Law and Data Science

law for data science

Get Started. It's Free
or sign up with your email address
Rocket clouds
Law and Data Science by Mind Map: Law and Data Science

1. Cluster 2 private law

1.1. contract law

1.1.1. phases of contract

1.1.1.1. formation

1.1.1.1.1. No formalities, only an intention to be bound

1.1.1.1.2. In English law there is a requirement of consideration aka bargain

1.1.1.2. consequences

1.1.1.2.1. content

1.1.1.2.2. remedies

1.1.1.3. termination

1.1.1.3.1. for breach

1.1.1.3.2. for cause

1.1.1.3.3. at will

1.1.2. Art 3. Unfair Terms Directive

1.1.2.1. A contractual term which has not been individually negotiated shall be regarded as unfair if, contrary to the requirement of good faith, it causes a significant imbalance in the parties’ rights and obligations arising under the contract, to the detriment of the consumer.

1.1.2.2. Another form of control of contract clauses is the doctrine that some terms are against public order. Contracts against public order are void from the start: they have no legal effect and cannot be enforced.

1.1.3. Art. 5 consumer rights directive, the following must be provided

1.1.3.1. main characteristics of goods/services

1.1.3.2. identity of trader

1.1.3.3. total price

1.1.3.4. arrangements for payment, delivery and performance

1.1.3.5. existence of after sale-service

1.1.3.6. duration of contract

1.1.3.7. fuctionality of product

1.1.3.8. interoperability of digital content

1.1.4. grounds of voidness

1.1.4.1. undue influence

1.1.4.2. fraud

1.1.4.3. mistake

1.1.4.3.1. in english law: caveat emptor, no duty to disclose

1.1.4.4. threat

1.1.5. interpretation

1.1.5.1. objective interpretation

1.1.5.1.1. based solely on the text of the contract

1.1.5.2. subjective interpretation

1.1.5.2.1. intention of parties is primary

1.1.6. good faith

1.1.6.1. functions of good faith

1.1.6.1.1. suplementary

1.1.6.1.2. interpretative

1.1.6.1.3. restrictive function

1.1.6.2. implied terms

1.1.6.2.1. terms that re not explicit in the contract but are read into it

1.2. tort law

1.2.1. liability

1.2.1.1. fault-based

1.2.1.1.1. elements

1.2.1.1.2. causality

1.2.1.1.3. fault

1.2.1.2. strict

1.2.1.2.1. vicarious

1.2.1.2.2. negligence

1.2.1.3. defences of tortfeasor

1.2.1.3.1. contributory negligence

1.2.1.3.2. prescription

1.2.1.3.3. consent

1.2.1.4. ISP liability

1.2.1.4.1. As long as the ISP is purely passive regarding the data, he cannot be held liable.

1.2.1.4.2. Notice-and-Take-Down

1.2.2. aims

1.2.2.1. resitutio in integreo

1.2.2.2. prevention

1.2.3. Notion of relativity / Schutzzweck

1.2.3.1. some rules aim only at the protection of a certain group of persons or certain interests. Others outside this group or where a different interest is harmed cannot claim protection on the basis of this rule.

1.3. property law

1.3.1. objects of property law

1.3.1.1. tangible

1.3.1.1.1. immovable

1.3.1.1.2. movable

1.3.1.2. intangible

1.3.2. limited property rights

1.3.2.1. security rights

1.3.2.2. use rights

1.3.3. transfer of property rights

1.3.3.1. requirements

1.3.3.1.1. reason for transfer

1.3.3.1.2. power to dispose

1.3.3.1.3. delivery

1.3.3.2. res nullius

1.3.3.2.1. objects belonging to no-one

1.3.3.3. Reservation of ownership clause

1.3.3.3.1. a clause that states that the seller reserves the ownership until payment has been received.

