Publications

Top Keywords

De toekomst van de digitale rechtsstaat. Pleidooi voor het gebruik van een mensenrechten impact assessment voor de publieke sector external link

Janssen, H.
(L)aw Matters: Blogs and Essays in Honour of prof. dr. Aalt Willem Hering, Boekenmaker, 2022, pp: 198-204

Bibtex

Chapter{nokey, title = {De toekomst van de digitale rechtsstaat. Pleidooi voor het gebruik van een mensenrechten impact assessment voor de publieke sector}, author = {Janssen, H.}, url = {https://www.globalacademicpress.com/ebooks/sascha_hardt/}, year = {2022}, date = {2022-03-25}, volume = {1}, pages = {198-204}, }

Practical fundamental rights impact assessments

Janssen, H., Seng Ah Lee, M. & Singh, J.
International Journal of Law and Information, vol. 30, iss. : 2, pp: 200-232, 2022

Abstract

The European Union’s General Data Protection Regulation tasks organizations to perform a Data Protection Impact Assessment (DPIA) to consider fundamental rights risks of their artificial intelligence (AI) system. However, assessing risks can be challenging, as fundamental rights are often considered abstract in nature. So far, guidance regarding DPIAs has largely focussed on data protection, leaving broader fundamental rights aspects less elaborated. This is problematic because potential negative societal consequences of AI systems may remain unaddressed and damage public trust in organizations using AI. Towards this, we introduce a practical, four-Phased framework, assisting organizations with performing fundamental rights impact assessments. This involves organizations (i) defining the system’s purposes and tasks, and the responsibilities of parties involved in the AI system; (ii) assessing the risks regarding the system’s development; (iii) justifying why the risks of potential infringements on rights are proportionate; and (iv) adopt organizational and/or technical measures mitigating risks identified. We further indicate how regulators might support these processes with practical guidance.

Bibtex

Article{nokey, title = {Practical fundamental rights impact assessments}, author = {Janssen, H. and Seng Ah Lee, M. and Singh, J.}, doi = {https://doi.org/10.1093/ijlit/eaac018}, year = {2022}, date = {2022-11-21}, journal = {International Journal of Law and Information}, volume = {30}, issue = {2}, pages = {200-232}, abstract = {The European Union’s General Data Protection Regulation tasks organizations to perform a Data Protection Impact Assessment (DPIA) to consider fundamental rights risks of their artificial intelligence (AI) system. However, assessing risks can be challenging, as fundamental rights are often considered abstract in nature. So far, guidance regarding DPIAs has largely focussed on data protection, leaving broader fundamental rights aspects less elaborated. This is problematic because potential negative societal consequences of AI systems may remain unaddressed and damage public trust in organizations using AI. Towards this, we introduce a practical, four-Phased framework, assisting organizations with performing fundamental rights impact assessments. This involves organizations (i) defining the system’s purposes and tasks, and the responsibilities of parties involved in the AI system; (ii) assessing the risks regarding the system’s development; (iii) justifying why the risks of potential infringements on rights are proportionate; and (iv) adopt organizational and/or technical measures mitigating risks identified. We further indicate how regulators might support these processes with practical guidance.}, }

Intermediating data rights exercises: the role of legal mandates

Giannopoulou, A., Ausloos, J., Delacroix, S. & Janssen, H.
International Data Privacy Law, vol. 12, iss. : 4, pp: 316-331, 2022

Abstract

Data subject rights constitute critical tools for empowerment in the digitized society. There is a growing trend of relying on third parties to facilitate or coordinate the collective exercises of data rights, on behalf of one or more data subjects. This contribution refers to these parties as ‘Data Rights Intermediaries’ (DRIs), ie where an ‘intermediating’ party facilitates or enables the collective exercise of data rights. The exercise of data rights by these DRIs on behalf of the data subjects can only be effectuated with the help of mandates. Data rights mandates are not expressly framed in the GDPR their delineation can be ambiguous. It is important to highlight that data rights are mandatable and this without affecting their inalienability in light of their fundamental rights’ nature. This article argues that contract law and fiduciary duties both have longstanding traditions and robust norms in many jurisdictions, all of which can be explored towards shaping the appropriate environment to regulate data rights mandates in particular. The article concludes that the key in unlocking the full potential of data rights mandates can already be found in existing civil law constructs, whose diversity reveals the need for solidifying the responsibility and accountability of mandated DRIs. The continued adherence to fundamental contract law principles will have to be complemented by a robust framework of institutional safeguards. The need for such safeguards stems from the vulnerable position of data subjects, both vis-à-vis DRIs as well as data controllers.

