Law and Data Science

law for data science

Get Started. It's Free
or sign up with your email address
Rocket clouds
Law and Data Science by Mind Map: Law and Data Science

1. Cluster 2 private law

1.1. contract law

1.1.1. phases of contract formation No formalities, only an intention to be bound In English law there is a requirement of consideration aka bargain consequences content remedies termination for breach for cause at will

1.1.2. Art 3. Unfair Terms Directive A contractual term which has not been individually negotiated shall be regarded as unfair if, contrary to the requirement of good faith, it causes a significant imbalance in the parties’ rights and obligations arising under the contract, to the detriment of the consumer. Another form of control of contract clauses is the doctrine that some terms are against public order. Contracts against public order are void from the start: they have no legal effect and cannot be enforced.

1.1.3. Art. 5 consumer rights directive, the following must be provided main characteristics of goods/services identity of trader total price arrangements for payment, delivery and performance existence of after sale-service duration of contract fuctionality of product interoperability of digital content

1.1.4. grounds of voidness undue influence fraud mistake in english law: caveat emptor, no duty to disclose threat

1.1.5. interpretation objective interpretation based solely on the text of the contract subjective interpretation intention of parties is primary

1.1.6. good faith functions of good faith suplementary interpretative restrictive function implied terms terms that re not explicit in the contract but are read into it

1.2. tort law

1.2.1. liability fault-based elements causality fault strict vicarious negligence defences of tortfeasor contributory negligence prescription consent ISP liability As long as the ISP is purely passive regarding the data, he cannot be held liable. Notice-and-Take-Down

1.2.2. aims resitutio in integreo prevention

1.2.3. Notion of relativity / Schutzzweck some rules aim only at the protection of a certain group of persons or certain interests. Others outside this group or where a different interest is harmed cannot claim protection on the basis of this rule.

1.3. property law

1.3.1. objects of property law tangible immovable movable intangible

1.3.2. limited property rights security rights use rights

1.3.3. transfer of property rights requirements reason for transfer power to dispose delivery res nullius objects belonging to no-one Reservation of ownership clause a clause that states that the seller reserves the ownership until payment has been received.

2. Cluster 1 introduction

2.1. purposes of law

2.1.1. establishing standards

2.1.2. maintaining order

2.1.3. resolving disputes

2.1.4. protecting liberties and rights

2.2. functions of law

2.2.1. judicial

2.2.2. legislative

2.2.3. executive

2.3. common law

2.3.1. no codified laws

2.3.2. more contractual freedom

2.3.3. judge-made laws

2.4. civil law

2.4.1. codified laws

2.4.2. less contractual freedom

2.4.3. no judge-made laws

2.5. sources of law

2.5.1. international treaties

2.5.2. legislation delegated acts parliamential statutes constitution

2.5.3. case law

2.6. interpretation methods

2.6.1. grammatical

2.6.2. teleological

2.6.3. systematic

2.6.4. historical

2.7. legal reasoning

2.7.1. a contrario

2.7.2. analogy

2.8. International law

2.8.1. primary law treaties

2.8.2. secondary law opinion directives regulation recommendation decisions

3. Cluster 3 public law

3.1. administrative law

3.1.1. principles of a good administration lawfulness non-discrimination legal certainty proportionality legitimate expectations right to have a fair hearing right to have affairs handled impartially and fairly

3.1.2. sources of administrative law international treaties constitution legislation delegated acts case law

3.1.3. suggested new rules to improve data protection strict enforcement of existing ban on automated decision making sunset clause (clause that sets an end time) of three to five years for large big data projects within the government enhancement of data processing transparency

3.1.4. FOIA reasons for FOIA based on the constitutional right-to-know many countries have constitutional guarantees for the right of access to information, but it is known that without a FOIA these guarantees usually remain underused therefore FOIA legislation is the only way to allow access by the general public to data held by public bodies wet openbaarheid van bestuur Art. 1 Art. 3 Art. 10 objectives FOIA Adding social and economic value (innovation) Improving public service Transparent government Efficient government

3.1.5. R: introduction to administrative law developments de-territorialization, creation of new agencies leads to more complexity. This is caused by the growing globalization and the new transnational regulation that it requires growing privatization of public administrators. We should be careful with this to avoid reduction of quality and the lack of accountability main ideas western administrative law models legislature cannot legislate every single aspect of our society decisional procedures must ensure compliance with the autorizing legislative directives judicial review should be availableto guarantee that the agency sticks to the legislative directives administrative decisional process must facilitate the exercise of such judicial review administrative agency action rulemaking adjudication investigation

3.1.6. R: data-driven regulation and governance in smart cities challenges the disconnect between traditional administrative law frameworks and data-driven regulation and governance the effects of the privatization of public services and citizen needs due to the growing outsourcing of smart cities technologies to private companies the limited transparency and accountability that characterizes data-driven administrative processes

