CYBERLAW (LL204)

Course content is subject to change. Last updated: January 2022

CYBERLAW (LL204)

Course duration: 54 hours lecture and class time (Over three weeks)

Summer School Programme Area: Law

LSE Teaching Department: LSE Law School

Lead Faculty: Dr Giulia Gentile, Dr Martin Husovec, Dr Orla Lynskey and Professor Andrew Murray (Law School)

Pre-requisites: Introduction to legal methods or equivalent. This course does not require an in-depth understanding of information technology.

Introduction

Welcome to this Summer School course in Cyberlaw.

The following provides a course outline, list of lecture topics and sample readings. Use the list to familiarize yourself with the range and type of materials that will be used. Please note that the full reading lists and tutorial discussion questions will be provided at the start of the course.

The course will consist of twelve three-hour lectures and twelve 90-minute classes. It will examine the law and policy issues relating to a number of key aspects of the information society.

At the end of the course, students should be able to:

- Critically evaluate ongoing developments in law relating to information technologies - Display an understanding of how these developments relate to one another. - Examine areas of doctrinal and political debate surrounding rules and theories; - Evaluate those rules and theories in terms of internal coherence and practical outcomes; - Draw on the analysis and evaluation contained in primary and secondary sources.

This course covers a selection of topics in the field of Information Technology Law. It will begin by considering the debate about whether and how information technology influences the development of new legal doctrine. It then considers both how the law has responded to the challenges of information technologies, and the extent to which legal issues have shaped the development of information society policy. This will be done through the lens of topics such as data protection, computer misuse and copyright and digital rights management.

Given the increasingly global nature of IT law, in addition to examples drawn from English law, these topics will also include relevant aspects of EU and US law and other jurisdictions where appropriate.

This course does not require an in-depth understanding of contemporary computer technology – we are primarily interested in the implications of the use of information technology, and the intended and unintended consequences of regulating that use.

Course content is subject to change. Last updated: January 2022

Course Materials and On-line Support: This course is supported by a Moodle site. Once the course begins (i.e. from the 1st day of the course) you will be able to access the side via http://shortcourses.moodle.lse.ac.uk. This site will contain copies of handouts and lecture slides as well as coursework requirements. It will be updated regularly, and online assignments may be posted via this page. If you need instruction on using Moodle, please follow the online guides at http://shortcourses.moodle.lse.ac.uk.

Students will be expected to check the Moodle site on a regular basis.

Course Assessment:

The course will be assessed by means of one two-hour unseen examination to be held during the examinations period on the last Friday, at a time to be advised by the Summer School Office. In addition, you will be required to submit one summative essay of no more than 2000 words by Thursday of week two of teaching.

You will also receive written feedback on one piece of formative coursework and oral feedback on your progress in the context of group-exercises completed during the tutorials. This feedback will help with your summative work and your exam preparation.

Course content is subject to change. Last updated: January 2022

Recommended Reading:

The recommended textbook is:

Murray: Information Technology Law: The Law and Society 4ed, 2019, OUP.

Texts for Reference Purposes:

- Brown and Marsden: Good Governance and Better Regulation in the Information Age, 2013, MIT Press. - Cohen: Between Truth and Power, 2019, OUP. - Edwards (ed): Law, Policy and the Internet, 2018, Hart. - Husovec: Injunctions against Intermediaries in the European Union: Accountable but Not Liable? 2017,

CUP, 2017. - Lessig: Code and Other Laws of Cyberspace ver.2.0, 2006, Basic Books [http://codev2.cc/] - Lynskey: The Foundations of EU Data Protection Law, 2015, OUP. - Murray: The Regulation of Cyberspace, 2006, Routledge. - Murray and Reed: Rethinking the Jurisprudence of Cyberspace, 2018, Edward Elgar. - Reed: Making Laws for Cyberspace, 2012, OUP. - Nissenbaum: Privacy in Context: Technology, Policy, and the Integrity of Social Life, 2009, Stan. UP. - Zittrain: The Future of the Internet, 2008, Allan Lane. - Zuboff: The Age of Surveillance Capitalism, 2019, Profile.

