TY - JOUR
AU - Costello, Róisín Áine
AB - The expressed aim of this text is to provide students, practitioners and businesses with timely and accessible accounts of the key issues in internet law and policy in the UK and Europe. In that respect, the text offers a coherent and, in the most part, insightful explanation and analysis of the current law, contextualizing the competing regulatory regimes and historical debates which have characterized the issues examined in its thirteen chapters. The book addresses e-commerce, privacy and data protection (which occupy the majority of the volume) and, in less depth, online crime; intellectual property, which as Edwards notes in her introduction has benefitted from its own extensive, and specialist, coverage, is excluded. The text will be particularly welcome given its consideration of the GDPR on the areas considered. In the opening chapter, Andres Guadamuz provides a cogent overview of the structure and operation of the interne. He argues that to regulate online activities it is necessary to understand the structural limitations of regulatory approaches. Delineating between the internet, web, dark web and what Guadamuz calls ‘Snowden’s internet’ the author articulates these parallel iterations of the internet as one of the primary challenges raised in seeking to regulate the internet. As a result, Guadamuz suggests, the narrative of cyber-libertarianism which characterized the internet’s emergence may not have been as misguided as was previously thought—though it is not that the internet cannot be regulated but perhaps that it should not be, as centralization may be anathema to a rights friendly and democracy promoting space, as exposed by Cambridge Analytica. In the second chapter, Chris Marsden addresses what he dubs the ‘Faustian bargain’ of the popular internet—that internet access providers provide consumers access to the web in return for intense monitoring of their activity which is shared with state authorities through formal and informal co-operation. In this context, Marsden outlines the boundaries of the net neutrality debate and charts the adoption of net neutrality regulations in various jurisdictions with a particular focus on the approaches adopted by the United States and European Union. The author ultimately argues net neutrality must not be dismissed as a technical or competition law matter divorced from consumer protection and civil society concerns but part of a more complete view of internet regulation. Following Marsden, Lilian Edwards, in the first of three chapters, charts the debates over how to articulate an agreed definition of privacy and the determination of its status as either an objective concept or subjective value. While Edwards examines the US origins of modern privacy rights the chapter affords specific attention to the European understanding of privacy and takes Cambridge Analytica as a case study of the need for reform of existing privacy and data protection law. This theme carries through to the subsequent chapter in which Edwards offers perhaps the most comprehensive overview of the scope and content of the General Data Protection Regulation1 published in such a text book since its entry into force in May 2018. In Chapter five, Edwards turns to consider the application of Europe’s data protection and e-privacy laws to online consumer activity. The Chapter details the common means of consumer surveillance and their regulation under the current e-Privacy Directive2 as part of a landscape in which online behavioural advertising is pervasive. Edwards argues that a critical battleground is emerging in the wake of the discovery of the significant commercial gains, and societal concerns, generated by the unfettered use of big data—whose impacts ultimately implicate broader concerns over discrimination, fairness, transparency and individual autonomy. Edwards succinctly presents the arguments for a move beyond consent models prompted by these developments noting consent has long suffered significant conceptual erosions, while the ‘transparency fallacy’ illustrates that augmented information does not necessarily correlate with greater control. If we are to continue on a consent-based model, Edwards suggests, we may need to consider ‘augmented consent’ possibly through code-based solutions. In Chapter six, Nóra Ní Loideain examines the legislative framework governing the use of covert surveillance powers within the UK with a particular focus on the Investigatory Powers Act 2016. The chapter begins with an outline of the technical developments which have enabled covert state surveillance, going on to chart the interactions of UK law with Article 8 ECHR. While the Chapter considers the Regulation of Investigatory Powers Act 2000, its most detailed analysis is saved for the 2016 Act and its interactions with European human rights standards particularly in light of the judgment in Watson/Tele2.3 The Chapter has been somewhat overtaken by subsequent judgments—concluding with a note of the Court’s reluctance to make a decision on the objections raised by the CJEU in Watson4 pending a decision in Privacy International5 and the remaining uncertainty in the area raised by the (then) pending decisions of Liberty6 as well as the joined cases of Alice Ross v United Kingdom and Big Brother Watch v United Kingdom and 10 Human Rights Organisations v United Kingdom.7 The following chapter by Eleni Kosta builds on Ní Loideain’s work and turns to consider the existing European and UK law on data retention up to the CJEU’s decision in Digital Rights Ireland8 leading to the UK’s introduction of emergency legislation in the form of DRIPA in 2014. Chapter eight, by Lachlan Urquhart, also focuses almost exclusively on UK law, and examines the development of the English law of breach of confidence and press freedom from 2004 to 2018. Beginning with Campbell v MGN9 the Chapter charts the development of misuse of privacy and compares