The cloud clock is ticking: it's time to think seriously about data sovereignty

http://cyberparse.co.uk/2015/12/07/the-cloud-clock-is-ticking-its-time-to-think-seriously-about-data-sovereignty-2/ https://i0.wp.com/cyberparse.co.uk/wp-content/uploads/2016/04/security-binary-pd-898757.jpg?fit=3888%2C2592

As more aspects of our business and personal lives move online, there is greater concern from individuals, businesses and governments around the protection of the digital information that is held and shared there. Complications are growing around “data sovereignty” – an umbrella term used to cover anything related to the protection of data, including data privacy and its associated laws and regulations, data encryption, transfer, storage and overall information governance.

Recently, the Court of Justice of the European Union’s (CJEU) advocate general expressed the opinion that the 15 year-old Safe Harbourr rules governing the sharing of data between the EU and US were “invalid”. The CJEU followed a couple of weeks later with its decision and agreed with the advocate general’s opinion. As a result, any company using Safe Harbour will now need to evaluate how it protects personal data, as well as re-evaluate its governance, risk and compliance processes to meet international data transfer requirements. Furthermore, in September, Microsoft was in court to challenge a demand from the US government that it hand over emails stored at a data centre in Ireland, which were alleged to contain details of narcotic sales. Both of these examples represent significant milestones in the importance of data’s physical location, and strike at the heart of important questions around data privacy. The results will have far-reaching implications for cloud providers and, indeed, any company that stores its data in the cloud – which today is almost every company in the world, whether they’re aware of it or not.Regulating cloud-held data While many businesses focus on managing the migration of their data storage to the cloud, governments and regulatory bodies across the world are looking at ways of regulating this cloud-held data. As a result, businesses will need to learn a whole new way of doing business. Many countries are attempting to introduce new legislation on data privacy, or overhaul that which already exists. The European Union is currently working on implementing the General Data Protection Regulation (GDPR) as a replacement for the EC Data Protection Directive, a change which will impact all global organisations doing business in Europe. Set to be finalised by the end of this year, violations of the GDPR could result in billions of dollars’ worth of fines for some of the world’s highest profile companies. With this in mind, businesses around the world should start considering the working practices of their cloud providers if they are to avoid such penalties. Putting measures in place Unless certain provisions are in place or have been met, data is not allowed to leave the European Economic Area (EEA), which includes countries within the EU as well as Iceland, Norway and Lichtenstein. Information governance frameworks must be in place to ensure that any contractors employed to transfer, store or process information are complying with data privacy legislation. And not only is it important that every cloud provider has measures in place to protect personal data, but organisations need to understand how their data will be secured. Serious considerations Beyond understanding regulations, businesses should give serious consideration to physical location, technology, and governance when developing a cloud strategy to protect their data. Physical location is important for those businesses and countries that insist on a degree of data residency, where some critical information is kept in-country or behind corporate firewalls. In the online world, however, where data is under constant threat from cyber-attacks or accidental leaks, it’s important to assess what technology is able to protect that data. Encryption, for example, must travel with a file wherever it goes, whether that data is stored on a company iPad, a personal laptop or a corporate server, meaning that only those authorised to view that file will be able to do so. Finally, it’s important that companies that house personal data ensure their internal policies and procedures offer a safe haven for this information. Given how rapidly legislation is changing, however, the concept of data governance is currently something of a moving target. What is clear though is that, as businesses continue to move to the cloud, it’s important that they focus on the right areas of keeping their data secure, ensuring that they work with the right partners. Those that don’t, risk getting caught out as changing regulatory powers catch up with the online world in which individuals, businesses and governments increasingly live. Deema Freij is global privacy office at Intralinks

Smart home technology may lead to another kind of domestic abuse by monitoring and controlling our life.

The people who called into the help hotlines and domestic violence shelters said they felt as if they were going crazy.

