Reduced payer's liability for unauthorized payment transactions under the second Payment Services Directive (PSD2)

In 2015, the European legislator enacted the second Payment Services Directive, which, among other things, determines the payer's liability for unauthorized payment transactions. This paper will show that PSD2 has widened its scope and further reduces the payer's liability for unauthorized transactions, for example by making it impossible to hold the payer liable in case no strong customer authentication has been applied, by requiring supporting evidence to prove the payer's fraud or gross negligence and by applying the same rules when unauthorized transactions are initiated through a payment initiation service.     

民法典视野下社交网络账号的继承

社交网络账号为用户与网络服务平台之间的服务协议,社交账号的继承问题本质上为用户对自己网络信息的支配权限界定,属于个人对其数据及信息的利用范畴。社交网络账户具有财产性、身份性与人格性多重法律属性。社交网络账户具有可继承性,其性质、用户协议及个人信息保护义务均不排除账号继承的可能性。社交账号继承规则的构建首先需要区分社交网络账号本身与账号中存储的信息,其次根据社交性网络账户的类型构建不同维度的继承规则。账号内存储信息的继承应当优先保障用户的自主权,可以通过构建数字化信托的模式实现,保障用户决定是否允许继承的自主利益,并消除社交账号继承中的负外部性。同时《民法典》第1122条规定的“遗产”的内涵应当做扩大解释。     

Cloud forecasting: Legal visibility issues in saturated environments

The advent of cloud computing has brought the computing power of corporate data processing and storage centers to lightweight devices. Software-as-a-service cloud subscribers enjoy the convenience of personal devices along with the power and capability of a service. Using logical as opposed to physical partitions across cloud servers, providers supply flexible and scalable resources. Furthermore, the possibility for multitenant accounts promises considerable freedom when establishing access controls for cloud content. For forensic analysts conducting data acquisition, cloud resources present unique challenges. Inherent properties such as dynamic content, multiple sources, and nonlocal content make it difficult for a standard to be developed for evidence gathering in satisfaction of United States federal evidentiary standards in criminal litigation. Development of such standards, while essential for reliable production of evidence at trial, may not be entirely possible given the guarantees to privacy granted by the Fourth Amendment and the Electronic Communications Privacy Act. Privacy of information on a cloud is complicated because the data is stored on resources owned by a third-party provider, accessible by users of an account group, and monitored according to a service level agreement. This research constructs a balancing test for competing considerations of a forensic investigator acquiring information from a cloud.     

Mobile payments: Current and emerging regulatory and contracting issues

Sitting at the heart of m-commerce and at the intersection of the value chains of the payments, mobile, retail and technology industries, mobile payments are set to grow rapidly in the short and medium terms. M-payments are giving rise to the development of a new ecosystem of market participants including card schemes, MNOs, retailers, device suppliers, service providers and trusted service managers. Key regulatory considerations arising include e- money and payment services, mobile services regulation, consumer protection, data privacy and standards. The contractual landscape linking the various parties inhabiting the ecosystem is also rapidly developing, with key issues around revenue models, customer ownership, technology development, and risk and liability. Parties involved in mobile payments will need to carefully assess their and others' roles and regulatory aspects in determining their strategy and how to approach contractual discussions.     

Electronic identities – public or private

In the real world, we usually identify persons by their appearance, voice, and so on. If this is not sufficient, identity cards are used. In the virtual world the situation is different. The basic concepts of the internet provide for unique identification of devices, not of their users. Hence, some kind of identity management system is required, which can be provided either by the state or by the private sector. Official electronic identity schemes, such as the Austrian Citizen Card, are being established in more and more countries. The carrier media of the Citizen Card is a smart card but, since 2009, the mobile phone signature is offered as a more comfortable alternative. However, much more widespread than that are simple user accounts with passwords, one for each individual service. This system has significant flaws. A solution can be provided by the concept of identity federation: an ‘identity ecosystem’ can be established in which a user can choose among several identity providers, authorise them to identify him towards service providers, authorise attribute providers to provide particular qualified user information to a service provider, etc. In this paper the different concepts mentioned above are elaborated and their interrelations and legal difficulties are described.     

