The Cyber Lawyer

In this episode of The Cyber Lawyer Podcast, we explore the complex intersection of Generative AI and the General Data Protection Regulation (GDPR). With insights from recent reports and academic perspectives, we examine how legal frameworks designed for traditional data processing adapt—or struggle to adapt—to the unique challenges posed by large language models (LLMs). Key Topics Covered: Challenges in Generative AI Development:The U.S. Government Accountability Office illuminates the hurdles faced by AI developers, from data poisoning and prompt injection to jailbreaking attacks. Learn how these risks impact compliance with GDPR’s accuracy, security, and accountability principles. Legal Basis for Processing Personal Data:Mikołaj Barczentewicz critiques the reliance on consent as a lawful basis for data processing in the LLM lifecycle. Discover why “legitimate interest” is emerging as a more practical legal foundation and the implications this shift may have for both developers and users. Reinventing the Right to Be Forgotten:The Washington Journal of Law, Technology & Arts calls for a fresh approach to implementing the right to be forgotten in the generative AI context. We explore their proposed multi-faceted strategies, including regulatory oversight, industry collaboration, and global cooperation, to balance human dignity with technical feasibility. Key Questions Explored: AI-Specific GDPR Adaptations:Does the GDPR need revisions or supplementary regulations to address the nuances of generative AI effectively? Balancing Innovation and Privacy:How can developers ensure compliance without stifling the technological advancements that LLMs bring to various industries? Reimagining “Forgetting” in AI Systems:What practical solutions exist to implement the right to be forgotten in systems where data erasure is complex and resource-intensive? Why You Should Listen:As generative AI transforms industries and raises ethical, legal, and technical questions, understanding its intersection with GDPR is essential. This episode unpacks critical compliance challenges and offers insights into emerging solutions that balance innovation with privacy rights. Legal professionals, policymakers, AI developers, and privacy advocates will gain valuable perspectives on navigating this rapidly evolving field. Tune in to The Cyber Lawyer Podcast for a forward-thinking discussion on the future of AI and data protection.

In this episode of The Cyber Lawyer Podcast, we dive deep into the global regulatory landscape as governments take aim at dark patterns and unfair trading practices. With a focus on recent developments in India, Australia, and Hungary, we explore how regulators are tackling the challenges posed by manipulative digital practices, misinformation, and unfair consumer interactions. Key Topics Covered: India’s Stand on Misinformation and Content Removal:Hear about the Indian government’s push for faster action by social media companies to curb misinformation and volatile content. Discover why IT Secretary S Krishnan believes the "safe harbour provisions" no longer shield platforms that fail to act swiftly. Australia’s Proposed Ban on Unfair Trading Practices:We unpack Australia’s forward-thinking proposal to outlaw unfair trading practices under its Consumer Law. Learn about the proposed “grey list” of harmful practices, the debate over “unreasonableness” as a regulatory criterion, and what this could mean for businesses engaged in subscription traps, drip pricing, and dynamic pricing. Hungary and the EU’s Crackdown on Unfair Pricing:Delve into the Hungarian Competition Authority's proactive enforcement against unfair pricing practices. We discuss how this aligns with broader EU consumer protection law reforms and what businesses can learn from Notino’s case. Key Questions Explored: Principles-Based vs. Specific Regulation:Are broad, principles-based approaches better suited to tackle emerging deceptive tactics, or do we need strict, specific prohibitions? Balancing Swift Action and Freedom of Speech:How can governments manage the tension between quickly removing harmful content and protecting free expression? Business Adaptation:What steps should companies take to stay ahead of regulatory trends and avoid practices that regulators increasingly classify as harmful or unfair? Why You Should Listen:As global regulators ramp up efforts to curb manipulative practices, the stakes for businesses and consumers have never been higher. This episode provides practical insights for legal professionals, policymakers, and business leaders navigating the rapidly evolving landscape of digital regulation. Whether drafting policies, advocating for consumer rights, or managing compliance, this episode equips you with the knowledge to stay ahead of the curve. Tune in to The Cyber Lawyer Podcast and join the conversation on the global response to dark patterns and unfair digital practices

