On 7 March 2025, the Changshu People’s Court (in China’s Jiangsu province) announced that it had recently concluded a case on the topical issue of whether AI-generated works can be protected by copyright. In the case, a plaintiff surnamed Lin used the AI tool Midjourney to create an image, and then Photoshop to further refine it. The image depicted a half-heart structure floating on the water in front of a cityscape, in which the other half of the heart was ‘completed’ by its reflection in the water. The plaintiff posted the image on social media and also obtained copyright registration for the image in China. An inflatable model company and a real estate company posted images substantially similar to the plaintiff’s image on their social media accounts and the inflatable model company’s 1688 online store, and also created a real 3D installation based on the image at one of the real estate company’s projects. The court found for the plaintiff, requiring that the inflatable model company publicly apologise to the plaintiff on its Xiaohongshu (RedNote) account for three consecutive days, and that the defendants compensate the plaintiff for economic losses and reasonable expenses totalling RMB 10,000. Although both the plaintiff and the defendants had rights of appeal, neither party appealed and the decision is now effective.

In reaching its decision, the court first examined the Midjourney user agreement which stipulates that the rights in outputs prompted by users belong to the user with very few exceptions. The court then examined the iterative process by which Midjourney users can modify the prompt text and other details of the output images. On this basis, the court held that the plaintiff’s crafting of their prompt and subsequent modification of the image reflected their unique choices and arrangement, making the ultimate image an original work of fine art protected by copyright. The defendants infringed the copyright in that image by disseminating it online without the plaintiff’s permission and using it without naming the plaintiff as the author. However, the court held that the copyright enjoyed by Lin was limited to the 2D image as recorded in the copyright registration certificate (rather than the idea of the 3D half-heart art installation as depicted in the image); the construction of the physical 3D installation by the defendants based on the central idea of Lin’s work (i.e. a half-heart floating on the water, an idea used by many prior works) did not infringe Lin’s copyright.

In the court’s WeChat post, some illustrative comments were shared from Hu Yue, Deputy Director of the court’s Intellectual Property Tribunal. “The premise for AI-generated content to be recognised as a work is that it should be able to reflect the original intellectual input of a human,” Hu states. He comments that “for creators, this judgement is a ‘reassurance’. It clarifies that creators who use AI tools to create have legal copyright over their works provided that the works have innovative design and expression (…) In addition, this case lawfully determined that the use of the ideas and concepts of another person’s work does not constitute infringement, which avoids overprotection of copyrights and abuse of rights, and is conducive to guiding the people on how to further innovate on the basis of using AI.”

Our comments

Cases involving generative AI and IP issues are going through courts around the world. US cases dominate, particularly on the issue of whether use of copyright works to train an AI model constitutes copyright infringement. However, courts in China have been notable for their boldness on the issue of copyright subsistence. Decisions in 2019 and 2020 from the Shenzhen City Nanshan District People’s Court, the Beijing Internet Court and the Beijing Intellectual Property Court have all found that AI-assisted text-based works could be protected by copyright. Most importantly, the Beijing Internet Court in November 2023 issued a significant decision in which it held that the plaintiff enjoyed copyright in an image generated using the AI tool Stable Diffusion. It was critical to the decision that the plaintiff had engaged in a process of “intellectual creation” by independently designing and refining the features of the image through several rounds of input prompts and parameter adjustments, and by making artistic choices regarding the final outcome. Applying similar reasoning, this latest case from the Changshu People’s Court is the second in China granting copyright protection to AI-generated images reflecting the “original intellectual input of a human”.

The relative willingness of Chinese courts to find subsistence of copyright in AI-generated works created by user prompts can be compared with the position in the United States, in which the United States Copyright Office has refused protection for AI-generated visual artworks in at least four cases. Guidance issued by the Office in March 2023 and January 2025 reiterate that: copyright protects only materials that are the product of human creativity; copyright protection is not available for purely AI-generated content, but human contributions to AI-assisted works are protectable, with protection analyzed on a case-by-case basis; and user prompts alone are insufficient to justify copyright protection for the output. The importance attributed to human input is shared with China, however it is safe to say a global consensus on this issue has yet to emerge.

In the meantime, China is becoming a world leader in both AI innovation and regulation. China’s National Intellectual Property Administration in December 2024 issued guidelines on patent applications for AI-related inventions, providing welcome guidance to firms seeking IP protection for innovations involving or assisted by AI. This follows the National Technical Committee 260 on Cybersecurity’s September 2024 release of an AI Safety Governance Framework, outlining principles for tackling AI-related risks in accordance with a “people-centered approach” and the “principle of developing AI for good.”

Edward Chatterton is a Partner at DLA Piper where he is Global Co-Chair of Trademark, Copyright and Media Group and Co-Head of IPT, Asia

Joanne Zhang is a Registered Foreign Lawyer (New York, USA) in the Intellectual Property & Technology team based in DLA Piper’s Hong Kong office. She is dually qualified in New York, USA, and China.

Liam is a Knowledge Development Lawyer in DLA Piper’s Intellectual Property and Technology group. He is based in the APAC region and focuses on trademark, copyright, media and artificial intelligence issues across the international practice.

The post Another Chinese court finds that AI-generated images can be protected by copyright: the Changshu People’s Court and the ‘half heart’ case appeared first on Society for Computers & Law.

The ICO also wanted to gather views on experiences of implementing good data protection practice, compliance challenges, competing regulatory or legislative priorities and any general data protection concerns.

Recital 38 of the UK GDPR says that

“children merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safeguards concerned and their rights in relation to the processing of personal data.”

The ICO23 strategic plan identifies children as a vulnerable group and protecting them through the responsible use of their information is a current priority.

