Cybersecurity,safety and robots: Strengthening the link between cybersecurity and safety in the context of care robots

This paper addresses the interplay between robots, cybersecurity, and safety from a European legal perspective, a topic under-explored by current technical and legal literature. The legal framework, together with technical standards, is a necessary parameter for the production and deployment of robots. However, European law does not regulate robots as such, and there exist multiple and overlapping legal requirements focusing on specific contexts, such as product safety and medical devices. Besides, the recently enacted European Cybersecurity Act establishes a cybersecurity certification framework, which could be used to define cybersecurity requirements for robots, although concrete cyber-physical implementation requirements are not yet prescribed. In this article, we illustrate cybersecurity challenges and their subsequent safety implications with the concrete example of care robots. These robots interact in close, direct contact with children, elderly, and persons with disabilities, and a malfunctioning or cybersecurity threat may affect the health and well-being of these people. Moreover, care robots may process vast amounts of data, including health and behavioral data, which are especially sensitive in the healthcare domain. Security vulnerabilities in robots thus raise significant concerns, not only for manufacturers and programmers, but also for those who interact with them, especially in sensitive applications such as healthcare. While the latest European policymaking efforts on robot regulation acknowledge the importance of cybersecurity, many details, and their impact on user safety have not yet been addressed in depth. Our contribution aims to answer the question whether the current European legal framework is prepared to address cyber and physical risks from care robots and ensure safe human–robot interactions in such a sensitive context. Cybersecurity and physical product safety legal requirements are governed separately in a dual regulatory framework, presenting a challenge in governing uniformly and adequately cyber-physical systems such as care robots. We conceptualize and discuss the challenges of regulating cyber-physical systems’ security with the current dual framework, particularly the lack of mandatory certifications. We conclude that policymakers need to consider cybersecurity as an indissociable aspect of safety to ensure robots are truly safe to use.     

Towards a Global Regulatory Framework for Cross-Border Data Flows—Fundamental Concerns and the China’s Approach

Cross-border data flows not only involve cross-border trade issues, but also severely challenge personal information protection, national data security, and the jurisdiction of justice and enforcement. As the current digital trade negotiations could not accommodate these challenges, China has initiated the concept of secure cross-border data flow and has launched a dual-track multi-level regulatory system, including control system for overseas transfer of important data, system of crossborder provision of personal information, and system of cross-border data request for justice and enforcement. To explore a global regulatory framework for cross-border data flows, legitimate and controllable cross-border data flows should be promoted, supervision should be categorized based on risk concerned, and the rule of law should be coordinated at home and abroad to promote system compatibility. To this end, the key is to build a compatible regulatory framework, which includes clarifying the scope of important data to define the “Negative List” for preventing national security risks, improving the cross-border accountability for protecting personal information rights and interests to ease pre-supervision pressure, and focusing on data access rights instead of data localization for upholding the jurisdiction of justice and enforcement.     

跨境证券犯罪刑事管辖及法律适用探讨

境内与境外的证券市场适用不同的法律监管体制,跨境证券犯罪的跨境特征可能使境内境外对相关证券犯罪均具有刑事管辖权,从而引发刑事管辖冲突。对于跨境证券交易的监管和法律适用,无论是在法律规定层面还是在司法实践层面,均应遵循“主场原则”。应明确监管职能上的分工以避免适用不同法律法规的混乱情况,应体现最大的监管效能并减少区际法律冲突。跨境证券犯罪的刑事管辖权归属应充分尊重行政监管原则和考虑前置性法律的适用,并与行政管辖权归属保持一致。跨境证券犯罪的刑事管辖权归属应考虑犯罪行为社会危害的主要发生地。以内幕交易为代表的跨境证券犯罪的主要行为是“交易”,根据区际刑事管辖冲突的解决规则,应由交易行为的发生地管辖,按照交易地的刑法对相关行为进行刑事评价。     

The European legal framework on cybercrime: striving for an effective implementation

This article analyzes the European legal framework on cybercrime. Initially, it argues the challenges of cybercrime to traditional criminal justice systems. Subsequently, it focuses on the criminal law framework on cybercrime with a mainly European perspective. The European legal framework provides a three-path solution: the reduction of frictions among national legislations, the introduction of new investigative powers and the facilitation of international cooperation. The article presents and discusses each solution. Further, it argues that the effective implementation of the main legal instruments does not seem to depend on the legal enforceability of these international measures. Contrarily, other, non legal, factors such as national security, politics, the economy and the public opinion appear to stimulate the spontaneous implementation of the European legal framework. In this context, the added value of the EU action is rather low, although the Treaty of Lisbon and the Stockholm Programme may improve this situation in the long term.     

