When Law Meets the Digital World

5/2021 11.10.2021
nasa foto

Last year I defended my dissertation related to “Complex of laws” in a context of multinational inventions. In cross-border operations legal issues, such as employee inventions, may become an internationally regulated subject matter which means that multiple national laws simultaneously apply, potentially resulting in conflicts. The underlying laws, however, still apply as such and the defined rules do not change. As an example – rights to the invention made by an employee working under the Finnish employment relationship shall be acquired according to the Finnish Employee Invention Act, irrespective of whether the invention in question is made entirely by Finnish inventors, or whether there are also inventors originated from different jurisdictions, subject to different rules. In the latter case companies dealing with multinational inventions need to comply with all the relevant laws applicable to the different inventors, even if related to one invention only.

The aforementioned dilemma relates to globalization. It is not restricted to IPR matters only but to all areas of law where different national – or regional – regulations are applied to the same matter. In the early days of creating laws, it was not necessarily foreseen that one day many issues would be truly international, and that those same laws should be applied also in such situations. Indeed, this was also my finding in my earlier job dealing with multinational employee inventions, that the laws do not necessarily provide guidance in multinational legal matters, yet they still need to be applied.

Lately the world has become increasingly digitalized. Books that used to be physical pieces are now available also in an audio or an electronic form. Does this mean that there are now more copyright owners, such as readers of voice books? Movies are not anymore bought (or rented) as DVD’s or BluRay®’s but everything is now streamed from Netflix and other distribution services. The same applies to music – you can stream it right away, without having to go to a store to buy a CD. Activities such as reading, watching movies and listening to music has become immaterial – you no longer need to find room for all those books, DVD’s and CD’s (unless you want to). The drawback is, and this is where the law regulates digital property differently than the corresponding physical items – that you no longer can transfer these digital items you have invested in to your heirs. Namely, typically when buying books or music in electronic form, you only buy a license to use the library, without right to transfer it to anyone else. This may be justified with lower price of digital items but may cause harm in some situations. For example, famous actor Bruce Willis wanted to bequeath his extensive iTunes music collection to his daughters but was surprised to know it was not permitted.

In addition to free-time activities, also services of different kind have transferred to the digital world. in fact, this has been very practical during the recent pandemic years where movement of people has been restricted. Paying bills can be handled online, and you can buy almost everything from internet, from all over the world. Only the transport of the items still needs to be physical, although 3D printing is developing fast and may in future enable printing out small items also by consumers themselves with their 3D printers. Irrespective of the transactions taking place digitally, the factual transaction is still subject to for example banking laws and consumer laws. But certainly, this kind of transformation of traditional interaction to a digital form has necessitated new ways of complying with certain obligations, such as KYC (know-your-customer) concerning banks. Banks now need to rely on new technological solutions in authenticating their customers, instead of identifying them face to face at the bank service desk. Banks also provide this service to other service providers in internet, by offering them an option to utilize their payment interface for transactions. This, in turn, is generating new value for banks as the service providers need to pay for this service. Thus, buying things in digital world engages new party to transaction – payment service providers. In EU this area is regulated by PSD2, i.e. Payment Service Directive, making payments more secure and protecting consumers. But PSD2 also means a big shift for traditional banking in requiring European banks to open their APIs (Application Programming Interfaces), and to open up opportunities for new type of fintech companies and e.g. light entrepreneurship services building their services on top of the APIs.

When talking about digital transactions – be it buying books or setting account to music streaming service or paying bills – the area is regulated with multiple laws and rules of the new digital era, so to say. Online financial services and execution of digital transactions require SCA, Strong Customer Authentication, of the parties involved in an electronic transaction, such as digital signing. In signing traditional paper contracts, one needs to ensure that the person is entitled to sign the agreement. However, in digital signing one also needs to ensure that the person signing is the one claiming to be! EU has managed to lay down the right foundations and a clear legal framework for people, companies and public administrations to safely access services and carry out transactions online with European eIDAS Regulation, namely Regulation on Electronic identification and trust services. It sets the standards and criteria for electronic signatures at different level, qualified certificates and online trust services. As such, the eIDAS regulation provides security that is equivalent to physical presence.