Bibtex

Article{nokey, title = {Intermediating data rights exercises: the role of legal mandates}, author = {Giannopoulou, A. and Ausloos, J. and Delacroix, S. and Janssen, H.}, doi = {https://doi.org/10.1093/idpl/ipac017}, year = {2022}, date = {2022-11-15}, journal = {International Data Privacy Law}, volume = {12}, issue = {4}, pages = {316-331}, abstract = {Data subject rights constitute critical tools for empowerment in the digitized society. There is a growing trend of relying on third parties to facilitate or coordinate the collective exercises of data rights, on behalf of one or more data subjects. This contribution refers to these parties as ‘Data Rights Intermediaries’ (DRIs), ie where an ‘intermediating’ party facilitates or enables the collective exercise of data rights. The exercise of data rights by these DRIs on behalf of the data subjects can only be effectuated with the help of mandates. Data rights mandates are not expressly framed in the GDPR their delineation can be ambiguous. It is important to highlight that data rights are mandatable and this without affecting their inalienability in light of their fundamental rights’ nature. This article argues that contract law and fiduciary duties both have longstanding traditions and robust norms in many jurisdictions, all of which can be explored towards shaping the appropriate environment to regulate data rights mandates in particular. The article concludes that the key in unlocking the full potential of data rights mandates can already be found in existing civil law constructs, whose diversity reveals the need for solidifying the responsibility and accountability of mandated DRIs. The continued adherence to fundamental contract law principles will have to be complemented by a robust framework of institutional safeguards. The need for such safeguards stems from the vulnerable position of data subjects, both vis-à-vis DRIs as well as data controllers.}, }

Beyond financial regulation of crypto-asset wallet software: In search of secondary liability external link

Barbereau, T. & Bodó, B.
Computer Law & Security Review, vol. 49, num: 105829, 2023

Abstract

Since Bitcoin, the blockchain space considerably evolved. One crucial piece of software to interact with blockchains and hold private-public key pairs to distinct crypto-assets and securities are wallets. Wallet software can be offered by liable third-parties (‘custodians’) who hold certain rights over assets and transactions. As parties subject to financial regulation, they are to uphold Anti-money Laundering and Combating the Financing of Terrorist (AML/CFT) standards by undertaking Know-Your-Customer (KYC) checks on users of their services. In juxtaposition, wallet software can also be issued without the involvement of a liable third-party. As no KYC is performed and users have full ‘freedom to act’, such ‘non-custodial’ wallet software is popular in criminal undertakings. They are required to interact with peer-to-peer applications and organisations running on blockchains whose benefits are not the subject of this paper. To date, financial regulation fails to adequately address such wallet software because it presumes the existence of a registered, liable entity offering said software. As illustrated in the case of Tornado Cash, financial regulation fails to trace chains of secondary liability. Alas, the considered solution is a systematic surveillance of all transactions. Against this backdrop, this paper sets forth an alternative approach rooted in copyright law. Concepts that pertain to secondary liability prove of value to develop a flexible, principles-based approach to the regulation of non-custodial wallet software that accounts for both, infringing and non-infringing uses.

blockchain, Crypto-assets, decentralised finance, non-custodial wallet, Regulation, secondary liability