The review of children’s data processing focussed on the following areas:

• Governance: the measures in place to control the processing of children’s data.
• Transparency: the information given to children which tells them what their data will be used for.
• Use of information: that information is processed, for what purpose and which lawful basis is used.
• Individual Rights: how individual rights relating to children’s data are handled, whether received from children, parents 1 or other third parties.
• Age Verification: the methods used to identify, and verify the age of, children.
• Further contact and marketing:how children are contacted about their accounts and information provided to them about other products and services.

The review focussed on these areas with all participants so that common themes could be identified and included in the report for the benefit of other organisations who carry out similar processing. It summarises evidence of good practice; evidence of risks to data protection compliance; and instances where the ICO found that improvements may be necessary to data practices.

Key findings

Children are important customers for many financial services. Several participants highlighted children’s products as a key area of focus for development as they represent the future customer base for the wider range of products and services offered. The review of processing of children’s data provided the following key findings.

Governance

Most organisations had policies in place to control the use of children’s information. However, there was limited monitoring of compliance with these policies. Nearly all organisations provided data protection training to staff. However, less than a fifth included specific training about the use of children’s information.

Transparency

Only half of organisations reported having age-appropriate privacy information. However, the ICO said the number that it considered to have effective age appropriate privacy information was lower. The examples of privacy information that were suitable for children included age-appropriate language and engaging descriptions of how organisations use their information. The ICO said that the approach taken by several organisations appeared to have passed their own transparency responsibilities onto parents. As a result, there was a significant risk that children are recorded as agreeing to terms and conditions or privacy information that they do not actually understand. Providing privacy information was also often a onetime only exercise and is not revisited as children age and their understanding increases.

Use of information

Most organisations regularly reviewed the categories of children’s data collected to ensure it was limited to what is necessary, particularly for special categories of data. There were effective controls in place to prevent excessive data collection or purpose creep across all organisations observed. Consent was used for some purposes for processing.  However, some organisations asked for parents to provide the consent on behalf of their child in the first instance but failed to keep this consent under review. This means as the child gets older and their ability to understand the processing for themselves increases, the original consent is likely to become invalid until it is refreshed and obtained from the child. 

Individual rights

Respondents reported that requests to exercise the individual rights set out in UK GDPR by, or on behalf of, children are infrequent and low in volume. However, as a result of the issues found with explaining privacy information and their rights to children, parents’ wishes often, unfairly, supersede those of children. In several cases the decision whether to accept requests for children’s information from the child or their parent is made using a predetermined age limit rather than an assessment of the child’s competence.

Age verification

Processes to verify the age of children were robust across all organisations.

Contact (including marketing)

Many organisations provided administrative communications. Nearly all had a policy that prevents marketing to children. The ICO noted that there is limited distinction between parents and children when communications were provided, which was sometimes based simply on whose contact information is available. This creates a high risk of non-compliance with communications and marketing requirements.

The findings of the review of the use of AI and automated decision making in the financial services sector are contained in a separate report.

The post ICO reports on use of children’s data in financial services sector appeared first on Society for Computers & Law.

How does Japan’s technological landscape influence its legal frameworks, and how do those frameworks differ from or align with Western counterparts?

In this episode, host Mauricio Figueroa is joined by two leading legal experts from Japan, Kaori Ishii and Hajime Idei, to explore this complex and often overlooked jurisdiction in the global conversation on tech law. Tune in for an interesting conversation on the intersection of culture, technology, and law in one of the world’s most innovative nations. Listen to the episode here https://bit.ly/3XHA9kf

The Panel:

Mauricio Figueroa is a Mexican legal scholar based in the United Kingdom. His area of expertise is Law and Digital Technologies, and has international experience in legal research, teaching, and public policy. He is the host of the SCL podcast “Privacy and Technology Laws Around the World”.

Kaiori Ishii is a Professor in Chuo University, Faculty of Global Informatics from April 2019.
Before joining Chuo University, her professional experience included roles as a lawyer, in-house counsel, and academic positions at the Institute of Information Security and the University of Tsukuba.
Her research focuses on legal issues related to data protection and privacy across different countries. Her work includes comparative analyses of data protection legislation, exploring insights into the right to privacy, and examining how to harmonize current technological advancements with privacy protections. Recently, she has been interested in the intersection of privacy and data protection with competition law and consumer protection law.
She has been involved in various expert committees under the Cabinet Secretariat, ministries, and local governments in Japan, where she has provided input based on her expertise.

Haime Idei is Japanese lawyer, graduated from Waseda University School of Law. After working at Anderson Mori & Tomotsune, he joined Kotto Dori Law Office (https://www.kottolaw.com/en/). His specialty is entertainment law. He mainly advises the anime, game, AI, and VR industries.
From 2020 to 2023, he was involved in Japan’s Intellectual Property policy as an assistant counsellor at the Intellectual Property Strategy Headquarters of the Cabinet Office.
Since 2022, he has also served as an auditor of the Japanese Animation Society, researching development of Japanese anime culture.
His publications include “The Current State of the Debate on the Copyrightability of AI Creations and Future Legal Practice” (July 2024).

About the podcast

Join host Mauricio Figueroa and guests on a tour of tech law from across the globe. Previous episodes have focused on the use of ‘robot judges’ in several jurisdictions and developments in India and the USA. Future episodes will look at South America, Africa and Europe.

Where to listen

• podcasts.scl.org
• Spotify
• Apple
• Amazon

The post SCL Podcast “Technology & Privacy Laws Around The World” – Episode 4: Japan appeared first on Society for Computers & Law.

What got you involved with AI and judicial decision-making?

