for Journals by Title or ISSN
for Articles by Keywords
help
  Subjects -> BUSINESS AND ECONOMICS (Total: 3251 journals)
    - ACCOUNTING (100 journals)
    - BANKING AND FINANCE (275 journals)
    - BUSINESS AND ECONOMICS (1195 journals)
    - CONSUMER EDUCATION AND PROTECTION (23 journals)
    - COOPERATIVES (4 journals)
    - ECONOMIC SCIENCES: GENERAL (183 journals)
    - ECONOMIC SYSTEMS, THEORIES AND HISTORY (196 journals)
    - FASHION AND CONSUMER TRENDS (13 journals)
    - HUMAN RESOURCES (96 journals)
    - INSURANCE (26 journals)
    - INTERNATIONAL COMMERCE (131 journals)
    - INTERNATIONAL DEVELOPMENT AND AID (87 journals)
    - INVESTMENTS (22 journals)
    - LABOR AND INDUSTRIAL RELATIONS (45 journals)
    - MACROECONOMICS (16 journals)
    - MANAGEMENT (543 journals)
    - MARKETING AND PURCHASING (95 journals)
    - MICROECONOMICS (24 journals)
    - PRODUCTION OF GOODS AND SERVICES (139 journals)
    - PUBLIC FINANCE, TAXATION (36 journals)
    - TRADE AND INDUSTRIAL DIRECTORIES (2 journals)