Building sustainable free legal advisory systems: Experiences from the history of AI & law

The enthusiasm for artificial intelligence (AI) as a source of solutions to problems is not new. In law, from the early 1980s until at least the early 2000s, considerable work was done on developing ‘legal expert systems.’ As the DataLex project, we participated in those developments, through research and publications, commercial and non-commercial systems, and teaching students application development. This paper commences with a brief account of that work to situate our perspective.The main aim of this paper is an assessment of what might be of value from the experience of the DataLex Project to contemporary use of ‘AI and law’ by free legal advice services, who must necessarily work within funding and other constraints in developing and sustaining such systems. We draw fifteen conclusions from this experience, which we consider are relevant to development of systems for free legal advice services. The desired result, we argue, is the development of integrated legal decision-support systems, not ‘expert systems’ or ‘robot lawyers’. We compare our insights with the approach of the leading recent text in the field, and with a critical review of the field over twenty-five years. We conclude that the approach taken by the DataLex Project, and now applied to free legal advice services, remains consistent with leading work in field of AI and law.The paper concludes with brief suggestions of what are the most desirable improvements to tools and platforms to enable development of free legal advice systems. The objectives of free access to legal information services have much in common with those of free legal advice services. The information resources that free access to law providers (including LIIs) can provide will often be those that free legal advice services will need to use to develop and sustain free legal advisory systems. There is therefore strong potential for valuable collaborations between these two types of services providers.     

Privacy and Search Engines: Forgetting or Contextualizing?

This article considers the much‐criticized ‘right to be forgotten’ in the context of the European Court of Justice's judgment in the Google Spain case. It defends the ‘right to be forgotten’ as a metaphor that can provide us with a better understanding of the particular privacy concerns of the search‐engine age and their interaction with the freedom to access information, and draws on Goffman's idea of ‘information games’ and Nissenbaum's theory of ‘contextual integrity’. While supporting the principles that underpin the judgment, the article rejects the Court's binary approach of ‘forgetting’ versus ‘remembering’ personal information. Instead, it argues that the EU legislator should introduce more nuanced means of addressing modern privacy concerns. By establishing two remedies – ‘delisting’ or ‘reordering’, depending on the nature of the information – online information flows can be adjusted to preserve both the right to privacy and the freedom to access information in more contextually appropriate ways.     

“Experts by Experience”: The Involvement of Service Users and Families in Designing and Implementing Innovations in Family Justice

Drawing on international research, policy, and practice, this article explores what is meant by service user involvement, how it has developed, and how it has been implemented across different areas of practice. Using examples from across the health and social care fields, it reflects on how the learning from other areas of practice in which service user involvement has been successful may be applied to the family justice field. The arguments presented highlight the value of taking a bottom‐up approach in designing and implementing innovations in family justice, which would embrace the views of family members, including children, as ‘service users.’ It is important, however, to balance both the challenges and the opportunities offered by involving those who are ‘experts by experience’ in the family justice processes, in order to lead to improved services and experiences.     

