空白刑法规范的特性及其解释

空白罪状由于概括性的委任立法使得规范弹性具有难以避免性和合理性,法律概念的相对性更为明显,部门法规范的易变性也使得其容易出现偏离立法规范目标的情况,对其必须进行刑法的独立规范判断,区分事实问题和法律问题。提倡双向对应的规范解释路径,能够有效地实现概括的类型化转向具体的定型化,获得规范与事实的一致。由于罪刑法定在技术上并无制约作用,因此规范解释空白罪状时,重要的是合理运用解释方法,以得出妥善结论,注重目的解释和体系解释可以有效地实现刑法的规范保护任务。     

继承权放弃相关问题之探析

实践中绝大多数的继承纠纷源于继承人对遗产的争夺,但是放弃继承在实践中亦不鲜见,是继承法律制度研究的一项重要内容。我国关于继承权放弃的立法较为抽象和原则,实务中缺乏可操作性,有必要对继承权放弃的相关理论与实务问题进行阐述和探讨。     

论《服务贸易总协定》的投资协定性质

《服务贸易总协定》在性质上是各国签订的国际投资协定,并非贸易协定,这是由服务本身的性质造成的。从《服务贸易总协定》的性质和宗旨看,发达国家有意搭多边贸易体制的便车,以服务贸易之名行对外投资之实;从《服务贸易总协定》对服务的分类看,商业存在和自然人流动无疑要伴随着跨国投资;从《服务贸易总协定》对最惠国待遇和国民待遇的规定看,这里的待遇实际上是给予服务的提供者而不仅仅是给予作为商品的服务;从《服务贸易总协定》对市场准入的规定看,市场准入允许服务提供者在他国进行投资设业,这涉及东道国对外资的审批。《服务贸易总协定》的签订,不仅丰富了世界贸易组织的议题,也为世界贸易组织的运行带来了新的挑战。     

试论“后悔权”设立之法学证成

作为舶来事物,＂后悔权＂一经浮出水面,即遭受或赞或弹的命运。其中的质疑不无道理,但又有失偏颇。据此,厘清＂后悔权＂之真正意旨,区别相关权利,奠定对其讨论的正确基础实为必须且为必要。此外,＂后悔权＂作为一个货真价实的＂国际惯例＂,无理由将之拒之门外,但为避免＂水土不服＂的尴尬,其设立必须兼顾本土实际,即：一切从实际出发,设立中国特色的＂后悔权＂制度——＂有限后悔权＂制度。     

From ‘Doctor Knows Best’ to Dignity: Placing Adults Who Lack Capacity at the Centre of Decisions About Their Medical Treatment

In 1989, the House of Lords first derived a ‘best interests’ test for the medical treatment of adults who lack capacity from the doctrine of necessity and, now codified, the test continues to apply today. The Mental Capacity Act 2005 sets out a non‐exhaustive checklist of relevant considerations, but it gives no particular priority to the patient's wishes. There is also no formal expectation that the patient will participate directly in any court proceedings in which her best interests are to be determined. This article will consider the advantages and disadvantages of providing additional guidance to decision‐makers in order to help them navigate both taking seriously the wishes of people who lack capacity and, at the same time, not abandoning patients who need help and support. More specifically, this article advocates formalising current best practice in the Court of Protection through the introduction of a series of rebuttable presumptions, or starting points.     

Ownership of personal data in the Internet of Things

This article analyses, defines, and refines the concepts of ownership and personal data to explore their compatibility in the context of EU law. It critically examines the traditional dividing line between personal and non-personal data and argues for a strict conceptual separation of personal data from personal information. The article also considers whether, and to what extent, the concept of ownership can be applied to personal data in the context of the Internet of Things (IoT). This consideration is framed around two main approaches shaping all ownership theories: a bottom-up and top-down approach. Via these dual lenses, the article reviews existing debates relating to four elements supporting introduction of ownership of personal data, namely the elements of control, protection, valuation, and allocation of personal data. It then explores the explanatory advantages and disadvantages of the two approaches in relation to each of these elements as well as to ownership of personal data in IoT at large. Lastly, this article outlines a revised approach to ownership of personal data in IoT that may serve as a blueprint for future work in this area and inform regulatory and policy debates.     

