Hybrid Event

Event program

Thursday, 5/25/2023 9:00 AM - 2:00 PM, Leut I, Hotel Admiral, Opatija 9:00 AM - 9:30 AM Invited Lecture  R. Polcak (Masaryk University, Brno, Czech Republic) Certification of AI-Based Systems under the New EU AI Regulatory Framework  The regulatory architectures of the draft AI Act, as well as the draft AI Liability Directive, are built around performance-based rules. In comparison to standard behavioural rules, performance-based regulation does not lay down particular duties and obligations. Instead, performance-based rules set only fundamental regulatory aims and principles, while leaving it for the regulated subjects to develop their own particular rules that suit their specific situations. This regulatory approach, besides being flexible, efficient and relatively user-friendly, also creates considerable legal uncertainty arising from the fact that regulated subjects have to develop their own solutions without having immediate assurance as to their compliance with the (very vaguely and generally defined) legal requirements. It is not entirely a novel method, as we already have some experience with its use e.g. in personal data protection law or cybersecurity law. My proposed paper aims at discussing the envisaged mechanisms of certification that are drafted into the current EU AI regulatory instruments and should provide for desired certainty while leaving space to the regulated subjects for initiative, creativity and efficiency. I aim at comparing the envisaged certification mechanism for AI-based systems with the existing EU certification framework in cybersecurity and the draft certification framework in the EU Cyber-Resilience Act. In particular, I would like to discuss the emerging question as to whether the certification systems and schemes should aim solely at certifying particular technologies and systems (i.e. particular objects) or whether certificates should be also designed for vendors as such (subjects). 9:30 AM - 1:45 PM Papers  1. V. Rádi (Károli Gáspár University of the Reformed Church, Budapest, Hungary) Comparative Analysis of the AI Regulation of the EU, US and China from a Privacy Perspective  Artificial intelligence is already part of our everyday lives. We encounter it several times a day, when using a smartphone or social media, when shopping online, or even without any visible signs, such as in case of a secret facial recognition programme. The area of data protection is closely linked to the evolution of technology, especially wit so-called 'disruptive' technologies raising new data protection issues and risks. Artificial intelligence also creates a new situation because, unlike other technologies, it is difficult to explain how it works and to predict the precise outcome of its use. Regulatory authorities detected the need of proper regulation which ensures both the technical advance and the protection of the natural person’s private life. In this paper, I will present an overview of the major regulatory tools that have emerged in the field so far in the EU, in the US, and finally in China. However, I find that current regulation is rather 'fragmented'; the EU is the first one to come up with a comprehensive and wide-ranging regulation of AI; hopefully the others will follow its path with respect of privacy regulation as well. 2. K. Biczysko-Pudelko (University of Opole, Opole, Poland) Algorithmic Contracts in European and United States Contract Law - A Comparative Legal Analysis  Although perhaps still abstract to many, the term 'algorithmic contracts' may soon become as common and more widely known as the - equally abstract-sounding - cryptocurrencies (bitcoin), smart contracts, or blockchain. Algorithmic contracts are a separate category from smart contracts, the so-called digitally enhanced contracts, and are contracts in which an algorithm determines the obligations of the parties - this is how L. Scholz aptly described the essence of these contracts. In my presentation, I would like to analyze whether current contract law in the European Union is adequate for algorithmic contracts, i.e., can an algorithm effectively make fundamental determinations about the content of a contract, and will such provisions bind the parties? Will it be possible to invoke an error of declaration of intent in the case of a malfunction of the algorithm caused, for example, by a systems failure, or in a situation where, admittedly, there was no failure, but the algorithm misanalyzed the data? I would also like to refer my considerations to the US legislation and the views of doctrine representatives presented there and further answer the question of whether the regulatory approach adopted there could also guide possible developments in European law. 3. K. Świtała (Cardinal Stefan Wyszyński University in Warsaw, Warszawa, Poland) Medical Data in the Digital Era - Legal Challenges Related to Providing Information Security, Applying GDPR and Respecting the Professional Secrecy  The processing of medical data in electronic form poses many challenges in terms of the security of these resources and ensuring patient privacy. This paper presents new dimensions of healthcare data processing, such as EHR, eHealth, mHealth, IoT or Big Data, in the perspective of the challenges of enforcing legal regulations to ensure the security of such healthcare information resources while also guaranteeing cross-border interoperability of these solutions. The technical and organizational measures applied by the controllers, as well as the legal requirements, should be consistent and comprehensive, considering not only the challenges related to the protection of personal data, but also cybersecurity and the protection of professional secrets in health care. In this context, ensuring the integrity and availability of information is also important as protecting its confidentiality. 4. N. Gumzej (Faculty of Law, Zagreb, Croatia) Technical Solutions Supporting the Online RTBF in the CJEU and ECHR Jurisprudence   Legal solutions toward restricting online accessibility of content relevant to one’s privacy are valueless without interdisciplinary cooperation and acknowledgment of technological developments. One example lies in the affirmed use of geo-filtering technology to support the scope of delisting, which ensures the more effective RTBF as a specific right related to the right to erasure, which is reserved for data subjects and implemented by search engines under EU law. Other two concern the measures of rearranging search results, and adding warnings on initiated proceedings in search engine results, which the CJEU acknowledged in certain cases of unsuccessful delisting requests, and which are according to their aim of providing currently accurate data/information traditionally directed toward original content producers. Fourth example lies in the recognized role of de-indexing technology that enables online publishers to restrict accessibility of their own content, and supports the right to private life under ECHR jurisprudence. The paper discusses and critically assesses those solutions. Delisting is shown to be less restrictive than de-indexing for the freedom of expression and at the same time less effective data protection-wise, taking into account also limited territorial scope, and is as such also consumed by de-indexing. Innovative CJEU measures may provide fair solutions for affected data subjects, but still require legal justification and proof of operation in the practice of search engines. 