Towards the Trustworthy AI: Insights from the Regulations on Data Protection and Information Security

After decades of theoretical deliberations, the rapid development of advanced information technology has allowed machine learning as a first practical step towards artificial intelligence to enter widespread commercial and government use. The transition into a post-industrial, information society has revealed the value of data as an important resource whose processing is the basis of the new innovative information society services. The European Union has enacted several important regulations and directives in the recent past to protect the recognized fundamental rights of individuals and to regulate the obligations of service providers to ensure safe and secure processing. The Charter of Fundamental Rights as the legal basis of the European system of human rights contains significant checks and limitations to the effect and purpose of future EU AI regulation. Whenever and however this regulation is adopted, it will need to comply with and contain existing European legal standards regarding the fundamental rights of individuals in the EU. The European Commission’s ethical guidelines establish ethical principles based on the recognized fundamental rights that future AI systems need to adhere to in order to be recognized as trustworthy. The purpose of this paper is to present and analyse the mechanisms present in existing European regulations in the fields of data protection and information security and in the European Union documents regarding the future artificial intelligence regulation and to offer suggestions for future regulations. The research methodology includes a comparative analysis of available regulations and policy documents of the European Union, national laws, legal literature, and other sources

Aktualna pitanja i budući razvoj autorskopravne zaštite računalnih programa u europskom i hrvatskom pravu

Protection of computer programs through copyright is marked with distinctive limitations and exceptions compared to other categories of works. The nature of computer programs differs from other works protected by copyright. Its utilitarian nature and the role it plays in the information revolution offers insights into the long lasting struggle of intellectual property versus competition regulation. An examination of the formative moments of the development of copyright protection for computer programs reveals an opportunity to refine the status of software. Potential for misuse and endangerment of privacy call for open access to the source code and decompilation right as a recognized copyright limitation.Zaštita računalnih programa autorskim pravom obilježena je posebnim ograničenjima nositeljevih prava u odnosu na ostale kategorije autorskih djela. Priroda i upotreba računalnih programa kao zaštićenih djela razlikuje se od ostalih kategorija djela zaštićenih autorskim pravom. Poseban karakter računalnih programa i uloga koju računalni programi imaju u okviru informacijske revolucije pruža uvid u odnos prava intelektualnog vlasništva prema tržišnom natjecanju u suvremenom regulatornom okviru. Osvrt na razvoj autorskopravne zaštite računalnih programa podsjeća na ranije predloženu, alternativnu regulaciju, a recentni porast zloupotreba osobnih podataka i općenito privatnosti u digitalnom okruženju zahtijeva transparentniji pristup izvornom kodu i regulaciju dekompilacije kao specifičnog ograničenja prava na računalnom programu

The Current and Developing Regulatory Framework of Information Security in the EU and the Republic of Croatia

Information security involves ensuring the reliable, confidential and trustworthy operation of information systems and preserving the availability and reliability of data. Its framework and content are increasingly regulated by law. Research consistently shows that the number of attacks on information systems as well as data breaches is rising. Information security practices are no longer just a matter of recognised industrial self-regulation standards but are instead increasingly the focus of legislators in the European Union as well as in comparative law. In the last five years, the regulation of information security in the European Union has undergone significant changes and expansion through numerous regulations, directives and legislative proposals that are still under development. This paper provides an overview and basic analysis of the current positive legal framework for information security in the European Union and the Republic of Croatia from substantive and institutional aspects. Specific regulations containing provisions in the field of information security are listed chronologically, and de lege ferenda proposals are also considered

Die Entwicklung der rechtlichen Regelung der elektronischen Signatur, des elektronischen Zertifikats und der elektronischen Urkunde im kroatischen Recht und in der Rechtsvergleichung