Understanding how emerging technologies challenge and redefine many traditionally human decision-making processes is an increasingly important question. There is certainly a concern amongst some that we have given away too much to new AI systems in general, especially when those systems that are largely controlled and disseminated by major technology companies. The bearing that these developments have on the fundamentally human activity of judging disputes in the court is therefore fertile ground for analysis. Deploying AI in possibly the most crucial decision-making context of all – the judicial role – raises fundamental questions regarding the emotional and cathartic elements of delivering justice, respect for the delivery of individualised justice in many cases, and the absence of arbitrariness in decision-making. These questions make us consider the role of the judge in an age where efficiency, cost-saving, and access to justice are increasingly pertinent. There is a certainly a role for AI in the courts, and perhaps in some ‘low-level’ decision-making contexts, but understanding in where and why AI may be appropriate here needs to be answered first.

How did you feel about participating and as a listener, what themes would you like to hear more on?

It was really enjoyable: a great opportunity to explore complex ideas in an accessible format, and it is always rewarding to think about how these discussions might resonate with listeners and a wider audience. The process also gave me a chance to reflect on how to frame key debates in law and technology in ways that inspire curiosity and encourage deeper engagement.

As a listener, I would be particularly interested in themes that critically examine the global impacts of digital technologies, and particularly Generative AI, on law. Exploring how different jurisdictions are grappling with interdisciplinary challenges like data bias, data privacy, and AI benchmarking would provide some great insights. For example, comparing regulatory approaches in the EU, the US, and emerging frameworks in the Global South could highlight how cultural, legal, and political contexts shape responses to technological change.

 Ultimately, topics that unpack the human dimension of digital technologies, whether in terms of access to justice, fairness, or legal certainty, would be particularly compelling. These are the kinds of conversations that could stimulate a richer discussion for academics, legal practitioners, and a wider audience.

Where can we learn more about  learn more about the projects you mentioned in the podcasts?

A good starting point, in the near future, will be the monograph I am working on, which builds on my doctoral research. It examines the limits of AI in judicial decision-making, focusing on what it is about the human act of judging that cannot – and perhaps should never – be replicated by machines. This expands on several of the ideas I touched on during the podcast.

For now, I’d recommend a recent co-authored chapter of mine, available as a preprint, which addresses similar themes. For those interested in further reading, Morison and Harkens’ 2019 paper provides an excellent foundation for understanding many of the issues raised during our discussion. Additionally, Deakin and Markou’s edited collection, Is Law Computable?, is a valuable resource that brings together diverse perspectives at the intersection of AI and law.

I also have a chapter forthcoming in an edited collection on Epistemic Injustice, titled The Algorithmic Construction of Epistemic Injustice. This explores the processes of constructing Large Language Models, unpacking the problematic practices and assumptions that often embed injustice into these systems and perpetuate it in their downstream applications.

Tomás McInerney was in conversation with Mauricio Figueroa. Find out more about them, and to listen to the podcast, visit podcasts.scl.org.

About the podcast

Over the next few months, Mauricio will host a unique series of conversations on tech law from across the globe with scholars and practitioners from different jurisdictions and expert fields.

The next episode in the series, looking at developments in India will be released on 20^th January and touches on the thought-provoking issues of data protection, freedom of expression and algorithmic discrimination, with insights from local experts, with experience in legal practice, academia and technology policy.

Where to listen

• podcasts.scl.org
• Spotify
• Apple
• Amazon

The post Robot Judges podcast: An interview with Tomás McInerney appeared first on Society for Computers & Law.

Sarah Harris, Henry Goodwin and Ashley Winton update the perennial themes of Scrooge to a 21st century setting where Scrooge is struggling to stay relevant…..

Published shortly before Christmas in 1843, Charles Dickens’ A Christmas Carol was an instant hit in 19th century Britain, telling the salutary tale of Ebenezer Scrooge’s personal journey from miserly, cold-hearted man to generous, compassionate philanthrope.

We first meet Scrooge living in wilful ignorance of the needs of those around him, refusing to believe in helping others. This all changes however when he is visited by three ghosts who help him change his ways (demonstrating some highly effective Victorian-era prompt engineering).

Scrooge reforms, making significant differences in the lives of those around him through his newfound generosity.

Now we would like to invite you, Dear Reader, to join us in reimagining if you can (and this won’t be easy), Ebenezer Scrooge as a modern day law firm partner and the Christmas Carol story as a metaphor for digital transformation of the legal industry, driven by visionary law firm partnerships, at first fearing but eventually embracing the potential of new-fangled AI solutions. 

And so back to Dickens…

Struggling to come to terms with the fast changing world around him, Ebenezer despises the festive season. Indifferent to the suffering of others and spurning family invitations to Christmas dinner, he instead prefers to stay in his counting-house (an antiquated term for home office) hoarding his wealth.

[Maybe this isn’t so hard to imagine after all…]

But then our hero receives a visit from his deceased former business partner, Jacob Marley, who issues a stark (profit) warning of the consequences of Scrooge’s selfishness. The retired partner, and closest thing Scrooge ever had to a friend, foretells the impending arrival of three more spirits. But could this all just be a “hallucination”?!

Ghost of Christmas Past

The first spirit to appear takes Scrooge on a journey through his own past, showing him scenes from his childhood and his joyful apprenticeship with the brilliantly named Fezziwig (a great trainee supervisor and lover of 1990’s technology).  

