IMC Computer Science and Law Fall/Winter Term 2024-2025 PDF

Summary

This document is a course outline for Computer Science and Law, Fall/Winter Term 2024-25, offered at the IMC, University of Applied Sciences. It covers topics such as introduction to law, intellectual property, data protection, cybersecurity, and AI law. The course content includes case studies, and an exam is scheduled for December 19, 2024.

Full Transcript

Computer Science and
Law
Fall/Winter Term 2024-25

Natascha Windholz, Krems
What are your previous experiences with law?

2
Lecturer

Mag. Natascha Windholz, MSc

Senior Information Security Officer at ÖBB

Degrees in Law and Information Security Management

Member of Women in AI Austria, Women4Cyber and Privacyofficers

Author of specialist publications on data protection and AI

Lecturer at Donau Universität Krems

Lecturer at professional seminars

Contact details: [email protected]

3
00 Introduction,
Organization

4
Course Content

3 October: Introduction to law

10 October: Intellectual property law, data protection law

23 October: Data Protection law

5 November: Case study

7 November: Cybersecurity law

28 November: AI law, Case study

5 December: Case study, various IT-related laws (e-Commerce, consumer law, data related acts,
platform law, Q&A

19 December: Exam

5
Learning outcomes and exam

Upon completion of this course, students are able to:

explain basic legal terms and challenges related to information technologies and law,

discuss practical, data-related matters linked to corporate and organisational settings from a
legal perspective,

identify possible steps and draw up recommendations for action.

The exam consists of several questions to evaluate the understanding of national and international
law and their applicability in the daily work of a data scientist or programmer.

The slides and case studies are enough for the exam!

6
01 Introduction to Law

7
How would you define
law?
Group exercise (4-5 people, 5 min)
Present your findings (1 min)

8
What is law?

Different aspects:

Rules of states

Ethical/moral guidelines

Regulating the coexistence of humans

For our purposes: binding rules of a society backed by the state‘s enforcement

„It depends… “ and „one has to differentiate …“

9
What is a state?

Three core elements:

1. Population

2. Territory

3. Sovereignity/state authority

Example: Austria

1. People living in Austria

2. Defined borders with other states/countries

3. Effective government

10
(Very) basic legal „logics“

Legal rule:

Elements/facts >> Legal consequence

Computer science perspective:

If >> then

Example:

A purposefully kills B by gunfire > murder >> Punisment for A

11
Basic principals of the legal system

Any and every power is given by the states‘ people (democratic principle)

Art 1 AT Federal Constitutional Law (B-VG):"Austria is a democratic republic. Its law emanates from
the people.“

Austria has 9 federal states (federal principle)

Austria has a (directly or indirectly) elected head of state (republican principle, contrary to
monarchy or dictatorship)

12
Three Powers of a (democratic) State

Legislature:

Parlament: passing laws

Nationalrat and Bundesrat together on the federal level
Landtage as local legislatures

Executive:

Government and authorities: implementing laws

Federal government and the nine local governments

Judiciary:

Courts administer justice by deciding disputes; applying the laws

Ordinary courts (civil and criminal law), administrative courts (administrative law), constitutional
court (different matters, incl. fundamental rights)

13
Hierarchy of legal norms
Constitution/constitutional law:
Regulates the three powers, changes only possible with qualified majority, establishing fundamental rights

„Normal“ laws:
Below constitution/constitutional laws, must comply with consitution, published in law gazette („RIS“)

Ordinances:
Detailed versions of statutory provisions, issued by the bodies responsible under the law, specifiying laws

Individual case decisions, such as notices, judgements, resolutions, findings that are not addressed to the
general public, but to individual persons, subject to the law.