the action to ‘traditional’ conceptions of breach of confidence. The contribution also considers the position of journalistic activities under the UK’s Data Protection Act 1998, following the Neuberger and Leveson Reports and the emergence of attempts to combat fake news. However, the author does not advance a strong argument in favour of a particular approach or justification for such regulation. Lilian Edwards, in her final contribution to the volume, considers the rise of platform liability. Beginning with a brief analysis of the legal landscape in United States where the issue has long been controversial as a result of the unintended consequences of section 230 CDA and Title 512 DMCA, the Chapter then considers in greater detail the UK’s regulatory structure and the broader scope of EU law in the area. The author affords particular attention to the E-Commerce Directive (ECD) and its shortcomings—notably, the Directive’s failure to appreciate the existence of ‘non-neutral’ intermediaries such as Facebook ad Google with reference to the decisions in Google France v Louis Vuitton10 and L’Oreal v eBay.11 In Chapter 10, TJ McIntyre argues the UK has to date been at the vanguard of censorship of online activity and that the application of fundamental rights standards in the context of internet censorship in the UK is under developed. Drawing on three case studies of the UK’s legislative attempts to censor, how ECHR case law under Articles 6 and 10 may constrain future government censorship is examined, alongside a discussion of whether this could force the adoption of alternative regulatory approaches. Francis Davey, in Chapter 11, seeks to parse the apparent and genuine challenges to the law of contract posed by online contracts. The Chapter offers a concise overview of the application of traditional doctrine to online contracts before turning to consider how current EU, but more particularly UK, consumer protection legislation accommodates the challenges of online contracting. Davey ultimately concludes, not uncontroversially, that contracting is ‘one of the most legally regulated areas of cyberspace’ though he concedes that consumer protection developments have lagged somewhat in adapting to the online environment. In the subsequent chapter, Davey examines the law governing electronic payments. The contribution dedicates not inconsiderable space to the historical development of payments systems before considering the legal responses to the broad adoption of ‘contactless’ and electronic payment systems in the 2009 E-Money Directive.12 Focusing on cryptocurrencies (in particular, Bitcoin) and the divergence between proof-of-stake and proof-of-work models, the author also examines the regulatory attempts to understand and accommodate such forms of payment within existing financial regulatory architectures. In the final chapter of the volume, Urquhart explores the complexities involved in regulating cybersecurity. The contribution includes explanations of the most prevalent cybersecurity threats and a briefer consideration of the notification requirements for data breaches under the GDPR and the requirements of the 2016 Network and Information Security Directive.13 Urquhart ultimately argues for a more prospective approach to cybersecurity regulation as digital technologies embed themselves in quotidian interactions with significant real-world consequences. The nature of the volume and its target audience results in a collection which smooths over some of the more nuanced interpretations and academic debates in favour of offering readers a sure, if basic, footing in the area. It can hardly be faulted on this basis. However, if there is a criticism to be levelled at the text, it is the absence, given its jurisdictional focus, of more than a cursory reference to the consequences of Brexit for the application of much of the law examined. The volume’s thirteen contributions offer a clear and generally comprehensive introduction to the areas examined, not presuming a pre-existing knowledge of the law regulating the internet. Footnotes 1 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC [2016] OJ L119/4. 2 Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector [2002] OJ L201/37. 3 Case C-203/15 Tele 2 Sverige/Watson ECLI:EU:C:2016:970. 4 R (Davies and Watson) v Secretary of State for the Home Department [2015] EWHC 2092 (Admin). 5 Reference for a preliminary ruling in Case C-623/17 Privacy International v Secretary of State for Foreign and Commonwealth Affairs ECLI:EU:C:2017:623; Róisín A Costello, ‘R (Liberty) v Secretary of State – the Struggle to Keep Data Retention Legislation Afloat in “Deep Constitutional Waters” Continues’ (2018) 17 Irish Law Times 258. 6 R (Liberty) v Secretary of State [2018] EWHC 975 (Admin). 7 Big Brother Watch & Ors v The United Kingdom (App No 58170/13, 62322/14 and 24960/15). 8 Joined Cases C-293/12 and C-594/12 Digital Rights Ireland and Seitlinger ECLI:EU:C:2014:238. 9 Campbell v MGN [2004] UKHL 22. 10 Case C-236/08 Google France v Louis Vuitton ECLI:EU:T:2009:41. 11 Case C-324/09 L’Oreal v eBay ECLI:EU:C:2011:474. 12 Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC [2009] OJ L267/7. 13 Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union [2016] OJ L194/1. © The Author(s) (2019). Published by Oxford University Press. All rights reserved. For permissions, please email: journals.permissions@oup.com. This article is published and distributed under the terms of the Oxford University Press, Standard Journals Publication Model (https://academic.oup.com/journals/pages/open_access/funder_policies/chorus/standard_publication_model)
TI - Law, Policy and the Internet, by Lilian Edwards
JO - International Journal of Law and Information Technology
DO - 10.1093/ijlit/eaz003
DA - 2019-06-01
UR - https://www.deepdyve.com/lp/oxford-university-press/law-policy-and-the-internet-by-lilian-edwards-5Z3XYSl1Zm
SP - 204
EP - 207
VL - 27
IS - 2
DP - DeepDyve
ER -