Hello and welcome to Berry Picks in IT Law, with particular focus on data protection and social networks (we’re looking at you, TikTok and Meta), and a side of cybersecurity. Long name, but we believe in transparency here.
🔏 Data Protection & Privacy
Brand new factsheet on personal data protection by the European Court of Human Rights (“ECHR”). Newest addition: L.B. v. Hungary on storage and use of personal data as tax information. Sneak peak: violation of Article 8, due to a lack of weighing up of the public interest in ensuring tax discipline against the individual’s privacy rights. Mark your mind maps and thank them later.
The Austrian Data Protection Authority (“DSB”) decided that the use of Meta’s tracking pixel and login tools by websites, directly violates the GDPR and Schrems II. If these tools are used, data is transferred to the USA, where the data is at risk of intelligence surveillance. At this point it’s like taking the register: Google Analytics ✅ Meta Pixel ✅ Facebook Login ✅.
🔐 Cybersecurity
The European Union Agency for Cybersecurity (“ENISA”) published its first cyber threat landscape report on the transport sector. The report also includes an assessment of threat actors, an analysis of motivations driving their actions and introduces major trends for each sub-sector. According to this report, prime threats affecting the transport sector have been determined to be:
- ransomware attacks;
- data related threats;
- malware;
- denial-of-service (DoS), distributed denial-of-service (DDoS) and ransom denial-of-service (RDoS) attacks;
- phishing / spear phishing;
- supply-chain attacks.
ENISA launched the EU Cybersecurity Certification mini-site. The site includes information related to EU cybersecurity certification. Here, you will be able to access information on the the certification schemes currently being developed. At the time of this post, these include the Common Criteria, the Cybersecurity Certification Scheme for Cloud Services, and – the EU 5G scheme for network devices and identification.
👩🏼🎨 Intellectual Property
Internet Archive (“IA”) found to be infringing publishers’ copyrights over its digital library. The decision is regarding IA’s Open Library programme, where users can check out digitised copies of physical books through controlled digital lending (“CDL”). CDL is a system where libraries digitise copies of books in their collections and then offer access to them as ebooks on a one-to-one basis (if a library has one copy, it can keep the book in storage and let one person at a time access the ebook). However, IA drifted from CDL during the coronavirus pandemic and essentially allowed an unlimited number of users to access the ebooks within a set lending period. The court determined that IA’s scanning and lending of digital copies of copyrighted works without publishers’ permission did not constitute fair use under US copyright law. Despite IA’s arguments, the court concluded that IA’s use was commercial in nature and negatively impacted the market for the copyrighted works, thus not satisfying the fair use criteria.
🛒 E-Commerce & Digital Consumer
The European Commission (“EC”) created a High-Level Group on the Digital Markets Act (“DMA”) The High-Level Group will have a mandate of two years and will meet at least once a year. The Group will be able to provide the EC with advice and expertise to ensure that relevant regulations are implemented in a coherent and complementary manner, and in market investigations into emerging services and practices, to help ensure that the DMA is future-proof.
🎩 Competition
The Italian Competition Authority (“AGCM”) initiated an investigation against TikTok over the growth of numerous videos of young people who attempt acts of self-harm on the platform. The AGCM is accusing TikTok of failing to implement appropriate monitoring mechanisms to supervise the content published by third parties, according to diligence requirements, especially when particularly vulnerable users such as minors use the service. TikTok’s use of artificial intelligence techniques that may influence users is also under scrutiny.
📄 Recommended Readings
Here is a concise list –in no particular order– of recent publications that caught my eye this week.
China Data Flows and Power in the Era of Chinese Big Tech by W. Gregory Voss & Emmanuel Pernot-Leplay
Adapting cybersecurity practice to reduce wildlife cybercrime by Timothy C. Haas
I am in no way affiliated with the authors or publishers in sharing these, and do not necessarily agree with the views contained within. I try to include mostly open access publications due to, well you know, accessibility of knowledge and science.