14
National vs. European vs. International Law

National law

State, eg DSG, ABGB

EU law

EU with its 27 Member States, eg GDPR, AI-Act, NIS2
Transfer to national law might be necessary

International law

States (some or all together), eg EMRK, UN-charter
Treaties between states
Transfer to national law always necessary

15
The European Union

Based on international treaties

27 Member States

Certain features of a state

Three powers
Can enact direct applicable law

But not a full state (yet, „United States of Europe“)

EU law

Regulations: directly applicable in all Member States, similar to national laws, eg GDPR
Directives: Must be implemented in national laws, eg NIS2

16
How to

RIS: www.ris.bka.gv.at

EUR Lex: https://eur-lex.europa.eu

17
What fields of law can
you identify?
Group exercise (4-5 people, 5 min)
Present your findings (1 min)

18
Fields of law

Main fields of law

Public law: regulates relationships between citizens and the state

Constitutional law: constitution + laws relating to political process
Administrative law: All matters of „governing“, eg. Tax law, immigration law, data protection

Private law: regulates relationship between citizens

Eg. Contract law, property law, tort law/law of damages, familiy law, commercial law, ip law,…

Criminal law: „ultima ratio“

Conduct which is punishable (crime) + punishment itself (fines, prison, …)

Different courts are competent to handle the cases.

19
European law: Types of law

Supranational law: directly applicable among sovereign member states

European Union (EU) as connection of member states with the goal of the creation of a political
union

EU law takes precedence over national law!

„Types“ of EU law

Primary law: founding treaties

Secondary law:

Regulations: directly applicable
Directives: „harmonizing laws“, transfer to national law
Decisions: regulate individual cases with binding effect
Recommendations and opinions: non-binding
20
European law : Bodies

European Parliament

Based in Strasbourg, plenary sessions in Strasbourg and Burssels

705 directly elected representatives by the citizens every five years

Decisive role in legislation together with the Council of the EU

Controls bodies such as the Council or the Commission

Council of the European Union – Council of Ministers

Based in Brussels

Central decision making body, made up of one minister from each member state

Presidency by three states for a persiod of 1,5 years, whereby each states thakes the lead for
six months

21
European law: Bodies

European Council

Defines the general political objectives and priorities

Comprises the heads of states and goverments of the member states as well as the President
of the European Council (elected for 2,5 years, no national political office) and the President of
the European Commission

Meets twice a year for „EU summits“

European Commission

Based in Brussels

Executive body of the EU, far reaching control and executive powers

27 members who are delegated by the member states for a maximum term of 5 years

22
European law: Bodies

Court of Justice of the European Union (CJEU)

Based in Luxembourg

Ensures Compliance with the rule of law in the EU

Highest court in the EU

Decides on legal actions brought by a member state or EU institution

European Court of Justice (ECJ): court of first instance

European Court of Auditors

European Central Bank

23
European law: Fundamental freedoms

EU as area without internal frontiers: free movement of goods, persons, services and capital

1. Free movement of goods: customs union, any kind of burdon to import/export goods or
quantitative restrictions are forbidden

2. Freedom of establishment/freedom of movement: every citizen of of the EU has the right to
move and reside freely in all member states (right to engage in economic activity not included)

3. Freedom to provide services: services can be actively provided and passivley used across
borders

4. Free movement of capital: restrictions on the movement of capital and payments between
member states and between member states and third countries are forbidden, incl. Acquisition
of land or shares in companies

24
What are fundamental
rights? Do you know
any?
Group exercise (4-5 people, 5 min)
Present your findings (1 min)

25
Fundamental rights

Traditionally: defence rights against the state

Eg. Secrecy of correspondence, freedom of assembly

Nowadays: also claims against the state

In particular to protect from harm by other people

Eg.: right to live

The state must not kill people (eg. death sentence).

The state has duty to protect people from killings (eg. has an effective police).

26
Sources of fundamental rights in Austria

National law

Federal Contitutional Law from 1920

Basic law on the general rights of nationals from 1867

Different special laws

Constitutional law in Austria

European Convention of Human Rights

EU-Charta of Fundamental Rights

UN-Treaties

27
Protection of fundamental rights

Contitutional court

Laws that violate fundamental rights >> invalidated by the VfGH

All courts

Decisions that violate fundamental rights >> decision overridden

European Court of Justice

European Court of Human Rights

28
IT-related fundamental rights

Right to privacy
Right to data protection
Freedom of expression and information
Right to property
Freedom to conduct a business

29
Privacy and data protection
Art 8 European Convention on Human Rights

Everyone has the right to respect for his private and family life, his home and his correspondence.​

§ 1 Austrian Data Protection Act​

Every person shall have the right to secrecy of the personal data concerning that person, especially
with regard to the respect for his or her private and family life, insofar as that person has an interest
which deserves such protection. Such an interest is precluded if data cannot be subject to the right to
secrecy due to the data’s general availability or because they cannot be traced back to the data
subject.​