In this episode of The Cyber Lawyer, we dive deep into the world of deceptive design—the often invisible tactics tech companies use to manipulate users. We explore dark patterns and how they shape our online behaviors, from influencing purchases to extending screen time through features like infinite scrolling and autoplay. Our discussion includes real-world examples, such as the manipulative use of pre-ticked boxes for data consent, and examines the privacy implications of these tactics. We also break down key regulations like the EU’s GDPR, the Indian Guidelines on Dark Patterns, and the Digital Services Act, comparing them to the more fragmented regulatory approaches in the US. Expert insights shed light on the ethical debate surrounding dark patterns: Are they always unethical, or can they ever be justified? We also highlight the role of consumer awareness and education in combating these practices and suggest ways users can become more savvy in recognizing manipulation online. Finally, we discuss the long-term consequences of these practices on trust in the tech industry. We also examine how companies can rebuild that trust through ethical design principles and compliance with emerging global standards. Join us for a thought-provoking discussion on the hidden power of design and its implications for digital rights, consumer protection, and the future of tech.

In this episode of The Cyber Lawyer, we dive into the EU's newly unveiled draft Code of Practice for general-purpose AI models. This code, crafted by independent experts with insights from top AI providers, sets a groundbreaking framework for AI's ethical development and use across industries. Although still in draft form, the code establishes clear goals, practical measures, and key performance indicators to guide providers in creating AI models prioritising societal values and ethical standards. We’ll explore how this code aligns with the EU AI Act, offering a voluntary path for providers to demonstrate compliance and uphold best practices until official standards are established. Please tune in to discover how this initiative could shape the global AI landscape and what it means for the future of responsible AI innovation in Europe and beyond.

In this episode, we examine the intersection of artificial intelligence and the right to good administration—a fundamental right ensuring that public authorities treat individuals fairly and transparently. As AI systems become more embedded in government processes, from fraud detection to border control, issues of opacity, bias, and accountability arise. We'll explore what "good administration" means in an age where algorithms may drive decisions and examine case studies, like ETIAS, to illustrate the challenges of balancing efficiency with individual rights. Join us for an insightful discussion on the evolving responsibilities of public authorities in safeguarding fairness and transparency in AI-driven decisions.

In this episode, we dive into the emerging threats facing AI systems in medical diagnostics, particularly in computational pathology. As AI models become integral in supporting cancer diagnostics, adversarial attacks—subtle, malicious modifications to data—pose a significant risk, potentially leading to misdiagnoses. We'll explore why specific AI models, like CNNs, are vulnerable to these attacks while newer models, such as Vision Transformers (ViTs), show greater resilience. Join us to uncover how adversarial robustness could be a game-changer in making AI safer and more reliable for medical use.

In this episode, we explore groundbreaking insights into how emotions are conveyed through facial expressions and subtle shifts in facial colour. Recent studies reveal that colour changes in specific areas of the face, linked to variations in blood flow, can communicate emotions as effectively—if not more so—than traditional facial expressions. Join us as we discuss how these colour cues work, the implications for artificial intelligence in emotion recognition, and what this means for our understanding of human empathy and interaction. Discover how this novel approach could redefine fields from psychology to AI, where machines may one day interpret human emotions more nuance and accurately than ever before.