Course content is subject to change. Last updated: January 2022

Lecture Outline:

Week One Subject Lecture Date

I. REGULATION OF TECHNOLOGY

Digitisation and the Information Society

(Prof. Murray)

Digitisation and Law.

• Introducing the Internet • How the Modern Internet Functions • Higher Level Protocols • The worlds of Atoms and Bits • The Cross-border challenge of information law

Mon 11 July

Regulating the Digital Environment

(Prof. Murray)

Can we regulate the Digital Environment?

• Cyberlibertarianism and Cyberpaternalism • Lawrence Lessig’s Modalities of Regulation • Network Communitarianism

Tues 12 July

II. DATA AND SOCIETY

Regulating Personal Data Processing: Introducing the GDPR

(Dr. Lynskey)

How is the processing of personal data regulated in the EU?

• Personal Data and the Data Industry. • The Material and Territorial Scope of EU Data

Protection Law • Rights and Responsibilities in Data Protection Law • The AdTech Example

Wed 13 July

Profiling and Automated Decision Making

(Dr. Lynskey)

What limits does the law place on decisions made wholly or partly by algorithms?

• The proliferation of State and private profiling • The right to object to automated decision-making • Fairness and transparency in machine learning

processes • Accountable algorithmic decision-making

Thurs 14 July

Data Flows and Data Localisation

(Dr. Lynskey)

What role does data play in the digital society, and what factors influence the free flow of data?

• Data localisation: definition and approaches • Adequacy, EU Data Transfer Mechanisms and

Schrems I and II

Mon 18 July

Course content is subject to change. Last updated: January 2022

III. DIGITAL PLATFORMS

Intermediary Liability and Accountability: A Primer

(Dr. Husovec)

What role do internet intermediaries play in the digital environment, and how are their activities regulated?

• Safe Harbour and Intermediary Liability Exemptions • Accountability of intermediaries • Constitutional foundations • Intermediary Liability Reforms

Tues 19 July

The “Right to be Forgotten”

(Dr. Husovec)

How are privacy and data protection reconciled with free speech on the Internet?

• Google Spain, freedom of expression and the ‘Right to be Forgotten’

• Freedom of expression vs privacy • Exceptions and governance

Wed 20 July

Dual-use technologies and copyright law

(Dr. Husovec)

How does copyright enforcement shape technologies? • Dual-use technologies • File-sharing • Notice and takedown system • Automation of enforcement • Website blocking, Wi-Fi-locking

Thurs 21 July

IV. LEGAL AND REGULATORY CHALLENGES

A Children’s Rights Perspective on Data Protection Law

(Dr. Gentile)

Children growing up today are the so-called ‘datafied’ generation. What implications does this datafication have on children’s rights? What kind of protections specifically for children can be found in data protection law?

• The United Nations Convention on the Rights of the Child: Balancing participation, protection and provision

• Children in the GDPR • Age-appropriate design • Case study: Targeting children with personalised

advertising

Mon 25 July

New Regulatory Approaches to AI

(Dr. Gentile)

In recent years AI and ML have been at the centre of the attention of national and international regulators. As a result, several proposals and roadmaps on AI regulation were issued. But are these regulatory strategies fit for purpose? Do recent regulatory proposals achieve effective AI regulation?

Tues 26 July

Course content is subject to change. Last updated: January 2022

• Gaps, vulnerabilities and legal challenges of AI • Regulating AI: Ethics v Law; Law v Risk

AI and Justice

(Dr Gentile)

AI is penetrating justice systems across the world. For instance, the UK currently offers a plethora of online court and tribunal services, while in March 2021 China announced its intention to develop ‘smart courts’. Will robots replace lawyers and judges?