A recent phenomenon in digitalization of services is rise of the platform economy. This new business model is based on digital platforms hosting wide range of services, e.g. taxi drives and food delivery. On the one hand, this kind of new way of working has raised legal questions related to employment vs. entrepreneurship relation of the drivers and couriers of the services offered via the platforms, whereas using the services provided by these platforms raise issues related to data protection and privacy of the users, for example. Big data, namely the large data sets of users of internet services, need regulating in order to protect users of digital services and social media from data misuse and theft:

GDPR (General Data Protection Regulation) is one step toward protecting and regulating personal data that users are required to provide when registering to or using variety of services. In addition to GDPR, there are several Data Acts in process within EU, aiming to better data control: DSA (Digital Services Act), aimed to modernize the E-commerce Act from 2000, regulates about responsibilities of internet service providers in respect of illegal content, disinformation as well as transparent advertising. DMA (Digital Market Act) complements the existing competition laws, and establishes a list of obligations for designated “gate-keepers” to guarantee fair level of competition. DSM (Digital Single Market) directive, that was due to be implemented by member states by June 7, 2021, introduced new obligations for online content sharing platforms (OCSPs), making them directly liable for unauthorized copyright material posted on their platforms. One more Act yet to come, Artificial Intelligence Act (AIA), sets out horizontal rules for the development, commodification and use of AI-driven products, services and systems within the territory of the EU. All these new EU Acts and Directives simultaneously regulate algorithmic decision making, use of personal data, other user rights as well as marketing power of companies. In fact, these regulations are very future oriented and they can also be adapted on the fly, along the time and the technological development.

Next big step in digitalizing our interactions in this technology-driven world is to replace the physical ID cards and passports with digital identity. EU commission proposed in June 2021 a framework for a European Digital Identity, which would be available for all citizens, residents and business within EU. Under the European Digital Identity Wallet initiative, member states will offer their citizens – and later also businesses – digital wallets enabling the citizens to identify themselves in digital services. The future EU wallet helps to preserve users’ privacy, giving them full control over the attributes shaping their identity and minimizing personal data that needs to be exchanged. This initiative is a major step towards data sovereignty, ensuring that people can control their own data; they can choose how their data is shared, who has access to it and how it is used. The digital wallet would contain the same items as the traditional wallet: ID card, driving license, bank card etc. They will just be in a digital form! But wallet also – at least in the past used to – contains currency. So does the digital wallet probably in the future. Namely, European Central Bank has launched a pilot project for a digital version of the euro. However, a digital euro would not replace the physical euro but it would be used in parallel, as an additional form of online payment. A major difference to known cryptocurrencies is that while the latter are decentralized, digital euro is backed by a central bank.

The speed of development towards digitalized society means that lawyers and legislators remain to be busy for several years still. There are so many areas where the new technology brings challenges to regulating and interpretation of laws. For example, who is to blame for an accident caused by autonomous cars or if something harmful is caused by malware of software when in future all our home appliance is intelligent and connected to internet? Can consumers rely on the banks securing one’s financial assets even during this time of cyberattacks? How to ensure rights of all citizens during a digital age when not all have mobile phone or ability to use them? And to come back to where I began, one aspect that necessarily is to be considered at some point is the globalization of all these new European digital regulations in ensuring the data sovereignty and compatibility and interoperability of for example digital identity created to European citizens, also outside Europe.

Finally, also legal matters are going through a technological transformation, in a form of Legal Tech. Use of technology and software has certainly facilitated handling also legal matters, and to some extent Legal Tech could potentially also be used in streamlining certain standard legal processes. However, in a context of confrontation where the traditional law meets digital world, any artificial intelligence can hardly replace lawyers and scholars in trying to adapt the law to the digital world.