111th Annual Conference of the Society of Legal Scholars

At the 111th Annual Conference of the Society of Legal Scholars, I’ve presented two papers in the Intellectual Property and Cyber Law sessions. Respectively:

  1. On 1st September 2020 15-16:30 UK time – Panel “New Developments in IntellectualProperty Law” (IP session)

With Prof. Cristiana Sappa (IESEG), we’ll present “The Internet of Things at the intersection of dataprotection and trade secrets. Non-conventional paths tocounter data appropriation and empower consumers

The Internet of Things (IoT) has heralded a never-before-seen quantity of high-quality data. This includes both personal and non-personal data. Factual and legal control over IoT data gives companies unparalleled power to influence consumers, policy makers, and the other stakeholders of the IoT’s supply chain. The combination of analytics algorithms, the data goldmine structure and the output of data processes are regularly kept secret by businesses. Leveraging this portfolio of big data and trade secrets, IoT companies put in place practices that can negatively affect consumers, who are often unaware of them due to technical and legal secrecy. ‘Technical’ secrecy results from the opacity of the algorithms that underpin the IoT, especially when AI-enabled. ‘Legal’ secrecy, in turn, come from a combination of trade secrets and strategic contract management that keep IoT data practices secret. This begs the central research question of this article: how can consumers be empowered to counter IoT data appropriation?

Traditional consumer protection approaches, epitomised by the Consumer Rights Directive, are focused on pre-contractual duties to inform consumers. Their benefit to IoT consumers is limited by their reflecting a text-based paradigm, whereby information must be legible. This is not fit for the IoT, where displays tend to disappear and information is provided in audio or video formats. Consumer laws are drafted on the assumption of information asymmetries in business-to-consumer contracts, but they fail to account for the power imbalances that permeate IoT transactions. These power imbalances are exacerbated by control over a wealth of user data and corresponding granular knowledge of consumers’ vulnerabilities, behaviors, and biases. This knowledge can be used to impose opaque practices on consumers; among these, IoT data appropriation by means of trade secrets plays a key role.

Therefore, an emergent concern is whether the law provides tools that effectively safeguard consumers’ interests, in particular by ensuring substantial transparency as to the actual use of their personal data. How can this can be guaranteed, and the consumer empowered in a post-interface world of profoundly imbalanced relationships? The answer cannot be found solely within the trade secrets’ regime: data protection needs to be considered.

This article focuses on the trade secrets exceptions of legitimate interest and freedom of information, and on the General Data Protection Regulation (GDPR)’s rights to access, data portability, information, and not to be subject to solely automated decisions. We put forward that trade secrets’ exceptions and GDPR rights re-balance the interests of consumers vis-à-vis big IoT players such as Amazon. We propose a holistic approach that empowers consumers by countering data appropriation, thus redistributing data control.

2. On Thursday 3rd September 2020 at 15:15-16:45 UK time, Panel “Privacy at the Edges” (Cyber Law session)

I’ll present “The Internet of Personalised Things. IoT-Powered Consumer Manipulation as an Unfair Commercial Practice has been accepted for presentation at the 111th Annual Conference of the Society of Legal Scholars (you can still register!). The conference is organised by the University of Exeter under the leadership of Professor Rebecca Probert. It will take place on 1-4 September 2020 and, for the first time in the SLS‘s herstory, it will be entirely virtual (which brings the registration fee down!)

Personalisation is one of the key befits of the Internet of Things (IoT). IoT traders can combine data from multiple sources and access consumers’ most private spaces. At the same time, these traders retain control over their smart devices (‘Things’) throughout their lifecycles.

Thanks to this combination of deep knowledge of the consumer and control over the Thing, IoT traders can personalise products, services, prices, and even the terms of service that regulation the business-to-consumer relationship. The problem is that personalisation can lead to consumer manipulation and even discrimination – such detrimental effects can be referred to as the ‘Internet of Personalised Things’.

Situational data and information about consumers’ biases and vulnerabilities allow IoT traders to influence consumers’ decision-making in surreptitious ways. This can go from instilling the desire to purchase useless or even dangerous Things, to the exclusion of BAME people from certain job ads, through to electoral manipulation.

My paper will critically assess whether unfair trading laws – and in particular the Unfair Commercial Practices Directive as amended in 2020 – are fit for purpose and can provide a successful strategy to re-empower consumers, thus re-building trust in the IoT.

It is suggested that, despite some shortcomings, this regime can be invoked by consumer to counter IoT-powered manipulation, especially as the Directive provides special protections for vulnerable consumers and against traders’ undue influence impairing consumer freedom of choice.