Bibtex

Article{nokey, title = {Beyond financial regulation of crypto-asset wallet software: In search of secondary liability}, author = {Barbereau, T. and Bodó, B.}, url = {https://www.sciencedirect.com/science/article/pii/S0267364923000390}, doi = {https://doi.org/10.1016/j.clsr.2023.105829}, year = {2023}, date = {2023-06-22}, journal = {Computer Law & Security Review}, volume = {49}, number = {105829}, pages = {}, abstract = {Since Bitcoin, the blockchain space considerably evolved. One crucial piece of software to interact with blockchains and hold private-public key pairs to distinct crypto-assets and securities are wallets. Wallet software can be offered by liable third-parties (‘custodians’) who hold certain rights over assets and transactions. As parties subject to financial regulation, they are to uphold Anti-money Laundering and Combating the Financing of Terrorist (AML/CFT) standards by undertaking Know-Your-Customer (KYC) checks on users of their services. In juxtaposition, wallet software can also be issued without the involvement of a liable third-party. As no KYC is performed and users have full ‘freedom to act’, such ‘non-custodial’ wallet software is popular in criminal undertakings. They are required to interact with peer-to-peer applications and organisations running on blockchains whose benefits are not the subject of this paper. To date, financial regulation fails to adequately address such wallet software because it presumes the existence of a registered, liable entity offering said software. As illustrated in the case of Tornado Cash, financial regulation fails to trace chains of secondary liability. Alas, the considered solution is a systematic surveillance of all transactions. Against this backdrop, this paper sets forth an alternative approach rooted in copyright law. Concepts that pertain to secondary liability prove of value to develop a flexible, principles-based approach to the regulation of non-custodial wallet software that accounts for both, infringing and non-infringing uses.}, keywords = {blockchain, Crypto-assets, decentralised finance, non-custodial wallet, Regulation, secondary liability}, }

Leg het me nog één keer uit: het recht op een uitleg na Uber en Ola. Annotatie bij Hof Amsterdam, 4 april 2023 download

Metikoš, L.
Privacy & Informatie, iss. : 3, pp: 114-116, 2023

Bibtex

Case note{nokey, title = {Leg het me nog één keer uit: het recht op een uitleg na Uber en Ola. Annotatie bij Hof Amsterdam, 4 april 2023}, author = {Metikoš, L.}, url = {https://www.ivir.nl/pi_2023/}, year = {2023}, date = {2023-06-15}, journal = {Privacy & Informatie}, issue = {3}, }

Dealing with opinion power and media concentration in the platform era external link

Seipp, T.
LSE Blog, 2023

media concentration, Media law, Platforms

Bibtex

Online publication{nokey, title = {Dealing with opinion power and media concentration in the platform era}, author = {Seipp, T.}, url = {https://blogs.lse.ac.uk/medialse/2023/05/15/dealing-with-opinion-power-and-media-concentration-in-the-platform-era/}, year = {2023}, date = {2023-05-15}, journal = {LSE Blog}, keywords = {media concentration, Media law, Platforms}, }

Freedom of Expression, the Media and Journalists: Case-law of the European Court of Human Rights external link

McGonagle, T. & Voorhoof, D.
European Audiovisual Observatory, 2023, Strasbourg, Edition: 8th , ISBN: 9789287184351

Abstract

This e-book provides valuable insights into the European Court of Human Rights’ extensive case-law on freedom of expression and media and journalistic freedoms. The first seven editions of the e-book (2013, 2015, 2016, 2017, 2020, 2021 and 2022) have proved hugely successful. The new seventh edition summarises over 378 judgments or decisions by the Court and provides hyperlinks to the full text of each of the summarised judgments or decisions (via HUDOC, the Court's online case-law database).

Freedom of expression, Journalism, Media law

Bibtex

Book{nokey, title = {Freedom of Expression, the Media and Journalists: Case-law of the European Court of Human Rights}, author = {McGonagle, T. and Voorhoof, D.}, url = {https://rm.coe.int/iris-themes-vol-iii-8th-edition-april-2023-/1680ab1d11}, year = {2023}, date = {2023-04-24}, abstract = {This e-book provides valuable insights into the European Court of Human Rights’ extensive case-law on freedom of expression and media and journalistic freedoms. The first seven editions of the e-book (2013, 2015, 2016, 2017, 2020, 2021 and 2022) have proved hugely successful. The new seventh edition summarises over 378 judgments or decisions by the Court and provides hyperlinks to the full text of each of the summarised judgments or decisions (via HUDOC, the Court\'s online case-law database).}, keywords = {Freedom of expression, Journalism, Media law}, }

