The overview of interesting Data & IT Law articles and news in July 2016!
Microsoft wins a case against U.S. Government on email privacy
United States Court of Appeals for the Second Circuit had ruled in favor of Microsoft against the US Government in their legal dispute (you may find the court decision here). The main issue was whether Microsoft was obliged to turn over email communications stored in Microsoft data centers in Dublin. Many authors dealt with the case.
NY Times article focused on the court’s reasoning, that “a provision of an electronic communications law created in the mid-1980s did not allow courts to enforce warrants for the seizure of customer email content that is stored on foreign servers belonging to service providers based in the United States.”.
Infosecurity magazine quoted Microsoft president Brad Smith. The decision “ensures that people’s privacy rights are protected by the laws of their own countries; it helps ensure that the legal protections of the physical world apply in the digital domain; and it paves the way for better solutions to address both privacy and law enforcement needs.”
However, all authors agree that US Government would appeal.
EU-U.S. Privacy Shield adopted
On July 12, the European Commission adopted the EU-U.S. Privacy Shield. In its official press release, the European Commission says that “new framework protects the fundamental rights of anyone in the EU whose personal data is transferred to the United States as well as bringing legal clarity for businesses relying on transatlantic data transfers.”
What are the new principles and rules outlined in the Privacy Shield?
the U.S. Department of Commerce will conduct regular updates and reviews of participating companies, to ensure that companies follow the rules they submitted themselves to. If companies do not comply in practice they face sanctions and removal from the list.
The US has given the EU assurance that the access of public authorities for law enforcement and national security is subject to clear limitations, safeguards and oversight mechanisms. (…) The U.S. Secretary of State has established a redress possibility in the area of national intelligence for Europeans through an Ombudsperson mechanism within the Department of State.
Any EU citizen who considers that their data has been misused under the Privacy Shield scheme will benefit from several accessible and affordable dispute resolution mechanisms. Ideally, the complaint will be resolved by the company itself; or free of charge Alternative Dispute resolution (ADR) solutions will be offered.
Annual joint review mechanism: the mechanism will monitor the functioning of the Privacy Shield, including the commitments and assurance as regards access to data for law enforcement and national security purposes.
Many authors had analyzed the Privacy Shield. More detailed analysis is accessible at JD Supra. Moreover, the opinion of Article 29 Working Party is of particular importance, as the group had expressed many concerns. Among other things, the group mentioned unclear rules on automated decisions and the access by U.S. public authorities to data transferred from the EU.
Does Artificial Intelligence Violate New EU General Data Protection Regulation?
Many articles have been written about the new General Data Protection Regulation (the Regulation) and its impact on specific industries (see articles at dataitlaw too). Bryce Goodman from Oxford Internet Institute and Seth Flaxman from Department of Statistics, Oxford had published an articleEU regulations on algorithmic decision-making and a “right to explanation”.
According to the authors, the main problem with the new Regulation and neural networks results from an Article 11 of the Regulation (Automated individual decision making). The paper focuses on two practical challenges: issues raised by the GDPR’s stance on discrimination and the GDPR’s “right to explanation”.
On discrimination, the authors conclude that “(t)he GDPR presents us with a dilemma with two horns: under one interpretation the non-discrimination requirement is ineffective, under the other it is infeasible. (p. 28).
On right to explanation, the authors note: Putting aside any barriers arising from technical fluency, and also ignoring the importance of training the model, it stands to reason that an algorithm can only be explained if the the trained model can be articulated and understood by a human. It is reasonable to suppose that any adequate explanation would, at a minimum, provide an account of how input features relate to predictions, allowing one to answer questions such as: Is the model more or less likely to recommend a loan if the applicant is a minority? Which features play the largest role in prediction? (p. 29).
Academics to Telecom Regulators: Protect Open Internet in Europe
126 academics from Europe and all around the world published an open letter to European Telecom Regulators. They congratulated the European Union for opening a discussion about the draft guidelines for EU Regulation 2015/2120. Therefore, in the letter, the academics asked to focus on several important points:
Zero-rating – the guidelines should ban harmful forms of zero-rating (such as application-specific zero-rating and zero-rating for a fee), providing legal certainty and sustainable solutions that empower individuals, rather than relegate their Internet experience to a selection of sponsored services.
Internet traffic management – any traffic management should be as application-agnostic as possible, and exceptions to application agnosticism should be carefully tailored in order to avoid undue discrimination
Specialised services – the guidelines should ensure that ISPs will not be permitted to provide specialised services to regular Internet applications that could function on the normal Internet.
Protecting hashtags as a trademark
Hashtags might be a powerful tool for social media presentation of companies. Therefore, protecting their hashtags is an important task for many of them. One of the methods is the trademark protection.
According to the article on Socially Aware blog, there were over 1,040 hashtag trademark applications in the United States in 2015. U.S. Patent and Trademark’s Office had even issued a guidance for such trademarks. “(A)ccording to the Office, a hashtag is no more—but also no less—capable of functioning as a trademark than the non-hashtag form of the relevant tag line or phrase would be.”
However, the article argues, that this might not be the right conclusion. It addresses the problem with a close and obvious connection to a particular brand and a situation, when “a hashtag often appears only on social media rather than on the goods themselves or in advertising raises questions regarding what constitutes an acceptable specimen for a hashtag mark.” Another huge problem is the inconsistency of court decisions. The article refers to some of the recent ones.
Brexit and the UK’s data protection regime
Many authors analysed the implications of Brexit on the UK data protection regime. Due to the complexity of the issue, we covered this topic in a dedicated article on Brexit.