后“SchremsⅡ案”时期欧盟数据跨境流动法律监管的演进及我国的因应

“SchremsⅡ案”对以隐私权和数据保护为核心构建的欧盟数据跨境流动规则体系产生重大影响,它要求无论使用何种数据跨境流动工具,都必须确保第三国能够提供与欧盟同等的保护水平。在该案的影响下,《欧盟基本权利宪章》在数据保护领域的地位进一步提高,保障措施的适用愈发严苛,欧洲数据保护委员会在数据保护领域将扮演更重要的角色,数据跨境流动欧盟法规则与国际贸易法的不兼容问题日益凸显。欧盟虽然结合SchremsⅡ案的判决完善了对数据跨境的法律监管,但依然没有减少外界对其监管合理性的质疑。我国对数据跨境流动的监管存在着配套立法不健全、规则可操作性差、多元价值失衡、缺乏内外联动的“中国方案”等问题。对此,应完善我国相关立法,加强中欧国际合作,共同引领构建数据跨境流动的国际规则。     

Energy Security and the Division of Competences between the European Community and its Member States

Abstract: Securing energy supply for Europe has been for decades at the forefront of the energy policies of individual European Community member countries. However, dealing with energy issues in general and securing energy supply in particular is a new phenomenon within the EU's regulatory framework. One important issue which has not yet been discussed by legal scholars and which has been questioned repeatedly by energy experts, is the question who is actually responsible to guarantee security of energy supply in Europe? Is it the European Community alone? Is it the Member States alone? Or is it both? This question cannot be answered without a detailed legal analysis of the EU law in general, and EU law on division of competences between the Community and the Member States in particular. This article seeks to highlight the complications of this area of law within the EU and expand it to cover the energy sector in order to determine who and under what circumstances is responsible for guaranteeing security of energy supply for the consumers within the EU borders.     

Patching the patchwork: appraising the EU regulatory framework on cyber security breaches

Breaches of security, a.k.a. security and data breaches, are on the rise, one of the reasons being the well-known lack of incentives to secure services and their underlying technologies, such as cloud computing. In this article, I question whether the patchwork of six EU instruments addressing breaches is helping to prevent or mitigate breaches as intended. At a lower level of abstraction, the question concerns appraising the success of each instrument separately. At a higher level of abstraction, since all laws converge on the objective of network and information security – one of the three pillars of the EU cyber security policy – the question is whether the legal ‘patchwork’ is helping to ‘patch’ the underlying insecurity of network and information systems thus contributing to cyber security. To answer the research question, I look at the regulatory framework as a whole, from the perspective of network and information security and consequently I use the expression cyber security breaches. I appraise the regulatory patchwork by using the three goals of notification identified by the European Commission as a benchmark, enriched by policy documents, legal analysis, and academic literature on breaches legislation, and I elaborate my analysis by reasoning on the case of cloud computing. The analysis, which is frustrated by the lack of adequate data, shows that the regulatory framework on cyber security breaches may be failing to provide the necessary level of mutual learning on the functioning of security measures, awareness of both regulatory authorities and the public on how entities fare in protecting data (and the related network and information systems), and enforcing self-improvement of entities dealing with information and services. I conclude with some recommendations addressing the causes, rather than the symptoms, of network and information systems insecurity.     

Trust in the proposed EU regulation on trust services?

A few months after ICRI's 20th anniversary conference the European Commission adopted on 4 June 2012 a draft regulation “on electronic identification and trusted services for electronic transactions in the internal market”. The proposed legal framework is intended to give legal effect and mutual recognition to trust services including enhancing current rules on e-signatures and providing a legal framework for electronic seals, time stamping, electronic document acceptability, electronic delivery and website authentication. Yet, this draft Regulation provokes many questions with regard to the implicit “trust” concept on which it is based. Starting from their experience in the EU FP7 uTRUSTit project (Usable Trust in the Internet of Things: www.utrustit.eu) and in other ICRI research projects, Jos Dumortier and Niels Vandezande have analyzed the proposed legislative text of the European Commission and wrote a few critical observations. Although obviously not presented at the conference in November 2011, it seemed worthwhile to add this contribution to its proceedings.     