Uvodno autor govori o ključnoj ulozi elektroničkog potpisa u pravnoj regulaciji elektroničke trgovine kao brzorastuće grane gospodarstva koja podrazumijeva brojna pravna pitanja vezana uz utjecaj informacijske tehnologije na društvo i pravo. Počevši od ispitivanja važnosti vlastoručnog potpisa kao sredstva autentikacije autora dokumenta preko potvrđivanja sadržaja dokumenta prezentiraju se uvjeti koje elektronički potpis treba ispuniti kako bi zauzeo mjesto vlastoručnog potpisa u pravnom prometu. U nastavku, prikazuje se intenzivna zakonodavna aktivnost na području regulacije elektroničkog potpisa, od prvih zakona iz sredine devedesetih godina prošlog stoljeća do danas. Unatoč kratkom vremenskom okviru od samo petnaest godina, u bogatoj poredbenoj praksi moguće je razlikovati nekoliko različitih pristupa kojim su razna zakonodavstva širom svijeta pokušala regulirati elektronički potpis i srodna pitanja kako bi omogućili kvalitetnu razinu pravne sigurnosti elektroničkoj trgovini i drugim pravnim odnosima koji se odvijaju putem elektroničke komunikacije. Autor razlikuje nekoliko zakonodavnih etapa karakteriziranih različitim teorijskim i praktičnim stavovima o karakteru regulacije elektroničkog potpisa. U prvoj etapi problematizira se odnos dva suprotna pristupa pitanju potrebe specifikacije tehnološke osnovice elektroničkog potpisa, dok se u drugoj ispituje priroda sustava dvostrukog kolosjeka i na njemu zasnovanog pravnog okvira koji dominira u europskom pravnom krugu. Na osnovama iskustava iz poredbenog prava autor zatim analizira izabrane odredbe iz Zakona o elektroničkom potpisu, uz osvrt na utjecaj koji isti zakon ima na druge zakone, osobito Zakon o elektroničkoj ispravi. U posljednjem dijelu rada autor iznosi kritiku instituta elektroničke isprave, te zaključuje osvrtom na dosadašnju primjenu elektroničkog potpisa u hrvatskoj pravnoj praksi.In the introduction the author talks about the key role of electronic signature in the legal regulation of electronic commerce as a fast growing branch of economy concerned with numerous legal issues regarding the impact of information technology on the society and law. The article analyses the conditions to be met electronic signature in order to replace hand signature in legal transactions, including an assessment of the importance of hand signature as a means of authenticating the author of a document, and confirming its contents. Further, the author gives an outline of the intensive legislative activity in the area of electronic signature, starting from the first laws of the mid 1990s to date. In spite of the short timeframe of 15 years, several different approaches have developed in the regulation of electronic signature and related issues, applied by legislatures worldwide, in order to provide substantial legal security in electronic commerce and other legal relations established via electronic communication. The author differentiates between several legislative phases with different theoretical and practical outlooks on the character of the regulation