Are ‘pseudonymised’ data always personal data? Implications of the GDPR for administrative data research in the UK

There has naturally been a good deal of discussion of the forthcoming General Data Protection Regulation. One issue of interest to all data controllers, and of particular concern for researchers, is whether the GDPR expands the scope of personal data through the introduction of the term ‘pseudonymisation’ in Article 4(5). If all data which have been ‘pseudonymised’ in the conventional sense of the word (e.g. key-coded) are to be treated as personal data, this would have serious implications for research. Administrative data research, which is carried out on data routinely collected and held by public authorities, would be particularly affected as the sharing of de-identified data could constitute the unconsented disclosure of identifiable information.Instead, however, we argue that the definition of pseudonymisation in Article 4(5) GDPR will not expand the category of personal data, and that there is no intention that it should do so. The definition of pseudonymisation under the GDPR is not intended to determine whether data are personal data; indeed it is clear that all data falling within this definition are personal data. Rather, it is Recital 26 and its requirement of a ‘means reasonably likely to be used’ which remains the relevant test as to whether data are personal. This leaves open the possibility that data which have been ‘pseudonymised’ in the conventional sense of key-coding can still be rendered anonymous. There may also be circumstances in which data which have undergone pseudonymisation within one organisation could be anonymous for a third party. We explain how, with reference to the data environment factors as set out in the UK Anonymisation Network's Anonymisation Decision-Making Framework.     

The introduction of data breach notification legislation in Australia: A comparative view

This article argues that Australia's recently-passed data breach notification legislation, the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth), and its coming into force in 2018, makes an internationally important, yet imperfect, contribution to data breach notification law. Against the backdrop of data breach legislation in the United States and European Union, a comparative analysis is undertaken between these jurisdictions and the Australian scheme to elucidate this argument. Firstly, some context to data breach notification provisions is offered, which are designed to address some of the problems data breaches cause for data privacy and information security. There have been various prominent data breaches affecting Australians over the last few years, which have led to discussion of what can be done to deal with their negative effects. The international context of data breach notification legislation will be discussed, with a focus on the United States and European Union jurisdictions, which have already adopted similar laws. The background to the adoption of the Australia legislation will be examined, including the general context of data privacy and security protection in Australia. The reform itself will be then be considered, along with the extent to which this law is fit for purpose and some outstanding concerns about its application. While data breach notification requirements are likely to be a positive step for data security, further reform is probably necessary to ensure strong cybersecurity. However, such reform should be cognisant of the international trends towards the adoption of data security measures including data breach notification, but lack of alignment in standards, which may be burdensome for entities operating in the transnational data economy.     

Clarity,surprises, and further questions in the Article 29 Working Party draft guidance on automated decision-making and profiling

The Article 29 Data Protection Working Party's recent draft guidance on automated decision-making and profiling seeks to clarify European data protection (DP) law's little-used right to prevent automated decision-making, as well as the provisions around profiling more broadly, in the run-up to the General Data Protection Regulation. In this paper, we analyse these new guidelines in the context of recent scholarly debates and technological concerns. They foray into the less-trodden areas of bias and non-discrimination, the significance of advertising, the nature of “solely” automated decisions, impacts upon groups and the inference of special categories of data—at times, appearing more to be making or extending rules than to be interpreting them. At the same time, they provide only partial clarity – and perhaps even some extra confusion – around both the much discussed “right to an explanation” and the apparent prohibition on significant automated decisions concerning children. The Working Party appears to feel less mandated to adjudicate in these conflicts between the recitals and the enacting articles than to explore altogether new avenues. Nevertheless, the directions they choose to explore are particularly important ones for the future governance of machine learning and artificial intelligence in Europe and beyond.     

A comparison of data protection legislation and policies across the EU

Although the protection of personal data is harmonized within the EU by Directive 95/46/EC and will be further harmonized by the General Data Protection Regulation (GDPR) in 2018, there are significant differences in the ways in which EU member states implemented the protection of privacy and personal data in national laws, policies, and practices. This paper presents the main findings of a research project that compares the protection of privacy and personal data in eight EU member states: France, Germany, the UK, Ireland, Romania, Italy, Sweden, and the Netherlands. The comparison focuses on five major themes: awareness and trust, government policies for personal data protection, the applicable laws and regulations, implementation of those laws and regulations, and supervision and enforcement.The comparison of privacy and data protection regimes across the EU shows some remarkable findings, revealing which countries are frontrunners and which countries are lagging behind on specific aspects. For instance, the roles of and interplay between governments, civil rights organizations, and data protections authorities vary from country to country. Furthermore, with regard to privacy and data protection there are differences in the intensity and scope of political debates, information campaigns, media attention, and public debate. New concepts like privacy impact assessments, privacy by design, data breach notifications and big data are on the agenda in some but not in all countries. Significant differences exist in (the levels of) enforcement by the different data protection authorities, due to different legal competencies, available budgets and personnel, policies, and cultural factors.