In our parallel legal fantasy world, we see Scrooge misty-eyed with nostalgia as the firm leadership present dictaphones to lawyers as Christmas gifts. He remembers the luxury of a fax machine that scans and stores the pages of every document in its memory (making failed sends a thing of the past), the teletype terminal which has access to an entire library of legal authorities, the first Windows 3.1 PCs complete with WordPerfect, and the soothing melodic ringtone of the firm’s standard Nokia 3310, and of course, his joy at achieving a new high score on “Snake”.

This was a time when all-nighters were a badge of honour, desks groaned with the weight of redlined drafts and bookshelves were stacked with lever arch files concealing closely guarded, top secret precedents.  Meanwhile, the centre of the universe and ‘single source of truth’ for all institutional knowledge resided as much in the all-powerful secretarial pool as in the equity partners’ spacious offices. 

However, nasty rumours soon begin circulating that clients are considering using alternatives to their traditional law firm advisors, that brash, tech savvy, hardworking American lawyers were beating a path to our shores, clutching Blackberries and Palm Pilots and that long lunches were no longer the best way to win work. What’s more, capable junior lawyers, valuable clients and even more precious, legal precedents were now expected to be shared around the firm.  

Ghost of Christmas Present

The second spirit to visit our protagonist reveals alternative contemporary Christmas celebrations, taking Scrooge on a rare trip away from home to visit the warm-hearted Cratchit family, who remain upbeat in spite of highly challenging domestic circumstances, notably the frail health of one of their children, Tiny Tim.

In our parallel universe, Scrooge is prised out of his office to visit the IT department, where he meets the joyful (and suspiciously talented) ‘business services’ family, including CTO ‘Tiny’ Tim Cratch (IT), who demonstrates remarkable resilience in his mission to convert his firm to more efficient, data driven ways of working.

Scrooge has never been to the IT Department before, at least not since it was repurposed from the old wine cellar. The laptops and computers he recognises as the firm standard issue. The software he does not.

Scrooge soon realises however that today’s legal office is a confused and conflicted place, as he witnesses hordes of talented technologists and enthusiastic heads of innovation cheerfully signalling the advancement of technology, while beleaguered employees continue to wrestle with formatting documents in Word or even manually preparing their bundles exactly as they want them. 

Associate disillusionment is growing despite wage increases, as clients continue to put pressure on the billable hour fee model, which somehow still survives against all the odds. 

The business nonetheless persists in its unshakeable belief that the simple passage of time will allow its lawyers to learn things of value to clients through ‘osmosis’, and charge those clients them accordingly. 

New generations of talent rightfully demanding a better work life balance watch presentations on the importance of ‘utilisation’ and ‘recovery’, thinking how strange it all is. They are relying on the goodwill and kindness of soon to be departing equity partners to invest in emerging technology that will ensure a pipeline of bountiful future Christmases.

The most lauded of these new technologies is the mysterious and magical AI, which is self-evidently and rapidly going to take everyone’s job, sapping morale and sowing the seeds of panic across all lawyer grades, even as they dial into the “All I Want for Christmas” office party over Zoom.  

Or maybe AI could instead be the answer to all of their problems? If only they had some time out from re-doing bundles, working through client and matter inception processes and filling out appraisal forms to work out exactly how.

Ghost of Christmas Yet to Come

The final Dickensian spirit presents a grim, dystopian future where Scrooge dies alone and unloved.  He sees his own gravestone (not the transactional kind), prompting a desperate plea for redemption.

Despite the evidence before him, our Scrooge suffers for doggedly refusing to change his outdated ways, a victim of chronic dictation resulting in a shrunken PEP.  

The golden opportunity to leave outdated ways of working behind and to embrace a better, brighter digital roadmap has been squandered, and all lawyers are the poorer for it.  Meanwhile, Scrooge sees himself spending his final non-billable hours at home watching Love Actually on repeat on his VHS, wondering about what could have been. 

Scrooge’s demise is accompanied by the drip, drip of leaking profits and the spectral waft of erstwhile rainmaker partners departing the once hallowed, marbled lobbies of law firms across the country. 

The market has spoken, and the future belongs to alternative tech driven service providers who can better meet client needs with risk adjusted, tech driven approaches that redefine client relationships.

But maybe, just maybe, there could be another way.

The (Digital) Transformation

Scrooge awakens on Christmas morning filled with joy and determination to change. He embraces the spirit of Christmas by generously helping others, including sending a large turkey to Tiny Tim and his family.

Similarly, our alternative Scrooge is infused with a missionary zeal to invest distributable profits for the long term in identifying and implementing digitally enabled ways of working, in turn uniting clients and lawyers alike in a shared vision of financial and spiritual prosperity.

Data now resides in a perfectly beautiful, pristine lake and is accessed effortlessly by all members of the firm to provide in-depth, accurate and risk balanced insights to its clients. 

Billable hours are but a distant memory as associates use AI to unleash the power of the data that they hold, backed up with value based pricing models, in turn allowing them to skip out of the office by 4pm in order to perfect their 5km run time or bake the perfect Victoria sponge.

The Outcome

Both Dickens’ Scrooge and our legal doppelgänger become beloved figures in their community, embracing Tim Cratch (IT)’s legal tech roadmap as his own, basking in the glow of well executed digital transformation and embodying the values of kindness and generosity throughout the years.

And we may well ask ourselves, Dear Reader, why the Dickens shouldn’t this also be the case for our ‘IRL’ law firms of the future?

Let’s all be more like Scrooge 2.0 in 2025. A brighter future awaits!

Ashley Winton is a former computer designer. Having enjoyed over 25 years as a Data, AI and FinTech partner at firms such as White & Case, Paul Hastings, Pillsbury and McDermott Will & Emery, Ashley is now pursuing his dream job of developing the next generation AI powered law firm.

The post AI Christmas Carol 2.0 appeared first on Society for Computers & Law.