BUSINESS AND ECONOMICS (1195 journals)                  1 2 3 4 5 6 | Last

Showing 1 - 200 of 1566 Journals sorted alphabetically
4OR: A Quarterly Journal of Operations Research     Hybrid Journal   (Followers: 10)
Abacus     Hybrid Journal   (Followers: 13)
Accounting Forum     Hybrid Journal   (Followers: 25)
Acta Amazonica     Open Access   (Followers: 5)
Acta Commercii     Open Access   (Followers: 4)
Acta Oeconomica     Full-text available via subscription   (Followers: 2)
Acta Scientiarum. Human and Social Sciences     Open Access   (Followers: 8)
Acta Universitatis Danubius. Œconomica     Open Access   (Followers: 3)
Acta Universitatis Nicolai Copernici Zarządzanie     Open Access   (Followers: 4)
AD-minister     Open Access   (Followers: 3)
Admisi dan Bisnis     Open Access  
ADR Bulletin     Open Access   (Followers: 5)
Advances in Developing Human Resources     Hybrid Journal   (Followers: 23)
Advances in Economics and Business     Open Access   (Followers: 13)
AfricaGrowth Agenda     Full-text available via subscription   (Followers: 1)
African Affairs     Hybrid Journal   (Followers: 65)
African Development Review     Hybrid Journal   (Followers: 36)
African Journal of Business and Economic Research     Full-text available via subscription   (Followers: 3)
African Journal of Business Ethics     Open Access   (Followers: 6)
African Review of Economics and Finance     Open Access   (Followers: 3)
Afro-Asian Journal of Finance and Accounting     Hybrid Journal   (Followers: 7)
Afyon Kocatepe Üniversitesi İktisadi ve İdari Bilimler Fakültesi Dergisi     Open Access   (Followers: 3)
Agronomy     Open Access   (Followers: 10)
Akademika : Journal of Southeast Asia Social Sciences and Humanities     Open Access   (Followers: 7)
Alphanumeric Journal : The Journal of Operations Research, Statistics, Econometrics and Management Information Systems     Open Access   (Followers: 5)
American Economic Journal : Applied Economics     Full-text available via subscription   (Followers: 176)
American Enterprise Institute     Free  
American Journal of Business     Hybrid Journal   (Followers: 17)
American Journal of Business and Management     Open Access   (Followers: 53)
American Journal of Business Education     Open Access   (Followers: 12)
American Journal of Economics and Business Administration     Open Access   (Followers: 26)
American Journal of Economics and Sociology     Hybrid Journal   (Followers: 30)
American Journal of Evaluation     Hybrid Journal   (Followers: 14)
American Journal of Finance and Accounting     Hybrid Journal   (Followers: 21)
American Journal of Health Economics     Full-text available via subscription   (Followers: 13)
American Journal of Industrial and Business Management     Open Access   (Followers: 23)
American Journal of Medical Quality     Hybrid Journal   (Followers: 7)
American Law and Economics Review     Hybrid Journal   (Followers: 27)
ANALES de la Universidad Central del Ecuador     Open Access   (Followers: 3)
Annales de l'Institut Henri Poincare (C) Non Linear Analysis     Full-text available via subscription   (Followers: 1)
Annals in Social Responsibility     Full-text available via subscription  
Annals of Finance     Hybrid Journal   (Followers: 29)
Annals of Operations Research     Hybrid Journal   (Followers: 10)
Annual Review of Economics     Full-text available via subscription   (Followers: 32)
Anuario Facultad de Ciencias Económicas y Empresariales     Open Access   (Followers: 2)
Applied Developmental Science     Hybrid Journal   (Followers: 3)
Applied Economics     Hybrid Journal   (Followers: 42)
Applied Economics Letters     Hybrid Journal   (Followers: 29)
Applied Economics Quarterly     Full-text available via subscription   (Followers: 9)
Applied Financial Economics     Hybrid Journal   (Followers: 25)
Applied Mathematical Finance     Hybrid Journal   (Followers: 8)
Applied Stochastic Models in Business and Industry     Hybrid Journal   (Followers: 6)
Arab Economic and Business Journal     Open Access   (Followers: 4)
Archives of Business Research     Open Access   (Followers: 6)
Arena Journal     Full-text available via subscription   (Followers: 1)
Argomenti. Rivista di economia, cultura e ricerca sociale     Open Access   (Followers: 4)
ASEAN Economic Bulletin     Full-text available via subscription   (Followers: 5)
Asia Pacific Business Review     Hybrid Journal   (Followers: 7)
Asia Pacific Journal of Human Resources     Hybrid Journal   (Followers: 321)
Asia Pacific Journal of Innovation and Entrepreneurship     Open Access  
Asia Pacific Viewpoint     Hybrid Journal   (Followers: 1)
Asia-Pacific Journal of Business Administration     Hybrid Journal   (Followers: 5)
Asia-Pacific Journal of Operational Research     Hybrid Journal   (Followers: 3)
Asia-Pacific Management and Business Application     Open Access   (Followers: 1)
Asian Business Review     Open Access   (Followers: 3)
Asian Case Research Journal     Hybrid Journal   (Followers: 1)
Asian Development Review     Open Access   (Followers: 13)
Asian Economic Journal     Hybrid Journal   (Followers: 8)
Asian Economic Papers     Hybrid Journal   (Followers: 7)
Asian Economic Policy Review     Hybrid Journal   (Followers: 4)
Asian Journal of Accounting and Governance     Open Access   (Followers: 3)
Asian Journal of Business Ethics     Hybrid Journal   (Followers: 9)
Asian Journal of Social Sciences and Management Studies     Open Access   (Followers: 7)
Asian Journal of Sustainability and Social Responsibility     Open Access   (Followers: 1)
Asian Journal of Technology Innovation     Hybrid Journal   (Followers: 8)
Asian-pacific Economic Literature     Hybrid Journal   (Followers: 5)
AStA Wirtschafts- und Sozialstatistisches Archiv     Hybrid Journal   (Followers: 5)
ATA Journal of Legal Tax Research     Full-text available via subscription   (Followers: 4)
Atlantic Economic Journal     Hybrid Journal   (Followers: 11)
Australasian Journal of Regional Studies, The     Full-text available via subscription   (Followers: 1)
Australian Cottongrower, The     Full-text available via subscription   (Followers: 1)
Australian Economic Papers     Hybrid Journal   (Followers: 32)
Australian Economic Review     Hybrid Journal   (Followers: 3)
Australian Journal of Maritime and Ocean Affairs     Hybrid Journal   (Followers: 9)
Balkan Region Conference on Engineering and Business Education     Open Access   (Followers: 1)
Baltic Journal of Real Estate Economics and Construction Management     Open Access   (Followers: 2)
Banks in Insurance Report     Hybrid Journal   (Followers: 1)
BBR - Brazilian Business Review     Open Access   (Followers: 4)
Benchmarking : An International Journal     Hybrid Journal   (Followers: 10)
Benefit : Jurnal Manajemen dan Bisnis     Open Access   (Followers: 1)
BER : Consumer Confidence Survey     Full-text available via subscription   (Followers: 3)
BER : Economic Prospects : An Executive Summary     Full-text available via subscription  
BER : Economic Prospects : Full Survey     Full-text available via subscription   (Followers: 1)
BER : Intermediate Goods Industries Survey     Full-text available via subscription  
BER : Manufacturing Survey : Full Survey     Full-text available via subscription   (Followers: 1)
BER : Motor Trade Survey     Full-text available via subscription  
BER : Retail Sector Survey     Full-text available via subscription   (Followers: 1)
BER : Retail Survey : Full Survey     Full-text available via subscription   (Followers: 1)
BER : Survey of Business Conditions in Building and Construction : An Executive Summary     Full-text available via subscription   (Followers: 3)
BER : Survey of Business Conditions in Manufacturing : An Executive Summary     Full-text available via subscription   (Followers: 2)
BER : Survey of Business Conditions in Retail : An Executive Summary     Full-text available via subscription   (Followers: 3)
BER : Trends : Full Survey     Full-text available via subscription   (Followers: 1)
BER : Wholesale Sector Survey     Full-text available via subscription  
Berkeley Business Law Journal     Free   (Followers: 9)
Bio-based and Applied Economics     Open Access   (Followers: 1)
Biodegradation     Hybrid Journal   (Followers: 1)
Biology Direct     Open Access   (Followers: 7)
BizInfo (Blace) Journal of Economics, Management and Informatics     Open Access  
Black Enterprise     Full-text available via subscription  
Board & Administrator for Administrators only     Hybrid Journal  
Boletim Técnico do Senac     Open Access  
Border Crossing : Transnational Working Papers     Open Access   (Followers: 4)
Briefings in Real Estate Finance     Hybrid Journal   (Followers: 5)
British Journal of Industrial Relations     Hybrid Journal   (Followers: 36)
Brookings Papers on Economic Activity     Open Access   (Followers: 46)
Brookings Trade Forum     Full-text available via subscription   (Followers: 3)
BRQ Business Research Quarterly     Open Access   (Followers: 2)
Building Sustainable Legacies : The New Frontier Of Societal Value Co-Creation     Full-text available via subscription   (Followers: 1)
Bulletin of Economic Research     Hybrid Journal   (Followers: 17)
Bulletin of Geography. Socio-economic Series     Open Access   (Followers: 5)
Bulletin of Indonesian Economic Studies     Hybrid Journal   (Followers: 3)
Bulletin of the Dnipropetrovsk University. Series : Management of Innovations     Open Access   (Followers: 1)
Business & Entrepreneurship Journal     Open Access   (Followers: 19)
Business & Information Systems Engineering     Hybrid Journal   (Followers: 4)
Business & Society     Hybrid Journal   (Followers: 10)
Business : Theory and Practice / Verslas : Teorija ir Praktika     Open Access   (Followers: 1)
Business and Economic Research     Open Access   (Followers: 7)
Business and Management Horizons     Open Access   (Followers: 12)
Business and Management Research     Open Access   (Followers: 18)
Business and Management Studies     Open Access   (Followers: 11)
Business and Politics     Hybrid Journal   (Followers: 8)
Business and Professional Communication Quarterly     Hybrid Journal   (Followers: 7)
Business and Society Review     Hybrid Journal   (Followers: 5)
Business Economics     Hybrid Journal   (Followers: 9)
Business Ethics Quarterly     Full-text available via subscription   (Followers: 13)
Business Ethics: A European Review     Hybrid Journal   (Followers: 18)
Business Horizons     Hybrid Journal   (Followers: 8)
Business Information Review     Hybrid Journal   (Followers: 14)
Business Management and Strategy     Open Access   (Followers: 41)
Business Research     Hybrid Journal   (Followers: 2)
Business Strategy and the Environment     Hybrid Journal   (Followers: 13)
Business Strategy Review     Hybrid Journal   (Followers: 7)
Business Strategy Series     Hybrid Journal   (Followers: 6)
Business Systems & Economics     Open Access   (Followers: 2)
Business Systems Research Journal     Open Access   (Followers: 5)
Business, Management and Education     Open Access   (Followers: 17)
Business, Peace and Sustainable Development     Full-text available via subscription   (Followers: 3)
Bustan     Hybrid Journal  
Cadernos EBAPE.BR     Open Access   (Followers: 1)
Cambridge Journal of Economics     Hybrid Journal   (Followers: 61)
Cambridge Journal of Regions, Economy and Society     Hybrid Journal   (Followers: 10)
Canadian Journal of Administrative Sciences / Revue Canadienne des Sciences de l Administration     Hybrid Journal   (Followers: 1)
Canadian Journal of Economics/Revue Canadienne d`Economique     Hybrid Journal   (Followers: 29)
Canadian journal of nonprofit and social economy research     Open Access   (Followers: 2)
Capitalism and Society     Hybrid Journal   (Followers: 2)
Capitalism Nature Socialism     Hybrid Journal   (Followers: 17)
Case Studies in Business and Management     Open Access   (Followers: 10)
CBU International Conference Proceedings     Open Access   (Followers: 3)
Central European Business Review     Open Access   (Followers: 1)
Central European Journal of Operations Research     Hybrid Journal   (Followers: 5)
Central European Journal of Public Policy     Open Access   (Followers: 2)
CESifo Economic Studies     Hybrid Journal   (Followers: 17)
Chain Reaction     Full-text available via subscription  
Challenge     Full-text available via subscription   (Followers: 4)
China & World Economy     Hybrid Journal   (Followers: 15)
China : An International Journal     Full-text available via subscription   (Followers: 19)
China Economic Journal: The Official Journal of the China Center for Economic Research (CCER) at Peking University     Hybrid Journal   (Followers: 13)
China Economic Review     Hybrid Journal   (Followers: 10)
China Finance Review International     Hybrid Journal   (Followers: 5)
China Nonprofit Review     Hybrid Journal   (Followers: 3)
China perspectives     Open Access   (Followers: 12)
Chinese Economy     Full-text available via subscription  
Ciência & Saúde Coletiva     Open Access   (Followers: 2)
CLIO América     Open Access   (Followers: 1)
Cliometrica     Hybrid Journal   (Followers: 4)
COEPTUM     Open Access  
Community Development Journal     Hybrid Journal   (Followers: 27)
Compensation & Benefits Review     Hybrid Journal   (Followers: 7)
Competition & Change     Hybrid Journal   (Followers: 11)
Competitive Intelligence Review     Hybrid Journal   (Followers: 2)
Competitiveness Review : An International Business Journal incorporating Journal of Global Competitiveness     Hybrid Journal   (Followers: 5)
Computational Economics     Hybrid Journal   (Followers: 9)
Computational Mathematics and Modeling     Hybrid Journal   (Followers: 8)
Computer Law & Security Review     Hybrid Journal   (Followers: 17)
Computers & Operations Research     Hybrid Journal   (Followers: 12)
Construction Innovation: Information, Process, Management     Hybrid Journal   (Followers: 14)
Contemporary Wales     Full-text available via subscription   (Followers: 1)
Contextus - Revista Contemporânea de Economia e Gestão     Open Access   (Followers: 1)
Contributions to Political Economy     Hybrid Journal   (Followers: 5)
Corporate Communications An International Journal     Hybrid Journal   (Followers: 7)
Corporate Philanthropy Report     Hybrid Journal   (Followers: 2)
Corporate Reputation Review     Hybrid Journal   (Followers: 5)
Creative and Knowledge Society     Open Access   (Followers: 9)
Creative Industries Journal     Hybrid Journal   (Followers: 8)
CRIS - Bulletin of the Centre for Research and Interdisciplinary Study     Open Access   (Followers: 1)
Crossing the Border : International Journal of Interdisciplinary Studies     Open Access   (Followers: 5)
Cuadernos de Administración (Universidad del Valle)     Open Access   (Followers: 2)
Cuadernos de Economía     Open Access   (Followers: 2)
Cuadernos de Economia - Latin American Journal of Economics     Open Access   (Followers: 2)
Cuadernos de Estudios Empresariales     Open Access   (Followers: 2)

