On 21 and 22 June 2021 a special event took place on-line. Jean Monnet Network: European Union and the Challenges of Modern Society (Legal Issues of Digitalization, Robotization, Cyber Security and Prevention of Hybrid Threats) organized two-day long conference dedicated to the cutting edge research in the area of European Digital Single Market and its challenges. The event was hosted by the Tallin’s University of Technology Law School in close cooperation with the Faculty of Law, Palacký University in Olomouc.
On behalf of hosting institution the event was opened by Tanel Kerikmäe who welcomed fellow participants and presented hosting institutions and its publications. The word was given also to Naděžda Šišková, the Head of the network. She introduced the network and its institutions: Palacký University in Olomouc, Tallin University of Technology, Heidelberg University, Comenius University Bratislava and Taras Schevchenko National University Kiev. She highlighted the aims and the scope of the network and emphasized significance of the cooperation under the project, which is one of a kind.
The event was divided into six section with 23 speakers. In the following lines, there is a summary of each section.
Section I: Competition law in European Digital Single Market
The first section was moderated by Michal Petr (Palacký University) who welcomed contribution of Prabhpreet Singh and Vijaylaxmi Sharma from Manipal University Jaipur. They prepared contribution dedicated to the competition law, policy and regulation in the digital era, highlighted the increasing use of on-line services. In their contribution they spoke about the challenges: in some cases it is not clear, whether digital platforms are competition with traditional business, obstacles in identifying technology based barriers, attempts to try right balance between protection of competition and respect of intellectual property rights of digital firms or the issue of extraterritoriality in the investigation. Their contribution was based on UNCTAD discussions on competition and provided a comparative review of some recent cases – Apple in Russian Federation and Google in the USA. Their contribution stimulated questions, whether there is a need for regulation and at what level including the implications for developing countries.
Michal Petr from Palacký University spoke about the role of competition policy in data privacy. He summarized recent cases from all around the world and later focused on “German” Facebook case, which was about the misuse of dominant position by collecting and using data generated by other services owned by Facebook. In his contribution he asked whether a breach of data privacy rules may be at the same time considered as a breach of competition law. In this regard German authority (BKA) closely cooperated with the commission to deal with the case. He argued, that competition authorities should be very careful when arguing in the above mentioned way. He summarized, that in the Facebook case no fine was imposed. To answer the question if to deal also with data privacy, he referred to the cases C-238/05 Asnef-Equifax , Margarethe Vestager (2016). He does not think to look to competition enforcement to fix privacy problems. According to him AdlC/BKA (2016) privacy policies soul be considered from a competition standpoint and provided arguments in favour: Infringement of other regulations as a form of abuse (IP rights), encroachment on data privacy decreases quality of a service, excessive use of data as an exploitative abuse of dominance, negative effect on competition. Is it the idea right? A case primarily for GDPR agencies? Isn’t effect on competition ubiquitous? In the rest of the contribution he argued, that notions of tacit collusion might be in need of re-interpretation.
Mária T. Patakyová from Comenius University in Bratislava followed the contribution of Michal Petr. Aim of her contribution was to look at the New Act (Act No. 187/2021 Coll on Protection of Competition) which was enforced at the beginning of June 2021 and which implemented the ECN+ Directive in Slovakia. In relation to implementation she opened several issues including relevant market, zero-price markets, the issue of market power, anti-competitive agreements, abuse of dominant position and merges. The new act on protection of competition is amending the notion of entrepreneur (undertaking) plus is incorporating EU law concept. She claimed, that because of the act the independence of Anti-monopoly Office was improved. In general, enforcement opportunity is general plus of the proposal, but it is on the other hand question whether it is enough. At the same time there is a possibility to prioritize (it was practice even before) and positive outcome is more capacity of the AMO allocated to the chosen sectors. Amended was also the period to decide the matter (3 years in first instance, 3 months in second instance and there is more time for the AMO). Negative might be that is maybe too late. There are also interim measures – reasonable suspicion of antitrust infringements and proportionality (positive is, that it is to act timely, however on the other had it will depend on the assessment of national courts). There are also remedies: structural and procedural. Here the positive is that it is to remedy the situation properly, on the other side it will again depend on the assessment of the course. However, penalties are up to 5 % of the average daily worldwide turnover. Last novelty is cooperation among National Competition Authorities in the EU as the digital markets are not limited to one MS, however it will depend on the application in practice. According to the new act will improve situation when properly used in practice by the courts and several points are very promising. On the other side it is also missed opportunity to add a specific provision regarding digital markets and no guidance in substantive provisions.