The Directive does have some limitations but this should not come as a surprise. Being a neoliberal instrument aimed at pursuing a perfectly competitive single market, it cannot provide an entirely satisfactory response to an issue that capitalism itself created, namely the problem of manipulated needs as discovered by Marx.

You can still register here

Learning by Infringing? Copyright Private Ordering in Post-COVID Remote Teaching

On Friday 23 October, with Bernd Justin Jütte (Ireland)**, Giulia Priora (Italy), and Léo Pascault (France) we will present “Learning by Infringing? Copyright Private Ordering in Post-COVID Remote Teaching” at the 12th Worldwive Annual Conference of the European Intellectual Property Teachers’ Network (EIPTN). The program is available here.

The rapid spread of COVID-19 in March 2020 shut down universities in most European countries. Teaching moved online and most universities are currently planning to deliver at least part of their teaching in the coming academic year in a blended form. With the online shift of teacher-student interactions, the choice of the teaching medium has never been more important (Ducato et al. 2020).

The post-pandemic university will have to make a responsible choice with regards to which tools to use to deliver their courses. Digital tools developed and operated by third parties significantly affect teachers’ and students’ fundamental rights and freedoms, including IP rights. Our research sheds light on the copyright issues arising from the use of some popular remote teaching platforms (e.g. Zoom) and it critically assesses whether these concerns remain pertinent in a post-COVID blended learning environment (Pascault et al. 2020).

Our project has analysed so far the terms and conditions, privacy policies and community guidelines of a sample of nine online services used across Europe in order to assess whether the needs of teacher and students are met. The analysis investigates whether sufficient and clear information is provided in order to enable teachers to carry out educational activities and interact with their students without uncertainties as to the potential legal consequences of their use and concerns regarding the protection of their content.

We believe that critically reflecting on how remote learning service providers such as Zoom and Microsoft deal with the digital content that students and teachers share can greatly benefit IP students. First, it will help students understand the importance of private ordering in the context of copyright. While analysing legislation and case law remains important, nowadays it has become inescapable to look at how copyright is governed contractually. The remote learning scenario will help students understand how, in the field of copyright more so than in other fields, the legislative process is too slow and lobby-influenced to be able to regulate digital content adequately (Noto La Diega 2015).

Second, students are more likely to learn when the method or the subject matter affect them directly (Taylor and Parsons 2011). Affected by the pandemic in manifold ways, students are disengaged. Motivating them is of the utmost importance to achieve the learning outcomes and maximize student satisfaction. Motivation is regarded as the most important factor that educators should target in order to improve learning (Williams 2011). Reflecting on the copyright issues related to their own learning activities will foster motivation, resulting in more engaged and curious students.

Finally, copyright’s private ordering impinges on key copyright concepts: the legal notions of control, liability and content moderation. Buried in inaccessible terms of service, there are (i) licenses that effectively transfer the control over the learning contents from the teacher to the remote learning provider; (ii) terms that unfairly expose teachers and students to infringement actions; (iii) terms that allow remote learning providers to take down user content and disable accounts with little if any recourse.

This is part of a wider project with Rossana Ducato (Aberdeen), Alexandra Giannopoulou (Amsterdam), Chiara Angiolini (Trento), and Giulia Schneider (Sant’Anna). See e.g. here, here, and here.


** Assistant Professor in Intellectual Property Law, University College Dublin, Sutherland School of Law and Senior Researcher, Faculty of Law, Vytautas Magnus University, Kaunas

Postdoctoral researcher, Institute of Law, Politics and Development (Dirpolis), Sant’Anna School of Advanced Studies, Pisa.

PhD candidate at Sciences Po Law School.

The privatization of universities in Italy

Italian governments have tried for many years to privatise the higher education sector, either directly or indirectly. In the book La privatizzazione dellUniversità. Il modello delle fondazioni, I deal with the attempt to privatize universities by transforming them into foundations.

After tracing a history of the regulation of higher education institutions in Italy, I then deal with two types of private foundations: the foundations that are set up to support public universities under legge (statute) 388/2000 and those that are designed to replace public universities under legge 133/2008 (so-called Gelmini reform).

In this book, I claim that such an attempt to privatise Italian universities is in violation of the Constitution and I point at private-public partnerships as a possibility to explore. Since publishing it, I’ve partly changed my mind and I am now convinced the whole of the HE architecture must remain private and private entities can play the limited role to support research in a transparent way.