Art 8 EU Charta of Fundamental Rights​

1. Everyone has the right to the protection of personal data concerning him or her.​

2. Such data must be processed fairly for specified purposes and on the basis of the consent of the
person concerned or some other legitimate basis laid down by law. Everyone has the right of access to
data which has been collected concerning him or her, and the right to have it rectified.​

3. Compliance with these rules shall be subject to control by an independent authority.​

30
Discuss the differences
and similarities
between these rights!
Group exercise (4-5 people, 5 min)
Present your findings (1 min)

31
Privacy and data protection

Examples

Indiscriminate mass data retention violates fundamental rights​

Targeted data retention for serious crimes can be legal

Surveillance by US intelligence agencies makes the general approval of data transfers to the
USA illegal​

Assisting foreign authorities in conducting unlawful surveillance violates fundamental rights​

Conclusion: very important rights in the digital age​

32
Foundational challenges of IT-law: Who regulates the
internet?
The internet has no clear territorial location! General rules of jurisdiction apply, eg. where did it
happen, who is the „victim“.

Certain states try to enforce their own ideas, values, political interests.

China: „The Great Firewall“ (surveillance, censorship), data belongs the state

USA: freedom of (hate) speech, data belongs the companies

US Cloud Act: access for law enforcement agencies of data in foreign countries

EU: data protection laws apply to foreign websites, data belongs the data subject

„Schrems Saga“
EU wants to force companies to adhere to strong EU regulations

Russia: isolating from the western internet

33
Foundational challenges of IT-law: Dangers of new
technologies
New technologies - new dangers?​

eg hacking: the internet has only made hacking possible.​

New technologies - old dangers?​

eg fraud via the internet: mere change of means​

New technologies - changed dangers?​

eg insults: much easier on the internet (social networks) and harder to trace​

34
Foundational challenges of IT-law: Application of
existing laws
The internet is no legal vacuum or „wild, wild west“! Existing laws apply!

Many existing laws in principle also fit for the internet​

eg contract law

Some laws needed to be adapted to the internet​

eg some parts of criminal law​

Sometimes completely new laws are needed​

eg net neutrality​

35
Foundational challenges of IT-law: Ban of new
technologies?
Premise: dangers of a new technology cannot be reduced to an acceptable level by legal
regulations >> ban on this technology?​

Prohibition as ultima ratio​

Fundamental rights as barriers to prohibition​

Does a ban make sense?​

Eg prohibition of facial recognition software​

San Francisco and some other US cities (2019)​

Considerations of the EU Commission (2020)​

36
Foundational challenges of IT-law: Private
enforcement
Traditionally: law enforcement by the state (courts or authorities)​

Problem: State orders are sometimes difficult to enforce on the internet​

Consequence: obligation of private actors (usually platforms) to enforce the law

They bear most of the responsibility and power​

Examples:​

Deletion of hate postings by social networks​

Payment of local taxes by Airbnb​

Digital fingerprinting on websites

37
02 Contract and liability
law

38
Basics

Natural Person Legal person/entity
Any human being without any prequisits No human being, but a legal construct

eg a baby can be owner of a car Acting through executive bodies (natural persons),
that represent and directly bind the legal entity

„Organs“ are one or more natural persons

Type and number of „managing directors“ (members
of the representative bodies are determined by the
respective laws

39
Basics

Every „person“ is a „legal subject“ and possesses certain „abilities“ in order to be able to
act and transact in legal and business transactions.

Legal capacity („Rechtsfähigkeit“):

Every natural person has legal capacity from live birth until ascertained death with a possible
limited legal capacity for the unborn but conceived child in the context of claims of damages and
inheritance.

Legal persons are granted legal capacity by the legal system, eg. from entering to the
commercial register until ist deletion. The legal person is authorized and obligated, not the
natural persons that act on its behalf.

40
Basics

Capacity to act („Handlungsfähigkeit“)

Ability of a person, to authorize and bind themselves in the respective legal contect though their
own actions.