Section II: Challenges of the EU law protecting human rights in the digital age
Next section was chaired by the Ondrej Hamuľák from Palacký university in Olomouc who welcomed the contribution of Alexander Antonov from TalTech. He spoke about the possibilities to apply Charter of Fundamental Rights of the European Union as the Core Framework for the Protection of the Rights to Privacy and Freedom of Expression. The author presumed, that Charter might be used in this way and supported his arguments with detailed assessment of the legal basis and case-law (Volker und Markus Schecke BbR (C-92/09), Hartmut Eifert (C-93/09) v Land Hessen, Digital Rights Ireland and Others, C-112/00 Schmidberger, Scarlet, Netlog, Glawishing-Piesczek or Google Spain). In his presentation Antonov put decisions of the ECJ also into the Estonian context. Additionally, author pointed out that Charter awareness remains low among general population and legal practitioners, which undermines its real impact and sufficient use. An issue is also co-existence of different fundamental right instruments.
Next speaker was Oleksandr Pastukhov from University of Malta who spoke about a case for statutory damages under the EU Data protection law. He pointed out that, GDPR is very rich on sanctions and civil liability (Chapter IX with 8 articles and almost 4 pages long). He highlighted that damages under the civil law are not very popular in academia with reference to prof. Lilian Edwards who mentions only one UK case in her over 700 pages long work. In relation to non-material harm he raised the question how to measure an injury to feelings or the issue mass surveillance offensive. Very interesting part of his contribution was dedicated to IP law experience, where 24 out of 179 WIPO countries have statutory damages. There are, however, some related problems linked to arbitrary nature, inconsistent decisions, due process concerns, disproportionate awards, or punitive effects. Based on Bart van der Sloot Dr. Pastukhov evaluated admissibility, violations and compensations searching for exact amount of compensation as decided by ECHR. After detailed assessment of data he proposed formula based on the average including pecuniary damages, non-pecuniary damages, combined damages, costs and expenses. He concluded, that GDPR does not provide a clear and unambiguous guidance on civil-law remedies and that statutory damages might come handy in this situation. ECHR provides an indication of possible amount 10 to 15 Euro per incident.
Adam Máčaj from Comenius University in Bratislava who dedicated his contribution to the Big Tech and Private Oversight in the Digital Age and was discussing the effectiveness of remedy in relation to transnational corporations. His presentation started with overview of the case when Donald Trump was banned on Facebook for indefinite time and the processes behind this ban. He tried to assess whether the decision of the Facebook Oversight Board was an effective remedy based on human rights standards. He concluded that Oversight Board met most of the criteria for effective remedy, including the authority of the deciding body. In his contribution he discussed the national vs. international nature of the remedy in relation to cyberspace and succeeded to examine whether utilization of private oversight bodies might be considered as an alternative to judiciary when following human rights standard.
Hovsep Kocharyan and Lusine Vardanyan and from Palacký University in Olomouc dealt with the GDPR and the DGA proposal and focused on their mutual relationship. Hovsep highlighted several concerns in relation to DGPR application. For example, Kochyryan pointed out that the Court of justice of the EU might face difficulties in balancing data protection and free flow of data. In the rest of the presentation he provided ideas about possible divergences in between GDPR and DGA proposal on one hand but also some possible synergies on the other. As a result, they tried to find answer on the question, whether there are differences between DGA proposal and the GDPR as well as in the relevant case-law. In their opinion EU legislation adopted before the New European Strategy did not sufficiently stimulate the creation of a data market and extensive data exchange.
Sára Kiššová from Commenius University in Bratislava delt in her contribution with internet intermediaries liability. She focused on the comparison of the EU and US perspective and the analysis of E-commerce Act. After the introduction of US legal framework and the liability principles, she focused on similarities with EU proposals in the form of the Digital Services Act package. In this relation she focused on the concept of a “good samaritan” in both jurisdictions.
Section III: Consumer protection in the digital economy
Another panel was dedicated to the consumer protection in the digital economy and was chaired by Blanka Vitová from Palacky University in Olomouc. First contribution in the panel was delivered by Viktorija Soneca from University of Latvia and Sorainen law firm, who provided overview of the Digital Markets Act. She introduced the institute of Gatekeeper, explained its general definition, and highlighted potential challenges when it comes to its application. She highlighted its addresses (the “Big Five”) and discussed prohibitions implied by the DMA. Her contribution was detailed overview of existing cases from and she tried to answer a question, whether DMA is solving the problem of gatekeepers, whether this regulation will be sufficient and what exactly is Digital Market Act proposing.
Another speaker was Javad Keypour from TalTech who spoke about “Smart Grids” and related technical solutions and legal challenges for Carbon Abatement in EU energy sector. After brief introduction to the Energy sector and Energy Union he focused on the Directive 2018/844 which urged alignment of the Energy Union goals and the digital single market. Mr. Keypour explained the issue of “Smart Grids” as a crucial part of decarbonization which turns producers to prosumers who need between 375 to 425 billion Euro (EU27 + UK) for the years 2020-2030. In his contribution he focused on the answer for the question: what main legal challenges of are establishing smart grids?