10:30 AM - 10:45 AM Break  5. A. Besiekierska (Cardinal Stefan Wyszynski University, Warsaw, Poland) Legal Assessment of the National Cybersecurity System in Poland in the Light of the New Developments in the NIS2 Directive  The Act on National Cybersecurity System was adopted on 5 July 2018. Unlike the NIS Directive, which it implemented, the scope of its regulation covered public administration. In the course of applying the Act, it turned out that the effectiveness of the introduced regulations is low. In particular, it was visible in the case of local governments, which, as indicated by the reports of the Supreme Audit Office, showed many shortcomings in the implementation of cybersecurity policy. For more than two years, work has been underway on a draft amendment to the Act on the National Cybersecurity System, which has aroused great controversy - the ninth draft has now been published. Already the first draft included telecommunications undertakings in the group of entities covered by the national cybersecurity system, as is the case in the NIS2 Directive. Discussions are taking place primarily in the area of supply chain cybersecurity. They will undoubtedly be of great importance for the further development of the cybersecurity system in Poland and Europe. 6. H. Lisičar, T. Katulić, M. Jurić (Faculty of Law, Zagreb, Croatia) Online Audiovisual Content, Video Sharing Platforms and Regulation under DSA and AVMSD  In light of recent changes of regulatory framework for provision of digital services within the EU, this paper deals with interplay between Digital Services Act and Audiovisual Media Services Directive with regard to the regulation of online audiovisual content. Implementation of DSA raises a number of questions which need to be clarified in order to enhance the legal certainty of the enforcement of EUs online content regulation. Both the Regulation and the Directive include provisions that pertain to video sharing platforms and their content. The paper examines the scope and the differences between them, especially in relation to protection of users and their rights. 7. I. Kanceljak (Faculty of Law, Zagreb, Croatia) Interplay of Gatekeepers' Obligations and Consumer Rights under Digital Markets Act  Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828 (Digital Markets Act) entered info force on 1 November 2022 and will apply from 2 May 2023. Digital Markets Act can be considered as a legislative response on the imbalance between a small number of big companies and a huge number of small companies on internal market. This imbalance reflects thought unfair practices and unfair competition imposed by large companies (such as Google, Microsoft, YouTube, Meta…). The main goal of the Digital Markets Act is to create rules aimed to ensure contestability and fairness for the markets in the digital sector in general. To achieve this goal, large companies can de designated as “gatekeepers” pursuant to Digital Markets Act which would mean that they would have a new legal position determined by various obligations. Although the main goal of Digital Markets Act is to interfere in relations between companies it is not forgotten that consumers are also important participants on internal market. This article aims to explain if there are any actual benefits for consumers, and if there are, to highlight them all from the aspect of existing consumer protection. 8. M. Milenković, R. Nikolić, S. Čelan, P. Petrošanec (Faculty of Transport and Traffic Sciences, Zagreb, Croatia) Analysis of IoT Devices Security for Household Applications  According to predictions that the world consumption of Internet of Things (IoT) devices will exceed 772 billion dollars this year and considering the increasing spread of IoT devices and the number of investments in them, the paper will present the authors' view on the security of IoT devices. The paper is based on the conducted research through a quantitative analysis of the familiarity and safety of the use of IoT devices in the household. The paper intends to diagnose the growing potential risks that could threaten the security of IoT households across the EU. As one of the instruments for the protection of end users, regulations will be used to persuade device manufacturers not to reduce basic cyber security measures. Also, the paper will instruct legislators on the minimum technical and security requirements IoT devices should use for end users to have more protection and security in the rapidly growing category of household devices. The security of IoT devices will be analyzed based on the published attacks on IoT devices and the survey conducted among the population of citizens of the Republic of Croatia. The paper will also present proposals for different forms of education and the protection of end users to reduce mistakes when using IoT devices. De lege ferenda, legislators will be called upon to define the minimum "reasonable" security features that should become part of all IoT devices sold in the EU by 2030. 9. M. Alić (Tehničko veleučilište u Zagrebu, Zagreb, Croatia) Privacy Policy Informativeness: in a Search for Benchmark  The term transparency in the disciplines of information management, business ethics and information ethics is commonly used for forms of information visibility and access to information, with the aim of reducing information asymmetry among stakeholders. The principle of transparency is also one of the main mechanisms in data protection and regarding regulations, such as General Data Protection Regulation. But requirements for assesing it's functionality are somewhat ambiguus and hard to evaluate. One of proposed metrics can be the amount of information the transparency mechanism is trying to convey. The basic (ex ante) tool of transparency is the publication of privacy policies, with the purpose of informing the individuals about the procedures related to the collection, sharing, use and storage of their personal data. By using lexical density as a metric to evaluate privacy statements of two major IT companies, Google and Microsoft, across five languages (Croatian, English, German, French, Italian) and comparison within set and generic sections of privacy policy, the aim of this paper is to identify reference scale for this, specific legal documents, between descriptive and explanatory narrative. 10. L. Vejmelka (Faculty of Law, Zagreb, Croatia), R. Matković (Public Health Institute of Split, Split, Croatia), M. Rajter (University of Zagreb, Zagreb, Croatia), T. Ramljak (Centre for Missing and Exploited Children, Osijek, Croatia) DeShame Croatia: Student Reactions and Consequences of Online Sexual Harassment in High Schools  Online harassment and abuse present a contemporary phenomenon with potentially devastating effect on children’s lives. The studies on non-sexual and sexual abuse of children on the internet are often focused on the prevalence and the characteristics of victims and perpetrators. However, given the high socio-cultural complexity of the problem, there is a lack of data on the help seeking behaviours from victims. The aim of this presentation is to explore the reactions and consequences of online sexual harassment in the context of the creation of adequate policies and prevention and treatment programs. The data were collected within the DeShame project in Croatia in 2020. The probabilistic stratified cluster sample consisted of 2016 pupils of secondary schools in Croatia. Our results show that the prevalence of sexual harassment is high among adolescents and their reactions vary. They are most inclined to solve the situation by themselves or using the peer support, while they are less inclined to seek help from adults and support services. Seeking help from adults was significantly less prevalent with speaking to parents being the most salient (10%). The most worrying reaction is ignoring the incident which in terms of the prevention of sexual harassment propagates the behaviour. 