        1 2 3 4 5 6 | Last

Journal Cover Computer Law & Security Review
  [SJR: 0.382]   [H-I: 17]   [17 followers]  Follow
    
   Hybrid Journal Hybrid journal (It can contain Open Access articles)
   ISSN (Print) 0267-3649
   Published by Elsevier Homepage  [3175 journals]
  • Editor's foreword
    • Authors: Steve Saxby
      Abstract: Publication date: April 2018
      Source:Computer Law & Security Review, Volume 34, Issue 2
      Author(s): Steve Saxby


      PubDate: 2018-04-15T09:59:00Z
      DOI: 10.1016/j.clsr.2018.03.002
       
  • New member of the CLSR editorial board
    • Authors: Steve Saxby
      First page: 192
      Abstract: Publication date: Available online 12 February 2018
      Source:Computer Law & Security Review
      Author(s): Steve Saxby


      PubDate: 2018-02-26T08:16:06Z
      DOI: 10.1016/j.clsr.2018.01.006
       
  • The right to data portability in the GDPR: Towards user-centric
           interoperability of digital services
    • Authors: Paul De Hert; Vagelis Papakonstantinou; Gianclaudio Malgieri; Laurent Beslay; Ignacio Sanchez
      Pages: 193 - 203
      Abstract: Publication date: April 2018
      Source:Computer Law & Security Review, Volume 34, Issue 2
      Author(s): Paul De Hert, Vagelis Papakonstantinou, Gianclaudio Malgieri, Laurent Beslay, Ignacio Sanchez
      The right to data portability is one of the most important novelties within the EU General Data Protection Regulation, both in terms of warranting control rights to data subjects and in terms of being found at the intersection between data protection and other fields of law (competition law, intellectual property, consumer protection, etc.). It constitutes, thus, a valuable case of development and diffusion of effective user-centric privacy enhancing technologies and a first tool to allow individuals to enjoy the immaterial wealth of their personal data in the data economy. Indeed, a free portability of personal data from one controller to another can be a strong tool for data subjects in order to foster competition of digital services and interoperability of platforms and in order to enhance controllership of individuals on their own data. However, the adopted formulation of the right to data portability in the GDPR could benefit from further clarification: several interpretations are possible, particularly with regard to the object of the right and its interrelation with other rights, potentially leading to additional challenges within its technical implementation. The aim of this article is to propose a first systematic interpretation of this new right, by suggesting a pragmatic and extensive approach, particularly taking advantage as much as possible of the interrelationship that this new legal provision can have with regard to the Digital Single Market and the fundamental rights of digital users. In sum, the right to data portability can be approximated under two different perspectives: the minimalist approach (the adieu scenario) and the empowering approach (the fusing scenario), which the authors consider highly preferable.

      PubDate: 2018-04-15T09:59:00Z
      DOI: 10.1016/j.clsr.2017.10.003
       
  • Functional anonymisation: Personal data and the data environment
    • Authors: Mark Elliot; Kieron O'Hara; Charles Raab; Christine M. O'Keefe; Elaine Mackey; Chris Dibben; Heather Gowans; Kingsley Purdam; Karen McCullagh
      Pages: 204 - 221
      Abstract: Publication date: April 2018
      Source:Computer Law & Security Review, Volume 34, Issue 2
      Author(s): Mark Elliot, Kieron O'Hara, Charles Raab, Christine M. O'Keefe, Elaine Mackey, Chris Dibben, Heather Gowans, Kingsley Purdam, Karen McCullagh
      Anonymisation of personal data has a long history stemming from the expansion of the types of data products routinely provided by National Statistical Institutes. Variants on anonymisation have received serious criticism reinforced by much-publicised apparent failures. We argue that both the operators of such schemes and their critics have become confused by being overly focused on the properties of the data itself. We claim that, far from being able to determine whether data is anonymous (and therefore non-personal) by looking at the data alone, any anonymisation technique worthy of the name must take account of not only the data but also its environment. This paper proposes an alternative formulation called functional anonymisation that focuses on the relationship between the data and the environment within which the data exists (the data environment). We provide a formulation for describing the relationship between the data and its environment that links the legal notion of personal data with the statistical notion of disclosure control. Anonymisation, properly conceived and effectively conducted, can be a critical part of the toolkit of the privacy-respecting data controller and the wider remit of providing accurate and usable data.

      PubDate: 2018-04-15T09:59:00Z
      DOI: 10.1016/j.clsr.2018.02.001
       
  • Are ‘pseudonymised’ data always personal data' Implications of the
           GDPR for administrative data research in the UK
    • Authors: Miranda Mourby; Elaine Mackey; Mark Elliot; Heather Gowans; Susan E. Wallace; Jessica Bell; Hannah Smith; Stergios Aidinlis; Jane Kaye
      Pages: 222 - 233
      Abstract: Publication date: Available online 12 February 2018
      Source:Computer Law & Security Review
      Author(s): Miranda Mourby, Elaine Mackey, Mark Elliot, Heather Gowans, Susan E. Wallace, Jessica Bell, Hannah Smith, Stergios Aidinlis, Jane Kaye
      There has naturally been a good deal of discussion of the forthcoming General Data Protection Regulation. One issue of interest to all data controllers, and of particular concern for researchers, is whether the GDPR expands the scope of personal data through the introduction of the term ‘pseudonymisation’ in Article 4(5). If all data which have been ‘pseudonymised’ in the conventional sense of the word (e.g. key-coded) are to be treated as personal data, this would have serious implications for research. Administrative data research, which is carried out on data routinely collected and held by public authorities, would be particularly affected as the sharing of de-identified data could constitute the unconsented disclosure of identifiable information. Instead, however, we argue that the definition of pseudonymisation in Article 4(5) GDPR will not expand the category of personal data, and that there is no intention that it should do so. The definition of pseudonymisation under the GDPR is not intended to determine whether data are personal data; indeed it is clear that all data falling within this definition are personal data. Rather, it is Recital 26 and its requirement of a ‘means reasonably likely to be used’ which remains the relevant test as to whether data are personal. This leaves open the possibility that data which have been ‘pseudonymised’ in the conventional sense of key-coding can still be rendered anonymous. There may also be circumstances in which data which have undergone pseudonymisation within one organisation could be anonymous for a third party. We explain how, with reference to the data environment factors as set out in the UK Anonymisation Network's Anonymisation Decision-Making Framework.

      PubDate: 2018-02-26T08:16:06Z
      DOI: 10.1016/j.clsr.2018.01.002
       
  • A comparison of data protection legislation and policies across the EU
    • Authors: Bart Custers; Francien Dechesne; Alan M. Sears; Tommaso Tani; Simone van der Hof
      Pages: 234 - 243
      Abstract: Publication date: April 2018
      Source:Computer Law & Security Review, Volume 34, Issue 2
      Author(s): Bart Custers, Francien Dechesne, Alan M. Sears, Tommaso Tani, Simone van der Hof
      Although the protection of personal data is harmonized within the EU by Directive 95/46/EC and will be further harmonized by the General Data Protection Regulation (GDPR) in 2018, there are significant differences in the ways in which EU member states implemented the protection of privacy and personal data in national laws, policies, and practices. This paper presents the main findings of a research project that compares the protection of privacy and personal data in eight EU member states: France, Germany, the UK, Ireland, Romania, Italy, Sweden, and the Netherlands. The comparison focuses on five major themes: awareness and trust, government policies for personal data protection, the applicable laws and regulations, implementation of those laws and regulations, and supervision and enforcement. The comparison of privacy and data protection regimes across the EU shows some remarkable findings, revealing which countries are frontrunners and which countries are lagging behind on specific aspects. For instance, the roles of and interplay between governments, civil rights organizations, and data protections authorities vary from country to country. Furthermore, with regard to privacy and data protection there are differences in the intensity and scope of political debates, information campaigns, media attention, and public debate. New concepts like privacy impact assessments, privacy by design, data breach notifications and big data are on the agenda in some but not in all countries. Significant differences exist in (the levels of) enforcement by the different data protection authorities, due to different legal competencies, available budgets and personnel, policies, and cultural factors.