• Judicial Assistive Technologies, Online Courts and the Rule of Law

• Justice for whom? Fundamental rights in the time of online courts

• The future of justice systems

Wed 27 July

NFTs and Property

(Prof Murray)

The development and trading of cryptoassets (including recently NFTs) has started to attract the attention of central banks and lawmakers as the legal status of all forms of cryptoassets, including cryptocurrencies and NFTs remains unclear. This class will discuss the legal status of assets created on and recorded on blockchain technology.

• Things in possession and things in action • Property in Crypto Assets • Propertising the intangible (NFTs)

Thurs 28 July

Course content is subject to change. Last updated: January 2022

INDICATIVE READINGS

Part I: Digital Society

Digitisation and the Information Society

• Murray: Information Technology Law: Law and Society 4ed, Chs.1 &2. • Kerr: The Problem of Perspective in Internet Law, 91 Georgetown Law Journal 357 (2003)

Regulating the Digital Environment

• Lessig: Code ver.2.0, Chs. 6&7: http://codev2.cc/download+remix/Lessig-Codev2.pdf • Murray: Information Technology Law: Law and Society 4ed, Ch.4. • Johnson & Post: “Law and Borders – The Rise of Law in Cyberspace” 48 Stanford Law

Review 1367 (1996): http://papers.ssrn.com/sol3/papers.cfm?abstract_id=535

Part II: Data and Society

Regulating Personal Data Processing

• Articles 5-7 GDPR • Lynskey, The Foundations of EU Data Protection Law (OUP, 2015), Ch 2 or Bygrave, Data

Privacy Law: An International Perspective (OUP, 2014), Ch. 2&3 • C-673/17, Planet49 ECLI:EU:C:2019:801. • Lloyd: ‘From ugly duckling to swan: the rise of data protection and its limits’ (2018)

Computer Law & Security Review 779-783.

Profiling and Automated Decision Making

• Article 22 GDPR • Edwards and Veale: ‘Slave to the Algorithm? Why a ‘Right to an Explanation’ is

Probably Not the Remedy you are Looking For’ (2017) Duke Law and Technology Review 18.

• Kaminski, ‘Binary Governance: Lessons from the GDPR’s Approach to Algorithmic Accountability’ (2019) 92 Southern California Law Review

Course content is subject to change. Last updated: January 2022

Data Flows and Data Localisation

• Murray: Information Technology Law: Law and Society 4ed, Ch.24. • Chander and Le: ‘Data Nationalism’ (2015) 64 Emory Law Journal 677. • Christakis: After Schrems II: Uncertainties on the legal basis for data transfers and

constitutional implications for Europe, European Law Blog, 21 July 2020.

Part III: Digital Platforms

Intermediary Liability: A Primer

• Daphne Keller, Internet Platforms: Observations on Speech, Danger, and Money, available at https://cyberlaw.stanford.edu/files/publication/files/381732092-internet-platforms-observations-on-speech-danger-and-money.pdf

• ECtHR: Sanchez v. France, Application no. 45581/15 (only the legal summary, available at http://hudoc.echr.coe.int/eng?i=002-13386)

• ECtHR: Magyar Tartalomszolgáltatók Egzesülete and Index.hu ZRT v. Hungary, Application no. 22947/13, ECtHR, 2 February 2016, available at https://hudoc.echr.coe.int

• CJEU: Advocate General’s Opinion in Case C-401/19 Poland v Parliament and Council, available here.

The Right to be Forgotten

• CJEU: Google Spain, C-131/12 • UK: NT1 and NT2 [2018] EWHC 799 (QB)

https://www.bailii.org/ew/cases/EWHC/QB/2018/799.html • Kulk, S., & Zuiderveen Borgesius, F. (2018). Privacy, Freedom of Expression, and the Right

to Be Forgotten in Europe. In E. Selinger, J. Polonetsky, & O. Tene (Eds.), The Cambridge Handbook of Consumer Privacy (pp. 301-320). Cambridge: Cambridge University Press, https://pure.uva.nl/ws/files/9113768/Kulk_Zuiderveen_Borgesius_RTBF_chapter_2Feb2017.pdf.