2. Cluster 1 introduction

2.1. purposes of law

2.1.1. establishing standards

2.1.2. maintaining order

2.1.3. resolving disputes

2.1.4. protecting liberties and rights

2.2. functions of law

2.2.1. judicial

2.2.2. legislative

2.2.3. executive

2.3. common law

2.3.1. no codified laws

2.3.2. more contractual freedom

2.3.3. judge-made laws

2.4. civil law

2.4.1. codified laws

2.4.2. less contractual freedom

2.4.3. no judge-made laws

2.5. sources of law

2.5.1. international treaties

2.5.2. legislation

2.5.2.1. delegated acts

2.5.2.2. parliamential statutes

2.5.2.3. constitution

2.5.3. case law

2.6. interpretation methods

2.6.1. grammatical

2.6.2. teleological

2.6.3. systematic

2.6.4. historical

2.7. legal reasoning

2.7.1. a contrario

2.7.2. analogy

2.8. International law

2.8.1. primary law

2.8.1.1. treaties

2.8.2. secondary law

2.8.2.1. opinion

2.8.2.2. directives

2.8.2.3. regulation

2.8.2.4. recommendation

2.8.2.5. decisions

3. Cluster 3 public law

3.1. administrative law

3.1.1. principles of a good administration

3.1.1.1. lawfulness

3.1.1.2. non-discrimination

3.1.1.3. legal certainty

3.1.1.4. proportionality

3.1.1.5. legitimate expectations

3.1.1.6. right to have a fair hearing

3.1.1.7. right to have affairs handled impartially and fairly

3.1.2. sources of administrative law

3.1.2.1. international treaties

3.1.2.2. constitution

3.1.2.3. legislation

3.1.2.4. delegated acts

3.1.2.5. case law

3.1.3. suggested new rules to improve data protection

3.1.3.1. strict enforcement of existing ban on automated decision making

3.1.3.2. sunset clause (clause that sets an end time) of three to five years for large big data projects within the government

3.1.3.3. enhancement of data processing transparency

3.1.4. FOIA

3.1.4.1. reasons for FOIA

3.1.4.1.1. based on the constitutional right-to-know

3.1.4.1.2. many countries have constitutional guarantees for the right of access to information, but it is known that without a FOIA these guarantees usually remain underused

3.1.4.1.3. therefore FOIA legislation is the only way to allow access by the general public to data held by public bodies

3.1.4.2. wet openbaarheid van bestuur

3.1.4.2.1. Art. 1

3.1.4.2.2. Art. 3

3.1.4.2.3. Art. 10

3.1.4.3. objectives FOIA

3.1.4.3.1. Adding social and economic value (innovation)

3.1.4.3.2. Improving public service

3.1.4.3.3. Transparent government

3.1.4.3.4. Efficient government

3.1.5. R: introduction to administrative law

3.1.5.1. developments

3.1.5.1.1. de-territorialization, creation of new agencies leads to more complexity. This is caused by the growing globalization and the new transnational regulation that it requires

3.1.5.1.2. growing privatization of public administrators. We should be careful with this to avoid reduction of quality and the lack of accountability

3.1.5.2. main ideas western administrative law models

3.1.5.2.1. legislature cannot legislate every single aspect of our society

3.1.5.2.2. decisional procedures must ensure compliance with the autorizing legislative directives

3.1.5.2.3. judicial review should be availableto guarantee that the agency sticks to the legislative directives

3.1.5.2.4. administrative decisional process must facilitate the exercise of such judicial review

3.1.5.3. administrative agency action

3.1.5.3.1. rulemaking

3.1.5.3.2. adjudication

3.1.5.3.3. investigation

3.1.6. R: data-driven regulation and governance in smart cities

3.1.6.1. challenges

3.1.6.1.1. the disconnect between traditional administrative law frameworks and data-driven regulation and governance

3.1.6.1.2. the effects of the privatization of public services and citizen needs due to the growing outsourcing of smart cities technologies to private companies

3.1.6.1.3. the limited transparency and accountability that characterizes data-driven administrative processes