You can donwload the book here: Guido Noto La Diega, La privatizzazione dellUniversità. Il modello delle fondazioni: Un caso di perniciosa penetrazione del diritto privato nel diritto pubblico (EAI 2014)

You may also buy it on Amazon

Copyright and Remote Teaching in the Time of Coronavirus: A Study of Contractual Terms and Conditions of Selected Online Services

Pleased to share that ‘Copyright and Remote Teaching in the Time of Coronavirus: A Study of Contractual Terms and Conditions of Selected Online Services‘ has been accepted for publication on the European Intellectual Property Review! This is a collaborative research with Léo Pascault (Sciences Po, Paris), Bernd Justin Jütte (University of Nottingham), and Giulia Priora (Sant’Anna, Pisa).

When COVID-19 started spreading globally and throughout Europe, most aspects of day-to-day life were severely disrupted. As governments scrambled to contain the spread of the virus, higher education institutions (HEIs) reacted by suspending face-to-face teaching and by sending millions of students to the safety of their home. In order to keep delivering quality education, teachers had to embrace Emergency Remote Teaching (ERT). ERT refers to the “temporary shift of instructional delivery to an alternate delivery mode due to crisis circumstances”.[1] In this instance, teaching had to be moved online.

HEIs and teachers were thus faced with the critical choice of which service or mix of services to use in order to best carry out their mission remotely. The urgency of the situation left little time to exercise proper scrutiny in the identification of the services best suited to online teaching. In many instances, the transition was not accompanied by adequate institutional support. While some teachers were provided with relevant guidelines and training by their institutions, others were left to implement remote teaching by themselves. This created uncertainty and led to a high degree of heterogeneity in the choice of online teaching tools used.

The swift move to ERT has given rise to significant copyright-related concerns: [2] what was to happen to materials prepared by teachers once shared with their students through a particular online service? What were the risks teachers incurred when using third-parties’ materials without permission? Could their students be exposed to similar risks? Those concerns are not radically new. The risks and uncertainty surrounding the use of materials for online teaching is well-known to copyright scholars and they have been addressed, albeit only partly, by the Copyright in the Digital Single Market Directive (C-DSM Directive).[3] The transition to ERT has exposed these problems to a wider audience and illustrated the necessity to address them promptly and effectively. There are perhaps two new elements. First, practically, infringements taking place in physical classrooms were unlikely to be discovered and actioned by rightsholders. Second, rightsholders can increasingly rely on automated systems to enforce their rights (“code is law”)[4], leading to overprotection, especially when end-users cannot appeal the automated decision. The relevance of our analysis is underlined by the fact that ERT, initially intended as a temporary solution, is likely to become the “new normal”: remote teaching and the tools used to deliver it are expected to be integrated into HEIs and teachers’ instructional methods, resulting in a “blended learning” experience, well after face-to-face teaching resumes.[5]

The aim of this article is to disentangle the most prominent copyright issues involved in remote teaching. To this end, we reviewed the terms of use, service agreements, community guidelines, etc. (together “terms”) of a selection of services. We examined and compared these terms to identify and highlight problematic issues and best practices. The study encompasses standard terms of nine online services (referred to hereafter as “online services”), as last accessed on 27 April 2020. The selected services (Discord, Facebook, G-Suite for Education,[6] Jitsi, Microsoft Teams, MoodleCloud, Skype, Zoom and YouTube) include dedicated software for managing groups of users, content-sharing platforms, social networks, and video conferencing services. To varying degrees, they afford teachers to emulate in-person teaching through live discussions and asynchronous interactions with students, the provision of digitized learning materials and the submission of assignments. Some were specifically designed with distance education in mind, while others have been repurposed or retrofitted to accommodate ERT.[7] Some are operated by institutional actors and rely on proprietary software, others on open-source software and only a few are accompanied by contractual terms individually negotiated by HEIs. The selection of services represents an initial sample, informed by our own experience, informal conversations with colleagues and preliminary observations of teachers’ behaviors in the transition to ERT. Alongside its academic purpose, our analysis aims to assist HEIs and teachers in assessing the suitability of the services available to them to deliver remote teaching.

The study considers the currently harmonized EU copyright rules, and in particular the Directive 2001/29 on the harmonization of certain aspects of copyright and related rights in the information society (InfoSoc Directive).[8] It also takes into account the yet-to-be-transposed[9] C-DSM Directive, which introduces, among others, an exception for digital, cross-border teaching activities[10], as well as critical changes to the safe harbor provisions for online content sharing service providers (OCSSPs).[11] The analysis is structured along three axes. First, we will focus on teachers’ control over their own materials once they have shared them through online services, thus critically assessing which rights teachers retain in their works and which they surrender to the providers of the service and for what purposes. Second, we will examine the liability incurred by teachers for sharing third-party materials without prior authorization. Lastly, we will deal with copyright infringements with a focus on content moderation. In particular, we will explore contractual regulation of content removal, user accounts’ termination, and complaint mechanisms available to teachers to make sure that essential teaching materials for instruction and illustration are permanently available to students.

