struggle over what price Americans are willing to pay for improvement, and where that money will come from. When reform occurs, the author believes that it will be on multiple levels, with accreditation organizations and various levels of government acting in the manner (and for the constituencies) appropriate to each. Ultimately, the political processes will yield a variety of approaches to be watched, studied, and amended as the healthcare system evolves to provide safer, more effective care.     

Hospitals’ Liabilities in Times of Pandemic: Recalibrating the Legal Obligation to Provide Personal Protective Equipment to Healthcare Workers

The Covid-19 pandemic has precipitated the global race for essential personal protective equipment in delivering critical patient care. This has created a dearth of personal protective equipment availability in some countries, which posed particular harm to frontline healthcare workers’ health and safety, with undesirable consequences to public health. Substantial discussions have been devoted to the imperative of providing adequate personal protective equipment to frontline healthcare workers. The specific legal obligations of hospitals towards healthcare workers in the pandemic context have so far escaped important scrutiny. This paper endeavours to examine this overlooked aspect in the light of legal actions brought by frontline healthcare workers against their employers arising from a shortage of personal protective equipment. By analysing the potential legal liabilities of hospitals, the paper sheds light on the interlinked attributes and factors in understanding hospitals’ obligations towards healthcare workers and how such duty can be justifiably recalibrated in times of pandemic.

     

Assessing China's Cybersecurity Law

In November 2016, China passed its first Cybersecurity Law, aiming to strengthen cyberspace governance through a number of initiatives, including Internet operator security protection, personal information protection, special protection of critical information infrastructure, local storage of data, and security evaluation for data export. This Article discusses the major concepts and principles of the Cybersecurity Law. It also discusses the tensions and controversies inherent in the law. All in all, the Cybersecurity Law exhibits distinctive Chinese characteristics. It is premised on the concept of cyberspace sovereignty and emphasizes security over free flow of data and freedom of speech. It provides a basic legal framework for cyberspace governance in China, to be supplemented by implementing regulations in years to come.     

European Law Beyond ‘Ever Closer Union’ Repositioning the Concept,its Thrust and the ECJ's Comparative Methodology

The article investigates competing understandings of European law. It supports, against the prevailing EU‐centred understanding, an ecumenical concept that embraces EU law, supplementing international instruments, the European Convention on Human Rights and, importantly, various domestic laws enacting or responding to such transnational law, as well as European comparative law. To keep the concept in sync with European politics, it posits a new idea that binds the parts together: to provide for a European legal space rather than further European integration (the ever closer union). This idea can also serve as European law's functional equivalent to forming one legal order. European law thus conceived grasps the puzzling complex of interdependent legal orders, sets a common frame for corresponding reconstructions (European composite constructions, legal pluralism, network theories, federalism or intergovernmentalism) and allows forces with diverging outlooks to meet in one legal field, on one more neutral disciplinary platform. Within this framework, European comparative law finds a new mission as well as a sound legal basis.     

Treating or Tracking? Regulatory Challenges of Nano‐Enabled ICT Implants

The increasing commercialisation of human ICT implants has generated debate over the ethical, legal, and social implications of their use. The convergence of nanotechnologies with ICT is likely to further challenge the current legal frameworks that regulate them. The aim of this article is to examine the effectiveness of the European data protection legal framework for regulating this “next generation” of nano‐enabled ICT human implantable devices. The article highlights the potential regulatory challenges posed by the applications and makes a series of recommendations as to how the current European legal framework on data protection will respond to them.     

Integrating Europe’s PSI re-use rules - Demystifying the maze

Despite various studies evincing the huge potential locked up in public sector information (PSI), this potential is far from being fully exploited. To a large extent, this failure is caused by the immensely complex legal labyrinth surrounding PSI re-use. This complexity works in two ways: public sector bodies do not comply with the regulatory framework and re-users do not avail themselves of the legal instruments offered, resulting in unexploited economic potential. What makes the legal framework so complex is the transcending nature of PSI re-use, as it blends four areas of law - freedom of information law, ICT law, intellectual property law and competition law - that, throughout the years, have been regulated at a European, national and even at a sectoral level, but in isolation. The fundamental impact that ICT developments have on our society, subsequently also rocking the legal rules and underlying principles and axioms, makes the picture even more complicated. Taking the maximization of utility of PSI as a starting point in this article, I will anatomize each of these legal frameworks and demonstrate how they interact, culminating in a conceptual framework that may help public sector bodies and re-users, and courts where necessary, to apply and rely on the rules involved and to bring to the surface areas for policy action, both at the national and European level.     