3.2. criminal law

3.2.1. goals

3.2.1.1. retribution

3.2.1.2. deterrence

3.2.1.3. restoration

3.2.2. phases

3.2.2.1. investigation

3.2.2.2. prosecution

3.2.2.3. trial

3.2.2.4. execution of sentence

3.2.3. actors

3.2.3.1. police

3.2.3.2. prosecution

3.2.3.3. investigative judge

3.2.3.4. courts

3.2.3.5. defence and defendant

3.2.3.6. victim

3.2.3.7. witness

3.2.4. systems

3.2.4.1. adversarial

3.2.4.1.1. trial prominent, oral testimony

3.2.4.1.2. prosecution vs defense

3.2.4.1.3. judge passive

3.2.4.1.4. plea bargain

3.2.4.2. inquisitorial

3.2.4.2.1. pre-trial phase prominent, extensive case file

3.2.4.2.2. defense is subject of investigation, prosecution is magistrate

3.2.4.2.3. judge active

3.2.4.2.4. elicit the truth, even after guilty plea

3.2.5. risks of data policing

3.2.5.1. reliability

3.2.5.2. criminal resonsibility for one's actions

3.2.5.3. presumption of innocence

3.2.5.4. privacy

3.2.5.5. discrimination

3.2.5.6. legal / professional privilege

4. Cluster 4 intellectual property

4.1. trade secrecy

4.1.1. requirements

4.1.1.1. it has commercial value because of it's secrecy

4.1.1.2. the person who is lawfully in control of the information has taken reasonable steps to keep it secret

4.1.1.3. it is not generally known to professionals in the field of the information

4.1.2. characteristics

4.1.2.1. not per se protection of an idea or data

4.1.2.2. protection against improper appropriation

4.1.2.3. mainly used if the secrecy barrier is difficult to take down or if infringement is difficult to detect

4.1.2.4. cheaper than patent protection

4.1.2.5. from societal perspective, the drawback is that algorithms are not available for others to elaborate on

4.2. patent law

4.2.1. Art. 52 EPC

4.2.1.1. not regarded as inventions and therefore not patentable

4.2.1.1.1. discoveries

4.2.1.1.2. aesthetic creations

4.2.1.1.3. schemes, rules and methods for performing mental acts, playing games or doing bussiness and programs for computers

4.2.1.1.4. presentation of information

4.2.2. patenting software

4.2.2.1. if a computer program has a technical character, it is patentable

4.2.2.1.1. there is a technical problem to be solved or the solution achieves a technical effect

4.2.2.1.2. technical considerations

4.2.2.1.3. further technical effect

4.2.2.1.4. under the 'any hardware' approach, technicality can be found if the subject matter of a claim relates to hardware

4.2.3. requirement for patent in EU

4.2.3.1. must be new

4.2.3.2. must involve inventive step

4.2.3.3. is susceptible of industrial application

4.3. novelty

4.3.1. Art. 54 EPC

4.3.1.1. an invention is new if it does not form part of the state of the art

4.3.1.2. the state of the art contains everything made available by means of a written or oral description, by use, or in any other way, before the date of filling of the EU patent application

4.3.1.3. the date of publishing is leading, if the same idea is filed before your idea is filed, it is part of the state of the art

4.4. inventive step

4.4.1. Art. 56 EPC

4.4.1.1. an invention shall be considered an inventive step if it is not obvious to a person skilled in the art

4.4.1.2. Art. 54 EPC(3) has no effect whether or not something is an inventive step

4.5. industrial application

4.5.1. Art. 57 EPC

4.5.1.1. an invention is susceptible of industrial application if it can be made or used in any kind of industry

4.6. Prevent direct use

4.6.1. Art. 25 UPC

4.6.1.1. a patent proprietor has the right to prevent any third party from

4.6.1.1.1. making, offering, placing or using the patent-subject, or importing or storing for those purposes

4.6.1.1.2. using a process which is in the patent-subject

4.6.1.1.3. offer, placing on the market, or importing or storing for those purposes a product obtained by a process which is the subject matter of the patent

4.7. copyright

4.7.1. ideas are not protected by copyright, expressions of ideas are

4.7.2. berne convention, three step test

4.7.2.1. generally

4.7.2.2. possible exceptions

4.7.2.2.1. examples

4.7.2.3. sound and visual recordings

4.8. database rights

4.8.1. database

4.8.1.1. a collection of independent works, data or other material arranged in a systematic or methodical way and individually accessible by electronic or other means

4.8.2. substantial investment

4.8.2.1. quality

4.8.2.2. quantity

4.8.2.3. obtaining

4.8.2.4. verification

4.8.2.5. presentation

4.8.3. Sui generis right

4.8.3.1. Art. 7 object of protection

4.8.3.1.1. makers of a database which shows that there has been a susbstantial investment receive a right to prevent extraction and/or re-utlilization of contents of the database

4.8.3.1.2. extraction = permanent or temporary transfer of contents to another medium

4.8.3.1.3. re-utilization = any form of making the content available to the public

