Examen Regulación De Los Mercados Digitales PDF
Document Details
Uploaded by Deleted User
Tags
Related
- Impact of E-Commerce Chapter 5 PDF
- Регламент (ЕС) № 910/2014 за електронната идентификация и удостоверителните услуги
- IIMT2601 Final Exam E-Commerce (I) PDF
- Management Information Systems: Managing the Digital Firm PDF
- Essentials of Management Information Systems - Chapter 10 PDF
- E-commerce & Digital Markets (Module 8) - Final MISY PDF
Summary
This document is an exam paper on the regulation of digital markets, focusing on the digital single market in Europe and related legal issues. It covers topics such as data and information, the Digital Services Act (DSA), the Digital Markets Act (DMA), and the European Chips Act, exploring concepts of digital competition and regulation in Europe.
Full Transcript
PREGUNTAS 1. Difference between data and information Data: collection of raw facts and figures, not arranged, unorganized, not so meaningful, input, does not directly helps in decision making Information: processed data, arranged, organized, meaningful, output, directly helps...
PREGUNTAS 1. Difference between data and information Data: collection of raw facts and figures, not arranged, unorganized, not so meaningful, input, does not directly helps in decision making Information: processed data, arranged, organized, meaningful, output, directly helps in decision making Data is prior to information Information is always elaborated and biased because whoever gives it has already leaked the data When we take information from the internet, the vast majority has already been leaked. Even statista, who give data, have already leaked that data because, what do we consider the world? What do we consider a tour? You have to be careful with the data because it can be lost An example of data is 18º. It is not meaningful without context and it says nothing to us. If that data is processed and we have the information that the average temperature in Madrid during a certain week in November is going to be 18º we do have information and the capacity to make decisions about what to wear for example. When a doctor makes an analysis is looking for data to obtain information. Lots of businesses use data in order to predict relevant information and make decisions. Netflix predicts content that will be relevant in Christmas. 2. Areas of policy of the digital single market - Digital Services Act: ensuring a safe and accountable online environment DSA → businesses must ensure it because it has risks in people’s lives. For example, in Australia social media has been prohibited to those under 16 years old because it causes damage in their mental health. - Digital Markets Act: ensuring fair and open digital markets DMA → it has the objective of ensuring a fair competitiveness and protection to innovation. There have been punishments to certain businesses such as Google for for anti-competitive practices - European Chips Act: strengthening Europe’s competitiveness and resilience semiconductor technologies European chips act → in order to reduce Europe's dependency on countries from Asia Europe also strongly depends on EEUU and China and it would be great to have a “European Google” but it requires huge amounts of money El Corte Inglés' use of U.S. software while working with public administrations creates risks for the EU's digital independence. Europe should focus on controlling its own software and advanced technology to protect national data and ensure technological autonomy - European Digital Identity: giving you full control on how much information you share with third parties - Artificial Intelligence: achieving better healthcare, safer and cleaner transport, more efficient manufacturing, and cheaper and more sustainable energy through AI - European data strategy: making the EU a role model for a society - European industrial strategy: ensuring European industry leads the transition towards climate neutrality and digital leadership - Contributing to European defence: working together to tackle security threats and challenges more robustly - Space: EU initiatives for a satellite-based connectivity system and management of space traffic - EU-US Trade and Technology Council: coordinating approaches to key global trade, economic, and technology issues Some laws have appeared because of conflicts derived from technology because it gets into areas that are not his. There is a conflict between development and protection so some laws have to be introduced. Regulation exists because it collides with the fundamental rights of people. It is more important the public interest (ex. mental health) over private benefits (economic benefit behind data) The government has the power, not businesses and we have seen that in the Twitter case, where Elon Musk finally accept Brazil’s conditions Serious stuff is treated by UE who makes the decisions 3. Pillars of the digital single markets Access to online products and services for consumers and businesses → the digital single market removes barriers to online transactions increasing product variety, reducing prices and fostering innovation, benefiting both consumers and businesses Shaping the environment for digital networks and services to grow and thrive → by harmonizing regulations across the EU, it ensures free movement of goods, services and capital, enhancing efficiency and enabling businesses to operate seamlessly across borders Maximising the growth potential of the European digital economy 4. Objectives of the digital services act and the digital market act The Digital Services Act (DSA) and the Digital Market Act (DMA) form a single set of rules that apply across the whole EU. They have 2 main goals: - To create a safer digital space in which the fundamental rights of all users of digital services are protected - To establish a level playing field to foster innovation, growth and competitiveness, both in the European Single Market and globally The rules specified in the DSA primarily concern online intermediaries and platforms. For example, online marketplaces, social networks, content-sharing platforms, app stores, and online travel and accommodation platforms. The DSA includes specific rules for very large online platforms and search engines. These are online platforms and intermediaries that have more than 45 million users per month in the EU. Some restrictions such as the one in Australia, where social media has been prohibited to those under 16 years old because it causes damage to their mental health are an example of how to create a safer digital space. 