Devided into:

Capacity to contract („Geschäftsfähigkeit“): Ability to conclude contracts by themselves, age
as indicator; legal persons act though representation.
Responsibility for torts („Deliktsfähigkeit“): Ability to become liable for damages in the event
of unlawful conduct, ie to have to compensate for the unlawful and culpably caused damage
(tortious culpability); age as indicator for natural persons, legal persons cannot physically
cause damages, but it is liable for damage caused by its executive bodies

41
Property law

Property deals with the allocation of goods and merchandiese to (natural/legal) persons and
includes a summary of all „rights in rem“.

Principles in property law

Principle of publicity: obvious assigment of each object

Principle of title and mode: a contract in connection with the type of transfer

Type requirement: no own „creations“ of legal forms in rem

Principle of speciality (general legal justification for only one thing at a time

Acquisition from the entitled party

42
Property law: „things“

Object: These are things that you can touch or that „fall into your senses“. The are therefore also
called „physical objects“, such as furniture or tools.

Rights: These are recorded eg in securities, in with the corresponding claims are „securitized“. As
rights cannot be touched, the are also called „incorporeal objects“.

Movable property: These things can be moved from one place to another without being damaged
or destroyed.

Immovable property: These items cannot be moved, This includes land and all buildings on it and
objects installed in them, such as installations, windows, radiators, as well as agricultural
equipment ore livestock. The fact that these objects are moble objects before thery were installed
permanently does not change this. In principle, moveable objects can also become immovable
objects if they are permanantly attached to an immovable object („attachment“)

43
How would you
classify software?
Group exercise (4-5 people, 5 min)
Present your findings (1 min)

44
Software as „object“

§ 1053 ABGB: Only objects can be subject of a sales agreement.

Austria High Court (OBH 14.10.1997, 5 Ob 504/96): Purchase of standard software is purchase of
a physical object, based on the fact that the software was stored on a physical data medium.

Purchase of downloaded software may not fall under sales law.

45
Property rights: „possession“
„Custody“: Possession occurs when someone actually has an object their power, however the
„owner“ does not have the will to possess the objects as their own, they possess it for someone
else.

„Possession“: In addition to actual control („custody“), possession requres the will to keep the
object as one‘s own (will to possess). The owner can legally dispose of the object (eg use it).

Ownership: Ownership is the unrestricted authority of a person over an object („right of
dominion“). The owner can legally and actualle do what they want with the property (eg hide it, give
it away). They can also destroy their property and exclude everyone else from its use.

Out of consideration for the legal position of fellow citizens, there are numerous more or less far-
reaching restrictions on ownership under private law (such as neighboring rights, rights of way or
easements, as well as contractual prohibitions on disposal and encumbrances) and in the area of
public law in favor of the general public (such as building regulations with specifications on building
height or the extent of construction, environmental, nature and monument protection regulations as
well as spatial planning regulations).

46
Property law: Acquisition of ownership
1) Effective agreement (title, „titulus“): exchange, purchase, gift agreement, testamentary disposition,
court order

2) Handing the object over (mode, „modus“): actual transfer, entry of the new owner in the land register

The basic rule is that no one can transfer more rights than they themselves have. In concrete terms, this
means that only someone who is the owner of an item can transfer ownership of the item to the
purchaser. However, there is an exception to this basic rule in the case of bona fide acquisition of
movable property (“goods”):

Purchaser must be in good faith, they are in good faith that the could assume that the seller is the
owner of the item or is entitled to resell it.

An acquision in good faith can only take place though a legal transaction (with consideration, eg
purchase)

If the requirements are met, the purchaser in good faith becomse the owner even if the seller was not the
owner of the property. The previous owner cannot take legal action gainst them, but must instead rely on
the seller.

47
Contracts

A contract is an agreement between two or more parties that creates legal obligations.​

Either written or spoken​

Legally enforceable​

Different types of contracts, eg:​

Purchase agreement​

Employment contract​

Terms and conditions​

Service contracts ​

Software licenses​

48
Principles of contract law

Two types of contract law

Mandatory provisions​

Optional law​

Freedom of contract​

Decide whether to contract at all​

Determine (in principle) the content ​

Limitation: mandatory law, eg:​

Consumer law​

Labour law​

49
Requirements of a valid contract

Concurrent declarations of intent: offer and acceptance, free of coercion, trickery and threats,
„consensus“ (or „dissent“)