The full text of the article can be downloaded in the ‘Research Projects‘ section of this website.


[1] Charles Hodges et al, ‘The Difference Between Emergency Remote Teaching and Online Learning’ (Educause Review, 27 March 2020) <https://er.educause.edu/articles/2020/3/the-difference-between-emergency-remote-teaching-and-online-learning&gt; accessed 1 June 2020.

[2] Other significant concerns relate to data protection, see for a brief analysis Rossana Ducato et al, ‘Emergency Remote Teaching: a study of copyright and data protection policies of popular online services (Part II)’ (Kluwer Copyright Blog, 4 June 2020) <http://copyrightblog.kluweriplaw.com/2020/06/04/emergency-remote-teaching-a-study-of-copyright-and-data-protection-policies-of-popular-online-services-part-ii/?doing_wp_cron=1591780006.9291720390319824218750&gt; accessed 9 June 2020.

[3] See Article 5 of Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019 on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC DSM Directive, OJ L 130, 17.5.2019, p. 92-125 (C-DSM Directive).

[4] See e.g. Lawrence Lessig, ‘Intellectual Property and Code’ (1996) 11(3) Journal of Civil Rights and Economic Development 6.

[5] Debbie Andalo, ‘Could the lockdown change the way we teach forever?’ (The Guardian, 14 May 2020) <https://www.theguardian.com/online-learning-revolution/2020/may/14/could-the-lockdown-change-the-way-we-teach-forever&gt; accessed 11 June 2020.

[6] Note that our study encompasses both the G-Suite for Education (Online) Agreement for non-profit educational institutions and other non-profit entities, and the G-Suite (Free) Agreement applicable to individual teachers.

[7] Discord, a service originally intended for the gaming community, modified some of its features in the midst of the coronavirus pandemic to accommodate ERT. See ‘How to use Discord for your classroom’ (17 March 2020, Discord) <https://blog.discord.com/how-to-use-discord-for-your-classroom-8587bf78e6c4?gi=8adc6dedf0be> accessed 9 June 2020.

[8] Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society, OJ L 167, 22.6.2001, p. 10-19 (InfoSoc Directive).

[9] So far, France is the only country that hastransposed part of the Directive: Loi n° 2019-775 of 24 July 2019 “tendant à créer un droit voisin au profit des agences de presse et des éditeurs de presse” (implementing Article 15 of the C-DSM Directive on the new publishers’ right). While national implementations are under way in some Member States (the deadline is set for June 7 2021), a useful tool to track the national implementations of the Directive has recently been released by Communia and is available at <https://www.notion.so/DSM-Directive-Implementation-Tracker-361cfae48e814440b353b32692bba879&gt; accessed 1 June 2020.

[10] C-DSM Directive, art. 5.

[11] C-DSM Directive, art. 17.

An introduction to Intellectual Property Law: Understanding IP through everyday objects

In this video, I introduce the audience to the key areas of intellectual property: copyright, trade marks, trade secrets, patents, and design rights.

To do so, I show / reflect on some everyday objects, namely:

  • Alexander Graham Bell’s telephone
  • An IRN Bru wee bottle
  • The iconic Alessi juicer designed by Philippe Stark in 1990
  • A Harris tweed jacket (she fancy!)

Enjoy!

Introduction to Intellectual Property Law by Assoc Prof Guido Noto La Diega (University of Stirling)

The Internet of Things at the intersection of data protection and trade secrets. Non-conventional paths to counter data appropriation and empower consumers

The Internet of Things (IoT) has heralded a never-before-seen quantity of high-quality data. This includes both personal and non-personal data. Factual and legal control over IoT data gives companies unparalleled power to influence consumers, policy makers, and the other stakeholders of the IoT’s supply chain. The combination of analytics algorithms, the data goldmine structure and the output of data processes are regularly kept secret by businesses. Leveraging this portfolio of big data and trade secrets, IoT companies put in place practices that can negatively affect consumers, who are often unaware of them due to technical and legal secrecy. ‘Technical’ secrecy results from the opacity of the algorithms that underpin the IoT, especially when AI-enabled. ‘Legal’ secrecy, in turn, come from a combination of trade secrets and strategic contract management that keep IoT data practices secret. This begs the central research question of this article: how can consumers be empowered to counter IoT data appropriation?