Crime control in the sphere of information technologies in the Republic of Turkey

Cybercrime is considered an issue of both local and global concern. Therefore, this study focuses on the local experience in cybercrime control of different countries, including the Republic of Turkey. The article discusses issues in cybersecurity policy and analyzes the legislative framework of the Republic of Turkey on cybercrime issues. The findings underlie the continuing education policy for cybersecurity employees. The study concludes that Turkey handles the current cybercrime situation with efficiency.     

GDPR-compliant AI-based automated decision-making in the world of work

Artificial Intelligence is spreading fast in our everyday life and the world of work is no exception. AI is increasingly shaping the employment context: such emerging areas are augmented and automated decision-making. As AI-based decision-making is fuelled by personal data, compliance with data protection frameworks is inevitable. Even though automated decision-making is already addressed by the European norms on data protection – especially the GDPR –, their application in the world of work raises specific questions. The paper examines, in the light of the ‘general’ data protection background, what specific data protection challenges are raised in the field of AI-based automated decision-making in the context of employment. As a result of the research, the paper provides a detailed overview on the European legal framework on the data protection aspects of AI-based automated decision-making in the employment context. It identifies the main challenges, such as the applicability of the existing legal framework to the current use-cases and the specific questions relating to the lawful bases in the world of work, and provides guidelines on how to address these challenges.     

The European legal framework on cybercrime: striving for an effective implementation

This article analyzes the European legal framework on cybercrime. Initially, it argues the challenges of cybercrime to traditional criminal justice systems. Subsequently, it focuses on the criminal law framework on cybercrime with a mainly European perspective. The European legal framework provides a three-path solution: the reduction of frictions among national legislations, the introduction of new investigative powers and the facilitation of international cooperation. The article presents and discusses each solution. Further, it argues that the effective implementation of the main legal instruments does not seem to depend on the legal enforceability of these international measures. Contrarily, other, non legal, factors such as national security, politics, the economy and the public opinion appear to stimulate the spontaneous implementation of the European legal framework. In this context, the added value of the EU action is rather low, although the Treaty of Lisbon and the Stockholm Programme may improve this situation in the long term.     

The contemporary cybercrime ecosystem: A multi-disciplinary overview of the state of affairs and developments

This article provides a multi-disciplinary overview of the contemporary cybercrime ecosystem and its developments. It does so by reviewing and synthesising recent cybercrime research from fields such as cybersecurity, law and criminology. The article also examines ways in which gaps between the aforementioned fields arise and how to lessen them to increase cybersecurity. This article is divided into four main parts. The first part offers background on cybercrime and some of its main elements. It defines terminology, sets out a legal taxonomy of cybercrime offences and presents the estimated costs, threat agents and characteristics of various illicit activities and technical aspects of cybercrime. Parts two, three and four build on this preceding analysis by (separately) examining three prominent threat vectors within the ecosystem – malware, the darknet and Bitcoin and other cryptocurrencies. For each threat vector, the article identifies and investigates features, history, functions and current and expected states of development within the ecosystem. Through its attention to and synthesis of current research and results from different fields, this article offers a synoptic account of the cybercrime ecosystem, which can bridge potential knowledge gaps between fields.     

Structural and legal implications of e-health

Web and attendant e-Commerce phenomena are irretrievably at odds with the traditional structure and hence legal regulation of health delivery. E-Health delivers healthcare information, diagnosis, treatment, care, and prescribing of drugs in a nonlinear, nonhierarchical manner that encourages patients to "enter" the system at an infinite number of points, thus defying current regulatory constructs. Similarly, e-Commerce fundamentals such as disintermediation and disaggregation result in medical information being delivered through unfamiliar channels, creating immensely difficult questions for health lawyers.