      PubDate: 2018-04-15T09:59:00Z
      DOI: 10.1016/j.clsr.2017.09.001
       
  • The General Data Protection Regulation and the rise of certification as a
           regulatory instrument
    • Authors: Eric Lachaud
      Pages: 244 - 256
      Abstract: Publication date: April 2018
      Source:Computer Law & Security Review, Volume 34, Issue 2
      Author(s): Eric Lachaud
      The endorsement of certification in Article 42 and 43 of the General Data Protection Regulation (hereinafter GDPR) extends the scope of this procedure to the enforcement of fundamental rights. The GDPR also leverages the high flexibility of this procedure to make of certification something else than a voluntary process attesting the conformity with technical standards. This paper argues that the GDPR turned certification into a new regulatory instrument in data protection, I suggest to call it monitored self-regulation, seeking to fill the gap between self-regulation and traditional regulation in order to build a regulation continuum.

      PubDate: 2018-04-15T09:59:00Z
      DOI: 10.1016/j.clsr.2017.09.002
       
  • The ICO and artificial intelligence: The role of fairness in the GDPR
           framework
    • Authors: Michael Butterworth
      Pages: 257 - 268
      Abstract: Publication date: April 2018
      Source:Computer Law & Security Review, Volume 34, Issue 2
      Author(s): Michael Butterworth
      The year 2017 has seen many EU and UK legislative initiatives and proposals to consider and address the impact of artificial intelligence on society, covering questions of liability, legal personality and other ethical and legal issues, including in the context of data processing. In March 2017, the Information Commissioner's Office (UK) updated its big data guidance to address the development of artificial intelligence and machine learning, and to provide (GDPR), which will apply from 25 May 2018. This paper situates the ICO's guidance in the context of wider legal and ethical considerations and provides a critique of the position adopted by the ICO. On the ICO's analysis, the key challenge for artificial intelligence processing personal data is in establishing that such processing is fair. This shift reflects the potential for artificial intelligence to have negative social consequences (whether intended or unintended) that are not otherwise addressed by the GDPR. The question of ‘fairness’ is an important one, to address the imbalance between big data organisations and individual data subjects, with a number of ethical and social impacts that need to be evaluated.

      PubDate: 2018-04-15T09:59:00Z
      DOI: 10.1016/j.clsr.2018.01.004
       
  • Looking for needles in a haystack: Key issues affecting children's rights
           in the General Data Protection Regulation
    • Authors: Eva Lievens; Valerie Verdoodt
      Pages: 269 - 278
      Abstract: Publication date: April 2018
      Source:Computer Law & Security Review, Volume 34, Issue 2
      Author(s): Eva Lievens, Valerie Verdoodt
      The EU General Data Protection Regulation (GDPR) devotes particular attention to the protection of personal data of children. The rationale is that children are less aware of the risks and the potential consequences of the processing of their personal data on their rights. Yet, the text of the GDPR offers little clarity as to the actual implementation and impact of a number of provisions that may significantly affect children and their rights, leading to legal uncertainty for data controllers, parents and children. This uncertainty relates for instance to the age of consent for processing children's data in relation to information society services, the technical requirements regarding parental consent in that regard, the interpretation of the extent to which profiling of children is allowed and the level of transparency that is required vis-à-vis children. This article aims to identify a number of key issues and questions – both theoretical and practical – that raise concerns from a multi-dimensional children's rights perspective, and to clarify remaining ambiguities in the run-up to the actual application of the GDPR from 25 May 2018 onwards.

      PubDate: 2018-04-15T09:59:00Z
      DOI: 10.1016/j.clsr.2017.09.007
       
  • Pricing privacy – the right to know the value of your personal data
    • Authors: Gianclaudio Malgieri; Bart Custers
      Pages: 289 - 303
      Abstract: Publication date: April 2018
      Source:Computer Law & Security Review, Volume 34, Issue 2
      Author(s): Gianclaudio Malgieri, Bart Custers
      The commodification of digital identities is an emerging reality in the data-driven economy. Personal data of individuals represent monetary value in the data-driven economy and are often considered a counter performance for “free” digital services or for discounts for online products and services. Furthermore, customer data and profiling algorithms are already considered a business asset and protected through trade secrets. At the same time, individuals do not seem to be fully aware of the monetary value of their personal data and tend to underestimate their economic power within the data-driven economy and to passively succumb to the propertization of their digital identity. An effort that can increase awareness of consumers/users on their own personal information could be making them aware of the monetary value of their personal data. In other words, if individuals are shown the “price” of their personal data, they can acquire higher awareness about their power in the digital market and thus be effectively empowered for the protection of their information privacy. This paper analyzes whether consumers/users should have a right to know the value of their personal data. After analyzing how EU legislation is already developing in the direction of propertization and monetization of personal data, different models for quantifying the value of personal data are investigated. These models are discussed, not to determine the actual prices of personal data, but to show that the monetary value of personal data can be quantified, a conditio-sine-qua-non for the right to know the value of your personal data. Next, active choice models, in which users are offered the option to pay for online services, either with their personal data or with money, are discussed. It is concluded, however, that these models are incompatible with EU data protection law. Finally, practical, moral and cognitive problems of pricing privacy are discussed as an introduction to further research. We conclude that such research is needed to see to which extent these problems can be solved or mitigated. Only then, it can be determined whether the benefits of introducing a right to know the value of your personal data outweigh the problems and hurdles related to it.

      PubDate: 2018-04-15T09:59:00Z
      DOI: 10.1016/j.clsr.2017.08.006
       
  • Humans forget, machines remember: Artificial intelligence and the Right to
           Be Forgotten
    • Authors: Eduard Fosch Villaronga; Peter Kieseberg; Tiffany Li
      Pages: 304 - 313
      Abstract: Publication date: April 2018
      Source:Computer Law & Security Review, Volume 34, Issue 2
      Author(s): Eduard Fosch Villaronga, Peter Kieseberg, Tiffany Li
      This article examines the problem of AI memory and the Right to Be Forgotten. First, this article analyzes the legal background behind the Right to Be Forgotten, in order to understand its potential applicability to AI, including a discussion on the antagonism between the values of privacy and transparency under current E.U. privacy law. Next, the authors explore whether the Right to Be Forgotten is practicable or beneficial in an AI/machine learning context, in order to understand whether and how the law should address the Right to Be Forgotten in a post-AI world. The authors discuss the technical problems faced when adhering to strict interpretation of data deletion requirements under the Right to Be Forgotten, ultimately concluding that it may be impossible to fulfill the legal aims of the Right to Be Forgotten in artificial intelligence environments. Finally, this article addresses the core issue at the heart of the AI and Right to Be Forgotten problem: the unfortunate dearth of interdisciplinary scholarship supporting privacy law and regulation.

      PubDate: 2018-04-15T09:59:00Z
      DOI: 10.1016/j.clsr.2017.08.007
       
  • Building sustainable free legal advisory systems: Experiences from the
           history of AI & law
    • Authors: Graham Greenleaf; Andrew Mowbray; Philip Chung
      Pages: 314 - 326
      Abstract: Publication date: April 2018
      Source:Computer Law & Security Review, Volume 34, Issue 2
      Author(s): Graham Greenleaf, Andrew Mowbray, Philip Chung
      The enthusiasm for artificial intelligence (AI) as a source of solutions to problems is not new. In law, from the early 1980s until at least the early 2000s, considerable work was done on developing ‘legal expert systems.’ As the DataLex project, we participated in those developments, through research and publications, commercial and non-commercial systems, and teaching students application development. This paper commences with a brief account of that work to situate our perspective. The main aim of this paper is an assessment of what might be of value from the experience of the DataLex Project to contemporary use of ‘AI and law’ by free legal advice services, who must necessarily work within funding and other constraints in developing and sustaining such systems. We draw fifteen conclusions from this experience, which we consider are relevant to development of systems for free legal advice services. The desired result, we argue, is the development of integrated legal decision-support systems, not ‘expert systems’ or ‘robot lawyers’. We compare our insights with the approach of the leading recent text in the field, and with a critical review of the field over twenty-five years. We conclude that the approach taken by the DataLex Project, and now applied to free legal advice services, remains consistent with leading work in field of AI and law. The paper concludes with brief suggestions of what are the most desirable improvements to tools and platforms to enable development of free legal advice systems. The objectives of free access to legal information services have much in common with those of free legal advice services. The information resources that free access to law providers (including LIIs) can provide will often be those that free legal advice services will need to use to develop and sustain free legal advisory systems. There is therefore strong potential for valuable collaborations between these two types of services providers.

