Berthold, Mark (New Zealand, China): Regulating Personal Data in China
Broude, Tomer (Israel): Cultural Diversity and the Internet in the Context of International Trade and Intellectual Property Disputes
Edwards, Lilian (UK): Chinese zombies or Japanese worms? The future of cybersecurity and the law.
Komaitis, Konstantinos (Greece, UK): Aristocracy and Internet Governance
Liu, Yue (Norway, China): Proportionality principle on biometrics in Europe---case study of Norway
Selby, John (Australia): Make or Buy? The changing market for regulatory regimes in Australia
| Regulating Personal Data in China by Mark Berthold, barrister and solicitor of the Supreme Courts of New Zealand, Victoria and Queensland. | |
 |
Mark Berthold (Beijing University of Technology) is a barrister and solicitor of the Supreme Courts of New Zealand, Victoria and Queensland. Following general legal practise in New Zealand he became a senior crown counsel of the Hong Kong Law Reform Commission and secretary to its Privacy Sub-committee. From 1989-1994 he conducted the international research required to formulate proposals for a law to regulate personal data for Hong Kong. Mark was legal advisor to the Hong Kong Legislative Council’s bills committee examining the draft legislation. Following the enactment of the Personal Data (Privacy) Ordinance in 1995 he became the legal advisor to the newly established Office of the Privacy Commissioner for Personal Data. Mark is, with Professor Raymond Wacks, author of Hong Kong Data Privacy Law: Territorial Regulation in a Borderless World (Sweet & Maxwell Asia, 1997 and 2003). On a lighter note, he has taken his camera to 30 countries and his illustrated articles are at www.english.china.com/mark/ . The most recent are of Beijing, where he now resides. |
| Abstract In 1997 Hong Kong reverted to China. China is developing a law to regulate personal data. Hong Kong completed that process in 1996 and that instructive exercise is the subject of the paper. The paper examines the internationally recognised principles regulating personal data. Deriving from the OECD Guidelines of 1980 they are, fundamentally, simple edicts of good data management grounding sound decision making. They are underpinned by notions of fairness and data user accountability. The paper does not mention the differences between China’s civil law system and Hong Kong’s common law one. But these are relevant insofar as such common law principles as the duty of confidence and negligence cover similar ground to corresponding personal data principles (namely use limitation and data security, respectively). The very generality of the personal data principles can obstruct their ready comprehension or application. Even the core concept of “personal data” is far from definite. The paper does not dwell on these uncertainties, but they do indicate the need for data privacy jurisprudence as well as sectoral codes of practise. Indeed these needs motivated the co-authored publication referred to above. Arguably addressing these issues requires the establishment of a centralised rule-making and precedent setting organ. Legal traditions and governing practises vary in their receptiveness to such institutions (and official ambivalence to data privacy regulation is widespread, but that is a different issue). Unlike the paper, the presentation will touch on these issues. Also vexing is the tension between the principles and competing social interests. The formulation of the necessary exemptions took up most of the time in both formulating and refining the Hong Kong provisions. Crucial was the input of the public. An extensive public consultation exercise was conducted and detailed submissions were received from key data users and public groups. A social survey was also conducted. By the time the law was enacted key players were already acquainted with the new requirements, which indeed they had helped formulate. |
|
| Cultural Diversity and the Internet in the Context of International Trade and Intellectual Property Disputes by Tomer Broude, Hebrew University of Jerusalem. | |
 |
Dr. Tomer Broude is a member of the Faculty of Law and Dept. of International Relations /Hebrew University of Jerusalem. Tomer Broude completed his studies in Law and International Relations (Magna Cum Laude) at the Hebrew University of Jerusalem in 1996. After articling at the Office of the Legal Adviser of the Israeli Ministry of Foreign Affairs and pursuing private legal practice at a leading Jerusalem law firm for five years (focusing on administrative, corporate and commercial law and litigation, with an emphasis on international law, transactions and litigation) he returned to academic activity in 2001 and completed graduate studies at the University of Toronto Faculty of Law, earning his SJD (having transferred directly from the LLM programme) in 2004. He was appointed Lecturer at the Hebrew University of Jerusalem Faculty of Law and Department of International Relations (equivalent to Assistant Professor) in July 2004. |
