Trust in the clouds

The “cloud” is not new, and its roots go back to the original plans for computing from the 1950s. Now that computing is moving back to the original cloud-based models that were envisioned more than 60 years ago, with it, consumers are realizing the increases in security and safety that accompany the move to centralized servers. Yet the perception of “trust” in this context is often still formed by views that people have from their use of computers over the past two decades, which is localized in nature (“if I can see it, I can control it”). This view is based on perception more than fact. Our paper discusses different views of trust in other contexts (such as banking and travel) and concludes that users of cloud computing should recast their view of trust in a similar way that consumers of banking and travel have changed their perceptions of trust in the last 100 years.     

Regulating electronic identity in the European Union: An analysis of the Lisbon Treaty’s competences and legal basis for eID

This paper discusses the feasibility of EU legal action in the field of electronic identity (eID) within the new distribution of legal competences and the provision of novel legal basis engendered by the Treaty of Lisbon. The article attempts to find a ‘legal anchor’ to the idea of a pan-European electronic identity within EU law, looking at the issues of competences and legal basis. After examining various different areas of competence and the most feasible (and probable) candidates for a legal basis supporting an EU legal framework for eID, the paper argues that the latter should be found in the combination of Article 16 TFEU (concerning the right to the protection of personal data) with Article 3 TUE, and Articles 26 and 114 TFEU (concerning the establishment and functioning of the Internal Market), which also constitute the area of competence where an eID legal initiative can be pursued.     

Data breach notification law in the EU and Australia – Where to now?

Mandatory data breach notification laws have been a significant legislative reform in response to unauthorized disclosures of personal information by public and private sector organizations. These laws originated in the state-based legislatures of the United States during the last decade and have subsequently garnered worldwide legislative interest. We contend that there are conceptual and practical concerns regarding mandatory data breach notification laws which limit the scope of their applicability, particularly in relation to existing information privacy law regimes. We outline these concerns here, in the light of recent European Union and Australian legal developments in this area.     

Medical data breaches: Notification delayed is notification denied

The EU and the United States have implemented data breach notification rules that cover the health sectors. Nevertheless, data breach incidents involving medical data continue to rise, especially in the US and the UK. The HITECH Act, Pub. L. 111-5 Title XIII is the first federal health breach notification law in the US to be characterized by less government intrusions, while the revised EU Privacy Directive, 2009/136/EC calls for tougher privacy protection for data held by electronic communication providers. While the EU law sets a global de facto standard, the law remains toothless without strong enforcement mechanisms.     

俄罗斯联邦检察机关的“一般监督”职能及其对我国的启示

1922年5月28日,当时的苏维埃俄国通过了《俄罗斯社会主义联邦苏维埃共和国检察机关条例》,首次赋予检察机关以"一般监督"职能。自此之后,检察机关的"一般监督"职能得以继承和发展。目前,检察机关的"一般监督"职能,在俄罗斯联邦检察机关的检察监督职能中仍然占据首要地位,並在发现和消除行政执法过程中许多行政违法行为(作为或不作为)方面,发挥着举足轻重的作用。考察和研究俄罗斯联邦检察机关"一般监督"职能的历史发展、主要内容和实践效果,对我国具有重要的启示意义。     

《职务发明条例》：必要之善抑或非必要之恶？

制定《职务发明条例》在宏观和微观两个层面均不具备现实必要性.在借鉴国外立法例的时候,《职务发明条例草案》存在法律依据异质与借鉴过时国外立法例的瑕疵.颁行《职务发明条例》有可能导致过度的政府规制,以及导致企业商业秘密泄露、额外增加企业经营成本、引发“多任务委托—代理问题”和收入分配不公等其他问题.     

美国联邦政府的煤矿安全生产监管制度研究

中美两国都是世界上最主的煤炭生产国和消费国.但是,两国的煤矿安全状况却存在较大差异.除了煤炭产业结构、技术水平和资源禀赋等因素之外,煤矿安全监管法治建设也是导致这一差异的重原因.美国煤矿安全生产立法经历多轮修订,不断纠正历次重大煤矿事故暴露出的监管缺陷,建立起独立高效的煤矿安全监管体系,完善煤矿安全监察和事故调查程序,优化了法律责任和执法机制.此外,煤矿安全监察员和煤矿从业人员的强制培训制度,也可以有效加强监管机构的监管能力和监管对象的合规水平.而美国矿山安全和健康委员会独立负责的行政复议,有效保障了对行政执法行为的纠错和对相对人的救济功能.这些经验值得中国参考借鉴.     

Default entitlements in personal data in the proposed Regulation: Informational self-determination off the table … and back on again?

This paper aims to assess the proposed General Data Protection Regulation through the framework of default entitlements in personal data. The notion of default entitlements comes from economic analysis of law and provides new insights into the implications of the data protection reform. While, under the principle of informational self-determination the default entitlements should lie with the individual, the Commission is shown to assign a great deal of default rights to others, including the Information Industry. This article cautions against the possibility of reducing the European system of data protection rooted in the values of individual autonomy and informational self-determination to a mere set of administrative rules channelling the flow of personal data, yet without a clear direction.     

各利益相关者在医院与社区双向转诊合作中的责任与机制简

针对目前双向转诊中信息不能共享、药品获得和费用报销障碍、社区人力服务水平相对较差等问题,从双向转诊中各利益相关者角度分析在双向转诊实施过程中政府、医疗机构（医院与社区卫生服务机构）、患者与家属各自应当承担的责任,提出相应的措施及改进机制。     

论电子数据提取笔录的属性与适用

电子数据的获取程序是否规范直接影响电子数据真实性的认定。电子数据提取笔录由于能够客观反映电子数据获取的过程而成为对电子数据进行鉴真的重要依据,它既能够连接电子数据与案件事实,又反映了取证过程的合法性和保管链条的完整性。从属性上看,电子数据提取笔录具有独立的证据属性,它不仅有别于物证、书证和证人证言,而且有别于其他笔录类证据。对电子数据提取笔录的证据资格和证明力的判断也具有特殊性。当前,可通过同步录音录像、引入外部监督、明确制作人员义务等方式规范电子数据提取笔录的适用。