      PubDate: 2018-04-15T09:59:00Z
      DOI: 10.1016/j.clsr.2018.02.007
       
  • The Cybercrime Convention Committee's 2017 Guidance Note on Production
           Orders: Unilateralist transborder access to electronic evidence promoted
           via soft law
    • Authors: Paul de Hert; Cihan Parlar; Juraj Sajfert
      Pages: 327 - 336
      Abstract: Publication date: Available online 3 February 2018
      Source:Computer Law & Security Review
      Author(s): Paul de Hert, Cihan Parlar, Juraj Sajfert
      This article provides a critical analysis of the Council of Europe Cybercrime Convention Committee's Guidance Note of Production Orders, published on 1 March 2017. The article looks at the legal controversies surrounding production orders with a cross-border element. It explains the Guidance Note's background and origins, the basic provisions in the Cybercrime Convention allowing the law enforcement authorities to order and obtain certain information and discusses the requirements that follow from the relevant provisions of the Convention. This analysis is complemented by four critical remarks on the way the Guidance Note pushes the boundaries of acceptable treaty interpretation on the necessity of the Guidance Note, its position in regard to extraterritorial enforcement jurisdiction and sovereignty, its reticence towards fundamental rights and its refusal to define or clarify the important notion of “subscriber information”. The article argues that unilateralism is not a solution. Instead of soft law plumbing, what is needed is an agreement between sovereign states checked by their constituencies.

      PubDate: 2018-02-05T07:56:57Z
      DOI: 10.1016/j.clsr.2018.01.003
       
  • Global social media vs local values: Private international law should
           protect local consumer rights by using the public policy exception'
    • Authors: Julia Hornle
      Pages: 391 - 397
      Abstract: Publication date: April 2018
      Source:Computer Law & Security Review, Volume 34, Issue 2
      Author(s): Julia Hornle
      This article focuses on the relationship between forum selection clauses, choice of law clauses and data protection and privacy protection. In particular, it discusses the question whether and why jurisdiction and choice of law clauses used in the terms of social media providers should not be enforced against social media users located in a different jurisdiction. The article distinguishes between the contractual, private law analysis and the application of public policy as part of the private international law analysis. The contract law analysis is centred on doctrines such as unconscionability, which in turn examines issue such as fairness and overwhelming bargaining power of one party. By contrast, the public policy analysis in private international law focuses on fundamental rights, legality of contractual clauses according to the local law of the forum and the interests of justice. It is argued here that both aspects (contractual and public policy doctrines) are paramount for achieving not only justice between the parties of a dispute but also ensuring good administration of justice in the public interest.

      PubDate: 2018-04-15T09:59:00Z
      DOI: 10.1016/j.clsr.2017.08.008
       
  • Clarity, surprises, and further questions in the Article 29 Working Party
           draft guidance on automated decision-making and profiling
    • Authors: Michael Veale; Lilian Edwards
      Pages: 398 - 404
      Abstract: Publication date: Available online 10 January 2018
      Source:Computer Law & Security Review
      Author(s): Michael Veale, Lilian Edwards
      The Article 29 Data Protection Working Party's recent draft guidance on automated decision-making and profiling seeks to clarify European data protection (DP) law's little-used right to prevent automated decision-making, as well as the provisions around profiling more broadly, in the run-up to the General Data Protection Regulation. In this paper, we analyse these new guidelines in the context of recent scholarly debates and technological concerns. They foray into the less-trodden areas of bias and non-discrimination, the significance of advertising, the nature of “solely” automated decisions, impacts upon groups and the inference of special categories of data—at times, appearing more to be making or extending rules than to be interpreting them. At the same time, they provide only partial clarity – and perhaps even some extra confusion – around both the much discussed “right to an explanation” and the apparent prohibition on significant automated decisions concerning children. The Working Party appears to feel less mandated to adjudicate in these conflicts between the recitals and the enacting articles than to explore altogether new avenues. Nevertheless, the directions they choose to explore are particularly important ones for the future governance of machine learning and artificial intelligence in Europe and beyond.

      PubDate: 2018-02-05T07:56:57Z
      DOI: 10.1016/j.clsr.2017.12.002
       
  • Editor's foreword
    • Authors: Steve Saxby
      Pages: 1 - 2
      Abstract: Publication date: February 2018
      Source:Computer Law & Security Review, Volume 34, Issue 1
      Author(s): Steve Saxby


      PubDate: 2018-02-05T07:56:57Z
      DOI: 10.1016/j.clsr.2018.01.001
       
  • New member of the CLSR professional board
    • Authors: Steve Saxby
      First page: 3
      Abstract: Publication date: February 2018
      Source:Computer Law & Security Review, Volume 34, Issue 1
      Author(s): Steve Saxby


      PubDate: 2018-02-05T07:56:57Z
      DOI: 10.1016/j.clsr.2017.12.007
       
  • Enter the quagmire – the complicated relationship between data
           protection law and consumer protection law
    • Authors: Dan Jerker B. Svantesson
      Pages: 25 - 36
      Abstract: Publication date: February 2018
      Source:Computer Law & Security Review, Volume 34, Issue 1
      Author(s): Dan Jerker B. Svantesson
      This article examines the complex relationship between consumer protection law and data protection law, particularly within the EU's online environment, and highlights the problems that stem from this complexity. It suggests that, while there are significant similarities between their respective sources, tools and purposes, there are also arguable differences between consumer protection law and data protection law. One such arguable difference is found in that, while consumer protection law can be seen to merely set a floor in its pursuit of a sufficiently high level of consumer protection, data protection law – due to its clearly articulated dual purposes of (a) protecting individuals with regard to the processing of personal data and (b) providing for the free movement of such data – sets both a floor and a ceiling. Having discussed the relationship between consumer protection law and data protection law in more detail, the argument is made that it seems possible to conclude that the balance struck in the Data Protection Directive, and soon in the General Data Protection Regulation, places limitations on consumer protection law. The implications of this conclusion are then examined briefly in the context of some matters currently coming before the CJEU and the contours of a framework are presented, addressing situations where a data protection-based liability claim is pursued against a third-party non-controller under consumer protection law.

      PubDate: 2018-02-05T07:56:57Z
      DOI: 10.1016/j.clsr.2017.08.003
       
  • Privacy, consent and vehicular ad hoc networks (VANETs)
    • Authors: Rajen Akalu
      Pages: 37 - 46
      Abstract: Publication date: February 2018
      Source:Computer Law & Security Review, Volume 34, Issue 1
      Author(s): Rajen Akalu
      The consent model of privacy protection assumes that individuals control their personal information and are able to assess the risks associated with data sharing. The model is attractive for policy-makers and automakers because it has the effect of glossing over the conceptual ambiguities that are latent in definitions of privacy. Instead of formulating a substantive and normative position on what constitutes a reasonable expectation of privacy in the circumstance, individuals are said to have control over their data. Organizations have obligations to respect rights to notice, access and consent regarding the collection, use and disclosure of personal data once that data has been shared. The policy goal becomes how to provide individuals with control over their personal data in the consent model of privacy protection. This paper argues that the privacy issues raised by vehicular ad hoc networks make this approach increasingly untenable. It is argued that substantive rules that establish a basic set of privacy norms regarding the collection, use and disclosure of data are necessary. This can be realized in part via a privacy code of practice for the connected vehicle. This paper first explores the relationship between privacy, consent and personal information in relation to the connected car. This is followed by a description of vehicular ad hoc networks and a survey of the technical proposals aimed at securing data. The privacy issues that will likely remain unsolved by enhancing individual consent are then discussed. The last section provides some direction on how a code of practice can assist in determining when individual consent will need to be enhanced and when alternatives to consent will need to be implemented.