5. Content of a company’s website. Terms of use Legal notice, Terms of use, Privacy policy, Cookies policy, General T&Cs Terms of use: – Basic regulation: - Description of website - Access and use of the website for registered users - Registration procedure - Intellectual and industrial property of the web content and the user’s generated content - Links policy - Data protection. Referral to privacy policy - Liability regime Without transparency, businesses could deal with punishments (LinkedIn dealt with them for using non allowed cookies) Here, highlight that in Europe it is required to have the option to reject cookies but not in EEUU for example. Some companies such as Threema prioritize privacy over gaining data and directly charge a fee to users. 6. Cookies - definition Any file or device that is downloaded on a user’s computer in order to store data which can be updated and retrieved by the entity responsible for installing it Cookies can sometimes be dangerous because with AI it is possible to generate your face. Companies have experts to conduct users' behaviour. If for example they want someone to accept their cookies they have certain methods that can conduct these decisions. LinkedIn used cookies without consent to analyze people’s behaviour and is now dealing with punishments. Without transparency, businesses could deal with punishments (LinkedIn dealt with them for using non allowed cookies) Here, highlight that in Europe it is required to have the option to reject cookies but not in EEUU for example. Some companies such as Threema prioritize privacy over gaining data and directly charge a fee to users Companies gain data from cookies and can sell it. Some companies share data with assurance companies so if your parents have had a disease that is hereditary and a company has that information and sell it to the assurance company, it is probably that they increase the price for you 7. Social cookies Exempted: Social plug-in content sharing cookies: many social networks propose “social plug-in modules” that website operators can integrate in their platform notably to allow social networks users to share contents they like with their “friends” (and propose other related functionalities such as publishing comments). These plug-ins store and access cookies in the user’s terminal equipment in order to allow the social network to identify their members when they interact with these plug-ins Non-exempted: Social plug-in tracking cookies: as described previously, many social networks propose “social plug-in modules” that website owners can integrate in their platform, to provide some services that can be considered as “explicitly requested” by their members. However these modules can also be used to track individuals, both members and non-members, with third party cookies for additional purposes such as behavioural advertising, analytics or market research, for example Cookies can sometimes be dangerous because with AI it is possible to generate your face. Companies have experts to conduct users' behaviour. If for example they want someone to accept their cookies they have certain methods that can conduct these decisions. LinkedIn used cookies without consent to analyze people’s behaviour and is now dealing with punishments. Without transparency, businesses could deal with punishments (LinkedIn dealt with them for using non allowed cookies) Here, highlight that in Europe it is required to have the option to reject cookies but not in EEUU for example. Some companies such as Threema prioritize privacy over gaining data and directly charge a fee to users Companies gain data from cookies and can sell it. Some companies share data with assurance companies so if your parents have had a disease that is hereditary and a company has that information and sell it to the assurance company, it is probably that they increase the price for you 8. Functions of the DPO - Attend regularly all meetings of medium and top management, giving opinion - If a recommendation of the DPO is not followed, the decision has to be documented and explained - Permanent: collecting information, analyzing and checking compliance, issuing recommendations and advice, assistance regarding PIAs (methodology, range, security, mechanisms, correction and conclusions) - Risk based approach - Maintaining the records of processing activities Businesses such as Telefonica or Uber need a DPO because of the magnitude and sensibility of the data they manage A lawyers business of all areas with offices in Spain and Portugal needs a DPO, a telecommunications group (antena3 that registers every person that goes as a watcher to the program) needs a DPO, a multinational spanish retail with shops around 5 continents and a huge online presence needs a DPO It is important to supervise because it prevents punishments (Like the LinkedIn punishment of millions of dollars because of their bad management of cookies) A business cannot fire a DPO because of the decisions he makes as a DPO but yes for other reasons. They are pretty independent. 