Can hyperlinks and digital rights management secure affordable access to information?

Digital Rights Management Systems (DRMs) related control mechanism, which are analogous to and augment the exclusive rights, have been the subject of debate since the early 1980s. DRMs, which function like an electronic security guard that ‘never leaves its post, never takes a break and never sleeps,¹ can invade the privacy of individuals, prevent competition and/or control access to a work that is not or is no longer copyright protected. Hyperlinks are citations of an electronic address, but when clicked they navigate the user to the source of further information, including codes circumventing DRMs. This article accepts that the excesses of DRMs can outreach copyright and/or contract law, but argues that DRMs provide an opportunity for innovative business models, which can both protect digital works and promote free use of hyperlinks. Part 1 outlines the background and legislative provisions related to DRMs. It contrasts the WIPO Copyright Treaty (WCT) 1996,² Articles 11 and 12, with corresponding provisions found in the implementing legislation of the US Digital Millennium Copyright Act (DMCA) 1998,³ and the EU Copyright Directive (EUCD) 2001.⁴ It also examines the intellectual property aspects of the Trans-Pacific Partnership (TPP) and Europe's Anti-counterfeiting Trade Agreement (ACTA).⁵ Part 2 debates opposing academic opinion and comments on case law relating to DRMs, including the use of hyperlinks as a way of trafficking circumvention technology and/or facilitating unauthorised access to a copyright work. It assesses the extent to which DRMs might inhibits the development of new products, prevents competition, or invades the privacy of individuals, and points to the opportunities a consumer group-rightholder negotiated model end user licence can offer. Part 3 concludes that DRMs bolsters the clutches of the rightholder, but reduce unauthorised access to information thus minimising revenue loss, which can make hyperlinked ‘consumer’ access to information ‘affordable,’ or even free.     

Will the European Commission be able to standardise legal technology design without a legal method?

Privacy by Design (PbD) is a kind of precautionary legal technology design. It takes opportunities for fundamental rights without creating risks for them. Now the EU Commission “promised” to implement PbD with Art. 23(4) of its proposal of a General Data Protection Regulation. It suggests setting up a committee that can define technical standards for PbD. However the Commission did not keep its promise. Should it be left to the IT security experts who sit in the committee but do not have the legal expertise, to decide on our privacy or, by using overly detailed specifications, to prevent businesses from marketing innovative products? This paper asserts that the Commission's implementation of PbD is not acceptable as it stands and makes positive contributions for the work of a future PbD committee so that the Commission can keep its promise to introduce precautionary legal technology design.     

Data attack of the cybercriminal: Investigating the digital currency of cybercrime

It is increasingly argued that the primary motive of the cybercriminal and the major reason for the continued growth in cyber attacks is financial gain. In addition to the direct financial impact of cybercrime, it can also be argued that the digital data and the information it represents that can be communicated through the Internet, can have additional intrinsic value to the cybercriminal. In response to the perceived value and subsequent demand for illicit data, a sophisticated and self-sufficient underground digital economy has emerged. The aim of this paper is to extend the author’s earlier research that first introduced the concept of the Cybercrime Execution Stack by examining in detail the underlying data objectives of the cybercriminal. Both technical and non-technical law enforcement investigators need the ability to contextualise and structure the illicit activities of the cybercriminal, in order to communicate this understanding amongst the wider law enforcement community. By identifying the potential value of electronic data to the cybercriminal, and discussing this data in the context of data collection, data supply and distribution, and data use, demonstrates the relevance and advantages of utilising an objective data perspective when investigating cybercrime.     

Protecting the privacy and security of sensitive customer data in the cloud

The global ubiquity of cloud computing may expose consumers' sensitive personal data to significant privacy and security threats. A critical challenge for the cloud computing industry is to earn consumers' trust by ensuring adequate privacy and security for sensitive consumer data. Regulating consumer privacy and security also challenges government enforcement of data protection laws that were designed with national borders in mind. From an information privacy perspective, this article analyses how well the regulatory frameworks in place in Europe and the United States help protect the privacy and security of sensitive consumer data in the cloud. It makes suggestions for regulatory reform to protect sensitive information in cloud computing environments and to remove regulatory constraints that limit the growth of this vibrant new industry.     