Legal capacity of the contracting parties

Possibilty and permissiblity of the intended contractual content: eg. contract violating consumer
law, contract on the purchase of a unicorn

Voluntariness of the conclusion: no error, coercion, trickery or threat; otherwise the contract can
be contested by the „disadvantaged“ contractual party

Compliance with any formal requirements: for some contracts there are formal requirements, eg
testament, but the general rule is freedom of form

50
Sales contract

Purpose: exchange of good and money​

Ownership changes​

Minimal contract only includes good and price​

Eg: "A buys the bread from B for 2 €."​

Many additional terms possible, eg:

Date of delivery and payment​

Warranties​

Selection of applicable law​

51
Terms and conditions

The law itself is almost always dispositive (permissive), which is why contractual partners can
reach deviating agreements (freedom of contract/private autonomy).

„Terms and Conditions“ are defined by an entrepreneur and used by them as a permanent basis for
concluding contracts. This saves them having to negotiate the individual points of the contract with
each and every party. Terms and conditions often contain warranty restrictions as well as rules on
defaulf of payment or exceeding delivery deadlines and compensation provisions and risk
distribution provisions.

Normally, Terms and Conditions do not apply automatically, but must be agreed on by the
contracting parties. They must be disclosed to the contractual partner at the latest when the
contract is concluded, as they become part of the contract.

52
Impairment of the performance of an obligation

Default: complete non-fulfillment of the contractual agreement or if the actual performance
deviates from the performance owed at the due date, eg delivery not at the right time or place or
not in the agreed manner

Warranty: Legal obligation of a seller or provider to ensure that the goods/services are delivered
free of defects at the time of delivery; material defect (lack of properties that have been expressly
agreed or are customary according to the nature of the transaction), defect of title (encumbrance of
the item with third-party-rights, eg third-party rights)

Warranty claim:

Improvement or replaycement (primary claim)
Price reduction or rescission (secondary claim)

Garantee: A warranty is a statutory obligation, but a guarantee is a voluntary assummption of
liability for defects that occur within a certain period of time

53
Different forms of liability

Liability is the responsibility to pay a certain amount of money. Damages is the compensation for
the suffered, attributable violation of third-party legal interests (eg insurance benefit as
compensation).​

Breach of contract: contractual liability​

Eg late delivery >> pay damages​

Other liability: tortious act >> tort law, reasons eg:​

Personal injury​

Damage to a physical object, eg car​

Defamation​

54
Different torts

Fault-based liability​

The liable persons must have caused the damage​ (intent, gross and slight negligence)

Different forms of fault: negligence or intent​

"General" liability >> all damages​

Strict liability: no fault required​, operational risk of dangerous installations

Specifically regulated in certain laws​

Dangerous objects can be used but the threshold for liability is reduced​

Eg for damages caused by products, cars, planes​

55
Types of damages

Personal injury: eg death, injury, damage to health

Property damage: damage of objects

Financial loss: eg unforseen expenses, loss of income, loss of profit, expenses for lawyers

Positive damage: Reduction of the injured party‘s actual existing assets

Lost profit: Prevention of an increase in assets or non-utilization of a potential earning opportunity

Non-performance damage: disadvantage caused by the non-fulfillment of a contractually
assumed obligation

Breach of faith: if someone relied on the conclusion/effectiveness of a contract an has therefore
already made various dispositions, they may suffer damage due to the subsequent non-conclusion
of the transaction, eg costs of drawing op the contract

56
Liability for third-party fault

General rule: Liability only for one‘s onw fault and one must bear their own damages.

Vicarious liability:

Liability for vicarious agents: If the contractor uses an employee, a family member or a
subcontractor to fulfull hteir contractual obligations, then they are liable for the fault or this
person as for their own fault.

Liability for supply agents: If a person uses the services of a person who is incompetent
person or a person that is known to be dangerous, they are liable to persons with wohn they
have no contractual relationshwip (tortious liabilty), eg an inexperienced apprentice is assigned
to difficult works and by dropping a tool hurts a passenger-by

57
Product liability
According to the Product Liability Act, a special liability law in accordance with the relevant EU
directive, liability is assumed for damage caused by a „defective product“. Liability exists in addtion
to the „normal“ claim for damages and the warranty for defects.