In this episode, we dive into the European Union's approach to consumer protection legislation and policy, focusing on three key documents illustrating the evolution and coordination of enforcement across member states. First, we look back to the 2006 Directive on the free movement of services within the internal market, which aimed to simplify cross-border service provision by reducing barriers for service providers. This directive laid the essential groundwork by defining the scope of services, setting up authorization conditions, and promoting administrative cooperation among EU countries. Next, we explore the 2017 Regulation, which builds on this by establishing a structured framework for cooperation among national authorities tasked with consumer protection. This Regulation explicitly addresses the challenge of cross-border infringements. It enhances the powers of competent authorities through mutual assistance for investigative and enforcement purposes, ensuring more decisive collective action across the EU. Finally, we highlight a European Commission publication detailing the Consumer Protection Cooperation Network. This report showcases the network's significant achievements, such as coordinated sweeps and alert mechanisms that monitor consumer protection issues and ensure timely responses to potential threats. Join us as we discuss how these legislative pillars work together to build a safer, more integrated consumer market across Europe.

In today's episode, we're diving into a significant investigation into Temu, the popular online marketplace, which is now under scrutiny by consumer protection authorities across Europe. Leading the charge, the Netherlands Authority for Consumers and Markets, alongside other European agencies, has launched this investigation into what they suspect are deceptive business practices. The allegations against Temu include the use of fake discounts, pressure-selling tactics, and misleading reviews, along with a lack of transparency around return policies and contact details. Authorities have given Temu a month to respond, asking for specific information on these practices as well as any potentially misleading environmental claims and the methods behind its product rankings. This effort underscores a push to enforce consumer protection standards for non-EU companies, ensuring fair competition within the European market. Interestingly, this investigation is taking place alongside a separate probe by the European Commission under the Digital Services Act, which regulates online platforms in the EU. Today, we'll explore the implications of these parallel investigations and what they mean for e-commerce in Europe. Stay tuned for an insightful discussion!

In this episode, we’re diving into the transparency obligations under the EU’s AI Act for AI-generated content. We’ll explore how the Act requires clear disclosure for certain types of AI-created media, especially deepfakes and AI-generated news. While deepfakes must be marked as artificial, there’s an exception for news articles that have undergone human editorial review. We’ll also look at the growing commercial use of AI and why transparency about AI involvement is essential to avoid misleading consumers and potential legal risks, even if it's not always legally required. Please tune in to learn more about the evolving expectations for AI transparency and what it means for content creators and businesses alike.

In this episode, we’re unpacking the evolving legal responsibilities of online marketplaces regarding trademark law. We start with the landmark CJEU ruling in Louboutin v. Amazon, which changed how and when platforms can be held directly liable for third-party listings that infringe trademarks. From there, we dive into the Digital Services Act (DSA) and its implications, including new due diligence obligations and shifts in liability that require online intermediaries to take a more active role in preventing infringement. We’ll discuss how these developments have created a new legal landscape where online platforms may face significantly increased direct liability for trademark issues. Tune in as we explore what this means for the future of online marketplaces.

In today’s episode, we’re discussing the European Data Protection Board’s (EDPB) newly revised guidelines on the technical scope of Article 5(3) of the ePrivacy Directive. While nearly all EDPB members voted in favour—with just two abstentions—the guidelines are not without controversy. Designed to clarify the EDPB’s authority on this issue, the guidelines have faced criticism for lacking a solid justification of that authority and for falling short in addressing public consultation feedback. Our conversation will explore why some experts believe there could be grounds to challenge these guidelines and the importance of building a solid legal case if pursued. Stay tuned as we unpack the legal and regulatory implications!

In this episode, we're exploring the latest—and final—opinion from the Dutch Data Protection Authority (DPA) and the State Inspectorate for Digital Infrastructure (RDI) on how to oversee AI under the new AI Act. These recommendations to the Dutch government outline a proposed supervisory structure, covering everything from designating market surveillance authorities to setting up a national AI Board secretariat. We'll dive into the key points, including the need for close coordination across national authorities, robust information-sharing, and ensuring adequate resources. Join us as we unpack how the Netherlands is preparing for AI oversight in a way that prioritizes collaboration and transparency!

