You may have realised there are two new picks in your inbox. If you have not, carry on to the mildly amusing gif below before diving into this week’s picks. If you have, here’s a cookie to thank you for your time and attention 🍪
🤖 Artificial Intelligence
Council of Europe made public the Draft Framework Convention on artificial intelligence, human rights, democracy and the rule of law. The Convention is an international effort aimed at navigating the interplay between rapidly advancing AI technologies and foundational societal values. Its main goal is to ensure that AI development and utilization are in harmony with human rights, democracy, and the principles of the rule of law. The Convention sets forth a series of principles and obligations for Parties, emphasizing the importance of human dignity, individual autonomy, transparency, accountability, non-discrimination, privacy protection, and the safeguarding of democratic processes. To operationalize these principles, the Convention proposes a variety of implementation measures, including the establishment of risk and impact assessment frameworks, the conduct of public consultations, the promotion of digital literacy, and the fostering of international cooperation. These measures are designed to ensure that AI systems are developed and deployed in a manner that respects human rights and democratic values, while also encouraging responsible innovation. Pioneering and ambitious indeed, but we’ll see how enforcement and compliance will be ensured, if at all.
We’re across the pond this time, and a US District Court judgement partially granted and partially denied OpenAI’s motion to dismiss in a recent class action copyright case. The lawsuit was initiated by a cohort of authors alleging unauthorized utilization of their copyrighted works in the training datasets of OpenAI’s advanced language models, including ChatGPT. The court partially granted OpenAI’s request for dismissal, effectively nullifying various allegations made by the plaintiffs but simultaneously rejected it in part, allowing the possibility for specific claims to be further developed and presented again. The claims that were dismissed involved accusations of vicarious copyright infringement, breaches of the Digital Millennium Copyright Act, allegations under the Unfair Competition Law, and assertions of negligence and unjust enrichment. However, the court’s decision also presents an opportunity for the plaintiffs to amend their complaints to address the legal insufficiencies. The decision highlights the need for clarity on the extent to which existing copyright law accommodates the innovative processes involved in AI development, particularly the use of vast amounts of data to train machine learning models. We’re all tired and in need of help at this point.
🔏 Data Protection & Privacy
The CJEU ruled the supervisory authority of a Member State may order the erasure of unlawfully processed data even in the absence of a prior request by the data subject. In 2020, a municipal administration in Hungary initiated a financial support program for individuals impacted by the COVID-19 pandemic, requiring personal data from the Hungarian State Treasury and a local government office to verify eligibility. A data protection authority investigation, however, revealed that all three institutions violated GDPR rules by not informing data subjects about the use of their data, its purpose, or their rights within the mandated one-month period. Additionally, the administration was directed to delete the data of those who didn’t apply for the aid. This was appealed, with arguments against the supervisory authority’s power to order data deletion without a request from the data subjects. The case escalated and came before the CJEU. To sum up, to prevent unlawful data retention and processing, supervisory authorities must act to correct GDPR breaches, even without direct appeals from individuals, and this applies whether the data originated from the subjects themselves or another source.
Another ruling by the CJEU found requiring two fingerprints on identity cards aligns with the fundamental rights to privacy and data protection, justified by aims to prevent false identity cards and identity theft, and to enhance system interoperability. Despite this, the Court found the regulation invalid due to being based on an incorrect legal basis, following the wrong legislative process. To avoid adverse effects on EU citizens and maintain security, the Court decided to keep the regulation’s effects until a new, correctly based regulation is enacted by 31 December 2026. The decision came after a German citizen challenged the requirement for fingerprints on identity cards, leading to an examination of the regulation’s impact on privacy rights versus its benefits in crime and terrorism prevention, as well as facilitating EU citizens’ free movement.
🛒 E-Commerce & Digital Consumer
Back in the USA, the Federal Trade Commission FTC penalised “review hijacking” on Amazon. The FTC is distributing over $527,000 in refunds to customers who purchased specific Nature’s Bounty and Sundown vitamins and supplements on Amazon.com, following claims of deceptive marketing by The Bountiful Company. In its February 2023 complaint, the FTC accused Bountiful of exploiting Amazon.com’s features to mislead consumers by presenting its new supplements as having more ratings and reviews, higher average ratings, and falsely claiming “#1 Best Seller” and “Amazon’s Choice” badges. This case marked the FTC’s inaugural action against “review hijacking,” a deceitful tactic where a seller misappropriates another product’s reviews to enhance their own sales. The settlement with the FTC will be requiring Bountiful to make a financial restitution and banning the company from employing dishonest review strategies. Spot on, cheers.
Another one, thank you: an example of the FTC’s commitment to consumer protection. Two Cyprus-based tech support companies have agreed to a $26 million settlement. The settlement resolves FTC charges alleging that these companies engaged in deceptive practices by falsely claiming consumers’ computers suffered from security and performance issues to sell repair services. The companies’ tactics involved displaying alarming pop-ups to suggest severe computer infections, leading consumers to conduct scans that invariably suggested critical problems requiring immediate rectification through the purchase of the firms’ software. Subsequent interactions, particularly through telemarketing, involved pressuring consumers to buy additional expensive services under the pretense that the software alone was insufficient to resolve the purported issues. The FTC will reportedly use the settlement to provide redress to deceived consumers. sighs You guys never listen when we talk about tech and ethics, do you?
📄 Recommended Readings
Here’s a few –in no particular order– of recent publications (including a book!) that piqued my interest this week. Remember to grab a cuppa and settle in for some riveting reading.
Design(s) for Law by Rossana Ducato, Alain Strowel & Enguerrand Marique (eds)
Decision Quality and Errors in Content Moderation by Sebastian Felix Schwemer
Artificial Intelligence and Privacy by Daniel J. Solove
Disclaimer: I am in no way affiliated with the authors or publishers in sharing these, and do not necessarily agree with the views contained within. I try to include mostly open access publications due to, well you know, accessibility of knowledge and science.
So there you have it, folks – another week in the fascinating realm of IT Law. Remember to pop back next week for your latest dose of legal updates, served with a twist. Cheerio!
If you have any thoughts or suggestions on how to make this digest even more enjoyable, feel free to drop a line. Your feedback is always welcome!
Featured image generated using DALL·E 3.
