Prof. Dr. Thomas Söbbing, LL.M. (HHU)
For current topics please scroll:
Welcoming the new students of the Business and Law course at the Palatinate Higher Regional Court in Zweibrücken Castle
On October 2, 2024, the new students of the first semester of the Business and Law course were ceremoniously welcomed by the Vice President of the Higher Regional Court, Mr. Ernst Friedrich Wilhelm, at the Palatinate Higher Regional Court in Zweibrücken Castle. In his speech, Mr. Wilhelm emphasized the special significance of the course and highlighted the close and successful cooperation between the Higher Regional Court and Kaiserslautern University of Applied Sciences.
Other speakers included Professor Knopper, Vice President of Kaiserslautern University of Applied Sciences, Professor Piazolo, Dean of the Faculty of Economics, and Professor Pohl, founder of the course. The event was moderated by Professor Söbbing.
First judgment in AI law in Germany
District court Hamburg judgment of 27.09.2024 – 310 O 227/23
Machine learning is a fundamental field of application for AI. In order for an AI such as ChatGPT for text or Stability AI for images to learn, they need raw material in the form of information, which mainly comes from the internet. The legal framework for this was created in Germany in 2021 in Section 44b UrhG. But not only for text recognition, but also for the design of images if data mining is used for this purpose. Now a stock photographer has filed a lawsuit against an association before the Hamburg Regional Court on April 27, 2023 and the outcome seems to be completely open, but will be groundbreaking for dealing with machine learning. On October 1, 2024, the Hamburg Regional Court made a landmark decision in proceedings.
In the first instance, the plaintiff has now lost before the Hamburg Regional Court (judgment of 27.09.2024 – 310 O 227/23). Although the reasons for the judgment are not yet available, it is already known that the court considers the use of the image by Laion to be justified with regard to the text and data mining restriction of Section 60d UrhG. § Section 60d UrhG permits the use of copyrighted works for scientific purposes, in particular for text and data mining (TDM), without infringing copyright. TDM refers to the process by which large amounts of data – often unstructured texts or other data – are systematically analyzed in order to identify patterns or correlations and gain new insights.
Söbbing (to be published)
International Workshop on Comparative AI Law 2024 (Shenzhen)
The rapid global development of AI also makes it necessary to think about the legal implications. I am especially grateful to Professor Xin DAI and Professor Linghan ZHANG for seeing this from a Chinese perspective, but also to all the other lecturers!
Having been at Stanford Law School a month earlier and then being allowed to go to Peking University School of Translation Law is really a great privilege.
I would like to thank Professor Emanuel Towfight from EBS in Wiesbaden for this very special invitation to Shenzhen.
My visit to Shenzhen
Shenzhen has become a central technology hub in China over the past few decades and is often referred to as the country’s “Silicon Valley”, particularly due to its role as a global center for IT hardware manufacturing.
The last time I was in Shenzhen was 15 years ago and in the intervening years, Shenzhen has gone from being known as a manufacturing hub for foreign companies to an innovation center that is spawning major technology companies of its own.
Shenzhen’s role is expected to continue to grow, especially as China intensifies its efforts to achieve technological self-sufficiency and expand the global influence of its technology companies. The city remains a major hub for IT hardware, but also increasingly for other high-tech sectors such as artificial intelligence, 5G technology and biotechnology. That’s why it’s important to be there!
The legal requirements for the use of artificial intelligence in medical diagnostics, including the analysis of blood samples
The use of machine learning as an AI tool in medical diagnostics, especially in the analysis of blood samples, without the direct involvement of doctors raises a number of legal questions under German and European law. This article focuses on the main legal challenges arising from this technological development, especially with regard to questions of medical device law, the AI regulation and professional regulations.
Söbbing / Schwarz (in progress)
Taxation of Data and Artificial Intelligence
Conference at the Universite de Geneve 2024
The conference looked at the impact of new fundamental developments such as big data and artificial intelligence on tax systems. Possible new approaches and taxes were discussed, especially data taxes, AI or robot taxes.
It is also very exciting to see the tax aspects and views outside the EU on AI and data, especially in light of the current decisions of the ECJ in the Apple and Google cases (ECJ, judgment of September 10, 2024 – C-465/20 P), see next line.
