- Email: [email protected]
Legal aspects of Information Technology
Comput, Environ. and Urban Systems, Vol. 13, pp. 201-205, Printed in the USA. All rights reserved.
01989715/89 $3.00 + .oo Copyright 0 1989 Pergamon Press plc
1989
LEGAL ASPECTS OF INFORMATION
TECHNOLOGY
Peter Seipel The Swedish Law & lnformatics Research Institute University of Stockholm
AN OUTLINE OF THE PRESENTATION
Figure 1 illustrates the structure of the presentation. The white circle represents “Data Law” or “Information Law” and the black “bull’s eye,” a specific problem to which we will devote particular attention. SOME COMMENTS
ON DATA LAW IN GENERAL
Data law is a new field of law. In the Scandinavian countries it is being developed within the academic discipline of “law and informatics.” Data law is concerned with the various problems caused by the increasing use of IT by both public and private organs. It has a number of main areas but there is no general agreement on how the field should be delimited and structured. In my own view the following five subfields may be distinguished (see Figure 2). Acquisition
of IT Products and Services
The development of different standard contracts: large computer systems, small computers, standard programs, consulting services, database services, EDP insurances, and so on. Specific legal solutions and concerns: acceptance tests, customer dependency on the vendor, responsibilities of the parties (who can be expected to be the expert?). Information is often in focus. This creates particular difficulties regarding such matters as ownership, protection against third parties and quality requirements. Example: An employee has developed a data base application for a local authority. Later, both the authority and the employee find that the basic ideas have a commercial value. Are there any rights involved? Who is the owner of these rights? The Information
Market: Telecommunications
The information market is changing, new products and services are being developed and we find new distribution systems and new roles for the market participants.
Requests for reprints should be sent to Peter Seipel, The Swedish University of Stockholm, S-106 91, Stockholm, Sweden. 201
Law & Informatics
Research
Institute,
202
P. Seipel
Data Law or Information Law
Access to Public Documents
FIGURE 1. The Structure
of the Presentation.
Example: The selling by public authorities of data from their various administrative files. As for telecommunications, one problem has concerned so called value-added services. There are hybrids between conventional communications services and information services: The former emphasize transportation of messages, the latter the contents of messages. Automation
of Public Administration
Some of the issues: automated and computer assisted decision making as compared with rules concerning procedural matters, distribution of competences, error detection and correction, and contacts with the general public. Another angle: How can IT be used to improve the quality of legal decisions and to strengthen the rule of law? Example: Is it possible to have a computer program reviewed by a higher organ when a claimant maintains that the program contains an inaccurate construction of a particular statute? What would be the consequences? Is it necessary to develop new kinds of mechanisms for appeal?
Acquisition of IT Products and The Information Telecommunications
Public Adminisbation Information FIGURE 2. The Main Subfields of Data Law.
Legal Aspects of IT
Freedom
203
of lnfofmation
What does government in the sunshine mean in the light of IT? How should traditional media law be applied to media such as “electronic journals” and “teleconferences”? Can meetings of decision-making bodies, political and others, take place in electronic form? Example: What “electronic documents” should be accessible under laws which give citizens a right to inspect the files of public authorities? Security and Vulnerability The protection of individual privacy is perhaps the most widely known problem in this field. But there are many others. Computer crime, protection of trade secrets and business information, errors in automated systems may also be mentioned. Example: Who is responsible for files containing personal data which are created by an employee as a tool for his or her individual work? Is Data Law a New Field of Law? Data law comprises problems of all kinds (see Figure 3). In conclusion, then, to the extent that we find problems in the upper right square it may be said that data law represents a new field of law. However, this question is not as important as the question of whether there is a practical need for specialist knowledge in the field. If we look into it, such needs are perhaps more important than theoretical reasons when it comes to distinguishing and delimiting fields of law. ACCESS TO ELECTRONIC
INFORMATION
Laws on access to documents held by public authorities may be found in a growing number of countries among them, the Scandinavian countries, U.S.A., Canada, France, Australia, and Holland. A common problem is how to deal with data stored in computers. Three approaches follow: a) To exclude computerized of the Public Documents b) To include in a general Supreme Administrative c) To develop special rules 1986).
records entirely (e.g., Finland before the latest revision Act of 1951). way electronic records (Sweden after a decision by the Court in 197 1). for electronic data (Norway: Government decree of
The third approach is also a third stage of development, and experiences in many countries indicate that it is necessary to analyze the situation and introduce special, detailed rules with regard to electronic data. Some factors to be taken into consideration are: 1. The basic unit which can be accessed. 2. The form in which data can be handed out. 3. The rights of the public to search for data.
