This book focuses on the legal governance of online platforms concerning direct and indirect discrimination against users in the housing, advertising, and labor markets. Through an extensive investigation of sources this book illustrates how statutory law and legal precedents in the EU and the US are only partially equipped to address discrimination against statutorily protected classes in online platforms.

Healthcare is changing. It is moving to a paperless environment and becoming a team-based, interdisciplinary and patient-centred profession. Modern healthcare models reflect our data-driven economy, and adopt value-driven strategies, evidence-based medicine, new technology, decision support and automated decision-making. Amidst these changes are the patients, and their right to data protection, privacy and autonomy. The question arises of how to match phenomena that characterise the predominant ethos in modern healthcare systems, such as e-health and personalised medicine, to patient autonomy and data protection laws. That matching exercise is essential. The successful adoption of ICT in healthcare depends, at least partly, on how the public's concerns about data protection and confidentiality are addressed. Three backbone principles of European data protection law are considered to be bottlenecks for the implementation of modern healthcare systems: informed consent, anonymisation and purpose limitation. This book assesses the adequacy of these principles and considers them in the context of technological and societal evolutions. A must-read for every professional active in the field of data protection law, health law, policy development or IT-driven innovation. GRIET VERHENNEMAN is a legal expert on e-health with an academic background. Today Griet is Data Protection Officer at the University Hospitals KU Leuven (UZ Leuven). Previously, she worked as a legal researcher at the Centre for IT and IP Law KU Leuven (CiTiP) and participated in several interdisciplinary projects. Griet continues her collaboration with the Centre as a Research Fellow. In her position of Data Protection Officer, Griet brings data protection into practice. Through her work as an academic, Griet continues to assess, discuss and disseminate about the legal implications of ICT-driven evolutions in the field of health and medicine.

On 20 November 2019 the United Nations Convention on the Rights of the Child celebrates its 30th anniversary. In 1989, when the Convention was adopted, children came across advertising on television, on billboards in the street, in shops and through leaflets in their mailbox. Over the past 30 years, the way in which children are targeted by advertisers and the formats that are used have changed significantly. Think of advergames, influencer marketing, and behavioural targeted advertising. The specific features of these formats, such as their immersive, interactive and personalised nature, make it difficult for children to understand the commercial and persuasive intent of the commercial messages directed at them. This book presents an original and timely fundamental rethinking of the regulatory framework of commercial communication from a children's rights perspective. Offering a carefully considered, well-documented overview and in-depth evaluation of several legislative frameworks, policy documents, self- and co-regulatory initiatives and literature from a variety of disciplines, it works towards the development of children's rights-inspired recommendations for an empowering regulatory framework for online commercial communication aimed at children. It is a subject with great societal relevance which contributes to the further realisation of children's rights in the digital environment. Valerie Verdoodt is a fellow in law at the London School of Economics. Her research focuses on the legal and fundamental rights questions originating from the development of new media and technology, in particular regarding the protection and participation of children online. She also teaches Information technology and the law, Cyberlaw and EU Law on the LSE law programme.

Security and law against the backdrop of technological development. Few people doubt the importance of the security of a state, its society and its organizations, institutions and individuals, as an unconditional basis for personal and societal flourishing. Equally, few people would deny being concerned by the often occurring conflicts between security and other values and fundamental freedoms and rights, such as individual autonomy or privacy for example. While the search for a balance between these public values is far from new, ICT and data-driven technologies have undoubtedly given it a new impulse. These technologies have a complicated and multifarious relationship with security. This book combines theoretical discussions of the concepts at stake and case studies following the relevant developments of ICT and data-driven technologies. Part I sets the scene by considering definitions of security. Part II questions whether and, if so, to what extent the law has been able to regulate the use of ICT and data-driven technologies as a means to maintain, protect or raise security, in search of a balance between security and other public values, such as privacy and equality. Part III investigates the regulatory means that can be leveraged by the law-maker in attempts to secure products, organizations or entities in a technological and multiactor environment. Lastly, Part IV, discusses typical international and national aspects of ICT, security and the law.