论第三方支付跨境业务的法律规制

从主体角度看,目前我国第三方支付跨境业务存在立法位阶较低、立法可操作性不强、立法存在冲突、法律合作机制尚不健全等诸多问题.参考国外的立法实践,其在立法框架、监管体制及监管内容等方面都有可借鉴之处.本文认为,我国第三方支付跨境业务法律规制应当从外汇监管制度、安全风险防范制度、备付金监管制度、消费者权益保护制度等方面予以完善.     

Security,privacy and freedom and the EU legal and policy framework for biometrics

The adoption of the Treaty of Lisbon and the granting to the Charter of Fundamental Rights of the same legal force as the Treaty has lent a new impulse to the consideration of fundamental human rights by the European Union (EU). The question remains, however, as to how this legal discourse, centred upon human rights, is actually shaping the EU regulatory framework in specific policy domains. The aim of this paper is to critically appraise the ways that the fundamental rights of security, privacy and freedom guaranteed by the Charter are being construed in the context of EU law and policy on biometrics, an ethically and morally sensitive security technology whose development and use are being actively promoted by the EU. We conclude that the interpretation of the pertinent rights, as well as their balancing, owes a great deal to the goals of EU policies for research and development, and under the auspices of Freedom, Security and Justice, shaped largely by political and economic considerations. These considerations then tend to prevail over ethically or morally-based legal claims.     

Protecting the communication: Data protection and security measures under telecommunications regulations in the digital age

This paper aims to provide a comparative overview and evaluation of various legal frameworks for electronic communications security in light of the recent developments in the electronic communications sector. The article also includes an insight on European Union and Turkish legal environment for data protection security in electronic communications sector.     

Legal and ethical considerations of biometric identity card: Case for Mauritius

The highly connected nature of the current era has raised the need for more secure systems, and hence the demand for biometric-based authentication methods. In 2013, the Mauritian Government invested massively in the collection of data, and implementation of the national biometric identity card scheme. The latter has suffered a number of contestations among the population, and several cases were consequently filed at the Supreme Court of Mauritius to oppose the use of this biometric card. The main concern was the collection of biometric data which posed threats to the privacy of individuals. Additionally, the collection and retention of biometric data lead to security issues. In this paper, the challenges with respect to the usage of the biometric card are analysed. The laws governing data protection are discussed, together with the legal framework used for data collection and retention. Following the court decisions, several amendments have been made to the existing laws in order to cater for the usage of biometric data for the public interest. Finally, recommendations are made with regards to a legal framework which will enhance the security of biometric data, and eventually encouraging public acceptance of this biometric identification system.     

The choice of child delivery is a European human right

In a judgment of 14 December 2010, in the case of Madam Ternovszky v. Hungary, the European Court of Human Rights has considered that a State should provide an adequate regulatory scheme concerning the right to choose in matters of child delivery (at home or in a hospital). In the context of homebirth, regarded as a matter of personal choice of the mother, this implies that the mother is entitled to a legal and institutional environment that enables her choice. This contribution stresses in which sense the regulatory schemes in the Member States Belgium, Germany, the Netherlands, France and the UK concerning the choice of child delivery are in accordance with Article 8 ECHR, the right to respect for the private life. Do the Member States provide the legal certainty to a mother that the midwife can legally assist a homebirth? Or are restrictions made in interests of public health?     

English Alternative Business Structures and the European single market

English Alternative Business Structures (ABS) are likely to put the European legal framework on lawyer mobility and cross-border provision of legal services to its first serious test. Continental European bars are defending a reading of the applicable European Directives which would allow them to keep English ABS out of their markets. Whether the European Court of Justice (ECJ) will agree with this protectionist interpretation of the applicable European rules remains to be seen. This paper challenges the legal arguments in favour of protectionism and argues that it will be very difficult for Continental European bars to keep English ABS out of their markets.     