Traditional consumer protection approaches, epitomised by the Consumer Rights Directive, are focused on pre-contractual duties to inform consumers. Their benefit to IoT consumers is limited by their reflecting a text-based paradigm, whereby information must be legible. This is not fit for the IoT, where displays tend to disappear and information is provided in audio or video formats. Consumer laws are drafted on the assumption of information asymmetries in business-to-consumer contracts, but they fail to account for the power imbalances that permeate IoT transactions. These power imbalances are exacerbated by control over a wealth of user data and corresponding granular knowledge of consumers’ vulnerabilities, behaviors, and biases. This knowledge can be used to impose opaque practices on consumers; among these, IoT data appropriation by means of trade secrets plays a key role.

Therefore, an emergent concern is whether the law provides tools that effectively safeguard consumers’ interests, in particular by ensuring substantial transparency as to the actual use of their personal data. How can this can be guaranteed, and the consumer empowered in a post-interface world of profoundly imbalanced relationships? The answer cannot be found solely within the trade secrets’ regime: data protection needs to be considered.

This article focuses on the trade secrets exceptions of legitimate interest and freedom of information, and on the General Data Protection Regulation (GDPR)’s rights to access, data portability, information, and not to be subject to solely automated decisions. We put forward that trade secrets’ exceptions and GDPR rights re-balance the interests of consumers vis-à-vis big IoT players such as Amazon. We propose a holistic approach that empowers consumers by countering data appropriation, thus redistributing data control.

This article will be presented by my co-author Prof. Cristiana Sappa (IESEG) at the Society of Legal Scholars Conference (1-4 September 2020), in the Intellectual Property session. You can still register here!

Surveillance Capitalism in the Internet of Loos: Can the General Data Protection Regulation Counter Digital Dispossession?

Yay I’ve finished the 6th chapter of my book on Internet of Things and the Law (Routledge, forthcoming)!

The IoT constitutes an unprecedented challenge to privacy for a twofold reason.[1] First, it is progressively eroding the area of what can be regarded as private. Traditionally, the home and the body were the most sacred of private spaces.[2] This is being overcome by a world in which smart home and IoT-health are becoming commonplace. The IoT is normalising the idea that ubiquitous cameras, microphones and sensors track citizens’[3] behaviour and transform it into structured data flows that are sent back to our Things’ manufacturers. This is perhaps best illustrated by Amazon’s Echo Spot and Echo Look – respectively an alarm clock and a style assistant – that are equipped with cameras and are designed to be used in the bedroom and even in the bathroom. This has practical consequences. Indeed, to bring an action for breach of the right to privacy,[4] as stated in Campbell v MGN, ‘the touchstone of private life is whether in respect of the disclosed facts the person in question had a reasonable expectation of privacy.[5] To assess whether, at the time of the alleged breach, there was a reasonable expectation of privacy, the question to be asked as phrased in Murray v Big Pictures[6] is: what would a reasonable person of ordinary sensibilities feel if placed in the same situation as the subject of disclosure and faced with the same publicity? Among the factors to take account of, the place where the intrusion happens and the absence of consent play an important role.[7] If one buys a Thing whose ‘smartness’ is intrinsically connected to its sensing and tracking capabilities, and this Thing is designed to be deployed in the bedroom or even in the bathroom, does one retain a reasonable expectation of privacy? The situation is worsened by the principles that, set out in Spycatcher,[8] limit the duty of confidentiality. One of them is that there is no such duty when the information is trivial.[9] IoT companies may argue that the information about when one wakes up or when one goes to the loo is trivial. However, the IoT allows the combination of data from multiple sources in such a way that information that might seem trivial if considered in isolation, becomes personal and valuable once combined with other data that leads to valuable inferences about an IoT user’s preferences and vulnerabilities.[10] Finally, IoT companies may claim that information about our e-commerce habits is not really private, but as seen in Arkansas v Bates,[11] Amazon’s users are concerned about the company revealing sensitive purchases as these are considered private information whose disclosure could potentially harm their reputation or career. Overall, this erosion of the private sphere is alarming because it does not allow for that ‘intellectual privacy’[12] that is necessary to be ourselves and express ourselves freely and creatively. In this sense, the IoT can be regarded as an attack on the self, that self that is – according to Seneca’s famous ‘recede in te ipse’ (‘self-retreat’)[13] – the safe space where virtue, wisdom and happiness are given the chance to grow.[14]

