RESEARCH HANDBOOK ON INFORMATION LAW AND GOVERNANCE RESEARCH HANDBOOKS IN INFORMATION LAW The volumes in the Research Handbooks in Information Law series examine the legal dimen- sions of issues arising out of an increasingly digitalized world. Edited by leading scholars in their respective fields, they explore such topics as data protection, advertising law, cybercrime and telecommunications, as well as many others. Taking as their common thread, the impact of information law on the world in which we live, they are unrivaled in their blend of critical, substantive analysis and synthesis of contemporary research. Each Research Handbook stands alone as an invaluable source of reference for all scholars interested in information law. Whether used as an information resource on key topics or as a platform for advanced study, volumes in this series will become definitive scholarly reference works in the field. Titles in this series include: Research Handbook on Electronic Commerce Law Edited by John A. Rothchild Research Handbook in Data Science and Law Edited by Vanessa Mak, Eric Tjong Tjin Tai and Anna Berlee Research Handbook on Big Data Law Edited by Roland Vogl Research Handbook on Information Law and Governance Edited by Sharon K. Sandeen, Christoph Rademacher and Ansgar Ohly Research Handbook on Information Law and Governance Edited by Sharon K. Sandeen Robins Kaplan LLP Distinguished Professor in Intellectual Property Law and Director of IP Institute, Mitchell Hamline School of Law, Minnesota, USA Christoph Rademacher Professor of Law, Waseda University School of Law, Tokyo, Japan Ansgar Ohly Professor of Private Law, Intellectual Property and Competition Law, Ludwig Maximilian University, Munich, Germany RESEARCH HANDBOOKS IN INFORMATION LAW Cheltenham, UK • Northampton, MA, USA © The Editors and Contributors Severally 2021 All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical or photocopying, recording, or otherwise without the prior permission of the publisher. Published by Edward Elgar Publishing Limited The Lypiatts 15 Lansdown Road Cheltenham Glos GL50 2JA UK Edward Elgar Publishing, Inc. William Pratt House 9 Dewey Court Northampton Massachusetts 01060 USA A catalogue record for this book is available from the British Library Library of Congress Control Number: 2021943500 This book is available electronically in the Law subject collection http://dx.doi.org/10.4337/9781788119924 ISBN 978 1 78811 991 7 (cased) ISBN 978 1 78811 992 4 (eBook) 2 0 Contents List of contributors vii Introduction ix PART I GENERAL PERSPECTIVES 1 Cyberlaw will die and we will kill it 2 Ira Steven Nathenson 2 Confidentiality creep and opportunistic privacy 28 David S. Levine 3 Disclosure 48 Sharon K. Sandeen PART II EXCLUSIVE RIGHTS IN DATA: THE STATUS QUO AND THE WAY FORWARD 4 Exclusivity in data: How to best combine the patchwork of applicable European legal instruments 69 Herbert Zech 5 Data(base) rights? – Misappropriation, property, and tales of trials and tribulations 77 Guido Westkamp 6 Big data in Japan: Copyright, trade secret and new regime in 2018 108 Tatsuhiro Ueno 7 Liability for the loss of data 121 Anette Gärtner PART III TRADE SECRECY LAW: EU, US AND GLOBAL PERSPECTIVES 8 The emergence of a global standard for reasonable efforts? 135 Christoph Rademacher 9 Employer’s liability for trade secret infringement 154 Gintarė Surblytė-Namavičienė 10 The limits of trade secret protection in the EU 174 Tanya Aplin 11 Freedom of the media and trade secrets in Europe 195 Ulla-Maija Mylly v vi Research handbook on information law and governance 12 The DTSA and trade secret extraterritoriality 217 Elizabeth A. Rowe and Giulia C. Farrior 13 Jurisdiction and choice of law in trade secrets cases: The EU perspective 234 Ansgar Ohly PART IV DATA PROTECTION, PRIVACY AND CYBERSECURITY 14 Data privacy in Europe and its reception under Japanese law 259 Henrike Weiden and Kensaku Takase 15 The right to explanation, explained 278 Margot E. Kaminski 16 The story of the California Consumer Privacy Act (CCPA), version 1.0 300 Eric Goldman 17 Legislative developments on cybersecurity in the EU in the age of artificial intelligence 309 Faye Fangfei Wang Index 332 Contributors Tanya Aplin: Professor of Intellectual Property Law at the Dickson Poon School of Law, King’s College London Giulia C. Farrior: Associate attorney at Lott & Fischer. She earned her Juris Doctor from the University of Florida Levin College of Law Anette Gärtner: Dr. jur. (Bonn), LL.M. (Edinburgh), Rechtsanwalt and Solicitor (England/ Wales), Partner at Reed Smith, Frankfurt, Germany Eric Goldman: Professor of Law at Santa Clara University School of Law. He also co-directs the High Tech Law Institute and supervises the Privacy Law Certificate Margot E. Kaminski: Associate Professor of Law at the University of Colorado Law School. She is the Faculty Director of Privacy at Silicon Flatirons and an Affiliated Fellow of the Information Society Project at Yale Law School David S. Levine: Professor of Law at Elon University School of Law and an Affiliate Scholar at the Stanford Law School Center for Internet and Society Ulla-Maija Mylly: LL.D., Senior Research Fellow, University of Turku, Faculty of Law and Senior Project Researcher, Hanken School of Economics Ira Steven Nathenson: Professor of Law and the Director