In January 2024, the ICO launched its five-part generative AI consultation series. It has now published its consultation response. The series set out to address regulatory uncertainties about how specific aspects of the UK GDPR and the DPA 2018 apply to the development and use of generative AI. It did that by setting out the ICO’s initial analysis of these areas, along with the positions it wanted to consult on.

The ICO retained its position on purpose limitation, accuracy and controllership.

It updated its position on the legitimate interests lawful basis for web scraping to train generative AI models.

It heard that data collection methods other than web scraping exist, which could potentially support the development of generative AI. An example is where publishers collect personal data directly from people and license this data in a transparent way. It is for developers to demonstrate the necessity of web scraping to develop generative AI. The ICO will continue to engage with developers and generative AI researchers on the extent to which they can develop generative AI models without using web-scraped data.

Web scraping is a large-scale processing activity that often occurs without people being aware of it. The ICO says that this sort of invisible processing poses particular risks to people’s rights and freedoms. For example, if someone doesn’t know their data has been processed, they can’t exercise their information rights. The ICO received minimal evidence on the availability of mitigation measures to address this risk. This means that, in practice, generative AI developers may struggle to demonstrate how their processing meets the requirements of the legitimate interests balancing test. As a first step, the ICO expects generative AI developers to significantly improve their approach to transparency. For example, they could consider what measures they can provide to protect people’s rights, freedoms and interests. This could involve providing accessible and specific information that enables people and publishers to understand what personal data the developer has collected. The ICO also expects them to test and review these measures.

The ICO received evidence that some developers are using licences and terms of use to ensure deployers are using their models in a compliant way. However, to provide this assurance, developers will need to demonstrate that these documents and agreements contain effective data protection requirements, and that these requirements are met.

The ICO updated its position on engineering individual rights into generative AI models.

The ICO says that organisations acting as controllers must design and build systems that implement the data protection principles effectively and integrate necessary safeguards into the processing. This would put organisations in a better place to comply with the requirement to facilitate people’s information rights.

Article 11 of the GDPR (on processing which does not require identification) may have some relevance in the context of generative AI. However, organisations relying on it need to demonstrate that their reliance is appropriate and justified. For example, they must demonstrate they are not able to identify people. They must also give people the opportunity to provide more information to enable identification.

The response also highlights areas where the ICO thinks further work is needed to develop and inform its thinking. It also recognises that the upcoming Data (Use and Access) Bill may affect the positions in the paper. Following the changes to data protection law through the Data (Use and Access) Bill, it will update and consult on its wider AI guidance to reflect the changes and include generative AI.

Its final positions will also align with its forthcoming joint statement on foundation models with the Competition and Markets Authority. This statement will touch on the interplay of data protection and competition and consumer law in this complex area.

The post ICO responds to consultation series on generative AI appeared first on Society for Computers & Law.

The court gave a lengthy judgment, acknowledging that this was because the relevant legal points are “novel, contentious or both”. Novel points are not new in this case: in an earlier decision, the High Court gave Mr D’Aloia permission to serve proceedings on the defendants via a non-fungible token on a blockchain and email.

Background

Mr D’Aloia alleged that he was the victim of a cryptocurrency scam orchestrated by the First Defendants (referred to as Persons Unknown Category A). He claimed that he was induced to transfer USDT totalling around £2.5 million, to online wallets controlled by the First Defendants. The funds were then allegedly transferred through various blockchain wallets before being withdrawn by the Seventh Defendants (referred to as Persons Unknown Category B). Other defendants, including a Thai company, Bitkub Online Co Limited (Bitkub), were cryptocurrency exchanges where the Seventh Defendants held accounts.

The primary focus of the trial was on the liability of Bitkub. Mr D’Aloia argued that his cryptocurrency was identifiable as being comprised within the transfer to the ‘82e6 Wallet’ held with Bitkub and could be traced. He alleged that Bitkub held his identifiable cryptocurrency on constructive trust or that it had been unjustly enriched by having received it, and was liable to him accordingly.

In assessing these points, the court considered several issues as to the status and treatment of cryptocurrency under English law.

Are cryptocurrencies property?

The court referred to previous case law, including AA v Persons Unknown [2019] EWHC 3556 (Comm) and Tulip Trading v Van der Laan [2023] EWCA Civ 83, which recognised on (an interim basis) that cryptoassets such as bitcoin could be treated as property. The court also considered academic commentary and the Law Commission’s Digital Assets Final Report, which supported the view that digital assets could be objects of personal property rights. The Law Commission’s report emphasised the need for the legal system to adapt to technological advancements and recognise the proprietary nature of digital assets.

Following a thorough analysis, the court confirmed that USDT is capable of attracting property rights under English law, which aligns with the evolving legal landscape that increasingly recognises the unique characteristics of digital assets.

Can cryptocurrency be, as a matter of law, traced through a mixed fund or followed?

The court noted the distinction between following (tracking the same asset as it moves from hand to hand) and tracing (identifying a new asset as the substitute for the old). These are both methods of locating assets which are, or can be taken to be, an asset belonging to the party asserting ownership of them.

The court comprehensively reviewed the law on tracing in equity and at common law and concluded that it is not possible to trace at common law through a mixed fund. Tracing was available to Mr D’Aloia in respect of his equitable claims and USDT can also be followed as a matter of law, but on the facts, it was not possible to follow the USDT to the 82e6 wallet.

The court scrutinised the tracing process, which involved understanding multiple transactions (or ‘hops’) across various wallets, supported by expert evidence. The court criticised the expert evidence before it, concluding that it was unhelpful and noting, “That is especially problematic in a case such as this, where much turns on their work to understand the flow of funds, if any, from Mr D’Aloia to the 82e6 wallet.” The court found that the methodology of Mr D’Aloia’s expert, Mr Moore, was unclear and inconsistent and concluded that it was not able to rely on the approach taken.