of electronic signature. The first phase looks at the relationship between two opposing approaches to the necessity to specify the technological basis of electronic signature, while the second analyses the nature of the two-track system and the legal framework based thereupon, predominant in the European legal circle. Based on experiences of comparative law, the auther goes on to analyse selected provisions from the Electronic Signature Act, taking a look at its impact on other laws, particularly the Electronic Document Act. In the final part of the article the author takes a critical look at the institute of electronic document, to conclude with an overview of the application of electronic signature in the Croatian legal practice to date.Einführend stellt der Autor die Schlüsselrolle der elektronischen Signatur in der rechtlichen Regelung des elektronischen Handels als schnell wachsendem Wirtschaftszweig dar, der zahlreiche rechtliche Fragen im Zusammenhang mit dem Einfluss der Informationstechnik auf Gesellschaft und Recht aufwirft. Angefangen bei der Prüfung, wie wichtig die eigenhändige Unterschrift als Mittel der Authentifizierung des Verfassers eines Dokuments ist, bis zur Bestätigung des Dokumentinhalts werden die Voraussetzungen vorgestellt, die von der elektronischen Signatur zu erfüllen sind, um die eigenhändige Unterschrift im Rechtsverkehr ersetzen zu können. Danach wird die intensive gesetzgeberische Aktivität im Bereich der Regelung der elektronischen Signatur von den ersten Gesetzen Mitte der neunziger Jahre des letzten Jahrhunderts bis heute präsentiert. Trotz des kurzen Zeitraums von nur fünfzehn Jahren lassen sich in der reichhaltigen vergleichenden Praxis mehrere unterschiedliche Ansätze verfolgen, wie verschiedene Gesetzgeber in der Welt versuchten, die elektronische Signatur und verwandte Fragen zu regeln, um im elektronischen Handel und anderen rechtlichen Beziehungen, die im Wege elektronischer Kommunikation vollzogen werden, eine angemessene rechtliche Sicherheit zu ermöglichen. Der Autor unterscheidet einige Etappen in der Gesetzgebung, die von verschiedenen theoretischen und praktischen Standpunkten zum Wesen der Regelung der elektronischen Signatur geprägt sind. In der ersten Etappe wird das Verhältnis zwischen zwei gegensätzlichen Ansätzen bezüglich der Spezifizierung der technischen Grundlagen der elektronischen Signatur thematisiert, während in der zweiten die Natur des doppelgleisigen Systems und der darauf beruhende im europäischen Rechtskreis dominante rechtliche Rahmen besprochen werden. Aufgrund von Erfahrungen aus der Rechtsvergleichung analysiert der Autor ausgewählte Bestimmungen aus dem Gesetz über die elektronische Signatur und nimmt dabei Bezug auf den Einfluss dieses Gesetzes auf andere, insbesondere das Gesetz über die elektronische Urkunde. Im letzten Teil des Beitrags wird die Kritik am Institut der elektronischen Signatur behandelt. Der Autor schließt mit einem Kommentar zur bisherigen Anwendung der elektronischen Signatur in der kroatischen Rechtspraxis