| Abstract The Convention on the Protection and Promotion of the Diversity of Cultural Expressions (CCD) was executed under the auspices of UNESCO in 2005 and entered into force in 2006, with the membership of important international parties (as of October, 2007, approximately 70 in number) such as China, Egypt, France, Germany, India, Poland and other states (but not the United States). The CCD aims to encourage measures taken to encourage global intercultural exchange while allowing measures taken to protect and promote domestic cultural expressions. Its potential conflict with World Trade Organization (WTO) disciplines remains contentious and intriguing; and its effect on intellectual property rights remains unclear.This presentation will address the extent to which the CCD objectives and its language might affect national measures taken with respect to internet-based channels of knowledge distribution in the context of international trade and intellectual property commitments. In particular, the paper will address the recent WTO complaints by the United States against China (WTO DS363 China - Measures Affecting Trading Rights and Distribution Services for Certain Publications and Audiovisual Entertainment Products and WTO DS362 China Measures Affecting the Protection and Enforcement of Intellectual Property Rights), arguing that the CCD might be invoked in both these cases but that the text of the CCD as well as prevailing WTO law on the status of non-WTO law will consign the CCD to a relatively minor, at most interpretative position. The special role of web-based knowledge distribution in the face of agitation for political control will be discussed in this connection. |
|
| Chinese zombies or Japanese worms? The future of cybersecurity and the law. by Lilian Edwards, Chair of Internet Law at Southampton. | |
 |
Since the dawn of the commercial Internet in 1996, my principal research interest has been in the law relating to the Internet, the Web and new technologies, with a European and comparative focus. I have co-edited two bestselling collections on Law and the Internet (Hart Publishing, 1997 and 2000 – 3rd edn due 2007) with Charlotte Waelde, and my third collection of essays The New Legal Framework for E-Commerce in Europe was published by Hart in December 2005. My work in on-line consumer privacy won the Barbara Wellbery Memorial Prize in 2004 for the best solution to the problem of privacy and transglobal data flows. I worked at Strathclyde University from 1986-1988 and Edinburgh University from 1989 to 2006 before moving to become Chair of Internet Law at Southampton. I am Associate Director, and was co-founder, of the Arts and Humanities Research Council (AHRC) Centre for IP and Technology Law, funded from 2002-2012. I have taught IT, e-commerce and Internet law at undergraduate and postgraduate level since 1996 and been involved with law and artificial intelligence (AI) since 1985. I have been a visiting scholar and invited lecturer to universities in the USA, Canada, Australia, Mexico, and Latin America.I also retain an interest in Scottish child law, and private law generally, and have co-authored two editions of Edwards and Griffiths Family Law (W.Green, 2000, 2006). |
| Abstract In the last few years it has become apparent that the security of the Internet has become a crucial regulatory issue. Spam, phishing, ID theft, theft of personal data, virus dissemination, distributed denial of service (DDOS) and some corporate security breaches all now to a great extent result from the phenomenon of “botnets”: networks of thousands or millions of computers which have been enslaved as “zombies” by viruses or worms, and which are then used for concerted criminal action lead by a “zombie master” - usually without the knowledge of the computer’s lawful user. The botnet threat is inherently a transborder one: the latest bi-annual Symantec report on malware revealed that the world’s highest Internet population of zombies is to be found in China, where 25% of machines are “zombies”, but the effects of botnet activity are most notably felt in Western economies, notably the US and EU. As a result legislatures are beginning to try to deal with the botnet threat. Although some framework multinational legislation has emerged the reality of international politics means most emphasis must be placed on what can be done by nation states acting locally to protect their own citizens. Approaches canvassed in the recent UK House of Lords Report on Personal Internet Security, which might create a more secure Internet infrastructure against the botnet threat include placing liability for insecure software on software vendors, encouraging ISPs to take a role in removing malware from their networks and isolating zombie machines, and mandating security breach notification. Most recently however a major threat to cybersecurity has emerged in Japan which is an entirely new wrinkle on viral infestation. The Winny P2P system, now extensively used in the Asian world where high bandwidth speeds are reliably available to consumers, has an inherent security flaw in it which facilitates its infestation by appropriate worms. The result has been a devastating impact on corporate security in Japan – around 50% of corporate security breaches are now due to the Winny P2P worm, and numerous highly embarrassing leaks have been publicly announced, including leaks of policing data on sex crime victims, and from a Mitubishi nuclear power plant. If Winny P2P style systems (anonymous, distributed) are the “3rd generation” P2P of the future, this insecurity faces the rest of the world very soon. The question arising for lawyers and policy makers is whether it is possible to devise a “holistic” approach to regulation of cyber-security which can withstand the staggering speed of technological evolution of threats in this area. Nations states are only beginning to take the botnet threat seriously at a point when it may be about to mutate significantly. Legal approaches such as mandatory public security breach notification may be actually counter productive as responses to the Winny P2P worm – as they disclose the availability of personal data on the Net for anyone to download. Anti-bot measures such as ISP liability may become ineffective or inappropriate. In a world of malware technology which dynamically mutates far faster than law is designed, can law ever have an effective role? |