Given the claimant failed to show that any of his funds were received in the 82e6 wallet, the tracing claim against Bitkub failed. The court highlighted the need for precise and reliable evidence in tracing claims, which was not provided in this case.

Was Bitkub unjustly enriched at Mr D’Aloia’s expense?

The court went on to consider whether Bitkub was enriched at the expense of Mr D’Aloia and whether the enrichment was unjust. The court addressed the four questions from Banque Financière de la Cité v Parc (Battersea) Ltd [1999] 1 AC 221: (i) Has the defendant been benefitted, in the sense of being enriched?; (ii) Was the enrichment at the expense of the claimant?; (iii) Was the retention of the enrichment unjust?; and (iv) Are there any defences?

This claim failed on the basis that Mr D’Aloia failed to show that Bitkub was enriched with his USDT (i.e., the enrichment was not at his expense). He did not demonstrate that any of his funds reached the 82e6 wallet.

Did the circumstances give rise to a constructive trust on Bitkub?

The court examined whether a constructive trust could be imposed on Bitkub based on various grounds (the equitable proprietary claim): fraud, vitiated intention (here, due to alleged mistake), rescission of the original contract pursuant to which Mr D’Aloia transferred his funds, and failure of Bitkub to act in a commercially reasonable manner and freeze the account from which payment out of funds was ultimately made, due to suspicious activity.

The court considered each basis in detail and, in short, concluded that while a constructive trust arose over the funds received by the First Defendants (who would be the trustees, not Bitkub), Mr D’Aloia failed to show that Bitkub received any of his funds. The equitable proprietary claim against Bitkub failed. (Interestingly, no claim in knowing receipt or dishonest assistance was pursued by Mr D’Aloia against Bitkub on the facts.)

Concluding thoughts

The court concluded its analysis quite clearly: “Mr D’Aloia has failed to show on the balance of probabilities that any of his USDT ever arrived at the 82e6 wallet. In the circumstances, Mr D’Aloia has no claim against Bitkub because it did not receive anything from him. It holds no trust funds; there is no normatively defective transaction as between Bitkub and Mr D’Aloia to undo.”

Throughout the judgment, the court also noted issues with the pleadings, in that the case advanced was not as pleaded in key respects. In this context, the court noted in its conclusion that no claim for knowing receipt was advanced against Bitkub and as such, “the legal link connecting Mr D’Aloia with Bitkub is simply missing from his claim”.

This judgment will provide a particularly useful reference point for other claims of this nature involving crypto fraud, especially where the fraudsters themselves cannot be identified and the victim of the fraud looks to pursue the currency exchanges in the chain. As demonstrated, clear analysis and interrogation of the legal and evidential links to these entities on the facts of each case are of key importance. 

Duran Ross, partner, Lewis Silkin and Nicola Thompson, senior practice development lawyer, Lewis Silkin

The post High Court considers cryptocurrency status in English law and key aspects of cryptocurrency fraud claims appeared first on Society for Computers & Law.

The RIO will initially support the growth of four fast-growing areas of technology before supporting further technologies and sectors as the RIO evolves. These are:

• Engineering biology – this uses synthetic biology and biotechnology to create new products and services derived from organic sources. These technologies can improve health with new treatments like innovative vaccines, help create cleaner fuels and make food production more efficient and sustainable such as through pest resistant crops and cultivated meat.
• Space – the UK’s space industry is growing fast, supporting everything from GPS on phones to communication systems, as new innovations improve weather forecasting and disaster response systems. To sustain this growth, regulatory reform is needed for greater agility and clarity to help foster competition, encourage investment, and open market access.
• AI and digital in healthcare – AI could revolutionise healthcare delivery so that doctors can diagnose illnesses faster and improve patient care. It could help run hospitals more efficiently with medical staff able to spend less time on administration, cutting waiting times and it could enable more personalised medicines, tailoring treatment to individuals. The RIO will support the healthcare sector to deploy AI innovations safely, improving NHS efficiency and patients’ health outcomes.
• Connected and autonomous technology – autonomous vehicles like drones can deliver emergency supplies to remote areas quickly and efficiently and work to approve this technology could play a key part in supporting emergency services. Greater support could also enable more drones to be used by businesses across the UK.

These technologies do not fit neatly into existing regulatory frameworks which can mean a slower process in getting them onto the market. The new Office will work closely with government departments including the Department for Transport, the Department for Health and Social Care, and the Department for Environment Food and Rural Affairs to address regulatory barriers in these initial growth areas.

The new office will also bring regulators together and working to remove obstacles and outdated regulations.

The post UK Regulatory Innovation Office launched appeared first on Society for Computers & Law.

A competition to hear ideas from students and prospective trainees on how the law can embrace sustainability principles.

The challenge we set: Which legal, environmental, social, or governance issue can be resolved with improved technology and how?

The Dragons
Our Dragons are experts in the field of technology, ESG, and the law. 

Neil Brown, Managing Director, decoded:legal
Lisa McClory, Digital Technologies Lead, D2 Legal Technology
Alessandro Galtieri, Deputy General Counsel, Colt Technology Service Group Ltd

We had three fantastic finalists for the competition who each submitted a video pitch with their suggested solution to the challenge. You can see their pitches here.

The judges were incredibly impressed with all submissions to the Green Dragon’s Den competition and greatly enjoyed hearing from all applicants. It has been fantastic to see such a broad range of ideas across different fields of ESG, and this has not made the judges’ task easy!