Course content is subject to change. Last updated: January 2022

Dual-use technologies copyright law

• Murray: Information Technology Law: The Law and Society 4ed (2019), Ch. 12 • Electronic Commerce (EC Directive) Regulations 2002 (SI 2002/2013) (2002 Regulations),

most importantly 17-19 • Martin Husovec, How Europe Wants to Redefine Global Online Copyright Enforcement

(April 15, 2019). In: Tatiana Eleni Synodinou (ed.), Pluralism or Universalism in International Copyright Law (Kluwer law, 2020), TILEC Discussion Paper No. 2019-16, https://ssrn.com/abstract=3372230

• Martin Husovec, Injunctions against Innocent Third Parties: The Case of Website Blocking, 4 (2013) JIPITEC https://www.jipitec.eu/issues/jipitec-4-2-2013/3745

• Bastei Lübbe C-149/17

Part IV: Legal and Regulatory Challenges

A Children’s Rights Perspective on Data Protection Law

• Lievens & Verdoodt: ‘Looking for needles in a haystack: Key issues affecting children's rights in the General Data Protection Regulation’ (2018). Available at https://www.sciencedirect.com/science/article/pii/S026736491730314X.

• ICO: Age appropriate design: a code of practice for online services, https://ico.org.uk/media/about-the-ico/consultations/2614762/age-appropriate-design-code-for-public-consultation.pdf.

New Approaches to Regulating AI

• Black & Murray: Regulating AI and machine learning: setting the regulatory agenda (2019) 10 European Journal of Law and Technology (pp. 1-16) https://ejlt.org/index.php/ejlt/article/view/722/980

• Rodrigues: Legal and human rights issues of AI: Gaps, challenges and vulnerabilities, Journal of Responsible Technology, Volume 4, (2020) pp. 1-8 https://doi.org/10.1016/j.jrt.2020.100005

• National Artificial Intelligence Initiative Office: Advancing Trustworthy AI, https://www.ai.gov/strategic-pillars/advancing-trustworthy-ai/

Course content is subject to change. Last updated: January 2022

• Proposal for a Regulation of the European Parliament and of the Council Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Acts (especially pp. 2-16)

• UK Government: National AI Strategy (especially pp. 50-61) • https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachm

ent_data/file/1020402/National_AI_Strategy_-_PDF_version.pdf

AI and Justice

• Articles 6 and 13 ECHR; Article 14 ICCPR • Morison and Harkens: Re-engineering justice? Robot judges, computerised courts and

(semi) automated legal decision-making, 39 Legal Studies (2019) pp. 618-635 • Themeli and Philipsen: AI as the Court: Assessing AI deployment in Civil Cases, in

Benyekhlef (ed), AI and Law. A Critical Overview, (Éditions Thémis 2021), pp. 213-232, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3791553

• Waldron: The rule of law and the role of courts, 10(1) Global Constitutionalism (2021), pp. 91-105

NFTs and the Law

• Fairfield: Tokenized: The Law of Non-Fungible Tokens and Unique Digital Property, Indiana Law Journal, Forthcoming, Available at SSRN: https://ssrn.com/abstract=3821102

• Moringiello & Odinet: The Property Law of Tokens, Florida Law Review (Forthcoming 2022). Available at SSRN: https://ssrn.com/abstract=3928901

• The Law Commission: Digital Assets: Call for Evidence and Interim Update Paper. https://www.lawcom.gov.uk/project/digital-assets/

Course content is subject to change. Last updated: January 2022

Credit Transfer: If you are hoping to earn credit by taking this course, please ensure that you confirm it is eligible for credit transfer well in advance of the start date. Please discuss this directly with your home institution or Study Abroad Advisor.

As a guide, our LSE Summer School courses are typically eligible for three or four credits within the US system and 7.5 ECTS in Europe. Different institutions and countries can, and will, vary. You will receive a digital transcript and a printed certificate following your successful completion of the course in order to make arrangements for transfer of credit.

If you have any queries, please direct them to [email protected]