The IoT challenges the right to privacy also for a second reason, which will be the more modest focus of this chapter. Since the IoT ‘could undermine such core values as privacy,’[15] this chapter will critically assess whether the GDPR, the most advanced European privacy law so far,[16] can tackle the data protection issues in the IoT. The core features of the IoT render GDPR compliance difficult, if at all possible. An illustration of this is the conflict between the principle of purpose limitation and IoT’s repurposing. As seen in Chapter 2, ‘repurposing’[17] is a critical characteristic of IoT systems, dependent on their (inter)connectivity and system-of-systems dimension.[18] ‘Repurposing’ can be understood as the phenomenon whereby an IoT system ends up being used for purposes other than those originally foreseen in two scenarios:

  • The communication within the relevant subsystem and among subsystems can lead the system to perform actions and produce information which the single Thing was incapable of or that could not be foreseen by its manufacturers; and
  • Under certain conditions (e.g. an emergency) the system may reconfigure either in an automated fashion or a user-initiated one.

IoT’s repurposing runs counter the purpose limitation principle, whereby personal data has to be ‘collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.’[19]

This chapter will center on the tensions between the GDPR and the IoT. After an introduction to the GDPR, which will be framed as a ‘data control’ law (VI.2), the chapter will present the main data protection issues in the IoT (VI.3). It will then focus on one of them that is usually overlooked: ‘digital dispossession.’[20] This refers to IoT companies’ (ab)use of intellectual property rights (especially trade secrets) to appropriate citizens’ data and prevent them from exercising their data subject rights, including the right of access.[21] This is part of wider phenomenon whereby the new data economy relies on the commercialisation of data.[22] This is leading to the privatisation of ownership of both the IoT’s infrastructure and IoT data.[23] Digital dispossession will be analysed as a tenet of the theory of surveillance capitalism[24] (VI.4). To understand what practically happens to IoT users’ data, the chapter will move on to analyse Alexa’s data practices by means of a subject access request, engagement with customer support, and text analysis of its privacy policy (VI.5). Finally, it will consider whether the GDPR is fit for the IoT. To carry out this fitness check, the chapter will explore whether the rights to access, to portability, to be informed, and not to be subject to solely automated decisions can be successfully invoked to counter IoT companies’ digital dispossession practices, or whether, conversely trade secrets may give these companies a weapon to nullify the GDPR rights (VI.6).


[1] The relationship between IoT and privacy can be and has been analysed from manifold perspectives. See e.g. Lilian Edwards, ‘Privacy, Security and Data Protection in Smart Cities: A Critical EU Law Perspective’ (2016) 2 EDPL 28; Guido Noto La Diega, ‘Clouds of Things: Data Protection and Consumer Law at the Intersection of Cloud Computing and the Internet of Things in the United Kingdom’ (2016) 9(1) Journal of Law & Economic Regulation 69; Sandra Wachter, ‘Normative Challenges of Identification in the Internet of Things: Privacy, Profiling, Discrimination, and the GDPR’ (2018) 34 Computer Law & Security Review 436; Lachlan Urquhart, ‘White Noise from the White Goods? Privacy by Design for Ambient Domestic Computing’ in Lilian Edwards, Burkhard Schafer and Edina Harbinja (eds), Future Law (EUP 2019).

[2] On how the implementation of human-implantable tracking systems creates a serious risk to privacy see Ian Kerr, ‘The Internet of Things? Reflection on the Future Regulation of Human-Implantable Radio Frequency Identification’ in Ian Kerr, Valerie Steeves and Carole Lucock (eds), Lessons from the Identity Trail. Anonymity, Privacy and Identity in a Networked Society (OUP 2009) 335 and esp. 347 ff.  On the traditional concept of privacy, see also Judee K Burgoon and others, ‘Maintaining and Restoring Privacy through Communication in Different Types of Relationships’ (1989) 6 Journal of Social and Personal Relationships 131; Rosamund Scott, Rights, Duties and the Body: Law and Ethics of the Maternal-Fetal Conflict. (Bloomsbury Publishing 2002).

[3] This chapter refers to citizens and users rather than consumers because, unlike the consumer laws analysed in the previous chapters, data protection law does not apply only to consumers, but to all natural people.

