26 September 2018

Dear readers

Today’s issue of Jusletter IT once again shows the diversity of the subjects of IT and Law: Data Protection, Artificial Intelligence, E-Government, E-Voting, E-Testament, Cybercrime as well as Copyright.

Over the last years, privacy concerns have significantly increased, particularly since the recent adoption of the GDPR in May 2018. In his article, Philippe Gilliéron provides some basic information and a checklist to start building a privacy management program.

Machine Learning stands for the core technology of Artificial Intelligence that like no other topic will characterize the digital changes in the years to come. Alexander Duisberg discusses some of the essential needs of regulation and possibilities of configuration.

E-Government has a great potential due to its diverse areas of application (i.eg. E-Health; E-Voting; E-Tax-Declaration; E-Address-Change; Geoportal etc.). Salim Rizvi, Beat Lenel and Simona Risi deal with the content and the ways of application of E-Government in Switzerland and focus on the federal and – in part – the cantonal aspirations.

Security is at the centre of discussions on E-Voting. Ardita Driza Maurer examines the publication of the source code of the software for the complete verifiability. The «security by transparency» in the federal legislation on E-voting sets a milestone in the legal design of E-voting.

Małgorzata Kiełtyka and Paweł Dyrduł deal with the issue of the use of new technologies in the inheritance law. Their focus is on inheritance under a will. The attention has been drawn to the existence of electronic wills in different legal systems and, especially for Polish law, they hypothetically consider the future form and use of E-Testaments.

According to a study, 33% of companies are willing to pay ransom money in the event of a ransomware attack. Sikander von Bhicknapahari addresses various questions in this regard: How should such a case be accounted for? Is it possible to deduct the ransom payment from taxes? Is there a criminal risk for the payer?

Knut Wimberger analyzes the effectiveness of the SME IP Helpdesks, a policy measure which tries to boost the EU knowledge economy. The author suggests a pre-emptive system transformation from competition and profit towards collaboration and purpose.

Kevin MacCabe looks at digital data and its legal qualification, which is not yet fully clarified. The suggestion that the owner of digital data is granted property rights in the sense of the Civil Code is discussed in this article and analysed from a property law point of view.

Serdal Avsar examines if the social network Facebook respects the legal data protection principles under the applicable law, and the possibility of the Federal Data Protection and Information Commissioner to investigate under art. 29 of the Federal Act on Data Protection.

On 13 April 2018, the Japanese government issued a decision on domain name system (DNS) blocking in the case of infringement of copyright. Takashi Izumo introduces the current discussion in Japan about DNS blocking of pirated digital contents and so-called leech sites on the Internet.

We wish you a fascinating reading!

Erich Schweighofer and Franz Kummer

Data Protection

Towards GDPR Compliance as a Best Practice: a Primer for Swiss SMEs

Philippe Gilliéron

Over the last years, privacy concerns have significantly increased, and the recent adoption of the GDPR in May 2018 coupled with the Cambridge Analytica scandal now give cold sweats to most companies. SMEs are struggling to find their way in a field they have little understanding of (if any), and find it hard to know where to start from. This paper aims at providing them some basic information and checklist to start building a privacy management program without incurring significant expenditures or being a privacy expert.

Eigentum an digitalen Daten im sachenrechtlichen Sinne

Kevin MacCabe

In today’s economy digital data is treated as an economic good. Despite the daily use of digital data, its legal qualification is not yet clear. A minority of Swiss legal doctrine proposes that the owner of digital data is granted property rights in the sense of the Civil Code. This paper intends to analyze this proposition from a property law point of view.

Abklärungen und Untersuchungen von Facebook nach geltendem Recht

Serdal Avsar

The author examines if the social network facebook respects the legal data protection principles under the applicable law, and the possibility of the Federal Data Protection and Information Commissioner to investigate under art. 29 of the Federal Act on Data Protection. It results that facebook violates the proportionality, the consent and the binding to a purpose of the data processing. Also, the conditions of cross-border data transfer and data files subject to registration are not respected. However, due to the structure of art. 29 Federal Act on Data Protection as a «can»-regulation no measures are taken with the justification of costs and legal security. (as)

Artificial Intelligence & Law

Machine Learning und rechtliche Rahmenbedingungen

Alexander Duisberg

Machine Learning stands for the core technology of Artifical Intelligence that like no other topic will characterize the digital changes in the years to come. The resource « data » that feeds the self learning systems raises questions of disposal rights and privacy respecting processing. Furthermore questions of liability are paramount. The article discusses some of the essential regulation needs and design possibilities. (as)