3.2. criminal law

3.2.1. goals retribution deterrence restoration

3.2.2. phases investigation prosecution trial execution of sentence

3.2.3. actors police prosecution investigative judge courts defence and defendant victim witness

3.2.4. systems adversarial trial prominent, oral testimony prosecution vs defense judge passive plea bargain inquisitorial pre-trial phase prominent, extensive case file defense is subject of investigation, prosecution is magistrate judge active elicit the truth, even after guilty plea

3.2.5. risks of data policing reliability criminal resonsibility for one's actions presumption of innocence privacy discrimination legal / professional privilege

4. Cluster 4 intellectual property

4.1. trade secrecy

4.1.1. requirements it has commercial value because of it's secrecy the person who is lawfully in control of the information has taken reasonable steps to keep it secret it is not generally known to professionals in the field of the information

4.1.2. characteristics not per se protection of an idea or data protection against improper appropriation mainly used if the secrecy barrier is difficult to take down or if infringement is difficult to detect cheaper than patent protection from societal perspective, the drawback is that algorithms are not available for others to elaborate on

4.2. patent law

4.2.1. Art. 52 EPC not regarded as inventions and therefore not patentable discoveries aesthetic creations schemes, rules and methods for performing mental acts, playing games or doing bussiness and programs for computers presentation of information

4.2.2. patenting software if a computer program has a technical character, it is patentable there is a technical problem to be solved or the solution achieves a technical effect technical considerations further technical effect under the 'any hardware' approach, technicality can be found if the subject matter of a claim relates to hardware

4.2.3. requirement for patent in EU must be new must involve inventive step is susceptible of industrial application

4.3. novelty

4.3.1. Art. 54 EPC an invention is new if it does not form part of the state of the art the state of the art contains everything made available by means of a written or oral description, by use, or in any other way, before the date of filling of the EU patent application the date of publishing is leading, if the same idea is filed before your idea is filed, it is part of the state of the art

4.4. inventive step

4.4.1. Art. 56 EPC an invention shall be considered an inventive step if it is not obvious to a person skilled in the art Art. 54 EPC(3) has no effect whether or not something is an inventive step

4.5. industrial application

4.5.1. Art. 57 EPC an invention is susceptible of industrial application if it can be made or used in any kind of industry

4.6. Prevent direct use

4.6.1. Art. 25 UPC a patent proprietor has the right to prevent any third party from making, offering, placing or using the patent-subject, or importing or storing for those purposes using a process which is in the patent-subject offer, placing on the market, or importing or storing for those purposes a product obtained by a process which is the subject matter of the patent

4.7. copyright

4.7.1. ideas are not protected by copyright, expressions of ideas are

4.7.2. berne convention, three step test generally possible exceptions examples sound and visual recordings

4.8. database rights

4.8.1. database a collection of independent works, data or other material arranged in a systematic or methodical way and individually accessible by electronic or other means

4.8.2. substantial investment quality quantity obtaining verification presentation

4.8.3. Sui generis right Art. 7 object of protection makers of a database which shows that there has been a susbstantial investment receive a right to prevent extraction and/or re-utlilization of contents of the database extraction = permanent or temporary transfer of contents to another medium re-utilization = any form of making the content available to the public the right can be transfered the right also applies even if the database is also protected by any other right extraction of substantial parts of a database implying acts which conflict with a normal exploitation of that database shall not be permitted Art. 8 rights and obligations the maker of a database that is available to the public may not prevent lawful users from accessing the database a lawful user may not perform acts which conflict with normal exploitation a lawful user may not cause prejuice to the holder of a right in respect to the works in the database Art. 9 exceptions to the sui generis right member states may stipulate the extraction of contents by lawful users when Art. 10 term of protection the right provided in article 7 shall run from the completion of the database until fifteen years from the first January of the year following the date of completion if the database is made public, the date of expiration shall be shifted to the first of january after the date of publication any substantial change which would result in the database being considered to be a substantial new investment shall qualify the database for its own term of protection Art. 11 beneficiaries of protection the right provided in article 7 shall apply to databases whose makers are inhabitants of member states paragraph 1 also applies to companies who have their registered office within the member states. However, must have to be linked to the economy of a member state if the database has a different right outside the EU, the council will look into this. If the expiry time of the original database is longer than 15 years, it will be 15 years.

