http://journals.ed.ac.uk/script-ed/issue/feed 2023-09-19T17:49:02+01:00 Ayca Atabey & Simal Erdogan editors.scripted@ed.ac.uk Open Journal Systems <p>Intellectual Property, Information Technology, Medical Law - SCRIPTed’s <a href="http://journals.ed.ac.uk/script-ed/about/editorialTeam">Editorial Board</a> is assisted by an Advisory Board of internationally-renowned experts drawn from the disciplines of intellectual property, information technology, medical law, artificial intelligence, communications law and E-commerce. Submissions are invited on any aspect of the relationships between law, policy, society, ethics, and technologies.</p> http://journals.ed.ac.uk/script-ed/article/view/8982 2023-09-19T17:49:02+01:00 Ayça Atabey ayca.atabey@ed.ac.uk Şimal Efsane Erdoğan simal.erdogan@kcl.ac.uk 2023-08-10T09:13:36+01:00 ##submission.copyrightStatement## http://journals.ed.ac.uk/script-ed/article/view/8983 2023-09-19T17:49:02+01:00 Ayça Atabey ayca.atabey@ed.ac.uk Şimal Efsane Erdoğan simal.erdogan@kcl.ac.uk Mihail Dishev m.s.dishev@sms.ed.ac.uk 2023-08-10T09:16:55+01:00 ##submission.copyrightStatement## http://journals.ed.ac.uk/script-ed/article/view/8908 2023-09-19T17:49:02+01:00 Andrew Cormack andrew.cormack@jisc.ac.uk

<p>It’s not uncommon for the same piece of personal data to relate to more than one individual. Opinions, feedback and reputation involve statements by one identifiable person about another; genetic data contain information about an individual, but also their relatives, ancestors and descendants; data about communications relate to both the sender and recipient; observations of one person may be used to make predictions about others. Privacy cases and papers have found these situations troubling, but analyse them by applying data protection law to a single data subject. This paper instead treats “entangled” personal data as involving multiple perspectives, examining how data protection principles apply simultaneously to different subjects of the same data. Where the perspectives are the same – as in a case on examination scripts – few problems are likely. Where there are significant differences this approach confirms the problems found by others but also suggests how these can be reduced: aligning the perspectives by changing data sources or processing, adopting voluntary limitations or safeguards. By quickly identifying problems that may not be apparent from a single-data-subject analysis, and identifying possible mitigations, an entangled analysis provides theoretical and practical guidance: suggesting safer ways to use this increasingly common form of personal data.</p>

2023-07-07T00:00:00+01:00 ##submission.copyrightStatement## http://journals.ed.ac.uk/script-ed/article/view/8978 2023-09-19T17:49:02+01:00 Jessica Bell jessica.bell@warwick.ac.uk Miranda Mourby miranda.mourby@law.ox.ac.uk Jane Kaye Jane.kaye@law.ox.ac.uk

<p>Public private partnerships (PPPs) are increasingly common in health research, with large European investment over the last 20 years and renewed focus in the wake of the global health crisis COVID-19. PPPs have been used for health research that seeks to collect, analyse and share personal data from research participants, often on the basis of informed or broad consent. PPPs are underpinned by contracts, both to govern the use of data and samples necessary for health research, and to govern the agreement between the public and private contracting parties of a project. This raises the question of how far contracts adequately protect public interests, for example in privacy and data protection when patient data are exposed to a broader range of potential uses from the private sector. A core principle of contract law is that you cannot contract for unlawful activity. As such, contracts could be void if their design or performance entails a breach of statute or common law, for example data protection and privacy laws or the common law duty of confidentiality. This paper analyses the implications of this general principle of illegality for contracts underpinning PPPs in health research, particularly to understand the extent to which it could operate to protect the public interest as conceived by privacy and data protection law. The paper will show how this heavily policy-driven doctrine has scope to ensure that contracts and contract terms that are contrary to public policy are void or unenforceable which, in the context of PPPs using personal information for health innovation and research, is a welcome, though limited, accountability mechanism in private law that could operate to serve the public interest.</p>

2023-08-08T00:00:00+01:00 ##submission.copyrightStatement## http://journals.ed.ac.uk/script-ed/article/view/8979 2023-09-19T17:49:02+01:00 Frederik Zuiderveen Borgesius frederikzb@cs.ru.nl Hadi Asghari hadi.asghari@hiig.de Noël Bangma noel@familiebangma.nl Jaap-Henk Hoepman jhh@cs.ru.nl

<p>The General Data Protection Regulation (GDPR) requires an organisation that suffers a data breach to notify the competent Data Protection Authority. The organisation must also inform the relevant individuals, when a data breach threatens their rights and freedoms. This paper focuses on the following question: given the goals of the GDPR’s data breach notification obligation, what are its strengths and weaknesses? We identify six goals of, or rationales for, the GDPR`s data breach notification obligation, and we assess the obligation in the light of those goals. We refer to insights from information security and economics, and present them in a reader-friendly way for lawyers. Our main conclusion is that the GDPR’s data breach rules are likely to contribute to the goals. For instance, the data breach notification obligation can nudge organisations towards better security; such an obligation enables regulators to perform their duties; and such an obligation improves transparency and accountability. However, the paper also warns that we should not have unrealistic expectations of&nbsp;the possibilities for people to protect their interests after a data breach notice. Likewise, we should not have high expectations of people switching to other service providers after receiving a data breach notification. Lastly, the paper calls for Data Protection Authorities to publish more information about reported data breaches. Such information can help to analyse security threats.</p>

2023-08-10T00:00:00+01:00 ##submission.copyrightStatement## http://journals.ed.ac.uk/script-ed/article/view/8980 2023-09-19T17:49:02+01:00 Sunita Menon sunitam@uj.ac.za

<p>As digital technologies become the dominant driver of the global economy, Africa finds itself once again faced with the prospect of developmental stagnation. In an increasingly technological age, parallels to the colonial era can be made, particularly in reference to the detrimental impact on the African economy and the continent’s developmental trajectory. AI, which drives these technologies, is informed by algorithms. The biases inherent in these algorithms lead to digital discrimination. This discrimination has resulted in a new form of colonialism, referred to as digital neocolonialism, which denotes the exclusionary barrier that has been created by algorithms. This work challenges algorithmic bias through the application of postcolonial theory, which calls for a dismantling of colonial imposition by reimagining and reframing the concept of the ‘other’. The gaps in current AI systems, and the power imbalances created, are interrogated through an analysis of bias and its impact. Through a postcolonial lens, a call is made for more inclusive AI systems, and datasets that challenges the assumed neutrality of algorithms.</p>

2023-08-10T09:03:24+01:00 ##submission.copyrightStatement## http://journals.ed.ac.uk/script-ed/article/view/8981 2023-09-19T17:49:02+01:00 Claudia González-Márquez s2187064@ed.ac.uk 2023-08-10T09:08:10+01:00 ##submission.copyrightStatement##