12:15 PM - 12:30 PM Break  11. D. Krivokapic, A. Nikolic, I. Zivkovic (University of Belgrade, Belgrade, Serbia) Capacities of Western Balkan Economies (and Their Public Sectors) to Respond to Ransomware Attacks  Ransomware became a global cybersecurity threat affecting not only individuals and private companies, but governments and other public bodies. The paper will firstly introduce the concept of ransomware and emphasize the implications of the global rise of ransomware. Secondly, the paper will provide an overview of the regulatory framework in relation to Ransomware in Western Balkan (WB) economies, while an ethical and practical guidance will be proposed. Then, the paper will briefly present Western Balkan Case Studies, including recent key ransomware attacks occurred in the region. Lastly, the paper will provide recommendations regarding prevention and recovery from the ransom attack focusing on WB region. 12. P. Đurman, A. Musa (Faculty of Law, Zagreb, Croatia) Status of Open Data (Sub)Ecosystem in Croatia: National Open Data Portal  Although the literature advocates a number of potential advantages of open data, which can basically be divided into democratic and economic benefits, their practical realization has been difficult to measure (Welle Donker and van Loenen, 2017). While the impacts of open data may be challenging to evaluate, different assessment frameworks capturing one or more aspects of open data initiatives (such as data quality, availability, legal context etc.) have been developed and widely applied worldwide during the past decade. While the results of such assessments can be useful in formulating and modifying national open data policies, as well as in knowledge transfer and good practice exchange between the countries, they are characterized by some serious shortcomings, both conceptual and methodological. The main purpose of this paper is to assess the state of open data in Croatia via application of the assessment framework developed during the Online Training Program of Horizon 2020 TODO (Twinning Open Data Operational) project, and to discuss the usefulness of such evaluations based on the interpretation of the assessment results. The TODO assessment framework is applied to Croatian open data sectoral subsystem – institutional data, which is provided via central open data Portal. 13. N. Mike (Corvinus University of Budapest, Budapest, Hungary), E. Krén, T. Kecskeméti (Librantis, Budapest, Hungary) Information Security among SMEs in Hungary - An Overview  Information and cyber security are important for SMEs. The level of security contributes greatly to the competitiveness of companies, but it is greatly underrepresented among SMEs in Hungary. The study aims to answer the question of whether accelerated digitization harms information security in Hungary. The analysis mainly focuses on companies actively involved in e-commerce during and after the Covid-19 era. Further, the trends in information security are compared within Hungary and the European Union, highlighting a local-specific deficit. The study presents the results of 2020, 2021, and 2022 quantitative research conducted by Digimeter company, as well as publicly available data from the European Union's DESI index (Digital Economy and Society Index) and NCSI (National Cybersecurity Index). The expected results of the research confirm that the lack of information security is visible in Hungary. 14. G. Vojković (Fakultet prometnih znanosti, Zagreb, Croatia), T. Katulić (Pravni fakultet Sveučilišta u Zagrebu, Zagreb, Croatia) Anti-corruption Measures in the New Croatian Public Administration Office Management Regulation  The beginning of 2023 marked the started of the application of the new Office Management Regulation in the Republic of Croatia. The Office Management Regulation updates the rules and measures of office management in the performance of state administration, other state bodies, local and regional self-government units and legal entities with public authority with the requirements of digitalization and electronic communications. The new legal regulation introduces digital first, electronic office operations, also including provisions on certain anti-corruption measures. These measures are intended to prevent abuses in the office management system of the public administration system. This paper describes how the introduction of modern electronic business can simultaneously introduce anticorruption measures and increase the legality and transparency of the work of the state and public administration. The model introduced by Croatia can certainly be an interesting example for other countries in the process of office business reform. The paper also explores the potential application of industry self-regulation anti-bribery standards 15. M. Milenković (Faculty of Transport and Traffic Sciences, Zagreb, Croatia) Zračna luka kao osnova za uvođenje inovativnih tehnoloških rješenja u postupku kreiranja pametnog grada zračne luke  How can an airport become the central part of a region? This paper will try to explain the prerequisites for creating a smart airport city. Today's airports have become not just places where planes take off and land but also generators of economic development, giving open access to the state or a city, intending to connect cities and airports in a single unit. In a world prone to rapid change, airports have focused on expanding and connecting their communities, not only in terms of tourism but also in terms of implementing IoT technology through integrated transport, adaptation to emerging conditions, customer-centricity, and user experiences. This paper intends to pinpoint the possibilities to implement innovative technological solutions through public procurement procedures proposed by the European Commission that can be used for the post-covid-19 recovery of the EU airports. 16. M. Alić (Tehničko veleučilište u Zagrebu, Zagreb, Croatia), L. Sopić (LeverUP Consulting Adria, Zagreb, Croatia) Privacy Paradox and Generation Z  As technology advances daily, so are the challenges in preserving one's privacy. Being the generation that has been born in such a highly technological environment, members of Generation Z, born between mid-to-late 1990s and the early-to-mid 2000s, have been engaging in privacy related transactions more than any generation before. The issue of privacy is becoming more pronounced, along the possibilities of individuals controlling their data, that can lead to the discrepancy between attitudes about privacy preservation and actual behavior, that has become known as the "privacy paradox". By looking at this paradox through generational attitudes toward privacy, organizational practices and related legal frameworks, as well as the contemporary context of the sharing economy, the research aims to give insight whether members of the affected generation can be classified as fundamentalists, pragmatists, or unconcerned about privacy as a classification used by Alan Westin.