In today’s episode, we’re diving into the world of the Metaverse and how Meta’s ambitious vision might clash with Europe’s strict data protection laws, specifically the GDPR. With virtual and augmented reality technology, Meta is gathering unprecedented amounts of sensitive user data—everything from biometrics, like how we move, to even the tiniest facial expressions and eye movements. But here’s the big question: is Meta's data collection and processing compliant with GDPR? Our discussion will unpack the authors’ concerns about whether enough safeguards are in place to protect user privacy, especially when processing sensitive information like health data. We’ll also touch on their call for more tailored GDPR guidance to address these new tech frontiers. Stay tuned as we explore what the future of privacy could look like in the Metaverse!

Welcome to Transparency in the Digital Age, where we unpack the latest developments in online platform regulation under the European Union's Digital Services Act (DSA). In this episode, we dive into the recently published guidelines that detail how online platforms, including very large platforms and search engines, can meet the DSA’s transparency reporting requirements. We'll explore what these reports must include, how often they're released, and why they matter for users. Learn how these transparency measures aim to shed light on content moderation practices, user complaints, and the use of automated systems, ultimately promoting accountability in the digital space. Whether you're a tech policy enthusiast or simply curious about how the digital world is being regulated, this episode is for you!

Join us on The Cyber Lawyer this week to explore the EU’s Data Governance Act. We unpack the Act’s practical implications, like creating a register for data altruism organizations and the requirements for ethical data sharing. Discover key terms and the role of the European Data Innovation Board as we delve into the Act's scope and purpose. Please tune in to learn about the legal and ethical framework promoting responsible data sharing for the public good in the EU and how it impacts both organisations and individuals.

In this episode, we explore the complexities of managing risk in the development of digital technologies. As digital tools continue to reshape society, regulators face the challenge of mitigating potential harms proactively. We discuss the limitations of rationality-based regulation and examine a precautionary approach that prioritizes prevention even before definitive evidence of risk arises. Delving into the frameworks of the GDPR and the proposed AI Act, we address the challenges of identifying and assessing new risks, the demand for transparency, and the critical role of human oversight in AI systems. Tune in to explore how we can balance innovation with precaution to create safer digital landscapes.

This episode unpacks the intricate debate over regulating cyberspace. Should we regulate the digital realm, or is it truly ungovernable? We explore two contrasting ideologies—cyberlibertarianism, which champions a hands-off approach, and cyber-paternalism, which advocates for intervention to protect users and society. We delve into the unique challenges of applying physical-world laws to the virtual environment through the lens of Lawrence Lessig’s regulatory modalities—law, social norms, market forces, and architecture. Finally, we discuss the tension between traditional legal frameworks and the very architecture of cyberspace, considering whether a hybrid regulatory approach might offer the most effective path forward in digital governance.

This episode takes listeners on a journey through the evolution of digital regulation—from the internet’s beginnings as an open, unregulated space to today’s complex landscape where platforms like Facebook and Google hold immense influence. We explore how the growth of these platforms has prompted new regulatory frameworks, including the GDPR, Digital Markets Act, and Digital Services Act, aimed at tackling challenges such as misinformation, algorithmic bias, and privacy. Our discussion highlights the delicate balance between protecting users and fostering innovation. We’ll also look toward the future of platform regulation, discussing the ethical considerations of AI and digital markets and asking: How can policymakers create effective regulations for a fast-evolving digital world? What are the historical, current, and future challenges faced in regulating the digital sphere? How do the power and influence of digital platforms—and their use of algorithms—affect individual rights and societal discourse?

In this episode, we delve into the ethical challenges that arise as self-driving cars and AI technologies become integral to our lives. How do these systems "see" the world and make split-second decisions with potentially life-altering consequences? We explore these technologies' potential for bias, errors, and unexpected outcomes. By examining four ethical frameworks—Kantian, Utilitarian, Deontological, and Virtue Ethics—we consider how each might guide responses in situations where autonomous vehicles face unavoidable harm. Join us as we unpack the ethical responsibilities of developers and users alike in our AI-driven future, questioning how we can create a safer, more ethically guided digital landscape.