Improving Data Access for Researchers in the Digital Services Act external link

Dergacheva, D., Katzenbach, C., Schwemer, S. & Quintais, J.
2023

Abstract

Joint submission in response to the Call for Evidence on the Delegated Regulation on data access provided for in the Digital Services Act (DSA). Article 40 DSA is a crucial provision to operationalize the regulation’s risk mitigation provisions vis-a-vis very large online platforms (VLOPs) and very large search engines (VLOSEs). In essence, Article 40 DSA enables data access to Digital Services Coordinators (DSCs) or the Commission, “vetted researchers” and other researchers, provided certain conditions are met. Our submission is predominantly concerned with the data access for vetted researchers and researchers in relation to VLOPs.

academic research, data access, Digital services act, Online platforms

Bibtex

Online publication{nokey, title = {Improving Data Access for Researchers in the Digital Services Act}, author = {Dergacheva, D. and Katzenbach, C. and Schwemer, S. and Quintais, J.}, url = {https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4465846}, year = {2023}, date = {2023-06-01}, abstract = {Joint submission in response to the Call for Evidence on the Delegated Regulation on data access provided for in the Digital Services Act (DSA). Article 40 DSA is a crucial provision to operationalize the regulation’s risk mitigation provisions vis-a-vis very large online platforms (VLOPs) and very large search engines (VLOSEs). In essence, Article 40 DSA enables data access to Digital Services Coordinators (DSCs) or the Commission, “vetted researchers” and other researchers, provided certain conditions are met. Our submission is predominantly concerned with the data access for vetted researchers and researchers in relation to VLOPs.}, keywords = {academic research, data access, Digital services act, Online platforms}, }

Niet Bern maar Brussel: assimilatie en reciprociteit tussen RAAP en VITRA download

van Eechoud, M.
Auteursrecht, iss. : 2, pp: 67-76, 2023

Abstract

De vraag hoe traditionele reciprociteitsbepalingen uit het internationale auteursrecht uitgelegd moeten worden in het licht van EU recht treedt bij vlagen op de voorgrond. Nadat het HvJ EU met het RAAP/PPI-arrest een golf van onrust door het muzieklandschap veroorzaakte, krijgt het binnenkort de gelegenheid om zich uit te spreken over reciprociteit bij vormgeving. De Hoge Raad gaat in het geschil Kwantum/Vitra Collections prejudiciële vragen stellen. Mogen lidstaten artikel 2(7) van de Berner Conventie op eigen houtje toepassen, of is het deels of geheel aan de EU om te bepalen of werken van toegepaste kunst van buiten de EU gelijke behandeling verdienen? Deze bijdrage beziet die vraag vanuit het perspectief van intellectuele eigendom als fundamenteel recht, de uitdijende bevoegdheid van de EU en in het licht van aankomende wijzigingen in het Europese modellenrecht.

Auteursrecht, Intellectuele eigendom, kunst, modellenrecht, reciprociteit, vormgeving

Bibtex

Article{nokey, title = {Niet Bern maar Brussel: assimilatie en reciprociteit tussen RAAP en VITRA}, author = {van Eechoud, M.}, url = {https://www.ivir.nl/publications/niet-bern-maar-brussel-assimilatie-en-reciprociteit-tussen-raap-en-vitra/auteursrecht_2023_2/}, year = {2023}, date = {2023-05-23}, journal = {Auteursrecht}, issue = {2}, abstract = {De vraag hoe traditionele reciprociteitsbepalingen uit het internationale auteursrecht uitgelegd moeten worden in het licht van EU recht treedt bij vlagen op de voorgrond. Nadat het HvJ EU met het RAAP/PPI-arrest een golf van onrust door het muzieklandschap veroorzaakte, krijgt het binnenkort de gelegenheid om zich uit te spreken over reciprociteit bij vormgeving. De Hoge Raad gaat in het geschil Kwantum/Vitra Collections prejudiciële vragen stellen. Mogen lidstaten artikel 2(7) van de Berner Conventie op eigen houtje toepassen, of is het deels of geheel aan de EU om te bepalen of werken van toegepaste kunst van buiten de EU gelijke behandeling verdienen? Deze bijdrage beziet die vraag vanuit het perspectief van intellectuele eigendom als fundamenteel recht, de uitdijende bevoegdheid van de EU en in het licht van aankomende wijzigingen in het Europese modellenrecht.}, keywords = {Auteursrecht, Intellectuele eigendom, kunst, modellenrecht, reciprociteit, vormgeving}, }

