日本加快走向“情报强国”

冷战结束以来,日本政府在加紧走向＂政治强国＂、＂军事强国＂的同时,也在加紧走向＂情报强国＂。设立＂国家安全会议＂,强化国家安全战略的决策机制;整顿战后建立的情报体制,加强情报的搜集和分析能力;加紧建立太空情报体系,编织严密的卫星侦察网络;拓展对外情报合作,建立国际性情报网络。日本正从上述多个方面不断加强情报搜集的组织、体制和情报搜集功能的建设。     

东北亚大国关系中第三方因素及地区安全共同治理

中日关系经济上的合作依存度与政治上的纷争摩擦常态化这一结构性的矛盾日趋显现.从更深层次上探究中日政治经济所处的这种分裂状态根源,从本质上讲背后蕴涵着东北亚大国关系中的域外因素:即美国的第三方因素,其对东北亚的和平稳定发挥着特殊作用.东北亚大国在地区的竞争摩擦时常较为突出,但中美日在东亚地区还是蕴涵着许多重大的共同利益.东北亚传统的"管制型"安全模式需向大国共同"治理型"模式转变趋向,意味着大国区域安全治理的权利、利益、责任的平等与分享,地区安全治理是在大国协作框架下的共同治理,应注重大国在地区安全事务中的关键作用.     

中国与朝鲜经贸关系转型中的困境及对策

新世纪以来,中朝经贸关系保持快速发展态势。其中的重要转变是从过去以战略安全为主导的经贸关系逐步转向以市场为主导的经贸关系,这一转变预示朝鲜正处于向市场经济转型的初始阶段。而在中朝经贸关系持续发展过程中,中国和朝鲜各自存在的问题影响、甚至阻碍着双边经贸关系的进一步发展,为了超越障碍、抓住朝鲜亟须外部支持之时机,中国有必要从重新确定双边经贸关系战略地位等方面入手,积极推动中朝经贸关系深入发展。     

加强中国与东盟能源安全合作的国际法思考

中国与东盟的能源安全合作已从现实和制度层面展开,但是仍然存在能源产品出口受到限制、能源运输通道安全受到威胁、南海问题向国际化方向发展等问题,应当注重国际法规范在保障中国与东盟能源安全合作中的作用,利用联合国条约体系、WTO协议和CAFTA协议,充分认识ECT和NAFTA协定的借鉴意义。     

Ownership of personal data in the Internet of Things

This article analyses, defines, and refines the concepts of ownership and personal data to explore their compatibility in the context of EU law. It critically examines the traditional dividing line between personal and non-personal data and argues for a strict conceptual separation of personal data from personal information. The article also considers whether, and to what extent, the concept of ownership can be applied to personal data in the context of the Internet of Things (IoT). This consideration is framed around two main approaches shaping all ownership theories: a bottom-up and top-down approach. Via these dual lenses, the article reviews existing debates relating to four elements supporting introduction of ownership of personal data, namely the elements of control, protection, valuation, and allocation of personal data. It then explores the explanatory advantages and disadvantages of the two approaches in relation to each of these elements as well as to ownership of personal data in IoT at large. Lastly, this article outlines a revised approach to ownership of personal data in IoT that may serve as a blueprint for future work in this area and inform regulatory and policy debates.     

Asia Pacific news

This column provides a country-by-country analysis of the latest legal developments, cases and issues relevant to the IT, media and telecommunications' industries in key jurisdictions across the Asia Pacific region. The articles appearing in this column are intended to serve as ‘alerts’ and are not submitted as detailed analyses of cases or legal developments.     

The introduction of data breach notification legislation in Australia: A comparative view

This article argues that Australia's recently-passed data breach notification legislation, the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth), and its coming into force in 2018, makes an internationally important, yet imperfect, contribution to data breach notification law. Against the backdrop of data breach legislation in the United States and European Union, a comparative analysis is undertaken between these jurisdictions and the Australian scheme to elucidate this argument. Firstly, some context to data breach notification provisions is offered, which are designed to address some of the problems data breaches cause for data privacy and information security. There have been various prominent data breaches affecting Australians over the last few years, which have led to discussion of what can be done to deal with their negative effects. The international context of data breach notification legislation will be discussed, with a focus on the United States and European Union jurisdictions, which have already adopted similar laws. The background to the adoption of the Australia legislation will be examined, including the general context of data privacy and security protection in Australia. The reform itself will be then be considered, along with the extent to which this law is fit for purpose and some outstanding concerns about its application. While data breach notification requirements are likely to be a positive step for data security, further reform is probably necessary to ensure strong cybersecurity. However, such reform should be cognisant of the international trends towards the adoption of data security measures including data breach notification, but lack of alignment in standards, which may be burdensome for entities operating in the transnational data economy.     

European national news

This article tracks developments at the national level in key European countries in the area of IT and communications and provides a concise alerting service of important national developments. It is co-ordinated by Herbert Smith Freehills LLP and contributed to by firms across Europe. This column provides a concise alerting service of important national developments in key European countries. Part of its purpose is to complement the Journal's feature articles and briefing notes by keeping readers abreast of what is currently happening “on the ground” at a national level in implementing EU level legislation and international conventions and treaties. Where an item of European National News is of particular significance, CLSR may also cover it in more detail in the current or a subsequent edition.     

Asia Pacific news

This column provides a country-by-country analysis of the latest legal developments, cases and issues relevant to the IT, media and telecommunications’ industries in key jurisdictions across the Asia Pacific region. The articles appearing in this column are intended to serve as ‘alerts’ and are not submitted as detailed analyses of cases or legal developments.     

An approach to minimizing legal and reputational risk in Red Team hacking exercises

Robust cyber-resilience depends on sound technical controls and testing of those controls in combination with rigorous cyber-security policies and practices. Increasingly, corporations and other organizations are seeking to test all of these, using methods more sophisticated than mere network penetration testing or other technical audit operations. More sophisticated organizations are also conducting so-called “Red Team” exercises, in which the organization tasks a small team of highly skilled and trained individuals to try to gain unauthorized access to physical and logical company assets and information. While such operations can have real value, they must be planned and conducted with great care in order to avoid violating the law or creating undue risk and reputational harm to the organization. This article explores these sometimes tricky issues, and offers practical risk-based guidance for organizations contemplating these types of exercises.