E-Government & E-Voting

E-Government – Kaleidoskop aus Digitalisierungselementen

Salim Rizvi

Beat Lenel

Simona Risi

E-Government has a great potential due to its diverse areas of application (i.eg. E-Health; E-Voting; E-Tax-Declaration; E-Adress-Change; Geoportal etc.). In the spotlight are not only the increase of efficiency and effectiveness but also the interaction and communication between citizens and the administration. The article begins with the content and the use cases of E-Government (including the pros and cons). Hereafter the federal and – in part – the cantonal aspirations are presented. Subsequently, the new law about E-Government of the canton of St. Gallen is given a closer look. The article closes with further legal considerations. (as)

E-voting source code publication: a good practice becomes a legal requirement

Ardita Driza Maurer

Security is at the centre of discussions on e-voting. The ordinance of the federal Chancellery on e-voting (OVotE) was recently modified introducing a new legal requirement: the publication of the source code of the software of complete verifiability. The public can analyse the code of one of the main security-relevant components and contribute to improve it. «Security by transparency», so far a good practice, is now reflected in the federal legislation on e-voting. It sets a milestone in the legal design of e-voting, more particularly of its security and transparency, in line with best cantonal and international practices.

Inheritance Law

The issue of the e-will in the Polish law and in the international jurisprudence

Małgorzata Kiełtyka

Paweł Dyrduł

This article concentrates on the issue of the use of new technologies in the inheritance law. The focus is on inheritance under a will. The attention has been drawn to the existence of electronic wills in different legal systems. In addition, the considerations have been enriched with examples from international jurisprudence. The whole article focuses on hypothetical considerations concerning the future form and usefulness of e-will (electronic last will) in the Polish law. In order to confirm the theses presented in the article, two surveys were conducted – on a national and European scale. The results are published in this work. All the deliberations carried out in the article focus primarily on formal issues related to the inheritance under the will, including a hypothetical analysis of the formal and legal essence of e-wills.

Cybercrime

Cyber-Lösegeldzahlungen

Sikander von Bhicknapahari

The University of Calgary paid CAD 20’000 ransom money in Bitcoins to regain access to its e-mails. Also a medical center and even a Police Department in Massachusetts are said to have paid ransom money. Uber paid USD 100’000 to a hacker who stole personal data of 57 million passengers and drivers. (as)

IP Law

Transforming the IP System

Knut Wimberger

The author was asked by the European Commission to analyze as external consultant the effectiveness of the SME IP Helpdesks, a policy measure which tries to boost the EU knowledge economy. He concludes that China’s economic might has undermined the concept of intangible asset protection and has accelerated the natural evolution of the IP system. Accepting the status quo will contribute to the supranational organization’s dissolution as it is being challenged by rising nationalism and economic competition. The author suggests a pre-emptive system transformation from competition and profit towards collaboration and purpose.

Internet blocking in Japan

Takashi Izumo

On 13 April 2018, the Japanese government issued an official decision on domain name system (DNS) blocking. There are various opinions both for and against DNS blocking in such a case because interested parties evaluate it from their own perspective. Many Internet service providers and scholars take a negative attitude towards the government’s policy, because the secrecy of communications is guaranteed by the Constitution of Japan. In this paper, I introduce the current discussion in Japan about DNS blocking of pirated digital contents and so-called leech sites on the Internet.

Legal Information & Legal Theory

Some aspects of UK surveillance regimes violate Convention

Jurius

ECHR – The case of Big Brother Watch and Others v. the United Kingdom concerned complaints by journalists and rights organisations about three different surveillance regimes: (1) the bulk interception of communications; (2) intelligence sharing with foreign governments; and (3) the obtaining of communications data from communications service providers. (Judgment nos. 58170/13, 62322/14 and 24960/15)

Recht auf im Internet archivierte Informationen überwiegt Recht auf Vergessen von Straftätern

Jurius

ECHR – In Chamber judgment of June 28, 2018 in the case of M.L. and W.W. v. Germany the European Court of Human Rights held, unanimously, that there had been: no violation of Article 8 (right to respect for private life) of the European Convention on Human Rights. (Judgment nos. 60798/10 and 65599/10)

Interception of papers handed over by a lawyer to his clients was not justified

Jurius

ECHR – In Chamber judgment of May 24, 2018 in the case of Laurent v. France the European Court of Human Rights held, unanimously, that there had been: a violation of Article 8 (right to respect for private life and correspondence) of the European Convention on Human Rights.(Judgment no. 28798/13)