[4] Whilst there is no distinct cause of action for breach of privacy in the UK, there is a tort of misuse of private information that is commonly used in privacy cases. It evolved out of the common law of breach of confidence, but it is now regarded as a stand-alone action. See PJS v News Group Newspapers Ltd [2016] UKSC 26; Wainwright v Home Office [2003] UKHL 53; Google Inc v Vidal-Hall and others [2015] EWCA Civ 311. Unlike the breach of confidence, the misuse of private information does not require a pre-existing relationship of confidence between the parties, as was the case in Campbell (Naomi) v Mirror Group Newspapers [2004] 2 AC 457 (HL).

[5] Campbell (n XX) [21]. The unlawful use of information in respect of which the claimant has a reasonable expectation of privacy is the so-called confidentiality component of the misuse of private information. The other component is ‘intrusion’; indeed, claimants need to prove unwanted intrusion in their private lives or harassment. For this framing of the misuse of private information see PJS (n XX).

[6] Murray v Big Pictures (UK) Ltd [2008] EWCA Civ 446.

[7] Murray (n XX) [35]-[36].

[8] Attorney General v Guardian Newspapers (No 2) [1990] 1 AC 109.

[9] There are contrasting authorities on the matter. On the one hand, in Ambrosiadou v Coward [2011] EWHC Civ 409 [30], the court held that not all information that relates to a person’s private life is protected, ‘the information may be of slight significance, generally expressed, or anodyne in nature’ (similarly, see R (Wood) v Commissioner of Police of the Metropolis [2009] EWCA Civ 414). Conversely, in McKennitt v Ash (QBD) [2005] EWHC 3003) it was observed that the mere fact that information was of a relatively trivial or anodyne nature would not necessarily mean the non-engagement of ECHR, art 8.

[10] See e.g. Paramasiven Appavoo and others, ‘Efficient and Privacy-Preserving Access to Sensor Data for Internet of Things (IoT) Based Services’, 2016 8th International Conference on Communication Systems and Networks (COMSNETS) (2016).

[11] State of Arkansas v James A Bates, Memorandum of Law in support of Amazon’s Motion to Quash search warrant, Case No CR- 2016-370-2, (Benton County Court: 2017).

[12] Neil Richards, Intellectual Privacy: Rethinking Civil Liberties in the Digital Age (Oxford University Press 2015).

[13] Seneca, Epistulae Morales Ad Lucilium, vol I, p VII.8.

[14] For this interpretation of Seneca see Christine Richardson-Hay, First Lessons: Book 1 of Seneca’s Epistulae Morales– a Commentary (Peter Lang 2006) 264.

[15] William H Dutton, ‘Putting Things to Work: Social and Policy Challenges for the Internet of Things’ (2014) 16 info 1.

[16] This is not to suggest that privacy and data protection are synonyms. There is private information that may be breached despite the compliance with data protection laws and, equally, personal data includes also information that is not related to one’s private life. See e.g. Michèle Finck, European Parliament and Directorate-General for Parliamentary Research Services, Blockchain and the General Data Protection Regulation: Can Distributed Ledgers Be Squared with European Data Protection Law? (2019) 15 <http://publications.europa.eu/publication/manifestation_identifier/PUB_QA0219516ENN&gt; accessed 11 June 2020. Nonetheless, it cannot be denied that a major policy goal of the GDPR is to increase the protection of privacy (see e.g. GDPR, recital 4).

[17] Noto La Diega, ‘Clouds of Things’ (n 2).

[18] On the repurposing of big data drawn from the IoT in smart cities, see Edwards (n 2).

[19] GDPR, art 5(1)(b).

[20] Another way of looking at it is ‘data appropriation’ as we called it in Guido Noto La Diega and Cristiana Sappa, ‘The Internet of Things at the Intersection of Data Protection and Trade Secrets. Non-Conventional Paths to Counter Data Appropriation and Empower Consumers’ 2020 REDC. This chapter draws on that paper.

[21] For a reflection on whether, and to what extent, the concept of ownership can be applied to personal data in the context of the IoT see Václav Janeček, ‘Ownership of Personal Data in the Internet of Things’ [2018] Computer Law & Security Review 1039.

[22] Josef Drexl, ‘Designing Competitive Markets for Industrial Data. Between Propertisation and Access’ (2017) 8 JIPITEC 257.

[23] Edwards (n 2).

[24] Shoshana Zuboff, The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power (First edition, PublicAffairs 2019)

The European approach to recognising, downgrading, and erasing same-sex marriages celebrated abroad

This chapter analyses how European countries that provide some protection for same-sex couples (e.g. civil partnerships, but not marriage) deal with same-sex marriages celebrated abroad. In this respect, there are three models: recognition, downgrading, and erasure.

