Issue 2 / 2024

In the current CRi issue 2 (publication on: 15. Februar 2024) you find the following articles and case law:



Li, Qian / Kollnig, Konrad, Data Scraping for the Training of Generative AI, CRi 2024, 33-41

The collection of data from websites at great scale – so-called data scraping – is the foundation for ChatGPT and most other Generative AI (GenAI) tools. Much of the previous discussion on the regulation of GenAI has focused on the US and EU and not so much on more technical aspects like data scraping. In response, this article focuses on the regulation of data scraping to build and deploy GenAI in China, and reviews applicable regulation and case law. We find that the sectoral approach to AI regulation in China provides important insights into balancing technological progress and societal values, diverging from the laissez-faire attitude in the US and the horizontal approach with the AI Act in the EU.

Beardwood, John, There’s a Strong Wind a’Blowing re Security Disclosures: Lessons Learned from SolarWinds, CRi 2024, 41-52

For years now, we have been advising clients to be cautious about including overly broad, or overly detailed, statements in their online privacy policies, noting that the FTC has in the past interpreted such statements as being representations to the market – such that false or misleading statements made therein could constitute misrepresentations. This article proves the background to the SEC complaint (I.); provides a overview of the SEC complaint’s critique of the online security statement published by SolarWinds, and the security disclosures in the securities filings of SolarWinds (II.); outlines the challenges posed by the SEC approach in the SEC complaint and the resulting blowback, in particular from chief information security officers (III.); highlights three key lessons learned from the SEC complaint (IV.); and concludes (V.) with a warning as to what this means for organizations publishing online security statements.

Case Law

CJEU v. 5 March 2024 - C-755/21 P, EU: Non-Material Damages for Unlawful Data Processing by Europol, CRi 2024, 53-57

CJEU v. 14 December 2023 - C-456/22, EU: Requirements for Non-Material Damage Caused By GDPR Infringement, CRi 2024, 57-58

UK Supreme Court v. 20 December 2023 - [2023] UKSC 49, UK: No Patentability of AI – Machine Powered By AI Neither Inventor Nor Proprietor of Patent, CRi 2024, 58-62

Civil Resolution Tribunal v. 14 February 2024 - 2024 BCCRT 149, Canada: Liability of Enterprise for Advice Provided By Its Chatbot, CRi 2024, 62-64

Verlag Dr. Otto-Schmidt vom 12.04.2024