Product: movable, physical object, incl. Energy

Defective: at the time the product is placed on the market, it does not offer the safety that is to be
expected on the basis of the presentation of the goods or which can be reasonably expected when
using the item, eg it cannot reasonably expected that a tumble dryer is suitable for drying pets; the
product must correspond to the state of the art at the time it is placed on the marked

Liable actors:

Manufacturer/producer

Importer

Retailer

58
Product liability
Compensation is payable for all personal injury resulting form the death, physical injury or damage
to the health („illness“) of a person as well as damage to the property as a result of damage to
other items/goods caused by the defective product.

Reversal of the burden of proof: The injured party only as to prove that the damage was caused
by the product. The producer/importer can only be released from liability if they can prove that

The product was not placed on the market by them or that they did not act as entrepreneur

The product did not yet have the defect when placed on the parced

The defect is based on a legal provision or official order which they have complied with

The defect is due to properties which were sate of science and technology at the time the
product was placed on the marekt, or

That the defect was caused by a design or instruction of the end product and the party against
whom the claim is maed only supplied a partial product or the basic material

„One for all and all for one“: if the product liability affects several persons, tehy are jointly and
severally liable.
59
Software as a product
New EU-Directive on Product Liability:

Clarifies that software must be considered a product in the scope of the directive, free and
open-source software that is developed outside the course of a commercial activity is excluded
from the scope of the directive

Considers as product defectiveness the lack of software updates under the manufacturer‘s
control as well as the failure to address cyber security vulnerabilities

Including medically recognized damage to psychological health as well as destruction or
irreversible corruption of data in the definition of damage.

Including non-material losses resulting from the damage within the right to claim compensation.

Alleviating the burden of proof which would remain on the injured person.

Extending the liability period to 25 years in exceptional cases when symptoms are slow to
emerge.

Introducing a cascade of attributable liability for the economic operators.

60
Questions?

61
Repetition questions

What are the core elemets of a state?

A: Territory and population

B: Population and sovereignity

C: Sovereignity, population, territory

D: Laws, population, territory

62
Repetition questions

Which of the following statements are correct?

A: The core elements of a democratic state are legislature, executive and judiciary.

B: Legislature means that courts adminster justice by deciding disputes.

C: Legislature means that in Austria Nationalrat and Bundesrat pass law together on the fedreal
level.

D: Executive is not applicable in Austria because executions or death penalties are not allowed.

63
Repetition questions

What are the differences between EU regulations and EU directives? Give examples!

64
Repetition questions

Name at least three IT related fundamental rights!

65
Repetition questions

Which of the following statements regarding legal persons are false?

A: A legal person is a lawyer.

B: A legal person must be a natural person.

C: A legal person is not a human being but a legal construct.

D: The executive bodies of a legal person are natural persons that act for the legal person.

66
Repetition questions

What are elements of acqutision of ownership in property law?

A: An actual transfer of the object is necessary.

B: The purchaser must be in good faith that they can assume that the seller is entitled to sell the
object.

C: The acquisition of ownership always needs a written contract.

D: The core element of acquision of ownderhsip are titulus and modus.

67
Repetition questions

What are elements of a valid contract?

A: It is not necessary that the parties agree on the subject of the contract.

B: Every valid contract must be written.

C: A valid contract can violate applicable laws if the parties agree to it.

D: The intended contractual content must be possible and permissable.

68
Repetition questions

Describe briefly, what are „Terms and Conditions“!

69
Repetition questions

Which of the following statements are true?

A: A guarantee is a mandatory part of „Terms and Conditions“.

B: Warranty claims can be improvement, replacement, price reduction or rescission.

C: A warranty is a voluntary assumtion of liability for defects that occur within a certain period of
time.

D: Default is either the complete non-fulfillment of a contract or the deviation of the actual
performance from the owed one at the due date.

70
Repetition questions

What statements regarding product liability are false?

A: A product according to the Product Liability Act can be either a moveable, physical object or
energy.

B: The injured party has to prove that the damage was caused by the product.

C: Because of the reversal of the burden of proof, damages are reduced to death and physical
injury or illness.

D: Defectiveness in a product means that it does not offer the safety that is to be expected on the
basis of the presentation of the goods or that can be reasonably expected.

71