Kategori international issues

ECCWS (aka ECIW) 2014 Call for Papers

Call for: Papers, Case Studies, Work in Progress/Posters, PhD Research, Round Table Proposals, non-academic Contributions and Product Demonstrations

“The 13th European Conference on Cyber Warfare and Security (ECCWS*) is an opportunity for academics, practitioners and consultants from Europe and elsewhere who are involved in the study, management, development and implementation of systems and concepts to combat cyber warfare or to improve information systems security to come together and exchange ideas.”

Abstract deadline: 12 December 2013.

Read more here.


*formerly the European Conference on Information Warfare and Security (ECIW)

Personal Data Protection in Japan

A study trip to Japan sheds light on how different approaches to informational privacy protection may be around the world. In Japan, a major regulatory step was taken through the introduction of the Act on the Protection of Personal Information in 2003 which came into force 2005.


  Professor Cecilia Magnusson Sjöberg & Professor Dan Svantesson

There are certain things that in particular strike a foreigner as worth noting when finding out more about data protection in Japan. For instance, the comparatively restricted approach to sanctions as such relying as it seems on the cultural emphasis being placed on reputation and avoiding loss of face in public. At the same time it was brought forward by several experts at the University of Tokyo and Kyushu University that the introduction of data protection legislation in the country has led to a kind of over-reaction resulting in ”hyper compliance” of the legal framework. Even in emergency situations as in the aftermath of earthquakes and tsunamis hospitals have not been willing to give out the most fundamental information about whether a certain patient was at the institution being taken care of. Indeed, it was emphasised that many organisations simply avoid handling personal data out of fear of being accused of misusing it. Such far reaching negative effects of the Act are saidto have changed the public opinion to being more open minded when it comes to sharing personal data.

Assistant Professor Chiaki Sato & Professor Akira Morita, the University of Tokyo

Adding to the picture of comparatively limited sanctions attached to the Protection of Personal Information Act is the absence of a national supervisory authority. This may be explained by the organisational infrastructure of the public sector not quite allowing for a comprehensive approach to responsibility but rather keeping it sectoral. Furthermore, it became quite clear to us that the business model for large scale personal data processing, aimed both towards the public and the private sector, is to keep it domestic. In practice though, needs for back up may require storage outside of the country, this being based on commercial agreements with foreign companies. And, Japanese people use Facebook and other social media as in any other modern information society, which has well-known legal implications with regard to jurisdiction, applicable law etc.

Among many other current initiatives it should be mentioned that the Japanese Parliament (the Diet) is discussing the so call “My number” bill which is expected to pass in a few months. There is another bill coming up addressing personal health records specifically. The My number approach appears to be a combination of a national register comprising a new identification number of all citizens combined with an electronic ID card enabling storage of personal information. An article in the Japan Times Mar 25, 2013 highlights the risks of My number claiming that “The government’s plan to introduce an identification numbering system covering all citizens carries serious potential risks. It could end up benefiting only the information technology (IT) industry, whose members regard the plan as a big business opportunity.” The tension between efficiency enhancement and privacy protection is in focus too.

Upcoming Seminar: Norms as Agents in the Information Society

Title: Norms as Agents in the Information Society
Speaker: Luciano Floridi
Date: Wednesday 15 May, 4-6pm
Location: Faculty Room, 8th floor C house, Södra Huset, Frescati, Stockholm University (subway: Universitetet)

Luciano Floridi is Professor of Philosophy at the University of Hertfordshire – where he holds the Research Chair in Philosophy of Information and the UNESCO Chair of Information and Computer Ethics – and Fellow of St Cross College, University of Oxford, where he is the founder and director of the IEG, Oxford University Information Ethics research Group.

His most recent books are Information: A Very Short Introduction (OUP, 2010), The Philosophy of Information (OUP, 2011),  and The Cambridge Handbook of Information and Computer Ethics (CUP 2010).

The territorial scope of the proposed EU Data Protection Regulation

As is well known, the European Union is currently seeking to reform its data protection framework through the introduction of a Regulation to replace the 1995 Directive. The Regulation has come under significant scrutiny from various quarters. However, one Article – Article 3 determining the proposed Regulation’s territorial scope – has received limited attention. This is surprising since, for any non-EU party, Article 3 is the single most important provision in the entire proposed Regulation; after all, nothing can be of a more fundamental importance than a provision that determines whether the substantive rules of the Regulation apply or not. This fact could scarcely have escaped the attention of the drafters.