A CONSUMER-WELFARE APPROACH TO NETWORK NEUTRALITY REGULATION OF THE INTERNET

"Network neutrality" is the shorthand for a proposed regimeof economic regulation for the Internet. Because of the trendto deliver traditional telecommunications services, as wellas new forms of content and applications, by Internet protocol(IP), a regime of network neutrality regulation would displaceor subordinate a substantial portion of existing telecommunicationsregulation. If the United States adopts network neutrality regulation,other industrialized nations probably will soon follow. As aresult of their investment to create next-generation broadbandnetworks, network operators have the ability to innovate insidethe network by offering both senders and receivers of informationgreater bandwidth and prioritization of delivery. Network neutralityregulation would, among other things, prevent providers of broadbandInternet access service (such as digital subscriber line (DSL)or cable modem service) from offering a guaranteed, expediteddelivery speed in return for the payment of a fee. The practicaleffect of banning such differential pricing (called "accesstiering" by its critics) would be to prevent the pricing ofaccess to content or applications providers according to priorityof delivery. To the extent that an advertiser of a good or servicewould be willing to contract with a network operator for advertisingspace on the network operator's affiliated content, anotherpractical effect of network neutrality regulation would be toerect a barrier to vertical integration of network operatorsinto advertising-based business models that could supplementor replace revenues earned from their existing usage-based businessmodels. Moreover, by making end-users pay for the full costof broadband access, network neutrality regulation would denybroadband access to the large number of consumers who wouldnot be able to afford, or who would not have a willingness topay for, what would otherwise be less expensive access. Forexample, Google is planning to offer broadband access to end-usersfor free in San Francisco by charging other content providersfor advertising. This product offering is evidently predicatedon the belief that many end-users demand discounted or freebroadband access that is paid for by parties other than themselves.Proponents of network neutrality regulation argue that suchrestrictions on the pricing policies of network operators arenecessary to preserve innovation on the edges of the network,as opposed to innovation within the network. However, recognizingthat network congestion and real-time applications demand somedifferential pricing according to bandwidth or priority, proponentsof network neutrality regulation would allow broadband Internetaccess providers to charge higher prices to end-users (but notcontent or applications providers) who consume more bandwidthor who seek priority delivery of certain traffic. Thus, thedebate over network neutrality is essentially a debate overhow best to finance the construction and maintenance of a broadbandnetwork in a two-sided market in which senders and receivershave additive demand for the delivery of a given piece of information—andhence additive willingness to pay. Well-established tools ofRamsey pricing from regulatory economics can shed light on whethernetwork congestion and recovery of sunk investment in infrastructureare best addressed by charging providers of content and applications,broadband users, or both for expedited delivery. Apart fromthis pricing problem, an analytically simpler component of proposednetwork neutrality regulation would prohibit a network operatorfrom denying its users access to certain websites and Internetapplications, such as voice over Internet protocol (VoIP). Althoughsome instances of blocking of VoIP have been reported, suchconduct is not a serious risk to competition. To address thisconcern, I analyze whether market forces (that is, competitionamong access providers) and existing regulatory structures aresufficient to protect broadband users. I conclude that economicwelfare would be maximized by allowing access providers to differentiateservices vis-à-vis providers of content and applicationsin value-enhancing ways and by relying on existing legal regimesto protect consumers against the exercise of market power, shouldit exist.     

论竞价排名服务提供者注意义务的边界

在搜索引擎竞价排名关键词引发的商标权侵权和反不正当竞争案件中,服务提供者的注意义务边界是判断其是否应当承担帮助侵权责任的关键。我国各地司法判决对此问题的回应呈现出一定差异。搜索引擎的竞价排名服务虽然属于广告业务,但与传统广告不同,其本质是一种网络信息检索服务。在个案中,应考查竞价排名服务提供者对于侵权行为的预见水平和控制能力,为市场竞争和技术的精进留下自由的发展空间,在消费者、权利人、市场经营者、网络服务提供者的利益之间寻求平衡。竞价排名服务提供者注意义务的边界的设定应当以追求社会福利的最大化为目标。     

Utilising AI in the legal assistance sector—Testing a role for legal information institutes

The use of artificial intelligence (AI) in law has again become of great interest to lawyers and government. Legal Information Institutes (LIIs) have played a significant role in the provision of legal information via the web. The concept of ‘free access to law’ is not static, and the evolution of its principles now requires a response from providers of free access to legal information (‘a LII response’) to this renewed prominence of AI. This should include improving and expanding free access to legal advice. This paper proposes, and proposes to test, one approach that LIIs might take in the use of AI (specifically, ‘decision support’ or ‘intelligent assistance’ (IA) technologies), an approach that leverages the very large legal information assets that some LIIs have built over the past two decades. This approach focuses on how LIIs can assist providers of free legal advice (the ‘legal assistance sector’) to serve their clients. We consider the constraints that the requirement of ‘free’ imposes (on both the legal assistance sector and on LIIs), including on what types of free legal advice systems are sustainable, and what roles LIIs may realistically play in the development of such a ‘commons of free legal advice’. We suggest guidelines for development of such systems. The AI-related services and tools that the Australasian Legal Information Institute (AustLII) is providing (the ‘DataLex’ platform), and how they could be used to achieve these goals, are outlined.     

