All issues > Volume 20 > Issue 20:1 (1-281)

This article identifies Privacy by Design [“PbD”] as a suitable regulatory approach to address the attack on personal data in the Fourth Industrial Revolution. It proposes Privacy Engineering [“PE”] as a concrete methodology to operationalize the otherwise vague Privacy by Design. Privacy Engineering operationalizes the normative knowledge of privacy into specific use cases through layers of flexible abstract thinking, interconnected through a “web of templates”. This “web of templates” can be constructed by answering the two-fold question of relevancy and extent of data protection required. PE provides regulators with a specific language in which they can communicate with data controllers to establish privacy obligations and undertake prioritized capacity building for resource-deprived data controllers.

This article also illustrates the application of this methodology through the Account Aggregator Framework and the Aarogya Setu Application. Positioning this method as not just an operational guide but also a rigorous tool of critique, it also evaluates the extent of their compliance. Account Aggregator exceptionally embodies PbD, while Aarogya Setu does so only averagely.

The regulation of artificial intelligence (AI) presents a challenging new legal frontier that is only just beginning to be addressed around the world. This article provides an examination of why regulation of AI is difficult, with a particular focus on understanding the reasoning behind automated decisions. We go on to propose a flexible, risk-based categorisation for AI
based on system inputs and outputs, and incorporate explainable AI (XAI) into our novel categorisation to provide the beginnings of a functional and scalable AI regulatory framework.

This article examines the self-regulatory framework established by the EU Code of Practice on Disinformation and considers how the EU Digital Services Act [DSA] will affect that framework. Firstly, this article argues that the DSA entrenches the opacity of firms’ partnerships with fact-checking organisations and investigations of coordinated inauthentic behaviour, as well as fails to provide adequate transparency of its newly created redress mechanisms. Secondly, this article argues that, overall, the DSA fails to protect European standards of freedom of expression in the regulation of disinformation, reflecting an uncertainty of how public bodies should regulate the private gatekeepers of information. As these public bodies press private actors to address disinformation—lawful if undesirable expression—the question of the effect of informal state pressure on the horizontal application of fundamental rights gains a sense of urgency.

Considering recent litigation in the Australian courts, and an inquiry by the Productivity Commission, this paper calls for patent law reform in respect of the right to repair in Australia. It provides an evaluation of the decision of the Full Court of the Federal Court in Calidad Pty Ltd v Seiko Epson Corporation [2019] FCAFC 115 – as well as the High Court of Australia consideration of the matter in Calidad Pty Ltd v Seiko Epson Corporation [2020] HCA 41. It highlights the divergence between the layers of the Australian legal system on the topic of patent law – between the judicial approach of the Federal Court of Australia and the Full Court of the Federal Court of Australia, and the endorsement of the patent exhaustion doctrine by the majority of the High Court of Australia. In light of this litigation, this paper reviews the policy approach taken by the Productivity Commission in respect of patent law, the right to repair, consumer rights, and competition policy. After the considering the findings of the Productivity Commission, it is recommended that there is a need to provide for greater recognition of the right to repair under patent law. It also calls for the use of compulsory licensing, crown use, competition oversight, and consumer law protection to reinforce the right to repair under patent law. In the spirit of modernising Australia’s regime, this paper makes a number of recommendations for patent law reform – particularly in light of 3D printing, additive manufacturing, and digital fabrication. It calls upon the legal system to embody some of the ideals, which have been embedded in the Maker’s Bill of Rights, and the iFixit Repair Manifesto. The larger argument of the paper is that there needs to be a common approach to the right to repair across the various domains of intellectual property – rather than the current fragmentary treatment of the topic. This paper calls upon the new Albanese Government to make systematic reforms to recognise the right to repair under Australian law.

AI scientists are rapidly developing new approaches to understanding and exploiting vulnerabilities in human decision-making. As governments around the world grapple with the threat posed by manipulative AI systems, the European Commission (EC) has taken a significant step by proposing a new sui generis legal regime (the AI Act) which prohibits certain systems with the ’significant’ potential to manipulate. Specifically, the EC has proposed prohibitions on AI systems which deploy subliminal techniques and exploit vulnerabilities in specific groups. This article analyses the EC’s proposal, finding that the approach is not tailored to address the capabilities of manipulative AI. The concepts of subliminal techniques, group-level vulnerability, and transparency, which are core to the EC’s proposed response, are inadequate to meet the threat arising from growing capabilities to render individuals susceptible to hidden influence by surfacing and exploiting vulnerabilities in individual decision-making processes. In seeking to secure the benefits of AI while meeting the heightened threat of manipulation, lawmakers must adopt new frameworks better suited to addressing new capabilities for manipulation assisted by advancements in machine learning.

This paper looks at the developments of hate speech regulation online, specifically its horizontalization, with private companies increasingly ruling on the permissibility levels of speech, placing the right to free speech at peril. To elucidate issues at stake, the paper will look at the meaning of hate speech, the online landscape in terms of the prevalence and removal of hate speech and recent legal and policy developments in the sphere of private regulation in Europe, critically weighing up the pros and cons of this strategy. This paper demonstrates how seeking to tackle all types of hate speech through enhanced pressures on intermediaries to remove content may come with dire effects to both freedom of expression and the right to non-discrimination. At the same time, due attention must be given to speech which may actually lead to real world harm. A perfect solution is not available since, as is the case in the real world, the Internet cannot be expected to be perfect. However, at the very least, the principles and precepts of IHRL and the thresholds attached to Article 20(2) ICCPR, as further interpreted by the Rabat Plan of Action, must inform and guide any effort in enhanced platform liability.

The Cypriot Ministry of Finance published in September 2021 a bill on a proposed Distributed Ledger Technology Law which aims to incorporate blockchain technologies, including tokens and smart contracts into the Cypriot legal system. This piece provides the reader with a synopsis of the main provisions of the bill and what their effect could be once adopted. A brief analysis is also provided with regard to whether the proposed legislation achieves its goals of facilitating the proper use of such technologies whilst contributing to the prevention and suspension of money laundering and guaranteeing consumers’ rights, all in a manner that is technologically neutral so that it does not obstruct the further development, and incorporation into the local legal system, of distributed ledger technologies.