|
| Aristocracy and Internet Governance by Dr. Konstantinos Komaitis, University of Strathclyde in Glasgow, UK | |
 |
Dr. Konstantinos Komaitis is a lecturer of Information Technology and Telecommunications Law at the University of Strathclyde in Glasgow, UK. Konstantinos Komaitis received his LLB from the Aristotles University in Thessaloniki, Greece and he holds two Masters from the University of Sheffield (LLM in European, International and Commercial Law) and Strathclyde (LLM in Information Technology and Telecommunications Law) in Glasgow, UK. His doctoral thesis observes the regulatory framework of domain names and their legal nature. The author of 9 refereed articles, Dr. Komaitis teaches Internet Governance issues, E-commerce, Computer Law and Computer, Society and the Law. He also serves as a panellist for the .eu domain name disputes and works for the Czech Arbitration Court. His research interests include: Internet Governance, Regulation, Internet Gambling and IP Rights. |
| Abstract The European proposal concerning the structure of the Internet has offered a more international and rounded approach to the debate surrounding Internet Governance. Encouraging the formation of ‘alliances’ by a certain number of governments, who wish to proceed to specific policy decisions, ‘enhanced cooperation’ is viewed as the viable solution that would potentially remove the control of the Internet outside the United States Government. However, can ‘enhanced cooperation’ meet the democratic mandate of how the Internet should be governed? With its future still undetermined, even within the confines of the European Union, ‘enhanced cooperation’ could work as the catalyst for either the unification or the segregation of the medium. The current structure of the Internet does not encourage the creation of a ‘Constitution’, due to its domination by a specific segment of governments and private entities. Due to this state of affairs, the setting of basic principles and policies with the active participation of all interested parties – Governments, the Private Sector, Civil Society and the International Corporation for Assigned and Numbers (ICANN,) is vital. Otherwise, if not used appropriately, ‘enhanced cooperation’ can “support” coalitions of specific groups, leaving outside actors, whose role is significant. This proposal’s starting point is the notion that, before we proceed in any governance of the Internet, first we need to identify the principles that we need to secure and, based on that premise, shape the boundaries and effects of the European proposal. Otherwise ‘enhanced coopeartion’ or any other proposal for that matter will have a detrimental effect and might even cause more problems than solutions. |
|
| Proportionality principle on biometrics in Europe---case study of Norway by Yue Liu, University of Oslo, Norway. | |
 |
Yue Liu (L.L.M., in Law and Information Technology, Stockholm University; M.A., in Theory and Practice of Human Rights, Oslo University, Norway; B.L., in Law, Sichuan University, China) is a PhD research fellow at the Norwegian Research Institute for Computers and Law, University of Oslo, Norway. |
| Abstract In the attempt to harmonise the application of European data protection legislation to biometric systems, the Art. 29 Data Protection Working Party, Consultative committee of 108 Convention and European Data protection supervisor adopted various advice on biometrics. The author finds that especially the application of the proportionality principle still leads to contradictory decisions. In this presentation, the advice given by the above European organizations on the application of proportionality principle are summarised and several case decisions of Norwegian Data Protection Authorities with respect to the implementation of biometrics are discussed, which aims to find out the most appropriate way of applying the proportionality principle in the biometrics context. |
|
| Make or Buy? The changing market for regulatory regimes in Australia by John Selby, Macquarie University. | |
 |
John Selby is a Lecturer at the Division of Law at Macquarie University in Sydney, Australia. |
| Abstract This paper examines the boundaries of the market for regulatory regimes in 1) a greater recognition of the validity of cost-benefit analysis in determining the need for- and appropriate form of- regulatory regimes; 2) a greater recognition of the advantages and disadvantages of internally making regulatory regimes (eg select failures in existing command and control regulation) as compared to “buying them in” (co- or self- regulatory regimes); 3) changes in higher-level cultural norms both globally and within 4) changes in political leadership at the Federal level in This paper then proceeds to examine the impact of the shift in the boundary of the market for regulatory regimes through a case-study involving institutional change in the regulation of the .au domain name space. |
|