Free movement of law students and lawyers in the EU: a comparison of English,German and Greek legislation

This article focuses on the linked themes of mobility within the European Union for law students and for lawyers. It highlights obstacles to cross-border legal education and legal practice across three Member States: England and Wales, Germany, and Greece. The European legal framework is outlined. The implications of recent case law of the European Court of Justice, on the conditions of access to higher education and financial support, are considered. Three main areas of concern are identified: admission arrangements; student finance; and the professional recognition of qualifications. The article compares the approach of the three Member States in each of these areas and explores conflicts between their domestic law provisions and European Union law. The article concludes by identifying ways in which ‘Europeanisation’ of legal education and the legal profession could be encouraged by facilitating law student mobility and by modernising the law curriculum.     

欧盟信息安全法律框架之解读

网络与信息系统安全已经引起了全世界共同关注,美国和欧盟在这一领域走在了世界的前列。伴随中欧经济、文化交流的日益密切,欧盟信息安全法律框架也为我国立法提供了可资借鉴的蓝本。通过解读欧盟信息安全法律框架的演变轨迹及其特点,结合我国信息安全保障立法现状,分析当前我国信息安全立法的主要着力点,提出我国应加快信息安全立法进程,用法律形式明确信息安全监管机构和监管模式,构建有中国特色的信息安全法律体系。     

Electronic personhood for artificial intelligence in the workplace

There are several legal and ethical problems associated with the far-reaching integration of man with Artificial Intelligence (AI) within the framework of algorithmic management. One of these problems is the question of the legal subjectivity of the parties to a contractual obligation within the framework of crowdworking, which includes the service provider, the Internet platform with AI, and the applicant's client. Crowdworking is an excellent example of a laboratory of interdependence and collaboration between humans and artificial intelligence as part of the algorithmic management process. Referring to the example of crowdworking platforms, we should ask whether, in the face of the rapid development of AI and algorithmic management, AI can be an employer equipped with electronic personhood? What characteristics does a work environment in which AI and algorithmic governance mechanisms play a dominant role? What kind of ethical implications are associated with the practical application of the concept of electronic subjectivity of AI in employment relations? This paper analyses the legal and ethical implications of electronic AI subjectivity in the work environment. The legal construction of electronic personhood is examined. The legal entity that uses AI, which manages the work process through algorithmic subordination, bears the risks resulting from such use (economic, personal, technical, and social) and full material responsibility (individual liability regime with the application of the presumption of guilt rule) in case of damage to an employee. Liability provisions can be complemented by a mandatory insurance scheme for AI users and a compensation fund that can offer support when none of the insurance policies covers the risk. A compensation fund can be paid for by the manufacturer, owner, user, or trainer of the AI and can compensate all those who suffer damage as a result of its operations. This is the direction proposed by the European Parliament, which has progressively called for robots to be given an electronic personality. The personalistic concept of work excludes the possibility of AI becoming a legal entity. Alongside legal arguments, ethical questions are of fundamental importance. The final part of the article presents the ethical implications of AI as an employer endowed with a legal entity (electronic personhood).     

论毒品犯罪侦查中的控制下交付手段

控制下交付是目前国际社会普遍认同的,在打击跨国、跨地区毒品犯罪中发挥重要作用的侦查手段,具有隐蔽性、合法性等特点。近几年我国侦查机关运用该手段取得了较好的成效。但运用控制下交付必须遵循一定的实施原则,并注意与此相关的法律问题。     

Treating or Tracking? Regulatory Challenges of Nano‐Enabled ICT Implants

The increasing commercialisation of human ICT implants has generated debate over the ethical, legal, and social implications of their use. The convergence of nanotechnologies with ICT is likely to further challenge the current legal frameworks that regulate them. The aim of this article is to examine the effectiveness of the European data protection legal framework for regulating this “next generation” of nano‐enabled ICT human implantable devices. The article highlights the potential regulatory challenges posed by the applications and makes a series of recommendations as to how the current European legal framework on data protection will respond to them.     

Developing regulatory standards for the concept of security in online dispute resolution systems

Online dispute resolution (ODR) has improved access to justice in the digital world. ODR users benefit from faster and cheaper dispute resolution mechanisms compared to traditional litigation and Alternative Dispute Resolution. There are few and quite varied regulatory systems for ODR.This research aims to develop a set of standards to measure the concept of security and to increase the consistency of security in ODR systems. An exploratory mixed method approach is used, involving a quantitative (survey) and mainly qualitative approach (face-to-face interviews) for gathering data. We identify three elements of information security, privacy, and authentication as standards for an appropriate ODR legal framework. Finally, these findings led to practical implications for policy makers and regulators.