of the Intellectual Property Certificate Program at the St. Thomas University School of Law Ansgar Ohly: LL.M. (Cantab.), Dr. Jur. (Munich), Professor of Private Law, Intellectual Property and Competition Law, Ludwig Maximilian University Munich, Visiting Professor, University of Oxford Christoph Rademacher: LL.M. (Stanford), Dr. jur., Professor of Law, Waseda University School of Law Elizabeth A. Rowe: Irving Cypen Professor of Law and the Director of the Program in Intellectual Property Law at the University of Florida, Levin College of Law Sharon K. Sandeen: Robins Kaplan Distinguished Professor in IP Law and the Director of the IP Institute at Mitchell Hamline School of Law Gintarė Surblytė-Namavičienė: Lecturer Dr. at Vilnius University Faculty of Law. She was a senior research fellow at the Max Planck Institute for Innovation and Competition in Munich Kensaku Takase: Partner, Baker & McKenzie, Tokyo Office Tatsuhiro Ueno: Professor at Waseda University and Deputy Director of the Research Center for the Legal System of Intellectual Property (RCLIP) Faye Fangfei Wang: Dr., Senior Lecturer in Law at Brunel Law School (BLS) and convenor of the Society of Legal Scholars (SLS) Cyberlaw Section in the UK vii viii Research handbook on information law and governance Henrike Weiden: Professor Dr., Munich University of Applied Sciences Guido Westkamp: Professor of Intellectual Property and Comparative Law at the Queen Mary University of London School of Law. He is also the academic director for the MSc in Intellectual Property Management and coordinates the European Intellectual Property Institutions Network (EIPIN) at CCLS Herbert Zech: Dr. jur., Dipl.-Biol., Professor of Private Law, Technology Law and IT Law, Humboldt University of Berlin; Director, Weizenbaum Institute for the Networked Society – The German Internet Institute Introduction The freedom of information is a core value in a democratic society. But information is also a commodity. Finding the right balance between maintaining fundamental freedoms and ensuring rights which are necessary to protect privacy or to allocate resources in order to avoid market failure is a major challenge for policymakers, legislators and courts around the world. Traditionally, this trade-off has been addressed through a multitude of different areas of the law, including but not limited to intellectual property (IP) law, trade secrecy law, unfair competition law and the law of privacy. However, information that is created, collected, or maintained by businesses is not so easily segregated, given that many more than one area of law will often be applicable to such information or data. In a globalized digital world, which is characterized by the convergence of media and by a rapid development of new business models, it is increasingly difficult to squeeze cases into the established doctrinal pigeon-holes. A more holistic perspective is called for. Along with a growing tendency in academic research, we attempt to adopt this perspective, and to look at “information law and governance” in its entirety. This is by no means a purely theoretical approach, but also reflects commercial reality: information owners and users that wish to comply with applicable law and manage their information effectively will have to look at information governance as a whole rather than at distinct legal fields. Rather than focusing on one area of information or IP law, the chapters of this book (when read collectively rather than individually) provide a rich overview of the areas of law and business practice that are increasingly being labeled “information law and governance.” In so doing, it provides a basis for considering how the various areas of information laws (including IP laws) overlap and intersect, both from a policy and practical perspective. The 17 chapters included in this book are presented in four parts. Part I provides general perspectives on information law, including critical examinations of the appropriate scope and purpose of legal protection for information and the benefits of information diffusion. Exclusive rights in data, to which the second part of this book is dedicated, are examples of why a holistic perspective makes sense. On the one hand, data privacy laws govern the use of personal data. At least in the EU and in Japan, this field of law has its roots in public law. Its main concern is privacy protection, whereas, arguably, the commercial interest in developing, refining, and trading data is underestimated. On the other hand, IP and unfair competition law provide for some legal entitlements in data. Copyright laws around the world may protect databases, and collections of data may constitute trade secrets. Both regimes focus on the commercial elements of data governance while largely neglecting the privacy aspect. Some have recommended the introduction of a novel intellectual property right in encoded data, whereas others stress the need for access to data and think that allowing property rights is the wrong approach. The second part of this book analyses rights in data from an information law perspective. It takes stock of the existing exclusive rights, looks at database protection, at novel provisions protecting big data in Japanese unfair competition law, and discusses tort law liability for the loss of data. ix