Tea Kookma from TalTech and NJORD Law Firm focused on challenges to consumer protection in the digital economy and ho to overcome them. After introducing general principles of consumer protection, she highlighted the issue of e-commerce and growing trend of goods and services being purchased online, so called “platform economy” and the roles of consumers and enterprises mixed (as in the case of crowdfunding). She highlighted that consumers are increasingly concerned over privacy online and that personal data are a new currency in the digital age. She sees some solution in consumer education and focus on supervisory authorities in law enforcement and offering help for traders in the form of consolations.
Blanka Vítová (Palacký University) opened presentation with a parallel: two customers (one rich looking and one poor looking) are entering the shop and are getting different price according their appearance. In the real world, complain is well acceptable but in on-line environment is more problematic. This introduction to “personalized pricing” was followed by problematization of the issue within the potential legal regulation. She highlighted the issue of prohibited practices and misleading practices. According to her, it would be a mistake to believe, that informed consumer will solve the issue will end discrimination of consumers. However, consumer shall be informed that the price has been automatically created according their presumed status with all implications. Moreover, solution might be to change “opt-out” system into “opt-in” system regarding provision of information.
Section IV: Liability issues and ethical challenges in digital healthcare
Last panel of the day was dedicated to liability issues and ethical challenges in the digital healthcare. The panel was chaired by Thomas Hoffmann (TalTech). He welcomed Zoltán Gyurász from Comenius University in Bratislava dedicated his contribution to (Artificially) Intelligent Healthcare – The ambitions and limitations of Artificial Intelligence in healthcare. He highlighted benefits of AI in the diagnostics, medication, transportation of medicals etc. but on the other side there are many challenges. For example, it is up to the human to decide, where there is a correlation and where is really causality. There are also issues of liability or ethical issues of healthcare when AI is in.
Nick Guldemont from Leiden University spoke about implications for health professionals in the context of a post-pandemic healthcare and future challenges of health systems. He started presentation with challenges of health systems, including growing population ageing, growing comorbidities, lesser resources, and more chronic conditions and in general instability of health and social care systems. He followed with paradigm shift from medical curative model to social (interconnected) health perspective which is also having implications for the conceptualization of a health system as health is mainly information driven sector. Second part of his presentation focused on the facilitation of the regulation for a European Digital Single Market for health and social care. In his presentation he provides some ideas on how to answer the question about the redesign and alignment of the regulation which might help to facilitate and address effectively needs of the EU citizens.
Ondřej Filipec from Palacký university in Olomouc dedicated his contribution to exploration of the political environment in which Czech e-health law is being drafted. He pointed out, that Czech health environment is suffering from political instability and many practical issues, including great diversity of health providers and systems they are using, lack of human resources in the health IT infrastructure or low trust of citizens in e-applications. Important impact on-current proposal on e-health was under strong influence of critics defending interests of practical doctors who are not very open to learn and use new on-line applications (one of the reason is that approx. 40 % of doctors in the Czech Republic are over 60). As a result, current proposal which is on the eve of being approved is minimalistic and vacatio legis is set for 10 years. This all despite being considered as a corner stone of the regulation.
Finally, Thomas Hoffmann from Tal Tech spoke about digital healthcare and AI. This is related mainly to administrative, custodial, Medical Apps, Caregiving, Research Data Analytics, Imaging, Pathology and Radiology, Predictive diagnosis, and many other areas. He stressed, that mistakes are possible at five levels including defective code, mistakes in data sets on which decisions are mate, non-transparency of decision, analytical mistakes or decisions made by AI not admissible. He dedicated analytical part on the issue of liability: 1) who is liable under which circumstances? 2) What are health institutions duties? 3) Or how far is AI decision accountable to doctor/patient using AI? He concluded that Regulation of AI shall be universal and not domain specific and that there shall be compulsory insurance for use of devices inflicting unpredictable body risk. Moreover, there is a need to follow ethical principles as in EC guidelines.
Section V: Cybersecurity: legal implications and risk management
Second day of the conference was opened by Tanel Kerikmäe (TalTech) and Ondřej Filipec from Palacký university in Olomouc, who have welcomed participants. First panel was chaired by Dr. Ágnes Kasper from TalTech, who introduced all participants of the panel dedicated to Cybersecurity and its legal implications and risk related management. First speaker was Jozef Andraško from Comenius University in Bratislava, who dedicated his presentation to the NIS directives. He dealt mainly with the definition of incident and the obligations to report incident, with special reference to the issue of “significance”. He opened many questions related to the requirements, such as reporting “without undue delay” and the requirement of 24 hours. Second part of the contribution was dedicated to supervision powers of the authority, including on-site inspections, issuing binding instructions or an order, making public statement or impositions. In his contribution Andraško also presented administrative sanctions for non-compliance.