IoT and Smart Home Data Breach Risks from the Perspective of Data Protection and Information Security Law

Background: IoT and smart devices have become extremely popular in the last few years. With their capabilities to collect data, it is reasonable to have concerns about the protection of users’ personal information and privacy in general. Objectives: Comparing existing regulations on data protection and information security rules with the new capabilities provided by IoT and smart devices. Methods/approach: This paper will analyse information on data collected by IoT and smart devices and the corresponding legal framework to explore whether the legal framework also covers these new devices and their functionalities. Results: Various IoT and smart devices pose a high risk to an individual\u27s privacy. The General Data Protection Regulation, although a relatively recent law, may not adequately regulate all instances and uses of this technology. Also, due to inadequate technological protection, abuse of such devices by unauthorized persons is possible and even likely. Conclusions: The number of IoT and smart devices is rapidly increasing. The number of IoT and smart home device security incidents is on the rise. The regulatory framework to ensure data controller and processor compliance needs to be improved in order to create a safer environment for new innovative IoT services and products without jeopardizing the rights and freedoms of data subjects. Also, it is important to increase awareness of homeowners about potential security threats when using IoT and smart devices and services

GDPR –Impact of General Data Protection Regulation on Digital Marketing

Due to the rapid development of technology, in the last ten years digital marketing has given rise to sophisticated automated models for successfully affecting the behaviour of consumers whose fundamental rights, such as the right to privacy and the right to the protection of personal data, have often been violated because of the discrepancy between the regulations and the actual use of personal data. The possibility of targeting has been brought to an enviable level – a precise targeting of an identified individual and his or her personal data, as well as their complete demographic, sociographic and psychographic profile – thus opening the doors to the possibility of making precise predictive analyses and the placement of behavioural strategies by combining various digital channels in creating communication messages of inducement to purchase and continuous monitoring of the individual and their habits. Information security, on the other side, is a term which all parties in the marketing world involved in the provision of technological services directed towards automated use for marketing purposes, i.e. third-party-side tools with the goal of collecting data, shy away from. The goal of the General Data Protection Regulation is the protection of personal data, primarily the right to privacy in the digital age and the Regulation will strongly influence the current modalities of using digital marketing. This study was carried out by the authors on 233 small and medium entrepreneurs in the Republic of Croatia on the use of marketing modalities and tools to collect data about targeted individuals. It has shown that through digital marketing, the companies collect not only the information about their consumers’ preferences, but their a priori goal is the concrete identification of an individual for the purpose of reducing the costs of marketing activities, directing customized communication to a targeted individual and creating a quick return on a marketing investment by raising sales – at the same time without any special sensitivity regarding the protection of the individual’s rights and their personal data. The goal of the paper is the identification of the most frequent methods and tactics of digital marketing and their non-compliance with the General Data Protection Regulation which comes into force at the end of May this year.</p

Development of legal protection of network neutrality in electronic communication law with emphasis on the principle of transparency

Razvoj novih internetskih usluga, pritisak na rast i unapređenje infrastrukture i korisnička očekivanja predstavljaju izazov za davatelje internetskih usluga. Korisnici očekuju kvalitetan, pristupačan i slobodan pristup internetu koji im dopušta da sami odaberu usluge koje žele koristiti, a ne one koje preferira davatelj internetskih usluga. Mrežna neutralnost relativno je nov pojam u području prava elektroničkih komunikacija. Pravna regulacija mrežne neutralnosti kao zaštićenog koncepta razvoja elektroničkih komunikacija nije adekvatno implementirana u suvremeno zakonodavstvo. Zakonodavstva nekih razvijenih zemalja aktivno su odbacila koncept mrežne neutralnosti kao pravno zaštićene vrijednosti, argumentirajući takav stav potrebom zaštite slobode tržišnog nadmetanja, opasnošću od pretjerane regulacije na razvoj novih usluga itd. Nakon predstavljanja recentnog zakonodavnog paketa pod nazivom Connected Continent, može se zaključiti kako je europski zakonodavac, barem na formalnoj razini, krenuo suprotnim putem.Development of new internet services, the increasing pressure to develop and grow infrastructure and ever increasing user demands present significant challanges to internet service providers. The users expect an affordable, accessible and dependable access to Internet, with freedom to choose the services to use rather than be provided with those preferred by the ISP. Network neutrality is a relatively new concept in the field of electronic communication law. Legal regulation of network neutrality as a regulated concept in development of electronic communication has not been properly implemented into the contemporary legislature. Furthermore, legal systems of several developed nations have actively refused to adopt the notion of network neutrality as a legally regulated concept, citing freedom of competition, overregulation and other concerns. After public disclosure of the recent legislative package known as „Connected Continent“, aimed at creating a unified European telecom market, it could be argued that the European lawmaker has, at least formally, adopted a different approach

Does Digital Rights Management Affect the Mobile Application Market?

Distribution of digital content is a key aspect of electronic commerce. Digital content industry is threatened by rampant digital piracy. Institutional collective management is slow to adapt to rapid technological change in the digital environment. In the case of mobile software applications, smartphone and tablet operating systems with centralized application repository augment the ability of authors and rights holders to control the commercial exploitation of their works. However, digital rights management technologies used to prevent unauthorized reproduction, distribution and use of protected works can also create unwanted market effects limiting authors and users

Does Digital Rights Management Affect the Mobile Application Market?

Distribution of digital content is a key aspect of electronic commerce. Digital content industry is threatened by rampant digital piracy. Institutional collective management is slow to adapt to rapid technological change in the digital environment. In the case of mobile software applications, smartphone and tablet operating systems with centralized application repository augment the ability of authors and rights holders to control the commercial exploitation of their works. However, digital rights management technologies used to prevent unauthorized reproduction, distribution and use of protected works can also create unwanted market effects limiting authors and users