      PubDate: 2018-02-05T07:56:57Z
      DOI: 10.1016/j.clsr.2017.06.006
       
  • How about me' The scope of personal information under the Australian
           Privacy Act 1988
    • Authors: Joshua Yuvaraj
      Pages: 47 - 66
      Abstract: Publication date: February 2018
      Source:Computer Law & Security Review, Volume 34, Issue 1
      Author(s): Joshua Yuvaraj
      A recent Australian Federal Court decision has raised the issue of the scope of information protected under the Australian Privacy Act 1988. The Court failed to adequately address this question, leaving Australians unsure as to whether sections of their information, such as the IP addresses allocated to their mobile devices, will be considered personal information under the Act. The main consideration the Court dealt with was what it means for information to be “about” an individual. In this paper I address two questions: a) how is information determined to be “about” an individual under the Act; and b) how should this determination be made in the future' I conclude that currently available guidance from the courts, the Australian Information Commissioner and scholarly commentary are inadequate to enable individuals, organisations and agencies to consistently make such determinations. Accordingly I draw on approaches to this question taken in Canada, New Zealand, the European Union and the United Kingdom to argue that the definition should be broadly interpreted in a technologically-aware manner. This will help to ensure that personal information is more comprehensively protected under the Privacy Act.

      PubDate: 2018-02-05T07:56:57Z
      DOI: 10.1016/j.clsr.2017.05.019
       
  • The impact of China's 2016 Cyber Security Law on foreign technology firms,
           and on China's big data and Smart City dreams
    • Authors: Max Parasol
      Pages: 67 - 98
      Abstract: Publication date: February 2018
      Source:Computer Law & Security Review, Volume 34, Issue 1
      Author(s): Max Parasol
      Chinese officials are increasingly turning to a policy known as Informatisation, connecting industry online, to utilise technology to improve efficiency and tackle economic developmental problems in China. However, various recent laws have made foreign technology firms uneasy about perceptions of Rule of Law in China. Will these new laws, under China's stated policy of “Network Sovereignty” (“网络主权” “wangluo zhuquan”) affect China's ability to attract foreign technology firms, talent and importantly technology transfers' Will they slow China's technology and Smart City drive' This paper focuses on the question of whether international fears of China's new Cyber Security Law are justified. In Parts I and II, the paper analyses why China needs a cyber security regime. In Parts III and IV it examines the law itself.

      PubDate: 2018-02-05T07:56:57Z
      DOI: 10.1016/j.clsr.2017.05.022
       
  • The necessity of the implementation of Privacy by Design in sectors where
           data protection concerns arise
    • Authors: Anna Romanou
      Pages: 99 - 110
      Abstract: Publication date: February 2018
      Source:Computer Law & Security Review, Volume 34, Issue 1
      Author(s): Anna Romanou
      This article examines the extent to which Privacy by Design can safeguard privacy and personal data within a rapidly evolving society. This paper will first briefly explain the theoretical concept and the general principles of Privacy by Design, as laid down in the General Data Protection Regulation. Then, by indicating specific examples of the implementation of the Privacy by Design approach, it will be demonstrated why the implementation of Privacy by Design is a necessity in a number of sectors where specific data protection concerns arise (biometrics, e-health and video-surveillance) and how it can be implemented.

      PubDate: 2018-02-05T07:56:57Z
      DOI: 10.1016/j.clsr.2017.05.021
       
  • Data integration in IoT ecosystem: Information linkage as a privacy threat
    • Authors: Nishtha Madaan; Mohd Abdul Ahad; Sunil M. Sastry
      Pages: 125 - 133
      Abstract: Publication date: February 2018
      Source:Computer Law & Security Review, Volume 34, Issue 1
      Author(s): Nishtha Madaan, Mohd Abdul Ahad, Sunil M. Sastry
      Internet of things (IoT) is changing the way data is collected and processed. The scale and variety of devices, communication networks, and protocols involved in data collection present critical challenges for data processing and analyses. Newer and more sophisticated methods for data integration and aggregation are required to enhance the value of real-time and historical IoT data. Moreover, the pervasive nature of IoT data presents a number of privacy threats because of intermediate data processing steps, including data acquisition, data aggregation, fusion and integration. User profiling and record linkage are well studied topics in online social networks (OSNs); however, these have become more critical in IoT applications where different systems share and integrate data and information. The proposed study aims to discuss the privacy threat of information linkage, technical and legal approaches to address it in a heterogeneous IoT ecosystem. The paper illustrates and explains information linkage during the process of data integration in a smart neighbourhood scenario. Through this work, the authors aim to enable a technical and legal framework to ensure stakeholders awareness and protection of subjects about privacy breaches due to information linkage.

      PubDate: 2018-02-05T07:56:57Z
      DOI: 10.1016/j.clsr.2017.06.007
       
  • EU General Data Protection Regulation: Changes and implications for
           personal data collecting companies
    • Authors: Christina Tikkinen-Piri; Anna Rohunen; Jouni Markkula
      Pages: 134 - 153
      Abstract: Publication date: February 2018
      Source:Computer Law & Security Review, Volume 34, Issue 1
      Author(s): Christina Tikkinen-Piri, Anna Rohunen, Jouni Markkula
      The General Data Protection Regulation (GDPR) will come into force in the European Union (EU) in May 2018 to meet current challenges related to personal data protection and to harmonise data protection across the EU. Although the GDPR is anticipated to benefit companies by offering consistency in data protection activities and liabilities across the EU countries and by enabling more integrated EU-wide data protection policies, it poses new challenges to companies. They are not necessarily prepared for the changes and may lack awareness of the upcoming requirements and the GDPR's coercive measures. The implementation of the GDPR requirements demands substantial financial and human resources, as well as training of employees; hence, companies need guidance to support them in this transition. The purposes of this study were to compare the current Data Protection Directive 95/46/EC with the GDPR by systematically analysing their differences and to identify the GDPR's practical implications, specifically for companies that provide services based on personal data. This study aimed to identify and discuss the changes introduced by the GDPR that would have the most practical relevance to these companies and possibly affect their data management and usage practices. Therefore, a review and a thematic analysis and synthesis of the article-level changes were carried out. Through the analysis, the key practical implications of the changes were identified and classified. As a synthesis of the results, a framework was developed, presenting 12 aspects of these implications and the corresponding guidance on how to prepare for the new requirements. These aspects cover business strategies and practices, as well as organisational and technical measures.

      PubDate: 2018-02-05T07:56:57Z
      DOI: 10.1016/j.clsr.2017.05.015
       
  • European national news
    • Authors: Nick Pantlin
      Pages: 175 - 177
      Abstract: Publication date: April 2018
      Source:Computer Law & Security Review, Volume 34, Issue 2
      Author(s): Nick Pantlin
      This article tracks developments at the national level in key European countries in the area of IT and communications and provides a concise alerting service of important national developments. It is co-ordinated by Herbert Smith Freehills LLP and contributed to by firms across Europe. This column provides a concise alerting service of important national developments in key European countries. Part of its purpose is to complement the Journal's feature articles and briefing notes by keeping readers abreast of what is currently happening “on the ground” at a national level in implementing EU level legislation and international conventions and treaties. Where an item of European National News is of particular significance, CLSR may also cover it in more detail in the current or a subsequent edition.

      PubDate: 2018-04-15T09:59:00Z
      DOI: 10.1016/j.clsr.2017.12.009
       
  • European national news
    • Authors: Nick Pantlin
      Pages: 175 - 177
      Abstract: Publication date: February 2018
      Source:Computer Law & Security Review, Volume 34, Issue 1
      Author(s): Nick Pantlin
      This article tracks developments at the national level in key European countries in the area of IT and communications and provides a concise alerting service of important national developments. It is co-ordinated by Herbert Smith Freehills LLP and contributed to by firms across Europe. This column provides a concise alerting service of important national developments in key European countries. Part of its purpose is to complement the Journal's feature articles and briefing notes by keeping readers abreast of what is currently happening “on the ground” at a national level in implementing EU level legislation and international conventions and treaties. Where an item of European National News is of particular significance, CLSR may also cover it in more detail in the current or a subsequent edition.

      PubDate: 2018-02-05T07:56:57Z
      DOI: 10.1016/j.clsr.2017.12.009
       
  • Asia Pacific news
    • Authors: Gabriela Kennedy
      Pages: 178 - 185
      Abstract: Publication date: April 2018
      Source:Computer Law & Security Review, Volume 34, Issue 2
      Author(s): Gabriela Kennedy
      This column provides a country-by-country analysis of the latest legal developments, cases and issues relevant to the IT, media and telecommunications industries in key jurisdictions across the Asia Pacific region. The articles appearing in this column are intended to serve as ‘alerts’ and are not submitted as detailed analyses of cases or legal developments.