Aleksi Kajander (TalTech) spoke about the cyber security of a Smart City. He noted that almost every code is vulnerable as 1000 lines of code contains approx. 30 exploitable errors. In the presentation he focused on software vulnerabilities which might be used to break security of the Smart City. He dealt on comparison of Finish (numerous acts) and Estonian (Cybersecurity Act) legal frameworks for Smart Cities. He spoke also about NIS Directive implementation in Finland as transposed in several acts (Aviation Act, Railway Act, Water Services Act etc.). He discovered that the act is implemented in great variety including key principles and that the number of competent authorities is also varying. At the end of the presentation he looked at the product liability regulation in both countries, which is in both Finland and Estonia implement within one legal act, and standards for IoT devices. He concluded that smart city may inevitably present unprecedented attack surface.
Tomáš Gábriš (Palacký University) dedicated his contribution to the Slovak Cybersecurity Act of 2018 and later amendments transposing the NIS directive. The act was extended to cover electronic communications, security risk assessment of “third parties”, blocking problematic content and deals also with the audit, certification of IT security managers and the IT security competence centre. He dedicated his analysis to problematic aspects, including telecommunications privacy, blocking in the context of freedom of speech or gold-plating in essential services sectors and political risk and prohibition of product or service. Interesting part dealt with 5G Networks and implementation of EU Toolbox. He concluded that, juridification of cybersecurity might bring more light in the interpretation.
Last speaker of the panel was Dr. Ágnes Kasper (TalTech) who spoke about the emerging duty of care principle in EU cybersecurity. She started presentation with the fact, that all systems including software have vulnerabilities and the question is when they are discovered and misused. EU is trying to react by resilience building and measures taken under the risk management which is reflected also within EU legislation (RED, NIS, CSA, GDPR etc.), many guidelines (ETSI standard, ENISA guidelines) or other tools. She presented practical examples, how vulnerabilities were exploited (smart lightbulbs, fish tank thermostat, Cayla doll, Safe-KID-One or security apps in smart phones or watches. In the second part of the presentation she presented how provisions of standards might have improve security of devices in the terms of objective conformity and address vulnerabilities. She concluded that standards can be linked to conformity requirement, but there is no benchmark for the unified standard.
Section VI: Artificial Intelligence as a challenge for a data management and e-governance
Matúš Mesarčík from Comenius University in Bratislava dealt with transparency of algorithms. What is the current and future regulation of transparency obligation of the context of AI and what does it mean in practice? He highlighted, that transparency is essential for the functionality of the system. After presenting transparency in the GDPR context and Regulation on fairness and transparency (2019/1150). He stressed that the ranking provides a certain level of transparency mainly for business users but is often also valuable to data subjects as well. He mentioned also Artificial Intelligence Act, which is also providing obligations regarding transparency. In his contribution he analysed how the act fits into the current regulation on algorithmic transparency.
Second speaker was Gizem Gültekin-Várkonyi from the University of Szeged who dealt with personal data, personal robots and personal services in the technical, legal and practical challenges context. She started her presentation with historical perspective showing examples from all over the world with practical focus on AI aspects: what robots can and can not in the terms of abilities. She stressed also humanoid appearance of robots and provided analogy in data processing by robots and humans. She developed some aspects of transparency and legal framework and provided ideas about practical applications and raised the question about responsibility/liability. She mentioned also bias and discriminative data as a challenge.
Last speaker was Pablo Martínez-Ramil who spoke about the EU human rights legal framework in relation to the AI. He asked a question whether EU anti-discrimination legal framework is suitable to deal with algorithmic discrimination. For the purpose he explored the issue of algorithmic discrimination and provided articles based on existing literature (Hacker 2018). He also opened the question of discrimination-by-design and provided some examples of failures by Amazon and Google Photos, whose software was labelled sexist or racist. Another issue he highlighted is a proxy discrimination (discrimination on data residence for example) or indirect discrimination by algorithms. After introduction he explored established legal framework, which was further assessed in detail he mentioned also preliminary notes on the Commissions regulatory proposal for AI (with emphasis on the capacity to record incidents and effective oversee. He concluded that significant barriers remain unaddressed.
The event was organised within the implementation of the Jean Monnet Network „European Union and the Challenges of Modern Society (Legal Issues of Digitalization, Robotization, Cyber Security and Prevention of Hybrid Threats) Project id: 611293-EPP-1-2019-1-CZ-EPPJMO-NETWORK.