9. Rights under the GDPR - Right of access: knowing who has your data, where, for what, how long - Right to erasure “right to be forgotten”: similar to the current right of cancellation - Right to rectification of the processing: related to the current right to object - Right to data portability: from one service provider to another - Right to restriction of processing: limitation of the processing while a decision is being made - Right to object: request to stop a specific processing activity, when it is based on legitimate interest 10. Actions to be taken in case of data breach - public dimension Article 33. GDPR In the case of personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with the Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay Article 34. GDPR When the personal data breach is likely to result in high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay It is important to highlight that the most important things and critical documents occur on paper, not online or through the internet, by hand and in a pen that is not green (because it can also be altered) and are stamped and signed. All this occurs because digital documents can be edited and falsified. DPC pushed to LinkedIn Ireland a punishment of about 310 million euros for breaching the GDPR. Some data is specially protected and has a higher sensibility in case of breach of security. In these cases, the regulations under articles 33 and 34 are even more strict and the impact on people’s rights more significant. For example if there is a breach about users sexual orientation, the controller must act fast in order to inform those affected and mitigate damage. 11. Actions to be taken in case of data breach - stakeholders A) Analyze who they are addressed to B) Review the contents in detail. Include everything required but no more than is required C) Consistency. Check content is not contradictory. Check the documentation attached D) External disclosure: always positive and proactive. Transparency is known to be a plus… but without going too far E) Communications to customers, suppliers… should be reviewed by the corporate communications department, but the final version should come from the legal department 12. Definition of AI AI systems means a machine-based system that: - It is designed to operate with varying levels of autonomy - May exhibit adaptiveness after deployment - For explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations or decisions - Can influence physician or virtual environments Some people have asked to stop using GPT because it gives fake information and take jobs away from people who don't deserve it (they ask to at least regulate it) They have been making noise and now ONU is warning about its risks since it can affect defence, climate change and provoke dependence and descontrol In investment banking, the most advanced sector in data protection, employees are prohibited from using AI. Emails does not go through gmail or outlook, but through internal systems of the company With AI cyberattacks can be generated and with our responses it can train itself even more until they get the answer they want We are actually training ChatGPT and in a few months or years it would probably not be free It is thought that AI is more sustainable but in fact it consumes lots of resources, it is not sustainable since data require a huge consume When we go to a restaurant and have the menu on our phone we are not being sustainable because it is much more contaminant than a paper menu Moreover, the information generated by AI is not always reliable and valid 13. Classification of AI under EU law 1) Prohibited AI systems → subliminal techniques, social scoring, exploit vulnerabilities, detect emotions in the workplace - Defense, manipulation, influence in death or life decisions, identification on an active way can also be included here - They have problems and criminal responsibility in the EU - It influences decision making. It interferes in the State powers and touches fundamental rights 2) High-Risk AI systems → employment, education, law enforcement, migration… in certain cases, AI as a product or safety component of certain products and profiling - Health, diseases detection, privacy, biometric data (on a passive way), autonomous conduction - It can affect third persons. They are replacing the person on their decisions 3) GPAI AI systems → generative AI and large language models 4) Limited risk AI systems → AI systems which do not pose a high risk but are subject to transparency requirements to allow affected persons to make informed choices - Chatbots, filters, generated content. Ex. Instagram - You decide actively or decide from the content that is generated - It can influence your outward decision making (Ex. decide to attend a restaurant) 5) Unregulated AI systems → AI enabled video games, AI enabled spam filters - Capacity for inward decision making - For example electric scooters are useful but they have exploited and they can be dangerous if rules are not clear In the European Parliament Tiktok is forbidden because it hears conversations and it can drive problems If I have the control I can make a decision and assume responsibility States are worried about third parties controlling or interfering in communication and peoples decision making 14. Core issues in EU regulation of digital finance Objective: - Facilitate access to financial services - Improve the efficiency of the financial system - Overview of digital finance: improves the efficiency of the financial system, but can pose risks to financial stability Crypto-assets: - Development of a comprehensive framework for crypto-assets and related services Digital euro: - Evolution of currency Cyber resilience: - Managing the risks associated with the financial sector’s increased reliance on software and digital processes Framework for financial data access: - “Open finance” proposal establishing a framework for responsible access to individual and business customer data across a wide range of financial services 15. What is a financial regulatory sandbox A framework set up by a financial sector regulator to allow small-scale, live testing of innovations by private firms in a controlled environment under the regulator’s supervision Benefits: - They offer a pathway for innovators to navigate the complex web of regulations, providing a temporary reprieve from certain rules to allow for testing and refinement - They enable regulators to gain insights into emerging technologies and business models, thereby informing future regulations that strike a balance between supporting innovation and safeguarding consumers It is basically a space used to test innovations and develop technological products without regulation. For example, AI to analyze your receipts is not regulated. Banks that work with the BCE doing regular meetings with reviewers to evaluate technologies and create measures, they test new technologies before implementing them on a large scale, exchanging opinions on how regulation should be in each area