      PubDate: 2018-04-15T09:59:00Z
      DOI: 10.1016/j.clsr.2017.12.005
       
  • Asia Pacific news
    • Authors: Gabriela Kennedy
      Pages: 178 - 185
      Abstract: Publication date: February 2018
      Source:Computer Law & Security Review, Volume 34, Issue 1
      Author(s): Gabriela Kennedy
      This column provides a country-by-country analysis of the latest legal developments, cases and issues relevant to the IT, media and telecommunications' industries in key jurisdictions across the Asia Pacific region. The articles appearing in this column are intended to serve as ‘alerts’ and are not submitted as detailed analyses of cases or legal developments.

      PubDate: 2018-02-05T07:56:57Z
      DOI: 10.1016/j.clsr.2017.12.005
       
  • Electronic Signatures in Law, 4th edition by Stephen Mason, Institute of
           Advanced Legal Studies, University of London, 2016. Pp lvii + 418
           (including index). ISBN 978-1-911507000. £37.94. Also available online
           free of charge at
           
    • Authors: Hector L. MacQueen
      Pages: 186 - 187
      Abstract: Publication date: February 2018
      Source:Computer Law & Security Review, Volume 34, Issue 1
      Author(s): Hector L. MacQueen


      PubDate: 2018-02-05T07:56:57Z
      DOI: 10.1016/j.clsr.2017.12.006
       
  • Editor's foreword
    • Authors: Steve Saxby
      Abstract: Publication date: Available online 4 April 2018
      Source:Computer Law & Security Review
      Author(s): Steve Saxby


      PubDate: 2018-04-15T09:59:00Z
      DOI: 10.1016/j.clsr.2018.03.002
       
  • Professional Board
    • Abstract: Publication date: April 2018
      Source:Computer Law & Security Review, Volume 34, Issue 2


      PubDate: 2018-04-15T09:59:00Z
       
  • EU update
    • Authors: Kit Burden
      Abstract: Publication date: April 2018
      Source:Computer Law & Security Review, Volume 34, Issue 2
      Author(s): Kit Burden
      This is the latest edition of the DLA Piper column on developments in EU law relating to IP, IT and telecommunications. This news article summarises recent developments that are considered important for practitioners, students and academics in a wide range of information technology, e-commerce, telecommunications and intellectual property areas. It cannot be exhaustive but intends to address the important points. This is a hard copy reference guide, but links to outside web sites are included where possible. No responsibility is assumed for the accuracy of information contained in these links.

      PubDate: 2018-04-15T09:59:00Z
       
  • Normative challenges of identification in the Internet of Things: Privacy,
           profiling, discrimination, and the GDPR
    • Authors: Sandra Wachter
      Abstract: Publication date: Available online 12 March 2018
      Source:Computer Law & Security Review
      Author(s): Sandra Wachter
      In the Internet of Things (IoT), identification and access control technologies provide essential infrastructure to link data between a user's devices with unique identities, and provide seamless and linked up services. At the same time, profiling methods based on linked records can reveal unexpected details about users' identity and private life, which can conflict with privacy rights and lead to economic, social, and other forms of discriminatory treatment. A balance must be struck between identification and access control required for the IoT to function and user rights to privacy and identity. Striking this balance is not an easy task because of weaknesses in cybersecurity and anonymisation techniques. The EU General Data Protection Regulation (GDPR), set to come into force in May 2018, may provide essential guidance to achieve a fair balance between the interests of IoT providers and users. Through a review of academic and policy literature, this paper maps the inherent tension between privacy and identifiability in the IoT. It focuses on four challenges: (1) profiling, inference, and discrimination; (2) control and context-sensitive sharing of identity; (3) consent and uncertainty; and (4) honesty, trust, and transparency. The paper will then examine the extent to which several standards defined in the GDPR will provide meaningful protection for privacy and control over identity for users of IoT. The paper concludes that in order to minimise the privacy impact of the conflicts between data protection principles and identification in the IoT, GDPR standards urgently require further specification and implementation into the design and deployment of IoT technologies.

      PubDate: 2018-04-15T09:59:00Z
      DOI: 10.1016/j.clsr.2018.02.002
       
  • The introduction of data breach notification legislation in Australia: A
           comparative view
    • Authors: Angela Daly
      Abstract: Publication date: Available online 6 March 2018
      Source:Computer Law & Security Review
      Author(s): Angela Daly
      This article argues that Australia's recently-passed data breach notification legislation, the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth), and its coming into force in 2018, makes an internationally important, yet imperfect, contribution to data breach notification law. Against the backdrop of data breach legislation in the United States and European Union, a comparative analysis is undertaken between these jurisdictions and the Australian scheme to elucidate this argument. Firstly, some context to data breach notification provisions is offered, which are designed to address some of the problems data breaches cause for data privacy and information security. There have been various prominent data breaches affecting Australians over the last few years, which have led to discussion of what can be done to deal with their negative effects. The international context of data breach notification legislation will be discussed, with a focus on the United States and European Union jurisdictions, which have already adopted similar laws. The background to the adoption of the Australia legislation will be examined, including the general context of data privacy and security protection in Australia. The reform itself will be then be considered, along with the extent to which this law is fit for purpose and some outstanding concerns about its application. While data breach notification requirements are likely to be a positive step for data security, further reform is probably necessary to ensure strong cybersecurity. However, such reform should be cognisant of the international trends towards the adoption of data security measures including data breach notification, but lack of alignment in standards, which may be burdensome for entities operating in the transnational data economy.

      PubDate: 2018-04-15T09:59:00Z
      DOI: 10.1016/j.clsr.2018.01.005
       
  • Professional Board
    • Abstract: Publication date: February 2018
      Source:Computer Law & Security Review, Volume 34, Issue 1


      PubDate: 2018-02-05T07:56:57Z
       
  • EU update
    • Authors: Kit Burden
      Abstract: Publication date: February 2018
      Source:Computer Law & Security Review, Volume 34, Issue 1
      Author(s): Kit Burden
      This is the latest edition of the DLA Piper column on developments in EU law relating to IP, IT and telecommunications. This news article summarises recent developments that are considered important for practitioners, students and academics in a wide range of information technology, e-commerce, telecommunications and intellectual property areas. It cannot be exhaustive but intends to address the important points. This is a hard copy reference guide, but links to outside websites are included where possible. No responsibility is assumed for the accuracy of information contained in these links.

      PubDate: 2018-02-05T07:56:57Z
       
  • Understanding the notion of risk in the General Data Protection Regulation
    • Authors: Gellert
      Abstract: Publication date: Available online 9 January 2018
      Source:Computer Law & Security Review
      Author(s): Raphaël Gellert
      The goal of this contribution is to understand the notion of risk as it is enshrined in the General Data Protection Regulation (GDPR), with a particular on Art. 35 providing for the obligation to carry out data protection impact assessments (DPIAs), the first risk management tool to be enshrined in EU data protection law, and which therefore contains a number of key elements in order to grasp the notion. The adoption of this risk-based approach has not come without a number of debates and controversies, notably on the scope and meaning of the risk-based approach. Yet, what has remained up to date out of the debate is the very notion of risk itself, which underpins the whole risk-based approach. The contribution uses the notions of risk and risk analysis as tools for describing and understanding risk in the GDPR. One of the main findings is that the GDPR risk is about “compliance risk” (i.e., the lower the compliance the higher the consequences upon the data subjects' rights). This stance is in direct contradiction with a number of positions arguing for a strict separation between compliance and risk issues. This contribution sees instead issues of compliance and risk to the data subjects rights and freedoms as deeply interconnected. The conclusion will use these discussions as a basis to address the long-standing debate on the differences between privacy impact assessments (PIAs) and DPIAs. They will also warn against the fact that ultimately the way risk is defined in the GDPR is somewhat irrelevant: what matters most is the methodology used and the type of risk at work therein.

