Suchergebnisse

Defense date: 26/11/2010 ; Examining Board: Fabrizio CAFAGGI (Supervisor, EUI), Marie-Ange MOREAU (EUI), Horatia MUIR WATT (Sciences Po, Paris), Vincenzo ZENO ZENCOVICH (Università di Roma 3) ; Published online on 17 September 2012, in a slightly corrected version of the thesis, as suggested by the jury. ; L'étude des régimes de responsabilité civile applicables aux prestataires de service en ligne est l'occasion de faire ressortir la fonction de promotion d'une stratégie de régulation octroyée à l'institution de la responsabilité civile dans un contexte de crise de la normativité étatique. À ce titre, il devient opportun de distinguer à côté des fonctions traditionnelles de la responsabilité civile (réparation des victimes, répression des comportements antisociaux, et prévention des dommages) impliquant l'adoption d'une approche horizontale, une nouvelle fonction découlant d'une approche verticale et témoignant de la recherche d'une répartition efficace des activités de régulation entre acteurs publics et acteurs privés aux fins de rendre obligatoires les normes étatiques à leurs destinataires. Au sein du cyberespace, l'État ne bénéficie pas du monopole de l'activité normative comme d'ailleurs les transformations de l'État régulateur le laissaient pressentir au sein du monde réel. Bien plus, l'architecture du réseau réduit les coûts de mise en oeuvre des systèmes d'autorégulation tout en rendant les modes traditionnels de régulation moins effectifs. Un certain nombre d'acteurs privés disposent, du fait de leur maîtrise de la technologie et de leur position d'intermédiaire, d'un pouvoir normatif de fait et de droit, et plus généralement, d'un pouvoir de régulation de fait et de droit se traduisant par la création de normes privées, le contrôle des comportements déviants et leur sanction. L'État a donc besoin de recourir à ces acteurs, véritables régulateurs privés spontanés, aux fins de rendre sa stratégie de régulation efficace. Cependant, derrière le discours de la diversification nécessaire des sources de droit se dessine une « dé-juridicisation » latente en même temps qu'une nouvelle répartition des compétences entre acteurs publics et acteurs privés. Ceci est vrai aux États-Unis comme en Europe et plus particulièrement en France en dépit de l'adoption de stratégies de régulation distinctes. Paradoxalement, le peu de considération accordée à la fonction de promotion d'une « régulation juridique de source privée » attribuée la responsabilité civile a servi à renforcer l'immunité des régulateurs privés. Or, c'est seulement à l'aune de cette fonction qu'il est possible de saisir l'enjeu juridique et politique que représente la responsabilité des prestataires intermédiaires de service en ligne.

Abstract
Independent data stewardship remains a core component of good data governance practice. Yet, there is a need for more robust independent data stewardship models that are able to oversee data-driven, multi-party data sharing, usage and re-usage, which can better incorporate citizen representation, especially in relation to personal data. We propose that data foundations—inspired by Channel Islands' foundations laws—provide a workable model for good data governance not only in the Channel Islands, but also elsewhere. A key advantage of this model—in addition to leveraging existing legislation and building on established precedent—is the statutory role of the guardian that is a unique requirement in the Channel Islands, and when interpreted in a data governance model provides the independent data steward. The principal purpose for this paper, therefore, is to demonstrate why data foundations are well suited to the needs of data sharing initiatives. We further examine how data foundations could be established in practice—and provide key design principles that should be used to guide the design and development of any data foundation.

Independent data stewardship remains a core component of good data governance practice. Yet, there is a need for more robust independent data stewardship models that are able to oversee data-driven, multi-party data sharing, usage and re-usage, which can better incorporate citizen representation, especially in relation to personal data. We propose that data foundations – inspired by Channel Islands' foundations laws – provide a workable model for good data governance not only in the Channel Islands but also elsewhere. A key advantage of this model – in addition to leveraging existing legislation and building on established precedent – is the statutory role of the guardian that is a unique requirement in the Channel Islands, and when interpreted in a data governance model provides the independent data steward. The principal purpose for this paper therefore is to demonstrate why data foundations are well suited to the needs of data sharing initiatives. We further examine how data foundations could be established in practice – and provide key design principles that should be used to guide the design and development of any data foundation