The right to encryption: Privacy as preventing unlawful access external link

van Daalen, O.
Computer Law & Security Review, vol. 49, 2023

Abstract

Encryption technologies are a fundamental building block of modern digital infrastructure, but plans to curb these technologies continue to spring up. Even in the European Union, where their application is by now firmly embedded in legislation, lawmakers are again calling for measures which would impact these technologies. One of the most important arguments in this debate are human rights, most notably the rights to privacy and to freedom of expression. And although some authors have in the past explored how encryption technologies support human rights, this connection is not yet firmly grounded in an analysis of European human rights case law. This contribution aims to fill this gap, developing a framework for assessing restrictions of encryption technologies under the rights to privacy and freedom of expression as protected under the European Convention of Human Rights (the Convention) and the Charter of Fundamental rights in the European Union (the Charter). In the first section, the relevant function of encryption technologies, restricting access to information (called confidentiality), is discussed. In the second section, an overview of some governmental policies and practices impacting these technologies is provided. This continues with a discussion of the case law on the rights to privacy, data protection and freedom of expression, arguing that these rights are not only about ensuring lawful access by governments to protected information, but also about preventing unlawful access by others. And because encryption technologies are an important technology to reduce the risk of this unlawful access, it is then proposed that this risk is central to the assessment of governance measures in the field of encryption technologies. The article concludes by recommending that states perform an in-depth assessement of this when proposing new measures, and that courts when reviewing them also place the risk of unlawful access central to the analysis of interference and proportionality.

communications confidentiality, encryption, Freedom of expression, Human rights, Privacy, unlawful access

Bibtex

Article{nokey, title = {The right to encryption: Privacy as preventing unlawful access}, author = {van Daalen, O.}, url = {https://www.sciencedirect.com/science/article/pii/S0267364923000146}, doi = {https://doi.org/10.1016/j.clsr.2023.105804}, year = {2023}, date = {2023-05-23}, journal = {Computer Law & Security Review}, volume = {49}, pages = {}, abstract = {Encryption technologies are a fundamental building block of modern digital infrastructure, but plans to curb these technologies continue to spring up. Even in the European Union, where their application is by now firmly embedded in legislation, lawmakers are again calling for measures which would impact these technologies. One of the most important arguments in this debate are human rights, most notably the rights to privacy and to freedom of expression. And although some authors have in the past explored how encryption technologies support human rights, this connection is not yet firmly grounded in an analysis of European human rights case law. This contribution aims to fill this gap, developing a framework for assessing restrictions of encryption technologies under the rights to privacy and freedom of expression as protected under the European Convention of Human Rights (the Convention) and the Charter of Fundamental rights in the European Union (the Charter). In the first section, the relevant function of encryption technologies, restricting access to information (called confidentiality), is discussed. In the second section, an overview of some governmental policies and practices impacting these technologies is provided. This continues with a discussion of the case law on the rights to privacy, data protection and freedom of expression, arguing that these rights are not only about ensuring lawful access by governments to protected information, but also about preventing unlawful access by others. And because encryption technologies are an important technology to reduce the risk of this unlawful access, it is then proposed that this risk is central to the assessment of governance measures in the field of encryption technologies. The article concludes by recommending that states perform an in-depth assessement of this when proposing new measures, and that courts when reviewing them also place the risk of unlawful access central to the analysis of interference and proportionality.}, keywords = {communications confidentiality, encryption, Freedom of expression, Human rights, Privacy, unlawful access}, }