204
P. Seipel
General Matters taxation of
I
.,
ition Traditional Problems
~$$jy.’ . ......‘....” .. .._..G . .:.:-,..: . .:..J. ..:‘..’ .:..,.*..:.‘.‘A,::’
computer 3~~’ f:,,.,,::’ .:: ‘y&j breakdown insurance I I Dehiled’Matters FIGURE 3. The Characteristics
of Data Law.
The following are some comments on these factors: First, characteristics of paper documents: a stable, natural delimitation of information units, the physical order decides narrowly what can be accessed. Electronic information: changeable patterns, no general, technical basic unit (bits can be assembled into numerous logical units on higher levels); the logical order is more important than the physical order. In consequence, it is necessary to look for new ways of delimiting the basic units which may be accessed. Two strategies may be mentioned: l
l
The idea of “analog documents,” an electronic unit which corresponds to a conventional unit of text. The search for new criteria: e.g., information which may be produced by using computer hardware and software and technical expertise normally used by the authority (“the routine test”).
Emphasis is shifted away from data media (the disk, the tape, etc.) to the procedure that generates information. This procedure may be characterized as (a) “pure retrieval,” (b) “retrieval in a broad sense,” and (c) “pure data processing.” Consider the following three cases: l
l
l
A request for a record in a social security file containing information about a particular individual. A request for information about the number of individuals who have received social security support during the last six months. A request that a program for analyzing social security needs in a community be run with data supplied by the applicant.
Second, when citizens have a right of access to computer records there remains to decide in what form. Paper printouts and presentation on display terminals are both natural forms. Whether the right should also include a right to demand the handing out of machine-readable data is a more sensitive matter. There are the problems of threats to personal privacy and of commercial uses of data which have been collected for administrative purposes. Third, the right to search has traditionally been rather weak-an underdeveloped
Legal Aspects of IT
205
feature of laws on access to public documents. The reason has to do with the limited capability of paper-based files when it comes to searching. Computers have changed the situation dramatically and give rise to the question of whether the right to search should not be an explicit part of the right of access. The Swedish solution: an annexed, weaker right. Many limitations: no risk that data can be destroyed or manipulated, no risk that data which have not yet become public can be assessed, no risk that secret data can be accessed, no interference with the day-to-day activities of the public authority. CONCLUDING
REMARKS
The introduction of IT into local government has been and will continue to be accompanied by fundamental changes with regard to legal regulation. Data networks, electronic mail and conferencing systems, decision support systems, electronic archives and so forth cause perhaps more deep-going changes in the legal situation than most people understand. Actually, we are on our way to creating a new legal infrastructure for local government activities of all kinds.
01989715/89 $3.00 + .oo Copyright 0 1989 Pergamon Press plc
1989
LEGAL ASPECTS OF INFORMATION
TECHNOLOGY
Peter Seipel The Swedish Law & lnformatics Research Institute University of Stockholm
AN OUTLINE OF THE PRESENTATION
Figure 1 illustrates the structure of the presentation. The white circle represents “Data Law” or “Information Law” and the black “bull’s eye,” a specific problem to which we will devote particular attention. SOME COMMENTS
ON DATA LAW IN GENERAL
Data law is a new field of law. In the Scandinavian countries it is being developed within the academic discipline of “law and informatics.” Data law is concerned with the various problems caused by the increasing use of IT by both public and private organs. It has a number of main areas but there is no general agreement on how the field should be delimited and structured. In my own view the following five subfields may be distinguished (see Figure 2). Acquisition
of IT Products and Services
The development of different standard contracts: large computer systems, small computers, standard programs, consulting services, database services, EDP insurances, and so on. Specific legal solutions and concerns: acceptance tests, customer dependency on the vendor, responsibilities of the parties (who can be expected to be the expert?). Information is often in focus. This creates particular difficulties regarding such matters as ownership, protection against third parties and quality requirements. Example: An employee has developed a data base application for a local authority. Later, both the authority and the employee find that the basic ideas have a commercial value. Are there any rights involved? Who is the owner of these rights? The Information
Market: Telecommunications
The information market is changing, new products and services are being developed and we find new distribution systems and new roles for the market participants.
Requests for reprints should be sent to Peter Seipel, The Swedish University of Stockholm, S-106 91, Stockholm, Sweden. 201
Law & Informatics
Research
Institute,
202
P. Seipel
Data Law or Information Law
Access to Public Documents
FIGURE 1. The Structure
of the Presentation.
Example: The selling by public authorities of data from their various administrative files. As for telecommunications, one problem has concerned so called value-added services. There are hybrids between conventional communications services and information services: The former emphasize transportation of messages, the latter the contents of messages. Automation
of Public Administration
Some of the issues: automated and computer assisted decision making as compared with rules concerning procedural matters, distribution of competences, error detection and correction, and contacts with the general public. Another angle: How can IT be used to improve the quality of legal decisions and to strengthen the rule of law? Example: Is it possible to have a computer program reviewed by a higher organ when a claimant maintains that the program contains an inaccurate construction of a particular statute? What would be the consequences? Is it necessary to develop new kinds of mechanisms for appeal?