We would like to extend our thanks to all the entrants for putting together such interesting and thought-provoking presentations.

The chosen winner and detailed feedback to all finalists is below….

The Dragons are pleased to announce that the winner of this year’s Green Dragon’s Den competition is Vathmie Vanditha Widyalankara (Vandy) of Queen Mary University of London, who provided an engaging presentation on the opportunities to use AI-powered pro bono services to catalyse positive change in legal advice services.

Vandy provided a well-considered introduction to the current challenges in law centres and legal advice clinics, also setting out how AI might provide a solution, including by streamlining client triaging, providing AI-powered formfilling, using AI chatbots and AI legal assistants. Vandy dealt with some of the challenges and risks of leveraging AI technology, including privacy concerns around use of sensitive data, algorithmic bias and the crucial need for oversight and effective governance to combat potential fabrication by AI tools and protect consumers from risks.

Vandy demonstrated a good grasp of complex technologies, including differential privacy, and the judges were impressed with the way in which she was able to explain them.

Our two joint second-place finalists (in alphabetical order) are:

Diana Al Mejamai of the University of Newcastle
The Dragons were impressed with Diana’s explanation of the opportunity for AI and algorithmic technology to provide a tracking and early-detection solution to detect methane leaks across the national gas network. We found Diana’s explanation of the problem to be well presented and informative, with good coverage of the links to wider legal frameworks and economic factors associated with net zero. It was interesting to hear about the potential to use predictive technology to anticipate potential leaks.

Jared Higgins of the University of Sussex
The Dragons found Jared’s talk to be an interesting and informative review of end-to-end encryption technology, covering the difficult human rights and policy challenges in this area. Jared presented a solution focused on the use of encryption technology by Politically Exposed Persons. Jared dealt well with the balance of positive and potentially negative effects of introducing this use case for E2E technology, including the potential impacts on law enforcement and anti-corruption efforts.  We were impressed with the clarity of Jared’s thinking in terms of differentiating between general purpose chat applications, which we understood to be outside the scope of his talk, and specific applications to be used for official business by politically exposed persons.

The winning entrant has won a work experience placement at Colt and each finalist has won a free place at the SCL Annual AI Conference on 8 October in London.

The post Winner is announced for the SCL Tech Law ‘Green’ Dragons’ Den Competition appeared first on Society for Computers & Law.

Software development that built on existing code qualified as R&D

In Get Onbord Ltd (in Liquidation) v HMRC [2024] UKFTT 617 (TC) the First-tier Tribunal held that expenditure incurred by a company when it developed a new AI-based analytical process qualified for R&D tax relief. The project built on existing material, but its aim was to advance overall scientific knowledge by resolving an existing uncertainty, in this case to see if it was scientifically possible to automate an existing manual process.

Ofcom calls for evidence on Media Act 2024 listed events regime

Ofcom has called for evidence about the changes made by the Media Act 2024 to the listed events regime. The Media Act makes significant changes to the listed events regime. Instead of being restricted to traditional broadcast channels, the new regime will include any services which can be used to show live coverage of listed events to audiences in the UK, including the Public Service Broadcasters’ on-demand players, global media platforms and other internet-based streaming services. The Act also changes the definition of qualifying services to include only services provided by PSBs. All other services are non-qualifying. The regime aims to make sure that, where rights to a listed event are being sold, they are offered to both a qualifying and non-qualifying service. As part of implementing these changes, Ofcom is required to define several terms used in the regime such as “live coverage”, “adequate live coverage” and “adequate alternative coverage”.’ Ofcom must also revise its guidance to broadcasters on the listed events rules. Ofcom seeks evidence about how viewing of listed events has been affected changes in audiences’ viewing preferences, technology, and the wider media landscape. It is also interested in how rights for listed events are packaged and sold.? Views are sought by 26 September. Ofcom will consult further in 2025.

Ofcom consults on its General Policy on Information Gathering

Ofcom is consulting on a proposed update to its general information gathering policy, which explains how it will exercise its powers.  It is required by the Communications Act 2003, Wireless Telegraphy Act 2006 and Postal Services Act 2011 to publish a statement of general policy on the exercise of its statutory information gathering powers. Its existing policy on information gathering was published in March 2005. It consulted on changes in 2015 which led to significant changes. It considers that now is an appropriate time to update the policy to reflect its new processes and additional powers. This policy will not apply where it has separately set out how it intends to use its powers, for example, under the Network and Information Systems Regulations 2018. It also plans to consult on separate standalone guidance on how we will exercise our new information gathering powers under the Online Safety Act 2023. This consultation ends on 30 September 2024.

Ofcom prohibits inflation price increases for contracts

In 2023, Ofcom consulted on making changes to its General Conditions to require providers, where they apply in-contract price rises, to set these out upfront, in pounds and pence, at the point of sale. It has now published a statement on its decision to proceed with these changes. When new rules come into effect, they will prohibit providers from including inflation-linked or percentage-based price rise terms in new contracts. Providers must draw information about in-contract price rises information to the customer’s attention prominently before they are bound by the contract, in a clear and comprehensible manner (including during a sales call or other verbal sale such as an in-store sale) to enable them to make an informed choice. Providers must also set out when any changes to the monthly price will occur. Providers may increase their prices during the contract period and the new rules do not restrict their ability to set the level of their prices. However, the rules will prohibit providers from including inflation-linked, or percentage-based, price rise terms that apply to the Core Subscription Price in new contracts. This aims to give consumers clarity and certainty about the price they will pay, helping them choose the best deal for their needs. Ofcom is also issuing guidance on the new rules which includes examples of how providers could present any in-contract price rises at the point of sale. The new rules and guidance will apply to new contracts from 17 January 2025.