Vermarktung von SIM-Karten mit kostenpflichtigen vorinstallierten Diensten ist unlautere Geschäftspraxis

Jurius

CJUE – The sale of SIM cards on which services that can incur fees have been pre-loaded and pre-activated constitutes an aggressive unfair commercial practice when the consumers are not informed of that fact in advance. Such conduct constitutes, in particular, «inertia selling», which may be penalised by a national authority other than the authority provided for by EU law on electronic communications. (Judgment C-54/17)

Zustimmung des Urhebers bei Einstellung eines Fotos auf anderer Webseite

Jurius

CJEU – The posting on a website of a photograph that was freely accessible on another website with the consent of the author requires a new authorisation by that author. By posting on the internet, the photograph is made available to a new public. (Judgment C-161/17)

Betreiber einer Facebook-Fanpage gemeinsam mit Facebook für Besucherdaten verantwortlich

Jurius

CJEU – The administrator of a fan page on Facebook is jointly responsible with Facebook for the processing of data of visitors to the page. The data protection authority of the Member State in which the administrator has its seat may, under Directive 95/46, act both against the administrator and against the Facebook subsidiary established in that Member State. (Judgement C-210/16)

Haftung von YouTube für Urheberrechtsverletzungen

Jurius

BGH – The I. Civil Senate of the Federal Supreme Court which is also competent for IP issues has submitted to the Court of Justice of the European Union questions about the liability of the operator of web platform YouTube for IP-violating contents uploaded by a third party. (Judgment I ZR 140/15) (as)

Zur Haftung des Anschlussinhabers für Urheberrechtsverletzungen über ungesichertes WLAN

Jurius

BGH – The I. Civil Senate of the Federal Supreme Court which is also competent for IP issues has decided that the operator of a WIFI web access and a Tore-Exit-Node, though not liable as «Strörer» by omission under the new § 8 sec. 1 sentence 2 of the Telemediengesetz (TMG) applicable since October 13, 2017 for IP-violations committed by a third party by using his web access for filesharing, still can be subject of a blocking claim by the right’s holder following § 7 sec. 4 TMG. (Judgment I ZR 64/17) (as)

Vertrag über ein Benutzerkonto bei einem sozialen Netzwerk ist vererbbar

Jurius

BGH – The III. Civil Senate of the Federal Supreme Court decided on July 12, 2018 that the contract concerning a user account on a social network is in principle part of the rights transferred to the heirs of the person initially entitled to the account. The heirs can claim against the network operator for access to the account including the communication contents. (Judgment III ZR 183/17)

Eröffnung von Firmenkonti für Blockchain-Unternehmen – Leitfaden der Bankiervereinigung

Jurius

The number of blockchain companies in Switzerland has risen sharply. The SBA welcomes this trend and takes a positive view of the high market momentum, as it boosts Switzerland’s attractiveness as a financial centre. Banks see blockchain technology as an opportunity opening up an array of possibilities for the country as a financial and technology location. Within the context of its priorities, the SBA promotes and supports an innovation-friendly environment in the digitalisation arena. This also includes promoting conditions that support the sustainable growth of companies involved in blockchain technology.

EDÖB, 25. Tätigkeitsbericht 2017/2018: Selbstbestimmung vor Sicherheit

Jurius

Monitoring major digital projects has once again been the focus activity for the FDPIC. The E-ID Act as the basis for using a SwissID, the risk report on using the OASI number as a universal personal identifier or the conditions that must be met by e-ticketing or public transport apps underline this prioritisation. As a supervisory authority, the Commissioner had to intervene to prevent the processing of data on compulsory health insurance and had to deal with data leaks at several large companies. As the Freedom of Information Commissioner, the FDPIC succeeded in achieving a substantial increase in the efficiency of his arbitration procedures and welcomed the National Council’s unanimous commitment to guaranteeing transparency in connection with public procurement – thus ensuring that the principle of freedom of information does not become a farce.

Digitaler Binnenmarkt: Einigung über freien Verkehr nicht personenbezogener Daten

Jurius

The European Parliament, Council and the European Commission on June 19, 2018 reached a political agreement on new rules that will allow data to be stored and processed everywhere in the EU without unjustified restrictions. The new rules will also support the creation of a competitive data economy within the Digital Single Market.

Modernisierung und Digitalisierung der justiziellen Zusammenarbeit in Zivilsachen in der EU

Jurius

On May 31, 2018, the Commission is proposing to modernise and digitalise judicial cooperation for cross-border civil and commercial cases throughout the EU. It aims to make access to civil justice cheaper, more efficient and more accessible to citizens and businesses.