Internet of Things – New security and privacy challenges

The Internet of Things, an emerging global Internet-based technical architecture facilitating the exchange of goods and services in global supply chain networks has an impact on the security and privacy of the involved stakeholders. Measures ensuring the architecture's resilience to attacks, data authentication, access control and client privacy need to be established. An adequate legal framework must take the underlying technology into account and would best be established by an international legislator, which is supplemented by the private sector according to specific needs and thereby becomes easily adjustable. The contents of the respective legislation must encompass the right to information, provisions prohibiting or restricting the use of mechanisms of the Internet of Things, rules on IT-security-legislation, provisions supporting the use of mechanisms of the Internet of Things and the establishment of a task force doing research on the legal challenges of the IoT.     

How to attribute the right to data portability in Europe: A comparative analysis of legislations

The number of online services is constantly growing, offering numerous and unprecedented advantages for consumers. Often, the access to these services requires the disclosure of personal information. This personal data is very valuable as it concedes significant advantages over competitors, allowing better answers to the customer's needs and therefore offering services of a better quality. For some services, analysing the customers' data is at the core of their business model. Furthermore, personal data has a monetary value as it enables the service providers to pursue targeted advertising. Usually, the first companies who provide a service will benefit from large volumes of data and might create market entrance barriers for new online providers, thus preventing users from the benefits of competition. Furthermore, by holding a grip on this personal data, they are making it more expensive or burdensome for the user to shift to a new service. Because of this value, online services tend to keep collected information and impede their users to reuse the personal data they have provided. This behaviour results in the creation of a lock-in effect. Upcoming awareness for this problem has led to the demand of a right to data portability. The aim of this paper is to analyse the different legislative systems that exist or have been recently created in this regard that would grant a right to data portability. Firstly, this article draws up the framework of data portability, explaining its origin, general aspects, advantages as well as its possible downfalls. Secondly, the core of the article is approached as the different ways of granting data portability are analysed. In this regard, the possible application of European Competition Law to prohibit restrictions to data portability is examined. Afterwards, an examination of the application of U.S. Antitrust Law is made to determine whether it could be a source of inspiration for European legislators. Finally, an analysis of the new General Data Protection Regulation is made with respect to the development of data portability throughout the European legislative procedure. This article makes a cross-examination of legislations, compares them with one another in order to offer a reflection on the future of portable data in Europe, and finally attempts to identify the best approach to attribute data portability.     

Medicare program; revised procedures for paying claims from providers of services--HCFA. Final notice

This final notice announces the implementation of a uniform payment policy and procedures for paying providers of services under Medicare Parts A and B. The revised payment policy allows providers to elect to receive claims payments through either (1) electronic funds transfer; or (2) hard copy checks sent directly by first class mail. The procedures allow intermediaries and carriers to pay providers through direct deposits into providers' bank accounts if the providers (1) are already electronic media claims billers; (2) accept an electronic remittance notice in lieu of a paper remittance notice; and (3) request electronic funds transfer in writing. The procedures are issued in response to requests from both contractors and HCFA regional offices to implement a policy for payment methods that treats all payees uniformly.     

A survey of current social network and online communication provision policies to support law enforcement identify offenders

Online forms of harassment, stalking and bullying on social network and communication platforms are now arguably wide-spread and subject to regular media coverage. As these provision continue to attract millions of users, generating significant volumes of traffic, regulating abuse and effectively reprimanding those who are involved in it, is a difficult and sometimes impossible task. This article collates information acquired from 22 popular social network and communication platforms in order to identify current regulatory gaps. Terms of service and privacy policies are reviewed to assess existing practices of data retention to evaluate the feasibility of law enforcement officials tracking those whose actions breach the law. For each provision, account sign-up processes are evaluated and policies for retaining Internet Protocol logs and user account information are assessed along with the availability of account preservation orders. Finally, recommendations are offered for improving current approaches to regulating social network crime and online offender tracking.     