Recognition means that these marriages are recognised as marriages, either for all purposes, or for some of them, e.g. for the exercise of EU freedoms. Romania is the case study, because Coman – the CJEU case that provides a basis for the recognition model – concerned a Romanian case and therefore it is important to see how Member States implement the CJEU’s ruling.

Downgrading’ is the model whereby foreign marriages are treated as national civil partnerships. This is based on Orlandi, and therefore Italy is the chosen case study.

Hungary, finally, represents the ‘erasure’ model whereby same-sex marriages celebrated abroad are not even recognised as civil partnerships.

These models are criticised from an EU law, European human rights law, and private international law perspective.

This is the abstract of a chapter of the book Same-Sex Relationships, Law and Social Change (Routledge 2020) edited by Dr Frances Hamilton and me. The book is available for purchase on Routledge’s website.

Please cite as Guido Noto La Diega, ‘The European approach to recognising, downgrading, and erasing same-sex marriages celebrated abroad’ in Frances Hamilton and Guido Noto La Diega (eds), Same-Sex Relationships, Law and Social Change (Routledge 2020) ch 2

Book: Same-Sex Relationships, Law and Social Change

In January 2020, Routledge published a book on Same-Sex Relationships, Law and Social Change edited by Dr Frances Hamilton and me.

This edited collection provides a forum for rigorous analysis of the necessity for both legal and social change with regard to regulation of same-sex relationships and rainbow families, the status of civil partnership as a concept and the lived reality of equality for LGBTQ+ persons.

Twenty-eight jurisdictions worldwide have now legalised same-sex marriage and many others some level of civil partnership. In contrast other jurisdictions refuse to recognise or even criminalise same-sex relationships. At a Council of Europe level, there is no requirement for contracting states to legalise same-sex marriage (Schalk and Kopf v Austria (Application no. 30141/04)). The Court of Justice of the European Union now requires contracting states to recognise same-sex marriages for the purpose of free movement and residency rights (Case C-673/16 Coman). However, unlike the US Supreme Court, it does not require EU Member States to legalise same-sex marriage. Law and Sociology scholars from five key jurisdictions (England and Wales, Italy, Australia, Canada, and the Republic of Ireland) examine the role of the Council of Europe, European Union and further international regimes. A balanced approach between the competing views of critically analytical rights-based theorists and queer and feminist theorists interrogates the current international consensus in this fast moving area. The incrementalist theory whilst offering a methodology for future advances continues to be critiqued. All contributions from differing perspectives expose that even for those jurisdictions who have legalised same-sex marriage, still further and continuous work needs to be done.

The book is of interest to students and scholars in the field of human rights, family and marriage law and gender studies.

My chapter (‘The European approach to recognising, downgrading, and erasing same-sex marriages celebrated abroad‘) can be downloaded in the Research Projects section of this website.

The book, available also as an e-book, can be purchased on Routledge’s website.

The Internet of Personalised Things. IoT-Powered Consumer Manipulation as an Unfair Commercial Practice

Personalisation is one of the key befits of the Internet of Things (IoT). IoT traders can combine data from multiple sources and access consumers’ most private spaces. At the same time, these traders retain control over their smart devices (‘Things’) throughout their lifecycles.

Thanks to this combination of deep knowledge of the consumer and control over the Thing, IoT traders can personalise products, services, prices, and even the terms of service that regulation the business-to-consumer relationship. The problem is that personalisation can lead to consumer manipulation and even discrimination – such detrimental effects can be referred to as the ‘Internet of Personalised Things’.

Situational data and information about consumers’ biases and vulnerabilities allow IoT traders to influence consumers’ decision-making in surreptitious ways. This can go from instilling the desire to purchase useless or even dangerous Things, to the exclusion of BAME people from certain job ads, through to electoral manipulation.

My paper will critically assess whether unfair trading laws – and in particular the Unfair Commercial Practices Directive as amended in 2020 – are fit for purpose and can provide a successful strategy to re-empower consumers, thus re-building trust in the IoT.

It is suggested that, despite some shortcomings, this regime can be invoked by consumer to counter IoT-powered manipulation, especially as the Directive provides special protections for vulnerable consumers and against traders’ undue influence impairing consumer freedom of choice.

The Directive does have some limitations but this should not come as a surprise. Being a neoliberal instrument aimed at pursuing a perfectly competitive single market, it cannot provide an entirely satisfactory response to an issue that capitalism itself created, namely the problem of manipulated needs as discovered by Marx.

I will present this research at the 111th Annual Conference of the Society of Legal Scholars in the Cyberlaw session (you can still register!).

Create your website with WordPress.com
Get started