Independent data stewardship remains a core component of good data governance practice. Yet, there is a need for more robust independent data stewardship models that are able to oversee data-driven, multi-party data sharing, usage and re-usage, which can better incorporate citizen representation, especially in relation to personal data. We propose that data foundations – inspired by Channel Islands' foundations laws – provide a workable model for good data governance not only in the Channel Islands but also elsewhere. A key advantage of this model – in addition to leveraging existing legislation and building on established precedent – is the statutory role of the guardian that is a unique requirement in the Channel Islands, and when interpreted in a data governance model provides the independent data steward. The principal purpose for this paper therefore is to demonstrate why data foundations are well suited to the needs of data sharing initiatives. We further examine how data foundations could be established in practice – and provide key design principles that should be used to guide the design and development of any data foundation.

The article offers an interdisciplinary analysis of the General Data Protection Regulation (GDPR) in the context of electronic identification schemes. Gov.UK Verify, the UK Government's electronic identification scheme, and its compatibility with some important aspects of EU data protection law are reviewed. An in-depth examination of Gov.UK Verify's architecture and the most significant constituent elements of both the Data Protection Directive and the imminent GDPR – notably the legitimising grounds for the processing of personal data and the doctrine of joint controllership, highlight several flaws inherent in the Gov.UK Verify's development and mode of operation. The article advances the argument that Gov.UK Verify is incompatible with some major substantive provisions of the EU Data Protection Framework. It also provides some general insight as to how to interpret the requirement of a legitimate legal basis and the doctrine of joint controllership and ultimately suggests that the choice of the appropriate legal basis should depend upon a holistic approach to the relationship between the actors involved in the processing activities.

Gov.UK Verify, the new Electronic Identity (eID) Management system of the UK Government, has been promoted as a state-of-the-art privacy-preserving system, designed around demands for better privacy and control, and is the first eID system in which the government delegates the provision of identity to competing private third parties. Under the EU eIDAS, Member States can allow their citizens to transact with foreign services by notifying their national eID systems. Once a system is notified, all other Member States are obligated to incorporate it into their electronic identification procedures. The paper offers a discussion of Gov.UK Verify's compliance with eIDAS as well as Gov.UK Verify's potential legal equivalence to EU systems under eIDAS as a third-country legal framework after Brexit. To this end it examines the requirements set forth by eIDAS for national eID systems, classifies these requirements in relation to their ratio legis and organises them into five sets. The paper proposes a more thorough framework than the current regime to decide on legal equivalence and attempts a first application in the case of Gov.UK Verify. It then assesses Gov.UK Verify's compliance against the aforementioned set of requirements and the impact of the system's design on privacy and data protection. The article contributes to relevant literature of privacy{preserving eID management by offering policy and technical recommendations for compliance with the new Regulation and an evaluation of interoperability under eIDAS between systems of different architecture. It is also, to our knowledge, the first exploration of the future of eID management in the UK after a potential exit from the European Union.

The UK Government has been designing a new Electronic Identity Management (eIDM) system that, once rolled-out, will take over how citizens authenticate against online public services. This system, Gov.UK Verify, has been promoted as a state-of-the-art privacy-preserving system, tailored to meet the requirements of UK citizens and is the first eIDM interoperability in which the government does not act as an identity provider itself, delegating the provision of identity to competing third parties. According to the recently enacted EU eIDAS Regulation, member states can allow their citizens to transact with foreign services by notifying their national eID scheme. Once a scheme is notified, all other member states are obligated to incorporate it into their electronic identification procedures. The UK Government is contemplating at the moment whether it would be beneficial to notify. This article examines Gov.UK Verify 's compliance with the requirements set forth by the Regulation and the impact on privacy and data protection. It then explores potential interoperability issues with other national eID schemes, using the German nPA, an eIDM based on national identity cards, as a reference point. The article highlights areas of attention, should the UK decide to notify Gov.UK Verify. It also contributes to relevant literature of privacy-preserving eID management by offering policy and technical recommendations for compliance with the new Regulation and an evaluation of interoperability under eIDAS between systems of different architecture.