      PubDate: 2018-02-05T07:56:57Z
       
  • Cross border data transfer: Complexity of adequate protection and its
           exceptions
    • Authors: Pardis Moslemzadeh Tehrani; Johan Shamsuddin Bin Hj Sabaruddin; Dhiviya A.P. Ramanathan
      Abstract: Publication date: Available online 8 January 2018
      Source:Computer Law & Security Review
      Author(s): Pardis Moslemzadeh Tehrani, Johan Shamsuddin Bin Hj Sabaruddin, Dhiviya A.P. Ramanathan
      The majority of the fear that exists about the cloud arises due to the lack of transparency in the cloud. Fears have persisted in relation to how the data are frequently transferred in a cloud for various purposes which includes storing and processing. This is because the level of protection differs between countries and cloud users who belong to countries which provide a high level of protection will be less in favour of transfers that reduce the protection that was originally accorded to their data. Hence, to avoid client dissatisfaction, the Data Protection Directive has stated that such transfers are generally prohibited unless the country that data is being transferred to is able to provide ‘appropriate safeguards’. This article will discuss the position of the Data Protection Directive and how the new General Data Protection Regulation differs from this Directive. This involves the discussion of the similarity as well as the differences of the Directive and Regulation. In summary, it appears that the major principles of the cross border transfer are retained in the new regulation. Furthermore, the article discusses the exceptions that are provided in the standard contractual clause and the reason behind the transition from Safe Harbor to the new US-EU Privacy Shield. This article subsequently embarks on the concept of Binding Corporate Rule which was introduced by the working party and how the new regulation has viewed this internal rule in terms of assisting cross border data transfer. All the issues that will be discussed in this article are relevant in the understanding of cross border data transfer.

      PubDate: 2018-02-05T07:56:57Z
      DOI: 10.1016/j.clsr.2017.12.001
       
  • Banking in the cloud: Part 3 – contractual issues
    • Authors: W. Kuan Hon; Christopher Millard
      Abstract: Publication date: Available online 5 January 2018
      Source:Computer Law & Security Review
      Author(s): W. Kuan Hon, Christopher Millard
      This paper looks at EU banks' use of public cloud computing services. It is based primarily on anonymised interviews with banks, cloud providers, advisers, and financial services regulators. The findings are presented in three parts. Part 1 of this paper explored the extent to which banks operating in the EU, including global banks, use public cloud computing services. Part 2 of this paper covered the main legal and regulatory issues that may affect banks' use of cloud services. Part 3 looks at the key contractual issues that arise in negotiations between banks and cloud service providers, including data protection requirements, complexities caused by the layering of cloud services, termination, service changes, and liability. It also presents the overall conclusion derived from the studies conducted, as set out in the three parts of the paper. All three parts of the paper can be accessed via Computer Law and Security Review's page on ScienceDirect at: http://www.sciencedirect.com/science/journal/02673649'sdc=2. The full list of sources is available via the same link and will be printed at the end of this part of the article.

      PubDate: 2018-02-05T07:56:57Z
      DOI: 10.1016/j.clsr.2017.11.007
       
  • Banking in the cloud: Part 2 – regulation of cloud as
           ‘outsourcing’
    • Authors: Kuan Hon; Christopher Millard
      Abstract: Publication date: Available online 14 December 2017
      Source:Computer Law & Security Review
      Author(s): W. Kuan Hon, Christopher Millard
      This paper looks at EU banks' use of public cloud computing services. It is based primarily on anonymised interviews with banks, cloud providers, advisers, and financial services regulators. The findings are presented in three parts. Part 1 explored the extent to which banks operating in the EU, including global banks, use public cloud computing services. Part 2 of this paper covers the main legal and regulatory issues that may affect banks' use of cloud services. It sets out how EU banking regulators have approached banks' use of cloud services and considers regulators' lack of cloud computing knowledge. The paper further considers how the regulation of outsourcing applies to banks' use of cloud services, including whether cloud computing constitutes “outsourcing”. It analyses the contentious issue of contractual audit rights for regulators as well as legal and practical issues around risk assessments, security, business continuity, concentration risk, bank resolution, and banking secrecy laws. Part 3 looks at the key contractual issues that arise between banks and cloud service providers, including data protection requirements, termination, service changes, and liability. All three parts of the paper can be accessed via Computer Law and Security Review's page on ScienceDirect at: http://www.sciencedirect.com/science/journal/02673649'sdc=2. The full list of sources is available via the same link and will be printed alongside the third part of the article.

      PubDate: 2017-12-27T07:20:09Z
       
  • Guidelines for the responsible application of data analytics
    • Authors: Roger Clarke
      Abstract: Publication date: Available online 11 December 2017
      Source:Computer Law & Security Review
      Author(s): Roger Clarke
      The vague but vogue notion of ‘big data’ is enjoying a prolonged honeymoon. Well-funded, ambitious projects are reaching fruition, and inferences are being drawn from inadequate data processed by inadequately understood and often inappropriate data analytic techniques. As decisions are made and actions taken on the basis of those inferences, harm will arise to external stakeholders, and, over time, to internal stakeholders as well. A set of Guidelines is presented, whose purpose is to intercept ill-advised uses of data and analytical tools, prevent harm to important values, and assist organisations to extract the achievable benefits from data, rather than dreaming dangerous dreams.

      PubDate: 2017-12-12T15:28:03Z
      DOI: 10.1016/j.clsr.2017.11.002
       
  • Banking in the cloud: Part 1 – banks' use of cloud services
    • Authors: Kuan Hon; Christopher Millard
      Abstract: Publication date: Available online 7 December 2017
      Source:Computer Law & Security Review
      Author(s): W. Kuan Hon, Christopher Millard
      This paper looks at EU banks' use of public cloud computing services. It is based primarily on anonymised interviews with banks, cloud providers, advisers, and financial services regulators. The findings are presented in three parts. Part 1 explores the extent to which banks operating in the EU, including global banks, use public cloud computing services. It describes how banks are using cloud computing and the key drivers for doing so (such as time to market), as well as real and perceived barriers (such as misconceptions about cloud and financial services regulation), including cultural and technical/commercial aspects. It summarises how banks have approached the cloud and how cloud providers have approached the banking sector. Part 2 of this paper will cover the main legal and regulatory issues that may affect banks' use of cloud services, including how the regulation of outsourcing applies to banks' use of cloud services. Part 3 will look at the key contractual issues that arise between banks and cloud service providers, including data protection requirements, termination, service changes, and liability. All three parts of the paper can be accessed via Computer Law and Security Review's page on ScienceDirect at: http://www.sciencedirect.com/science/journal/02673649'sdc=2. The full list of sources is available via the same link and will be printed alongside the third part of the paper.

      PubDate: 2017-12-12T15:28:03Z
       
  • Property and the cloud
    • Authors: Cesare Bartolini; Cristiana Santos Carsten Ullrich
      Abstract: Publication date: Available online 6 December 2017
      Source:Computer Law & Security Review
      Author(s): Cesare Bartolini, Cristiana Santos, Carsten Ullrich
      Data is a modern form of wealth in the digital world, and massive amounts of data circulate in cloud environments. While this enormously facilitates the sharing of information, both for personal and professional purposes, it also introduces some critical problems concerning the ownership of the information. Data is an intangible good that is stored in large data warehouses, where the hardware architectures and software programs running the cloud services coexist with the data of many users. This context calls for a twofold protection: on one side, the cloud is made up of hardware and software that constitute the business assets of the service provider (property of the cloud); on the other side, there is a definite need to ensure that users retain control over their data (property in the cloud). The law grants protection to both sides under several perspectives, but the result is a complex mix of interwoven regimes, further complicated by the intrinsically international nature of cloud computing that clashes with the typical diversity of national laws. As the business model based on cloud computing grows, public bodies, and in particular the European Union, are striving to find solutions to properly regulate the future economy, either by introducing new laws, or by finding the best ways to apply existing principles.

      PubDate: 2017-12-12T15:28:03Z
       
 
 
JournalTOCs
School of Mathematical and Computer Sciences
Heriot-Watt University
Edinburgh, EH14 4AS, UK
Email: journaltocs@hw.ac.uk
Tel: +00 44 (0)131 4513762
Fax: +00 44 (0)131 4513327
 
Home (Search)
Subjects A-Z
Publishers A-Z
Customise
APIs
Your IP address: 54.80.97.221
 
About JournalTOCs
API
Help
News (blog, publications)
JournalTOCs on Twitter   JournalTOCs on Facebook

JournalTOCs © 2009-