Basic information:

Tihomir Katulić (Croatia), Hrvoje Lisičar (Croatia), Lucija Vejmelka (Croatia)

Nina Gumzej (Croatia), Marko Jurić (Croatia), Tihomir Katulić (Croatia), Đorđe Krivokapić (Serbia), Ashwinee Kumar (India/Belgium), Ivana Kunda (Croatia), Romana Matanovac Vučković (Croatia), Hrvoje Stančić (Croatia), Goran Vojković (Croatia)

Tihomir Katulić (Croatia), Hrvoje Lisičar (Croatia), Lucija Vejmelka (Croatia), Marko Jurić (Croatia)

Registration / Fees:

The discount doesn't apply to PhD students.

Tihomir Katulic
University of Zagreb
Faculty of Law
Trg Republike Hrvatske 14
HR-10000 Zagreb, Croatia

E-mail: tkatulic@gmail.com
 

The best papers will get a special award.
Accepted papers will be published in the ISSN registered conference proceedings. Presented papers in English will be submitted for inclusion in the IEEE Xplore Digital Library.
.............
There is a possibility that the selected scientific papers with some further modification and refinement are being published in the following journals: Journal of Computing and Information Technology (CIT), MDPI Applied Science, MDPI Information Journal, Frontiers and EAI Endorsed Transaction on Scalable Information Systems.