Trust in the information society

Trust is an important feature for all users of the Internet who rely on the safety and security of network technologies and systems for their daily lives. Trust, or the lack of it, has also been identified by the European Commission’s Digital Agenda as a major barrier to further development of the information society in Europe. One of the areas in which concerns have been raised is in relation to children’s safety online. As a result, substantial efforts have been made by policymakers and by the industry to build greater trust and confidence in online digital safety. This paper examines what trust means in the context of children’s use of the Internet. Should policy on trust enhancement, for instance, include children’s own trust in the technologies or services they use or is it sufficient to seek to reinforce parental and adult confidence that children can be adequately protected? What is required to build that trust from either perspective? Does it need, or should it include a relationship of trust between parents and children? To tease out these questions further, the paper examines current European Union policy frameworks on digital safety, particularly industry responses to the call for a more trusted Internet environment for children, and argues that technical solutions to be effective need to carefully balance a number of competing objectives and to be sufficiently grounded in evidence of parental and child experience of the Internet.     

The Cyprus and other EU court rulings on data retention: The Directive as a privacy bomb

This paper discusses the controversy surrounding the Data Retention Directive with an emphasis on the 2011 decision of the Cyprus Supreme Court which has annulled several district court orders that allowed the police access to telecommunications data relating to certain persons relevant to criminal investigations. The annulment has been on the ground that the legal provisions upon which the orders have been issued are unconstitutional. It will suggest that the decision does not entail a direct rejection of the EU Data Retention Directive and that in any event, Cyprus is not a Member State resisting the particular measure. This is because the legal provisions are deemed unconstitutional, though part of the law that has transposed the relevant Directive into national law are provisions that go beyond what the EU legislator intended to regulate through that Directive. Still, the particular Directive sits rather uneasily within the ‘human rights’ regime, in particular the one governing the individual right of privacy.     

Trust in the clouds

The “cloud” is not new, and its roots go back to the original plans for computing from the 1950s. Now that computing is moving back to the original cloud-based models that were envisioned more than 60 years ago, with it, consumers are realizing the increases in security and safety that accompany the move to centralized servers. Yet the perception of “trust” in this context is often still formed by views that people have from their use of computers over the past two decades, which is localized in nature (“if I can see it, I can control it”). This view is based on perception more than fact. Our paper discusses different views of trust in other contexts (such as banking and travel) and concludes that users of cloud computing should recast their view of trust in a similar way that consumers of banking and travel have changed their perceptions of trust in the last 100 years.     

Regulating electronic identity in the European Union: An analysis of the Lisbon Treaty’s competences and legal basis for eID

This paper discusses the feasibility of EU legal action in the field of electronic identity (eID) within the new distribution of legal competences and the provision of novel legal basis engendered by the Treaty of Lisbon. The article attempts to find a ‘legal anchor’ to the idea of a pan-European electronic identity within EU law, looking at the issues of competences and legal basis. After examining various different areas of competence and the most feasible (and probable) candidates for a legal basis supporting an EU legal framework for eID, the paper argues that the latter should be found in the combination of Article 16 TFEU (concerning the right to the protection of personal data) with Article 3 TUE, and Articles 26 and 114 TFEU (concerning the establishment and functioning of the Internal Market), which also constitute the area of competence where an eID legal initiative can be pursued.     

Data breach notification law in the EU and Australia – Where to now?

Mandatory data breach notification laws have been a significant legislative reform in response to unauthorized disclosures of personal information by public and private sector organizations. These laws originated in the state-based legislatures of the United States during the last decade and have subsequently garnered worldwide legislative interest. We contend that there are conceptual and practical concerns regarding mandatory data breach notification laws which limit the scope of their applicability, particularly in relation to existing information privacy law regimes. We outline these concerns here, in the light of recent European Union and Australian legal developments in this area.     

Allocating responsibility among controllers,processors, and “everything in between”: the definition of actors and roles in Directive 95/46/EC

In Opinion 1/2010, the Article 29 Data Protection Working Party has provided additional guidance concerning the concepts of ‘controller’ and ‘processor’ contained in Directive 95/46/EC. This guidance aims to assist practitioners in their determination of whether an entity is acting as a controller or as a processor towards a particular data processing operation. Despite the fact that this opinion is informative, the existing framework still appears to leave room for a considerable amount of legal uncertainty. This uncertainty is attributable in part to the nature of the existing concepts, but also (and perhaps to a larger extent) to their apparent misalignment with current processing realities. In this paper, the author seeks to articulate why the existing concepts often remain difficult to apply in practice, in order to enable a constructive reflection on how these issues might be addressed in the future.     

Medical data breaches: Notification delayed is notification denied

The EU and the United States have implemented data breach notification rules that cover the health sectors. Nevertheless, data breach incidents involving medical data continue to rise, especially in the US and the UK. The HITECH Act, Pub. L. 111-5 Title XIII is the first federal health breach notification law in the US to be characterized by less government intrusions, while the revised EU Privacy Directive, 2009/136/EC calls for tougher privacy protection for data held by electronic communication providers. While the EU law sets a global de facto standard, the law remains toothless without strong enforcement mechanisms.     

After Waterhouse: vicarious liability and the tort of institutional abuse

As evidence of the extent of the abuse of children in residential care increases, our understanding of this terrible wrong has altered. These assaults are an institutional syndrome, at the same time that they are individual crimes; certain systems of institutional care are conducive to/foster abuse behaviour (acting as 'crucibles' rather than 'honeypots'for rogue paedophiles). A theory of vicarious (institutional) liability is appropriate if we understand a syndrome of institutional abuse in this way, as involving institutional responsibility in addition to individual fault. The recent decision of the Canadian Supreme Court in Bazley v Curry found a children's home vicariously liable for sexual assaults of an employee on the basis of responsibility through the creation of risk, an analysis of and apportionment of liability which is appropriate to the special syndrome of institutional abuse, while encouraging deterrence and providing fair and practical compensation to victims. This analysis/liability is supported by an economic analysis of institutional child abuse and decision making in child protection.     

损益相抵在保护性约束损害赔偿中应用之我见

损益相抵规则虽在我国立法尚无明文规定,但在司法实践中已经普遍适用,损益相抵规则在适用过程中的难点是其适用范围和标准判断。保护性约束致损赔偿作为医疗损害赔偿的一种,法律性质上是违约责任和侵权责任的竟合,且保护性约束有效制止了患者在冲动时意外事件的发生,避免了患者及家属对因意外事件发生应承担的相关责任,获得了间接的额外利益,属于损益相抵规则的适用范围。     

俄罗斯联邦检察机关的“一般监督”职能及其对我国的启示

1922年5月28日,当时的苏维埃俄国通过了《俄罗斯社会主义联邦苏维埃共和国检察机关条例》,首次赋予检察机关以"一般监督"职能。自此之后,检察机关的"一般监督"职能得以继承和发展。目前,检察机关的"一般监督"职能,在俄罗斯联邦检察机关的检察监督职能中仍然占据首要地位,並在发现和消除行政执法过程中许多行政违法行为(作为或不作为)方面,发挥着举足轻重的作用。考察和研究俄罗斯联邦检察机关"一般监督"职能的历史发展、主要内容和实践效果,对我国具有重要的启示意义。