In its current form, Article 3 reads as follows:

Article 3:

1. This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union.
2. This Regulation applies to the processing of personal data of data subjects residing in the Union by a controller not established in the Union, where the processing activities are related to:
(a) the offering of goods or services to such data subjects in the Union; or
(b) the monitoring of their behaviour.
3. This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where the national law of a Member State applies by virtue of public international law. (emphasis added)

Anyone attempting to get clarification as to the exact meaning of this Article, and the underlying principles that has guided the drafters, will logically turn to the Explanatory Memorandum. Unfortunately, doing so is an utter waste of time. Depending on one’s personal disposition one will be either amused, dumbfounded or feel great despair in finding that under the heading “3.4 Detailed explanation of the proposal”, all that the Explanatory Memorandum states about Article 3 is that: “Article 3 determines the territorial scope of the Regulation.” If this is the “detailed explanation of the proposal” we need the drafters to provide a ‘super-extended director’s cut’ version as well.

This lacking attention to a key provision, that more than any other needs to be discussed in detail, is puzzling. What is worse, even on a charitable interpretation of the situation, the failure to provide reasonable guidance as to Article 3 is negligent, arguably suggesting that inadequate attention has been given to the territorial scope of the Regulation. At worst, it seems the drafters are seeking to avoid attention being directed at the enormously important effect of Article 3.

Interestingly, and no doubt controversially, whichever version of Article 3 is finally entering into force, this provision seems likely to bring all providers of Internet services such as websites, social networking services and app providers under the scope of the EU Regulation as soon as they interact with data subjects residing in the European Union. While this can be said to be the case already under the current EU approach to extraterritoriality, it is submitted that the new approach, as found in the proposed Regulation, goes even further.

In more detail, the rule articulated in Article 3(2)(a) contains a double requirement; that is, (1) the data subject must reside in the European Union (similar to passive nationality), and (2) the conduct must take place in the EU (similar to objective territoriality). However, Article 3(2)(b), which must be read independent from Article 3(2)(a), only contains the first requirement – it only focuses on whether the data subject resides in the European Union.

If this is correct, then Article 3(2)(b) suggests that EU residents enjoy the protection of the Regulation simply by residing in the European Union. In the absence of further restrictions, this protection would then seem to attach to the very person of EU residents so as to enable them to rely on this protection also when travelling outside the EU. For example, an EU resident on holiday in New York would be protected by the EU data protection Regulation by virtue of the EU residence if a US controller, not established in the Union, processes personal data of the EU resident as part of monitoring the EU resident’s behaviour in New York.

This result is so absurd, and so clearly inappropriate, that it cannot have been the drafters’ intention. Thus, the proposed Regulation must be amended to address this issue, and indeed, all that is required to depart from this unfortunate situation is to include, in Article 3(2)(b), the words “in the Union” in the manner done in Article 3(2)(a).

Indeed, some experts seem to take such an amendment to Article 3(2)(b) for granted. In expressing his views on the proposed Regulation, the European Data Protection Supervisor stated that:

“He considers that the offering of goods and services or the monitoring of the behaviour of data subjects in the Union makes much more sense and is more in line with the reality of global exchanges of information than the existing criterion of the use of equipment in the EU, under Article 4(1)(c) of Directive 95/46/EC.” (emphasis added) (Opinion of the European Data Protection Supervisor on the data protection reform package, 7 March 2012, at 17.)

While this interpretation is sensible, it would be much more comfortable to have the text of Article 3(2)(b) amended so as to cement this interpretation beyond any doubt.

South Africa Update

IRI is busy in South Africa this week! Two of the highlights thus far have been meeting members of the law faculty at the University of Cape Town and Stanley Greenstein’s presentation at the Cape Law Society.  Other good experiences include visits to numerous law firms with an interest in law and technology and a tour of the tech and design hub of Woodstock.  After almost a week here, we are developing a good understanding of the South African law and ICT perspective: cloud computing, data mining, regulating ICT and the forth coming South African data protection legislation have been hot topics of discussion.

Bon voyage!