ECJ rulings against Apple and Google
Summer festival of the Palatinate Higher Regional Court in Zweibrücken Castle
Thurn, invited people to the summer party at Zweibrücken Castle. Numerous high-ranking representatives of the judiciary and administration attended the event. Among them was the Rhineland-Palatinate Minister of Justice Herbert Mertin (FDP), who showed great interest in my work in the area of artificial intelligence law.
Thank you very much!
United Nations Staff Offices Course (UNSOC)
Professor Söbbing was selected by the German United Nations Association (DGVN) to participate in the United Nations Staff Officers Course (UNSOC) at the Bundeswehr Command and Staff College in Hamburg.
Thank you!
How to acquire a virtual item in a metaverse?
A reconsideration of the concept of object within the meaning of Sec. 90 of the German Civil Code in the context of the “metaverse” For many people, it is hard to imagine living in a virtual world, but the current figures definitely speak a different language.
The metaverse is a collective virtual space created by the convergence of physically persistent virtual reality, augmented reality (AR), the Internet and various social media platforms. It is an immersive, interactive environment in which users can navigate, communicate, work, play and participate in a variety of activities through avatars that blur the boundaries between digital and physical worlds. The article looks at the question of what someone legally acquires when they purchase virtual objects in a metaverse. In this respect, the approaches to solving the problem of digital content, a bundle of rights and virtual things are compared and a preference for a property within the meaning of Section 90 of the German Civil Code is worked out, which has far-reaching consequences for the legal assessment of the metaverse under aspects of the German Civil Code in particular, but also of the German Copyright Act.
International Summer Program Understanding U.S. IP Law 2024
Stanford Law School (SLS)
It was once again incredibly enriching to discuss the current and future legal issues of the tech/IT industry with Professor Goldstein, legal representatives from Google/Meta and so many others.
Many thanks to the Siegfried and Roland organizations!
Adoption of the European AI regulation (AI Act)
On March 13, 2024, the Members of the European Parliament adopted the AI Act by 523 votes to 46 with 49 abstentions. The EU is thus setting the framework for the use of artificial intelligence (AI) in Europe. This article provides an overview of the new regulations and takes a critical look at them.
The AI Regulation is the world’s first comprehensive set of rules for AI. It aims to promote innovation while strengthening trust in AI and ensuring that this technology is used in a way that respects the fundamental rights and safety of EU citizens.
The regulation will subsequently undergo a final review by legal and linguistic experts and may still be adopted before the end of the legislative period as part of the so-called rectification procedure. The Council also still has to formally adopt the new provisions. The regulation will enter into force on the 20th day after publication in the EU Official Journal and will generally apply 24 months later. However, some provisions will also apply earlier: the bans will take effect after just six months, while the provisions on general purpose AI models will apply after 12 months.
Söbbing
OpenAI visit to San Francisco
Just outside of downtown San Francisco, OpenAI’s headquarters (HQ) is located at 3180 18th St, San Francisco, California 94110, USA. It was very impressive to see how small OpenAI’s HQ is, considering their tool ChatGPT is so powerful.
Innovations from San Francisco and Las Vegas
After a visit to the west coast of the USA, I know very well that there will be no shortage of ideas for new specialist articles on IT / AI law:
The first two photos show vehicles from Waymo that drive completely autonomously. It’s really a little “spooky” but it shows what is already possible today.
The other photos show the Sphere in Las Vegas. With a diameter of 157 meters and 81,300 m² of external space, the 54,000 m² of external space is equipped with 57.6 million LEDs, which result in 1.2 million pixels and form the world’s largest LED wall. It was really an incredible experience to be able to watch a film in the Sphere.
USA: Dismissal of multiple class action lawsuits against GitHub and Microsoft
The class action lawsuit against Microsoft, GitHub and OpenAI is heading for failure. Only two of 22 charges remain.
Söbbing ITRB 2024, 223 – 224
Legal issues in robotics
Back in 2013, I wrote an article in InTeR about the legal issues surrounding robotics. Over 10 years later, it was very exciting to see in Las Vegas (USA) where robotics stands today and how closely the topics of AI and robotics are connected.
InTeR 2013, 43–51
What information obligations will AI providers have to comply with the AI Regulation?
Transparency obligations for providers and users of AI systems according to Art. 52 AI Regulation
The transparency obligations for providers and users of high-risk AI systems under Article 52 of the Regulation on the Regulation of Artificial Intelligence (AI Regulation) are of considerable importance for the legal and ethical use of AI systems. Article 52 of the AI Regulation creates comprehensive regulations on transparency that providers of high-risk AI systems must take into account in the future. Failure to take these into account could be very expensive for providers of high-risk AI systems in the future and is therefore of considerable importance for the future.