4.8.3.1.4. the right can be transfered

4.8.3.1.5. the right also applies even if the database is also protected by any other right

4.8.3.1.6. extraction of substantial parts of a database implying acts which conflict with a normal exploitation of that database shall not be permitted

4.8.3.2. Art. 8 rights and obligations

4.8.3.2.1. the maker of a database that is available to the public may not prevent lawful users from accessing the database

4.8.3.2.2. a lawful user may not perform acts which conflict with normal exploitation

4.8.3.2.3. a lawful user may not cause prejuice to the holder of a right in respect to the works in the database

4.8.3.3. Art. 9 exceptions to the sui generis right

4.8.3.3.1. member states may stipulate the extraction of contents by lawful users when

4.8.3.4. Art. 10 term of protection

4.8.3.4.1. the right provided in article 7 shall run from the completion of the database until fifteen years from the first January of the year following the date of completion

4.8.3.4.2. if the database is made public, the date of expiration shall be shifted to the first of january after the date of publication

4.8.3.4.3. any substantial change which would result in the database being considered to be a substantial new investment shall qualify the database for its own term of protection

4.8.3.5. Art. 11 beneficiaries of protection

4.8.3.5.1. the right provided in article 7 shall apply to databases whose makers are inhabitants of member states

4.8.3.5.2. paragraph 1 also applies to companies who have their registered office within the member states. However, must have to be linked to the economy of a member state

4.8.3.5.3. if the database has a different right outside the EU, the council will look into this. If the expiry time of the original database is longer than 15 years, it will be 15 years.

5. Cluster 5 privacy and data protection

5.1. 1973 US code of fair information practices

5.1.1. A ban on secret personal data record-keeping

5.1.2. the right to find out what information on someone is collected and how it is used

5.1.3. the right to prevent information from being used for a purpose other than the one for which it has been collected

5.1.4. the right of an individual to correct or amend a record of identifiable infromation about him

5.1.5. requirement of to take reasonable measures to prevent misuse of data

5.2. 1950 European convention on human rights, Art. 8: right to respect for private and family life

5.2.1. everyone has the right to respect for his private and family life, his home and his correspondence

5.2.2. there shall be no interference by a public authority with the exercise of this right except emergencies such as national security

5.3. 2000 EU fundamental rights charter

5.3.1. Art. 7 respect for private and family life

5.3.1.1. everyone has the right to respect for his or her private and family life, home and communicaions

5.3.2. Art. 8 protection of personal data

5.3.2.1. everyone has the right to the protection of personal data concerning him or her

5.3.2.2. such data must be processed fairly for specific purposes and on the basis of the consent of the person concerned

5.3.2.3. everyone has the right to access to data which has been collected concerning him or her

5.3.2.4. compliance with these rules shall be subject to control by an independent authority

5.4. privacy and data protection are related but not the same. They overlap and reinforce eachother

5.4.1. privacy

5.4.1.1. broader than information

5.4.1.2. when it's information privacy, it only concerns some personal data

5.4.1.3. protects opacity of private sphere

5.4.1.4. mainly a negative right

5.4.1.5. creates negative obligations

5.4.2. data protection

5.4.2.1. only concerns information

5.4.2.2. concerns all personal data, not just sensitive or intimate

5.4.2.3. ensures transparency

5.4.2.4. mainly positive rights

5.4.2.5. creates mostly positive obligations

5.5. sources of privacy and data protection law

5.5.1. international level

5.5.2. international regional level

5.5.2.1. ECHR: council of europe convention for the protection of human rights and fundamental freedoms

5.5.2.2. The 1981 council of europe convention number 108 for the protection of natural persons with regard to the processing of personal data

5.5.2.3. 2017: guidelines on big data adopted by the consultative committee of the council of europe's data protection

5.6. GDPR

5.6.1. when does it apply

5.6.1.1. GDPR Art. 2 material scope

5.6.1.1.1. GDPR applies to the processing of personal data by automated means

5.6.1.2. does not apply when the data is anonymous

5.6.1.2.1. information which does not relate to an identified or identifiable natural person or personal data rendere anonymous in such a manner that the data subject is not or no longer identifiable.