One woman had turned on her air-conditioner, but said it then switched off without her touching it. Another said the code numbers of the digital lock at her front door changed every day and she could not figure out why. Still another told an abuse help line that she kept hearing the doorbell ring, but no one was there.

Their stories are part of a new pattern of behavior in domestic abuse cases tied to the rise of smart home technology. Internet-connected locks, speakers, thermostats, lights and cameras that have been marketed as the newest conveniences are now also being used as a means for harassment, monitoring, revenge and control.

In more than 30 interviews with The New York Times, domestic abuse victims, their lawyers, shelter workers and emergency responders described how the technology was becoming an alarming new tool. Abusers — using apps on their smartphones, which are connected to the internet-enabled devices — would remotely control everyday objects in the home, sometimes to watch and listen, other times to scare or show power. Even after a partner had left the home, the devices often stayed and continued to be used to intimidate and confuse.

read more here

It is impossible for users to totally know what they have consented when they click the “ accept cookies” button.

It would take you 76 full workdays to read all the privacy policies and terms & conditions you agree to in a year. Source Source 2

Original source: YouTube channel “Article 19” Internet intermediaries: dilemma of liability . Whether internet intermediaries should be liable for illegal contents online or not? Notice and notice system should be created.

Who should be responsible for illegal P2P filesharing?

Peer-to-peer( P2P) online filesharing involves three parties: the file-sharers, the file-receivers and the providers of P2P software. It is common that some files are shared without the consent of authors and this kind of sharing definitely infringes copyright. However, who should be responsible for this infringement and how to identify infringing party still deserve discussion.

First, there is no question that file-sharers should be responsible for the copyright infringement, but with the development of technology, there are three main issues making it difficult for rightholders to sue these sharers. First, the amount of this kind of fire sharing is huge. One work which is protected by the copyright may be shared for hundreds of times. It is impossible to sue all the sharers. Second, it is hard for rightholders to identify who is using the software to share. Even for the software providers, the only thing can be tracked is IP address rather than the real person sharing the works. What’s more, software providers are not ought to disclose users’ private information to others freely. In this case, it is almost impossible for rightholders to track sharers. Third, some file sharing does not need a central server and can be shared by Bit Torrent, and shared files may come from multiple sources. The person who share the files to others may be the share receivers at the same time. Based on the above, even it is no doubt that file-sharers are the infringe party, it is hard to claim against them. On this occasion, claiming to the software providers seems to be a more feasible choice.

In the first major case addressing the application of copyright laws to peer-to-peer file-sharing,  A&M vs. Napster, Defendant Napster, Inc. designed and operated a peer-to-peer (P2P) filesharing network allowing users to search, access, and download audio recordings stored in MP3 digital file format on their own or others’ computers. And the court provides two aspects to consider when judging the infringement: whether the ISP know or have reason to know the existence of infringement act and whether the software materially contribute to this infringement act. In this case, plaintiffs introduced sufficient evidence to show that Napster caused a reduction in audio CD sales and hindered plaintiffs’ ability to enter the digital sales market, which means the service provided by the defendant has constituted “ materially contribute to infringement”. What’s more, Digital Economy Act 2010 also includes some provision aiming to address the infringement caused by P2P filesharing.

In my opinion, although some software providers should be responsible for infringement because these infringement acts cannot happen without their service, the standard should not be too strict, especially when the software has both infringe and non-infringe use.

Whether internet memes constitute copyright infringement?

The key point of the discussion of internet memes is how to balance the freedom of expression and the interest of rightholders.

Most memes are created based on some original contents. Whether this use can be regarded as the exception of copyright infringement like parody directly affects whether the original rightholders can claim copyright infringement against meme generators and ask related online platforms to remove the memes.