European Court of Justice rules on the protection of databases under the Database Directive (96/9/EC)

The European Court of Justice has ruled on the circumstances in which databases may be protected by the Database Directive. In a decision that renders the protection of databases a narrow concept, the ECJ appears to have introduced a new requirement that a database must comprise its author's “creative ability” in order to qualify for protection as a copyright work.     

Legal grounds to process personal data under Spanish legislation after the ECJ Judgment of 24 November 2011 (the ASNEF and FECEMD case)

Spanish law on personal data protection regulates (among other issues) the legal bases that permit the processing of data in a way that is similar to that set out in Directive 95/46/EC. Consent constitutes the general rule although data may be processed without it if necessary for administration functions, within the framework of a contractual relationship, in order to safeguard the vital interests of the data subject or if they are included in sources accessible to the public. However, unlike the Directive, legitimate interest is not recognised as an independent reason for processing data, whereas a legal ground that is not set out in community law is included, i.e., sources accessible to the public. This paper analyses these two cases, taking as its starting point consent, along with the consequences that the ECJ Judgment of 24 November 2011 regarding the interpretation of Article 7 of Directive 95/46/EC may have and giving attention to the revision of this Directive itself.     

Data protection in Malaysia and Hong Kong: One step forward,two steps back?

Continuing rapid developments in information communication technology has led to an ever increasing amount of personal information being collected, processed, stored and used, without the individual even knowing about it. For countries which have domestic legislation relating to privacy and data protection, it has afforded the opportunity for a review. For others, it has opened up the opportunity to legislate. The aim of the paper is three-fold. First, the paper aims to deal with data protection regime in Malaysia and in Hong Kong by examining the salient features of the newly enacted Malaysia's Personal Data Protection Act 2010 and the recent recommendations for legislative reform to the Personal Data (Privacy) Ordinance in Hong Kong. Second, it considers whether the laws are more concerned with legitimising data protection practices of organizations and businesses rather than the protection of individuals' privacy interests. Finally, the paper briefly considers whether the laws adequately address the impact to individuals' data privacy brought about by technological advancements before providing a conclusion.     

Personal data protection in employment: New legal challenges for Malaysia

The purpose of this article is to discuss and apply data protection principles in the context of employment. The Personal Data Protection Act (PDPA), passed by the Malaysian Parliament in 2010, has affected many aspects of life in Malaysia, including employment. Storage of data by employers is rampant. Management, as the data user, is duty bound to safeguard the employees' data according to the PDPA. Likewise, the employees, as data subjects, enjoy some rights under the PDPA. The author also examines issues of privacy law: whether such law exists in Malaysia and, if so, whether it can be reconciled with the PDPA's principles. The author adopts legal methodology anchored in exploratory analysis, with the legislative text as the main reference point.     

Accounts and accountability: Theoretical implications of the right-to-information movement in India

The work of a small and unusual activist group in the north Indian state of Rajasthan has raised a series of practical and theoretical issues concerning the best means for combating specific instances of corruption, and for promoting accountability more generally. The Mazdoor Kisan Shakti Sangathan (MKSS)-literally-:Workers' and Farmers' Power Organisation-has waged a campaign to secure the right of ordinary people to gain access to information held by government officials. In the process of experimenting with methods of compiling, sharing and verifying expenditure data at very local levels-thus far, in the absence of a statutory entitlement to such informationthe MKSS has developed a radical interpretation of the notion that citizens have a right both to know how they are governed and to participate actively in the process of auditing their representatives. This article examines the process by which this campaign emerged and the means by which it pursues its goals. It then analyses the implications of the MKSS experience, and the larger movement it has spawned, for contemporary debates in three areas: human rights, participatory development and, of course, anti-corruption.