5.6.1.2.2. data protection does not apply to truly and irreversible anonymized data

5.6.1.3. pseudonymisation

5.6.1.3.1. the personal data can no longer be attributed to a specific data subject without additional information

5.6.1.3.2. provided that such additional information is kept seperately

5.6.1.3.3. and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person

5.6.2. controller's obligation

5.6.2.1. controller is an organization or individual who determines the purpose & means of processing personal data, alone or jointly. there may be several purposes and controllers at the same time.

5.6.2.2. as opposed to processor, who acts within autorithy of the controller. data security obligations apply to processors as well

5.6.2.3. the main concept is: better safe than sorry. controllership is a broad concept. based on factual influence, you cannot 'contract' out of it.

5.6.3. Art. 5

5.6.3.1. Personal data shall be

5.6.3.1.1. lawfulness, fairness and transparency

5.6.3.1.2. purpose specification and limitation

5.6.3.1.3. data minimization

5.6.3.1.4. accuracy

5.6.3.1.5. storage limitation

5.6.3.1.6. integrity

5.6.3.1.7. accountability

5.6.4. Art. 6

5.6.4.1. grounds of lawful data processing

5.6.4.1.1. free, unambiguous and informed consent

5.6.4.1.2. contract

5.6.4.1.3. legal obligation for the data controller

5.6.4.1.4. vital interest of a data subject

5.6.4.1.5. task in public interest of official authority by a controller

5.6.4.1.6. legitimate interest of a controller or a 3rd party, unless overridden by rights and freedoms of a data subject

5.6.5. consent

5.6.5.1. consent is

5.6.5.1.1. unambiguous

5.6.5.1.2. free

5.6.5.1.3. specific

5.6.5.1.4. informed

5.6.5.2. conditions for consent

5.6.5.2.1. where processing is based on consent, the controller can demonstrate that the data subject has given consent

5.6.5.2.2. if the data subject's consent is given, it needs to be presented in a manner which is clearly distinguishable and given in an intelligible and easily accessible form, using clear and plain language

5.6.5.2.3. the data subject has the right to withdraw his or her consent at any time

5.6.5.2.4. a conditional on consent to the processing of personal data does not mean there is consent

5.6.6. legitimate interest

5.6.6.1. balancing under GDPR (recital 47)

5.6.6.1.1. relationship: relevant and appropriate relationship between the data subject and the controller in situations such as where the data subject is a client or in the service of the controller

5.6.6.1.2. a data subject can reasonably expect at the time and in the context of the collection of the personal data that processing for that purpose / further processing may take place

5.6.7. Art. 9

5.6.7.1. special categories / sensitive data

5.6.7.1.1. data revealing racial or ethnic origin

5.6.7.1.2. political options

5.6.7.1.3. religious or philosophical beliefs

5.6.7.1.4. trade union membership

5.6.7.1.5. the processing of genetic data

5.6.7.1.6. biometric data for the purpose of uniquely identifiying a natural person

5.6.7.1.7. data concerning health

5.6.7.1.8. data concerning a natural person's sex life or sexual orientationi

5.6.8. recital 35: data concerning health

5.6.8.1. all data pertaining to the health status which reveal the past, current or future physical or mental health status

5.6.8.1.1. information about the natural person collected in the course of registration for healthcare service

5.6.8.1.2. a number, symbol or particular assigned to a natural person to uniquely identify the natural person for health purposes

5.6.8.1.3. information derived from the testing or examination of a body part of bodily substance, including from genetic data and biological samples

5.6.8.1.4. any information on the state of health of the data subject independent of it's source

5.6.9. Art 29 WP

5.6.9.1. medical data = data about the health status generated in a professional medical context

5.6.9.2. the ban on use of medical data does not apply when

5.6.9.2.1. explicit consent is given, except where prohibited by law

5.6.9.2.2. it is necessary for the purpose of exercising specific rights of the controller or of the data subject in the field of employment, social security law and socail protection law

5.6.9.2.3. it is necessary to protect the vital interest of someone where the data subject is physically or legally capable of giving consent

5.6.9.2.4. the data is used in the course of its legitimate activities with appropriate safeguards by a not-for-profit body with a political, philosophical, religious or trade union aim.

5.6.9.2.5. processing relates to personal data which are made public by the data subject

5.6.9.2.6. it is necessary for the establishment, exercise or defense of legal claims

5.6.9.2.7. it is necessary for the reasons of substantial public interest

5.6.9.2.8. it is necessary for the purpose of preventive or occupational medicine, etc