Ofcom concludes investigation into BT following 999 emergency call service outage on 25 June 2023

Ofcom has issued its decision to BT under section 96C of the Communications Act 2003 regarding the outage in June 2023. This affected BT’s ability to connect calls to emergency services. Ofcom has found that BT has contravened section 105A(1)(c) of the Act and Regulation 9 of the Electronic Communications (Security Measures) Regulations 2022 by failing to take appropriate and proportionate measures to prepare for “security compromises” in its provision of Emergency Call Handling Services (ECHS). This contravenes some of the Security Duties that apply to BT which are in place to protect the security and resilience of the UK’s public networks and services. Ofcom has found that BT did not adequately prepare for the occurrence of an outage of the ECHS. As a result, it is imposing a financial penalty of £17.5 million on BT. This penalty was set having regard to its Penalty Guidelines and includes a 30% discount because of BT’s admission of liability and its completion of Ofcom’s settlement process.

Red Teaming for GenAI Harms – Revealing the Risks and Rewards for Online Safety

Generative AI applications are creating significant benefits for users but also pose risks, such as child sexual abuse material, low-cost deepfake adverts and synthetic terrorist content. Ofcom is exploring how online services could employ safety measures to protect their users from harm posed by GenAI. One such safety intervention is red teaming, a type of evaluation method that seeks to find vulnerabilities in AI models. This involves “attacking” a model to see if it can generate harmful content. The red team can then seek to fix those vulnerabilities by introducing new and additional safeguards, for example, filters that can block such content. Ofcom has published a discussion paper in which explores how Red Teaming differs from other evaluation techniques; unpacks the steps involved in a red team exercise; outlines a case study which illustrates the potential resource required; assesses the strengths and limitations of this method and set out ten practices that firms can adopt to maximise the impact of red teaming exercises they already conduct.  Ofcom will continue to examine the merits and limitations of red teaming.

DJ software deal abandoned

AlphaTheta and Serato have abandoned their proposed deal. The CMA has therefore cancelled its Phase 2 merger investigation into the deal. AlphaTheta is involved in the manufacture of DJ equipment, including mixers, controllers, DJ players and all-in-one systems under the Pioneer DJ brand, and both parties supply DJ software for laptop and desktop applications globally. The merger was conditional on receiving merger control clearance from the New Zealand Commerce Commission. As the New Zealand Commerce Commission has declined clearance of the Merger, AlphaTheta and Serato have decided to abandon the deal. On that basis, the CMA has cancelled its investigation.

IPO launches one-stop SEPs Resource Hub

The IPO has launched a new Standard Essential Patents (SEPs) resource hub for businesses in the UK. It is widely accepted that SEPs are of growing importance to the UK economy, as they enable the development and implementation of innovative technologies across key sectors by ensuring that technologies are accessible and interoperable. However, there are challenges when licensing SEPs. These may include knowledge and information gaps between SEP holders and SEP implementers, concerns around a lack of transparency, and around the effective use of dispute resolution services. The Hub aims to help businesses improve their understanding of the SEPs ecosystem. It provides guidance and highlights other resources. The Hub forms part of a package of non-regulatory actions from the UK IPO to help achieve greater transparency and balance within the SEPs ecosystem, and to improve how the market functions for those who interact with it. These include working with other jurisdictions around the world to encourage greater collaboration and co-ordination on SEPs policy, and taking positive steps to engage and collaborate with Standard Development Organisations, particularly with regard to their IP rights policies.

CMA issues update on Google Privacy Sandbox investigation

Google has announced that it is changing its approach to Privacy Sandbox. Instead of removing third-party cookies from Chrome, it will be introducing a user-choice prompt, which will allow users to choose whether to retain third party cookies. The CMA will now work closely with the ICO to carefully consider Google’s new approach to Privacy Sandbox. The CMA welcomes views on Google’s revised approach, including possible implications for consumers and market outcomes.

Joint Statement on competition in generative AI foundation models and AI products published

The competition authorities of the UK, EU and US have published a joint statement on competition in generative AI foundation models and AI products, setting out their joint commitment to working together to protect competition and consumers. The statement sets out key principles to support competition, protect consumers and help businesses to innovate and thrive. The statement marks the latest step in the CMA’s work on AI foundation models. In April 2024, the CMA published an update which set out six principles to support competition and consumer protection as AI foundation models continue to be developed and deployed.

ICO acts against school for using facial recognition technology

The ICO has taken action against Chelmer Valley High School in Essex for introducing facial recognition technology (FRT) to take cashless payments. The school first started using FRT in March 2023 to take cashless canteen payments from students. However, the school failed to carry out a data protection impact assessment before using the technology. The ICO found that the school relied on assumed consent and affirmative ‘opt-in’ consent wasn’t sought at this time. The law does not deem “opt out” a valid form of consent and requires explicit permission. The school failed to consult with parents, guardians, students or the data protection officer before implementing the technology.

EU law

IAB Europe sends position paper to EDPB on “Consent or Pay” model

The Interactive Advertising Bureau (IAB) Europe has sent a position paper to the European Data Protection Board outlining key concerns and recommendations in connection to the EDPB’s Opinion about consent or pay models and connected with the EDPB’s upcoming draft Guidelines intended to have a broader scope. IAB has also published its significant concerns regarding the European Parliament’s and European Council’s positions on the GDPR procedural regulation. As the trilogue discussions are anticipated to begin later this year, IAB Europe emphasises the need to address key issues to ensure practical and effective regulatory implementation.

The post This Week’s Techlaw News Round-up appeared first on Society for Computers & Law.