EU data protection law imposes a series of requirements designed to protect individuals against the risks that result from the processing of their data. It also distinguishes among different types of actors involved in the processing, setting out different obligations for each actor. The most important distinction in this regard is the distinction between "controllers" and "processors". Together, these concepts provide the very basis upon which responsibility for compliance with EU data protection law is allocated. As a result, both concepts play a decisive role in determining the potential liability of an organisation under EU data protection law, including the General Data Protection Regulation (GDPR). Technological and societal developments have made it increasingly difficult to apply the controller-processor model in practice. The main factors are the growing complexity of processing operations, the diversification of processing, services and the sheer number of actors that can be involved. Against this background, this book seeks to determine whether EU data protection law should continue to maintain the controller-processor model as the main basis for allocating responsibility and liability. This book provides its readers with the analytical framework to help them navigate the intricate relationship of roles, responsibility and liability under EU data protection law. The book begins with an in-depth analysis of the nature and role of the controller and processor concepts. The key elements of each are examined in detail, as is the associated allocation of responsibility and liability. The next part contains a historical-comparative analysis, which traces the origin and development of the controller-processor model over time. To identify the main problems that occur when applying the controller-processor model in practice, a number of real-life use cases are examined (cloud computing, social media, identity management and search engines). In the final part, a critical evaluation is made of the choices made by the European legislature in the context of the GDPR. It is clear that the GDPR has introduced considerable improvements in comparison to EU Directive 95/46. In the long run, however, further changes may well be necessary. By way of conclusion, a number of avenues for possible improvements are presented. Dr Brendan Van Alsenoy is a Legal Advisor at the Belgian Data Protection Authority and a senior affiliated researcher at the KU Leuven Centre for IT & IP Law, and co-editor of Privacy & Persoonsgegevens. He has previously worked as a legal researcher at the KU Leuven Centre for IT & IP Law, with a focus on data protection and privacy, intermediary liability and trust services. In 2012, he worked at the Organisation for Economic Co-operation and Development (OECD) to assist in the revision of the 1980 OECD Privacy Guidelines.

Information technology offers unprecedented opportunities to individuals, businesses and the public sector but also creates new vulnerabilities to crime. Impressive cybercrimes have been reported in the media in recent years, demonstrating the grave harm that even a single cyberattack can cause. Yet no systematic assessment of the impact of cybercrime on Belgian society and economy had been conducted until the start of the research project Belgian Cost of Cybercrime (BCC) in 2013, which was funded by the Belgian Service Science Policy Office (BELSPO) and coordinated by the KU Leuven Centre for IT & IP Law (CiTiP), in collaboration with the KU Leuven Institute of Criminology (LINC).Building on that large multidisciplinary project, the book assesses the impact of cybercrime on businesses based in Belgium, drawing from a thorough conceptualization of both cybercrime and its impact. Using data collected through two surveys sent to more than 9,000 representatives of Belgian businesses, the authors report that most of the responding businesses are confronted with at least one type of cybercrime every year and some of them suffer serious harm from these incidents. Lastly, the book calls for the identification and implementation of effective preventive measures targeting the different types of cybercrime.

In the last few years, the cryptocurrency bitcoin has repeatedly made worldwide headlines with its fluctuations in value and the uncertainty regarding the legal framework under which it operates. While bitcoin has swiftly become the foremost example of a virtual currency, it is by no means the only one. In-game currencies and currencies used as part of a loyalty scheme are examples as of other forms of virtual currencies. Moreover, new forms of virtual currency used mainly for investment purposes—derived from cryptocurrencies such as bitcoin—are rapidly gaining hold. This book focuses on the legal aspects of virtual currencies from the perspective of financial and economic law. It establishes a typology of virtual currencies and assesses whether they can be considered as money. The author analyzes whether the EU legal frameworks on electronic money, payment services, anti-money laundering, and markets in financial instruments can be applied to virtual currencies. A functional comparison is made to the US, where more regulatory initiative has been identified. The book concludes by answering the question of whether—and how—virtual currencies should be regulated within the EU.