5. Cluster 5 privacy and data protection

5.1. 1973 US code of fair information practices

5.1.1. A ban on secret personal data record-keeping

5.1.2. the right to find out what information on someone is collected and how it is used

5.1.3. the right to prevent information from being used for a purpose other than the one for which it has been collected

5.1.4. the right of an individual to correct or amend a record of identifiable infromation about him

5.1.5. requirement of to take reasonable measures to prevent misuse of data

5.2. 1950 European convention on human rights, Art. 8: right to respect for private and family life

5.2.1. everyone has the right to respect for his private and family life, his home and his correspondence

5.2.2. there shall be no interference by a public authority with the exercise of this right except emergencies such as national security

5.3. 2000 EU fundamental rights charter

5.3.1. Art. 7 respect for private and family life everyone has the right to respect for his or her private and family life, home and communicaions

5.3.2. Art. 8 protection of personal data everyone has the right to the protection of personal data concerning him or her such data must be processed fairly for specific purposes and on the basis of the consent of the person concerned everyone has the right to access to data which has been collected concerning him or her compliance with these rules shall be subject to control by an independent authority

5.4. privacy and data protection are related but not the same. They overlap and reinforce eachother

5.4.1. privacy broader than information when it's information privacy, it only concerns some personal data protects opacity of private sphere mainly a negative right creates negative obligations

5.4.2. data protection only concerns information concerns all personal data, not just sensitive or intimate ensures transparency mainly positive rights creates mostly positive obligations

5.5. sources of privacy and data protection law

5.5.1. international level

5.5.2. international regional level ECHR: council of europe convention for the protection of human rights and fundamental freedoms The 1981 council of europe convention number 108 for the protection of natural persons with regard to the processing of personal data 2017: guidelines on big data adopted by the consultative committee of the council of europe's data protection

5.6. GDPR

5.6.1. when does it apply GDPR Art. 2 material scope GDPR applies to the processing of personal data by automated means does not apply when the data is anonymous information which does not relate to an identified or identifiable natural person or personal data rendere anonymous in such a manner that the data subject is not or no longer identifiable. data protection does not apply to truly and irreversible anonymized data pseudonymisation the personal data can no longer be attributed to a specific data subject without additional information provided that such additional information is kept seperately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person

5.6.2. controller's obligation controller is an organization or individual who determines the purpose & means of processing personal data, alone or jointly. there may be several purposes and controllers at the same time. as opposed to processor, who acts within autorithy of the controller. data security obligations apply to processors as well the main concept is: better safe than sorry. controllership is a broad concept. based on factual influence, you cannot 'contract' out of it.

5.6.3. Art. 5 Personal data shall be lawfulness, fairness and transparency purpose specification and limitation data minimization accuracy storage limitation integrity accountability

5.6.4. Art. 6 grounds of lawful data processing free, unambiguous and informed consent contract legal obligation for the data controller vital interest of a data subject task in public interest of official authority by a controller legitimate interest of a controller or a 3rd party, unless overridden by rights and freedoms of a data subject

5.6.5. consent consent is unambiguous free specific informed conditions for consent where processing is based on consent, the controller can demonstrate that the data subject has given consent if the data subject's consent is given, it needs to be presented in a manner which is clearly distinguishable and given in an intelligible and easily accessible form, using clear and plain language the data subject has the right to withdraw his or her consent at any time a conditional on consent to the processing of personal data does not mean there is consent

5.6.6. legitimate interest balancing under GDPR (recital 47) relationship: relevant and appropriate relationship between the data subject and the controller in situations such as where the data subject is a client or in the service of the controller a data subject can reasonably expect at the time and in the context of the collection of the personal data that processing for that purpose / further processing may take place

5.6.7. Art. 9 special categories / sensitive data data revealing racial or ethnic origin political options religious or philosophical beliefs trade union membership the processing of genetic data biometric data for the purpose of uniquely identifiying a natural person data concerning health data concerning a natural person's sex life or sexual orientationi

5.6.8. recital 35: data concerning health all data pertaining to the health status which reveal the past, current or future physical or mental health status information about the natural person collected in the course of registration for healthcare service a number, symbol or particular assigned to a natural person to uniquely identify the natural person for health purposes information derived from the testing or examination of a body part of bodily substance, including from genetic data and biological samples any information on the state of health of the data subject independent of it's source

5.6.9. Art 29 WP medical data = data about the health status generated in a professional medical context the ban on use of medical data does not apply when explicit consent is given, except where prohibited by law it is necessary for the purpose of exercising specific rights of the controller or of the data subject in the field of employment, social security law and socail protection law it is necessary to protect the vital interest of someone where the data subject is physically or legally capable of giving consent the data is used in the course of its legitimate activities with appropriate safeguards by a not-for-profit body with a political, philosophical, religious or trade union aim. processing relates to personal data which are made public by the data subject it is necessary for the establishment, exercise or defense of legal claims it is necessary for the reasons of substantial public interest it is necessary for the purpose of preventive or occupational medicine, etc