The editor of the month would like to wish the Law & ICT gang an educational study tour to South Africa.

Looking forward to running updates and reports from the trip.

Take care and bon voyage, guys!

Addressing Cyber Instability

The Cyber Conflict Studies Association (CCSA) released its full “Addressing Cyber Instability” monograph earlier this month. It is available for download at the CCSA website and will be coming out in paperback, hardback, and ePub in the future.

In addition to legal issues, the monograph covers various concerns in cyberspace such as strategy, military doctrine and organization, non-state actors, and critical infrastructure protection.

A collabortive effort from two years of research and dialogue, the monograph was authored by Matt Devost, Maeve Dion, Jason Healey, Bob Gourley, Sam Liles, James Mulvenon, Hannah Pitts, and Greg Rattray, and was edited by James Mulvenon and Greg Rattray.


In addition to the WCIT-12, which kicked off today, another ‘law and IT’ event will be held this week in Dubai. Folks from IRI, together with others in SU’s Department of International Law and the Swedish National Defence College, will be hosted by the Modern International Study center in Dubai for a seminar entitled “International Legal Aspects of Cyber Security.” We look forward to an interesting event. Information on the seminar is found on the center’s website.

Of course, the WCIT-12 may be just as interesting. For those who want a general overview to this ITU event, see Wired.co.uk’s “A simple guide to the ITU’s World Conference on International Telecommunications” article. For some European opinions, there is a zdnet article and an older EDRI newsletter article. For some American perspective, see this op-ed and ARIN’s opinion (the American Registry for Internet Numbers manages distribution of IPv4 and IPv6 addresses). And finally, the main WCIT-12 web info from ITU, and lastly, if you want to delve into some of the nitty-gritty, there is WCITleaks, which has various “leaked” documents and proposals from some of the ITU member countries.

Last chance to register for the e12 Stockholm IT Law Conference!

There are a few places remaining at the e12 Stockholm Conference Internationalisation of law in the digital information society, to be held on 22-23 November.

The main sessions of the conference will cover the following issues:

I      Data Protection in Global Networks
II     Evolving Systems for Solving Conflict of Laws on the Internet
III   Visualisation of Law

Theme: Internationalisation of Law in the Digital Information Society

Date: 21-23 November 2012 (21 Doctoral Workshop, 22-23 Conference)

Location: Stockholm, Sweden

Website & Registration: http://www.juridicum.su.se/iri/e12/

The registration deadline is Friday 28th October. We hope to see you there!


12th European Conference on Information Warfare and Security (ECIW-2013)

Recently announced was a First Call for papers for the 12th European Conference on Information Warfare and Security (ECIW-2013) which is being hosted by the University of Jyväskylä , Jyväskylä, Finland on 11-12 July 2013

This call will close on 20th December 2012.

The 12th European Conference on Information Warfare and Security (ECIW) is an opportunity for academics, practitioners and consultants from Europe and elsewhere who are involved in the study, management, development and implementation of systems and concepts to combat information warfare or to improve information systems security to come together and exchange ideas. There are several strong strands of research and interest that are developing in the area including the understanding of threats and risks to information systems, the development of a strong security culture, as well as incident detection and post incident investigation. This conference is continuing to establish itself as a key event for individuals working in the field from around the world.

For more information please go to http://academic-conferences.org/eciw/eciw2013/eciw13-call-papers.htm

Academic research, case studies and work-in-progress/posters are welcomed approaches. PhD Research, proposals for roundtable discussions, non-academic contributions and product demonstrations based on the main themes are also invited. Please feel free to circulate this message to any colleagues or contacts you think may be interested.

Selected papers presented at the Conference will be considered for publication in a special issue of both the Journal of Information Warfare: http://www.jinfowar.com and the International Journal of Cyber Warfare and Terrorism (IJCWT) published by Information Resources Management Association, USA.( DOI: 10.4018/IJCWT, ISSN: 1947-3435, EISSN: 1947-3443). Additionally, selected papers from the conference will be considered for publication in the International Journal of Electronic Security and Digital Forensics published by Inderscience UK (ISSN:1751-1911X)

Copyright © blawblaw
Nyheter om, från och kring institutet för rättsinformatik

Byggt på Notes Blog Core
Powered by WordPress