Söbbing / Schwarz (in Progress)
Visit to CERN (Geneva)
As part of a research trip, I visited the European Organization for Nuclear Research, better known as CERN in Geneva. This institution is a world leader in research into the physics of subatomic particles. The explanation of the Large Hadron Collider (LHC), the largest and most powerful particle accelerator in the world, was particularly impressive. The explanation of the Higgs boson discovery, which was made at the LHC in 2012 and significantly expanded my understanding of particle physics, was particularly fascinating.
Professional negotiation
The book “Professional Negotiation”, which Dorothea Engel and I wrote together, can now be ordered. Link
Does machine learning when reading the Internet violate the GDPR?
In order for artificial intelligence (AI for short) to learn (so-called “machine learning”), it uses information from the Internet. In this case, machine learning will inevitably also collect personal data, thus bringing it into the scope of the General Data Protection Regulation (“GDPR”). This actually seems very likely, as the definition of processing in Art. 4 No. 2 GDPR covers some classic technical processes (e.g. artificial neural networks “KKN”) that machine learning uses. If the AI thus (accidentally) collects personal data when reading the Internet, the processing could possibly be unlawful within the meaning of Art. 6 Para. 1 GDPR, which could lead to the imposition of significant fines within the meaning of Art. 83 GDPR.
Söbbing / Schwarz 2024, 212 – 217
Possible legal protection of AI output under the Copyright Act or the Trademark Act
Does the output of generative chatbots such as ChatGPT enjoy legal protection?
Generative chatbots, such as ChatGPT, are also becoming increasingly important for work in companies. A number of companies and possibly also law firms use generative chatbots for their daily work and such technologies are becoming increasingly popular in everyday work. This gives rise to the commercial law question of whether the output of generative chatbots enjoys legal protection. The main question here is whether the output of generative chatbots is protected by copyright. If this is not the case, the question arises as to whether the output could possibly constitute a trade secret and thus enjoy legal protection.
ITRB 2024, 184 – 188
Teaching assignment at the University of Liechtenstein
At the weekend I once again completed my annual teaching assignment at the University of Liechtenstein. As has been the case for years, it was a wonderful highlight for me again this year!
Many thanks to the very friendly head of the course, to the great students and above all to the really wonderful support from the event manager!
Does the output of generative chatbots such as ChatGPT enjoy legal protection?
Söbbing AfP Online (link)
Adoption of the European AI Regulation
On March 13, 2024, members of the EU Parliament adopted the AI Regulation (short form “AI Regulation” or “AI Act”) by 523 votes to 46, with 49 abstentions. The EU is thus setting the framework for the use of artificial intelligence (AI) in Europe. This article provides an overview of the new regulations and critically questions them.
The AI Regulation is the world’s first comprehensive set of rules for AI. It aims to promote innovation while strengthening trust in AI and ensuring that this technology is used in a way that respects the fundamental rights and security of EU citizens.
The regulation will then be finally reviewed by legal and linguistic experts and can probably be adopted before the end of the legislative period in the context of the so-called rectification procedure. The Council must also formally adopt the new rules. The regulation will enter into force on the 20th day after publication in the EU Official Journal and will generally apply 24 months later. However, some provisions are applicable earlier: the bans will take effect after just six months, and the provisions on AI models with general purpose will apply after 12 months.
Söbbing ITRB 2024, 108 – 111
The degree programs in business and law were presented at the “Job for Future” fair on February 24, 2024 in Mannheim
Professor Söbbing presented the “Business and Law B.A.” and “Business and Law M.A.” degree programs at the Job for Future fair in Mannheim. The interest and participation was impressive. Many THANKS to everyone involved!
Alexander Söbbing has been awarded by the Federal Police for his exceptional civil courage…
On January 18, 2024, my nephew Alexander and his comrades stopped a physical altercation between several men in Bremen’s main station and the station forecourt. They were honored by the Federal Police for this special act of civil courage. Alexander, I am very proud of you!
