14 – 16 April 2021
We are present at the annual conference of the British and Irish Law Education and Technology Association and present the following papers:
Sandra Schmitz/Stefan Schiffner: “Every Student Can Learn, just not on the same Day” – Data Protection and Cybersecurity Challenges for E-Learning Platforms
Abstract
When George Evans stated that every student can learn, just not on the same day, he had probably not in mind the despair of pupils trying to access an e-learning platform. With the COVID19 crisis, online learning became an everyday commodity almost overnight; however, not all schools were prepared to swiftly switch from in class to remote teaching. Concerns were raised with regard to data protection and cyber security, which in some cases led to the implementation of “home-made” solutions. Taking the example of the federalist state of Germany, where education is within the sole competence of the Länder, this paper will explore the functioning and technical implementation of a variety of e-learning platforms before data protection concerns are addressed. We will then explore whether the NIS Directive, which foresees similar security requirements as the GDPR, is applicable to the diverse models, and outline the consequences. In light of the acceleration of the revision of the NIS Directive due to the COVID-19 crisis, we take the example of learning platforms to outline the flaws of the 2016 Directive before we critically evaluate some aspects of the NIS 2.0 proposal of December 2020.
Archana Kumari/Stefan Schiffner/Sandra Schmitz: Ready , Steady, Go! A techno-legal analysis on Software Maturity Assessment
Abstract
State of the Art is generally understood as the highest level of general development, as of a device, technique, or scientific field achieved at a particular time. The notion is also widely used in legislation. Most recentlythe General Data Protection Regulation and the Network and Information Systems Directive refer to state of the art when determining the appropriate level of protection measures. As of date EU legislation lacks a definition of state of the art, although the notion is commonly referred to in particular in relation to cybersecurity. This leaves software designers with the open question how to measure whether a technology constitutes “state of the art”. We will approach the matter of “state of the art” from a technical persepective and outline how the so called Technology Readiness Level (TRL) assessment has been deployed in order to determine the state of the art. TRL is a means to mitigate production risks with NASAs TRLs being, in fact, a de facto industry standard. While TLR assessments provide a systematic evaluation process resulting in meaningful metrics, they leave an inherent gap in their definition, ie they do not allow for individual interpretation on maturity levels, which include the IT products quality. We will show how this may result in a mismatch of legal aim and technological reality that not only poses a risk in terms of legal compliance but as a consequence also leads to weaker protected systems than otherwise possible.
The 2021 BILETA conference will be online and is supported by University of Newcastle Law School.
Conference page: https://www.bileta.org.uk/conference-2021/