Acquisition of IT Products and The Information Telecommunications
Public Adminisbation Information FIGURE 2. The Main Subfields of Data Law.
Legal Aspects of IT
Freedom
203
of lnfofmation
What does government in the sunshine mean in the light of IT? How should traditional media law be applied to media such as “electronic journals” and “teleconferences”? Can meetings of decision-making bodies, political and others, take place in electronic form? Example: What “electronic documents” should be accessible under laws which give citizens a right to inspect the files of public authorities? Security and Vulnerability The protection of individual privacy is perhaps the most widely known problem in this field. But there are many others. Computer crime, protection of trade secrets and business information, errors in automated systems may also be mentioned. Example: Who is responsible for files containing personal data which are created by an employee as a tool for his or her individual work? Is Data Law a New Field of Law? Data law comprises problems of all kinds (see Figure 3). In conclusion, then, to the extent that we find problems in the upper right square it may be said that data law represents a new field of law. However, this question is not as important as the question of whether there is a practical need for specialist knowledge in the field. If we look into it, such needs are perhaps more important than theoretical reasons when it comes to distinguishing and delimiting fields of law. ACCESS TO ELECTRONIC
INFORMATION
Laws on access to documents held by public authorities may be found in a growing number of countries among them, the Scandinavian countries, U.S.A., Canada, France, Australia, and Holland. A common problem is how to deal with data stored in computers. Three approaches follow: a) To exclude computerized of the Public Documents b) To include in a general Supreme Administrative c) To develop special rules 1986).
records entirely (e.g., Finland before the latest revision Act of 1951). way electronic records (Sweden after a decision by the Court in 197 1). for electronic data (Norway: Government decree of
The third approach is also a third stage of development, and experiences in many countries indicate that it is necessary to analyze the situation and introduce special, detailed rules with regard to electronic data. Some factors to be taken into consideration are: 1. The basic unit which can be accessed. 2. The form in which data can be handed out. 3. The rights of the public to search for data.
204
P. Seipel
General Matters taxation of
I
.,
ition Traditional Problems
~$$jy.’ . ......‘....” .. .._..G . .:.:-,..: . .:..J. ..:‘..’ .:..,.*..:.‘.‘A,::’
computer 3~~’ f:,,.,,::’ .:: ‘y&j breakdown insurance I I Dehiled’Matters FIGURE 3. The Characteristics
of Data Law.
The following are some comments on these factors: First, characteristics of paper documents: a stable, natural delimitation of information units, the physical order decides narrowly what can be accessed. Electronic information: changeable patterns, no general, technical basic unit (bits can be assembled into numerous logical units on higher levels); the logical order is more important than the physical order. In consequence, it is necessary to look for new ways of delimiting the basic units which may be accessed. Two strategies may be mentioned: l
l
The idea of “analog documents,” an electronic unit which corresponds to a conventional unit of text. The search for new criteria: e.g., information which may be produced by using computer hardware and software and technical expertise normally used by the authority (“the routine test”).
Emphasis is shifted away from data media (the disk, the tape, etc.) to the procedure that generates information. This procedure may be characterized as (a) “pure retrieval,” (b) “retrieval in a broad sense,” and (c) “pure data processing.” Consider the following three cases: l
l
l
A request for a record in a social security file containing information about a particular individual. A request for information about the number of individuals who have received social security support during the last six months. A request that a program for analyzing social security needs in a community be run with data supplied by the applicant.
Second, when citizens have a right of access to computer records there remains to decide in what form. Paper printouts and presentation on display terminals are both natural forms. Whether the right should also include a right to demand the handing out of machine-readable data is a more sensitive matter. There are the problems of threats to personal privacy and of commercial uses of data which have been collected for administrative purposes. Third, the right to search has traditionally been rather weak-an underdeveloped
Legal Aspects of IT
205
feature of laws on access to public documents. The reason has to do with the limited capability of paper-based files when it comes to searching. Computers have changed the situation dramatically and give rise to the question of whether the right to search should not be an explicit part of the right of access. The Swedish solution: an annexed, weaker right. Many limitations: no risk that data can be destroyed or manipulated, no risk that data which have not yet become public can be assessed, no risk that secret data can be accessed, no interference with the day-to-day activities of the public authority. CONCLUDING
REMARKS
The introduction of IT into local government has been and will continue to be accompanied by fundamental changes with regard to legal regulation. Data networks, electronic mail and conferencing systems, decision support systems, electronic archives and so forth cause perhaps more deep-going changes in the legal situation than most people understand. Actually, we are on our way to creating a new legal infrastructure for local government activities of all kinds.