Dispute over EU supply chain law
The Supply Chain Due Diligence Act (LkSG) is the German supply chain law. It was passed by the Bundestag on June 11, 2021 as Article 1 of the Act on Corporate Due Diligence in Supply Chains. The subsequent publication in the Federal Law Gazette took place on July 22, 2021, so that the law could come into force on January 1, 2023. On January 1, 2024, the threshold for affected companies was lowered to 1,000 employees.
Now the FDP has expressed several concerns about the EU Supply Chain Act, which form the core of its rejection. One of the main points of criticism is the fear that the law could lead to an additional burden on the German economy, especially in the current economic situation. The party argues that high standards in supply chains are a legitimate goal, but must not lead to a “self-strangulation of the business location”. The FDP calls for regulation that improves both the human rights situation and the economic situation without creating new bureaucratic hurdles.
ITRB 2024, 59
The Economics and Law degree programme was presented at the renowned DISDH in The Hague
In addition to prominent representatives such as the Swiss Ambassador to the Netherlands or a representative of Europol, Professor Söbbing was able to present the Economics and Law degree program at the renowned German International School in The Hague (DISDH).
EuGH: European Court of Justice issues ruling on Schufa scoring
Does credit scoring by credit agencies such as Schufa and the use of data from public registers violate Art. 22 GDPR?
Only rarely has a decision received such a media response as the decision of the European Court of Justice (“ECJ”) on the way Schufa works by automatically creating credit scores. At its core, the question is whether it is permissible under data protection law for credit agencies to automatically calculate a score value on the sole basis of which banks later make decisions. In its decisions (ECJ, judgments of December 7, 2023 – C-634/21 “SCHUFA Holding (Scoring)” and C-26/22 and C-64/22 “SCHUFA Holding (Residual Debt Relief)”) of December 7, 2023, the ECJ expressed considerable doubts about the previous way of working, i.e. the significant use of SCHUFA score values in credit decisions, in relation to Art. 22 GDPR. The ECJ’s fundamental decision means that banks must adapt their business models if they use the credit score from Schufa and thus also from another credit agency to make their credit decisions.
This is linked to the currently much-discussed question of whether algorithms, which are also used in scoring, can simply judge people, which is of considerable importance for the development of AI in Europe.
Söbbing/Schwarz ZD 3/2024 (ZD 2024, 160)
On December 22, 2023, a moot court was held as an examination for students of the business and law program at the Kaiserslautern University of Applied Sciences. The 2023 moot court was the third moot court in this program to be held at the Higher Regional Court in Zweibrücken. The students were able to demonstrate what they had learned as plaintiff, defendant or judge.
Incalculable liability risk for app developers through DIRK in B2B business?
Today, it is common for consumers to access their insurance, banking, or vehicle data via their smartphone. Companies do this by providing their customers with apps that are usually developed by third parties (software companies). The app creator believes that this is a purely B2B transaction, to which the provisions of Section 327 ff of the German Civil Code (BGB) do not apply. This could be a major misconception, however, as the app creator is also liable in this situation under Section 327u of the German Civil Code (BGB) and is obliged to provide updates within an unspecified period of time under Section 327f of the German Civil Code (BGB), which can lead to incalculable costs.
Söbbing/Schwarz ITRB 2024, 19-24
With the essay on the “impending Schufa decision of the ECJ” I have published 250 specialist articles (excluding books and book contributions)
Many thanks to the publishers, the editor and the numerous co-authors! Without you this would not have been possible! A big thank you from me!!!
The significance of the impending Schufa decision at the ECJ for the development of AI
How a possible decision by the ECJ to disclose the Schufa scoring could lead to a significant loss of confidence in investing in AI; view of the Advocate General at the ECJ
The ECJ currently has to decide on three applications concerning the classification of the probability values (scoring) of the SCHUFA (Advocate General’s final submissions in Case C-634/21, SCHUFA Holding and others (scoring), and in the joined cases C-26/22 and C-64/22, SCHUFA Holding and others (discharge of residual debt)). This is linked to the currently much-discussed question of whether algorithms that are also used in scoring can simply judge people, which is of considerable importance for the development of AI. The basis for the submission to the ECJ was a legal dispute before the Administrative Court of Wiesbaden, in which the person concerned requested SCHUFA to delete the incorrect entries concerning him and to provide information about the stored data underlying the entry. SCHUFA then disclosed the calculated score value and the basic functionality of the score value calculation, but not the calculation method, as this was covered by trade and business secrets. The Estonian Advocate General at the ECJ, Priit Pikamäe, has now commented on this.