‘Monsters don’t bother me anymore’ forensic mental health service users’ experiences of acceptance and commitment therapy for psychosis

Acceptance and Commitment Therapy for psychosis (ACTp) is an approach that aims to change the relationship an individual with psychosis has with difficult thoughts, emotions and experiences. It promotes the use of acceptance, defusion, mindfulness and focussing on valued outcomes as opposed to struggling with psychotic experiences. This service evaluation project explored service users’ experiences and meanings of ACTp within a medium secure mental health service. Thematic analysis was used to analyse interviews with 10 male service users. Four main themes emerged from the data: ‘Recovery’, ‘Insight’, ‘Developing Skills’ and ‘Accessibility’. Overall, service users viewed their experience of ACTp positively and identified encouraging therapeutic outcomes. These findings suggest that ACTp is an approach that should be considered a therapeutic option within forensic mental health contexts. These outcomes were compared with previous research findings. Limitations of the study, clinical implications and ideas for future research have been discussed.     

A case study on anonymised sharing platforms and digital traces left by their usage

Non-local forms of file storage and transfer provide investigatory concerns. Whilst mainstream cloud providers offer a well-established challenge to those involved in criminal enquiries, there are also a host of services offering non-account based ‘anonymous’ online temporary file storage and transfer. From the context of a digital forensic investigation, the practitioner examining a suspect device must detect when such services have been utilised by a user, as offending files may not be resident on local storage media. In addition, identifying the use of a service may also expose networks of illegal file distribution, supporting wider investigations into criminal activity. This work examines 16 anonymous file transfer services and identifies and interprets the digital traces left behind on a device following their use to support law enforcement investigations.     

I have a Facebook account,therefore I am – authentication with social networks

ABSTRACT

Social login is the use of a social network account to get access to other services. Since the internet in its architecture does not have the possibility to identify the internet user, for many services, social logins are the solution to authenticate users without the need to set up individual identity management systems. Social logins are not useful for all types of services, however, and the potential lock-in and lock-out of users needs to be considered.     

Metadata Retention as a Means of Combatting Terrorism and Organised Crime: A Perspective from Australia

On October 13, 2015, new laws came into force in Australia requiring telecommunications service providers to retain and store their ‘metadata’ for 2 years so that it remains available for analysis by anti-terrorism strategists and organised crime fighters. But there are ongoing issues associated with this legislative approach, including the threats to privacy thereby, and concerns that the retention system can be circumvented entirely. This paper will outline the legal and criminological questions that need to be explored in order to help policymakers work through these issues so that an appropriate balance can be struck between forestalling crime and terrorism using all available electronic means, and not unduly curtailing the legitimate rights to privacy that citizens in modern democracies currently expect to enjoy.     

Normative challenges of identification in the Internet of Things: Privacy,profiling, discrimination,and the GDPR

In the Internet of Things (IoT), identification and access control technologies provide essential infrastructure to link data between a user's devices with unique identities, and provide seamless and linked up services. At the same time, profiling methods based on linked records can reveal unexpected details about users' identity and private life, which can conflict with privacy rights and lead to economic, social, and other forms of discriminatory treatment. A balance must be struck between identification and access control required for the IoT to function and user rights to privacy and identity. Striking this balance is not an easy task because of weaknesses in cybersecurity and anonymisation techniques. The EU General Data Protection Regulation (GDPR), set to come into force in May 2018, may provide essential guidance to achieve a fair balance between the interests of IoT providers and users. Through a review of academic and policy literature, this paper maps the inherent tension between privacy and identifiability in the IoT. It focuses on four challenges: (1) profiling, inference, and discrimination; (2) control and context-sensitive sharing of identity; (3) consent and uncertainty; and (4) honesty, trust, and transparency. The paper will then examine the extent to which several standards defined in the GDPR will provide meaningful protection for privacy and control over identity for users of IoT. The paper concludes that in order to minimise the privacy impact of the conflicts between data protection principles and identification in the IoT, GDPR standards urgently require further specification and implementation into the design and deployment of IoT technologies.