According to the CDPA and ECJ, parody exception has been confirmed. But the scope of accepted parody is generally depends on the court’s sense of humor ( see Parody in the UK and France: defined by humour? by Laetitia Lagarde and Carolyn Ang, Baker & McKenzie LLP), it is hard for online platforms to accurately judge whether the meme content assumed by the original rightholders should be seen as parody or infringement. In this case, according to the notice and turn down policy, it seems that the safest option for online platforms is to filter or remove all controversial memes. On the one hand, this option can provide maximum protection to the original copyright. On the other hand, it seems not a good way to encourage innovation, which is one of the most important purpose of copyright law, and it may limit memes generators’ freedom of expression.

Internet memes may relate to the right of adaptation, which is usually regarded as a part of the right of reproduction( see Internet memes as derivative works: copyright issues under EU law, by Giacomo Bonetto). It is no doubt that there must be some similar parts between memes and original works. On this occasion, the purpose of creating memes is critical to determine whether memes can fall into the scope of exception of copyright infringement. Whether the latter memes are aimed to make people laugh by unique adaptation or just want to use the publicity of original work? Whether they constitute competition relationship in the same market? In some cases, users follow the original works because they like the memes and it is those high-quality and widely-spreading memes benefit the author of original work. The original rightholders have no loss but benefit, which means they have no place to claim for compensation.

IP ISSUES ABOUT HYPERLINNS

what can we learn from the case  “GS Media BV v Sanoma Media Netherlands BV and others, Case C-160/15, 8 September 2016”

This case is mainly about if someone creates a hyperlink without permission of the owner of copyright, can the rightholder claim infringement? There are two different opinions: one is this behavior has constituted a “communication of public” since it makes original website accessible to “ new public”. The other is creating a hyperlink doesn’t belong to copyright infringement, since the original website is free to all users, which means all users who can browse the Internet are “target user”, there is no “new user”. 

In my opinion, when judging whether the act of linking providers constitutes infringement, the function of the hyperlink should be taken into account. On the one hand, if it is just a simple website address linked to the homepage of the original website, there is no loss for both original website provider and rightholder. Thus this kind of hyperlink should not be regarded as infringement. On the other hand, if it is a deep linking which can bypass the homepage of the original website, then the situation is different. As we all know, if the provided contents are free to users, the profit model of those original websites is earning money by posing commercial advertisements. In this case, the consequence of those deep linking is allowing users browse the contents they want with no need to see the commercial advertisements. It will definitely cause a loss to original website providers. In the perspective of rightholders, to some extent, new users are created on this occasion. The aimed users are people who search these copyrighted works through browsing the homepage of specific website, while the new users refer to people who bypass the homepage.

# week 3 THE COPYRIGHT OF THE SOFTWARE#

The idea is this: You buy a tractor that runs their software, and (the way they see it) therefore you don’t actually own the tractor. They do. Because software.

(SIDE EYE)

Read it and see if your brain doesn’t turn right around in your skull at the “logic”.

The regulation of information technology

The researches on the information technology require specialized knowledge, which means it is hard for the general lawmaker to find an effective way to regulate the problems stem from the information technology. Compared with the “public state initiate techno-regulation”, regulation through technology design is a more direct and powerful way. Since there may be plenty of unknown problems, the designers are the group who are most likely to react to these unknowns and pick the solutions.  Accordingly, in the terms of regulation effectiveness, tech-regulation by the technology design is a better choice. 

However, there are still some controversial issues. The first and foremost, a universe standard for all the technology companies is necessary. Otherwise, if a company take some technological measures to prevent malicious activities such as disseminating the pornography, while another company who intend to attract more users reject to take the same measures. The regulation through technology design will not work. Secondly, the power of the designers to make regulation must be limited by state authority. Just as the scholar Ronald Leenes said, “ An important delegation of rule making from the state to private parties is contracting. “ The most primary method of regulating information technology by designers is  to draw up a contract between the software designer and the user of software. I think this kind of contract is more like standard clauses. The users have no choice but accept it. In this case, unfair terms should be avoided as much as possible.