Söbbing/Schwarz Recht der Datenverarbeitung, ZD 2023, 579.
The Law Society of British Columbia, based in Vancouver, is a public corporation whose activities are regulated by the Legal Profession Act. Its core purpose is to protect and promote the public’s interests in the administration of justice. In this capacity, it provides comprehensive regulation of the legal profession in the province of British Columbia and ensures that the practice of law meets the highest ethical and professional standards.
The new Sect. 44b UrhG for text and data mining and its possibilities and limitations in machine learning as well as the application of Sec. 60d UrhG
Söbbing/Schwarz Recht Digital, RDi 5/2023 – 2023,415
My visit at the University of Hawaiʻi at Mānoa
The University of Hawaiʻi at Mānoa is a state university in the Manoa (Mānoa) district of Honolulu in the US state of Hawaiʻi. With 19,098 students (as of fall 2021), it is the most important location of the University of Hawaiʻi System.
Over 200 degree programs are offered at 15 faculties. These include the faculties (schools) of oceanography, tropical agriculture and Hawaiian knowledge, but no surfing!
I felt very comfortable there and it was a completely different experience.
Liability for material defects vs. maintenance contract
Does statutory liability for material defects in IT contracts still make sense?
In negotiations on IT contracts, it is often noticeable that there are disputes about clauses that have little relevance in IT practice. One major issue, for example, is the length of the limitation period for claims for defects within the meaning of Section 438 Paragraph 1 No. 1 of the German Civil Code (BGB). On the one hand, the limitation period for claims for defects could be viewed as a purely financial issue. On the other hand, it may be irrelevant for the customer how long the limitation period is if he never asserts the legal claim for subsequent performance under Section 437 No. 1 in conjunction with Section 439 of the German Civil Code (BGB). This is usually the case when a maintenance contract offers better claims, such as a maintenance contract in the form of a service level agreement (SLA), which provides for shorter response or recovery times. Of course, this is also a commercial factor and it should not be forgotten that the legal claims under Section 437 No. 2 and No. 3 of the German Civil Code (BGB), such as withdrawal, reduction, compensation for losses and reimbursement of wasted expenses, are not lost.
ITRB 2023, 273-276
A visit to Google in Mountain View
As part of my trip through the Valley, I of course also visited Google. The Google headquarters, also known as the Googleplex, is located in Mountain View, California, in the heart of Silicon Valley.
It is one of the most famous technology centers in the world and represents Google’s culture of innovation. Here are some relevant details:
Measures for a high common level of cybersecurity in the Union (NIS 2)
The NIS2 Directive is the EU-wide cybersecurity legislation. It contains legal measures to increase the overall level of cybersecurity in the EU.
What a great symbolism
Meta uses the buildings that once belonged to SUN Microsystems and simply turns the SUN company sign around.
There is great symbolism in this!
The new Whistleblower Protection Act (HinSchG)
The new Whistleblower Protection Act (HinSchG) has come into force and is intended to ensure the protection of whistleblowers and other persons affected by a report. It also brings with it a comprehensive list of tasks for companies in the IT industry.
On July 2, 2023, the German Whistleblower Protection Act (HinSchG), also known as the Whistleblower Protection Act, came into force, which implements Directive (EU) 2019/1937 (Whistleblower Directive) into national law.1 The HinSchG is intended to strengthen the protection of whistleblowers and other persons affected by a report and to ensure that they are not at risk of discrimination within the framework of the HinSchG’s requirements, see Section 1 Paragraph 1 HinSchG. The Whistleblower Protection Act aims to ensure comprehensive protection for whistleblowers.
Adequacy decision for the US-EU Privacy Shield 2.0
On July 10, 2023, the EU Commission adopted the long-awaited legal basis of the planned data protection framework for the transfer of personal data to the USA. After the adoption of this adequacy decision in accordance with Art. 45 GDPR, European companies can transfer personal data to participating companies in the United States without having to provide additional data protection guarantees, such as the current standard contractual clauses. With the decision, the EU confirms that the USA guarantees an adequate level of protection, comparable to that of the European Union. (s. https://ec.europa.eu/commission/presscorner/detail/de/qanda_23_3752).
International Summer Program Understanding U.S. IP Law
IP Law Seminar at Stanford Law School (SLS)
The International IP Summer School “Understanding U.S. IP Law” takes place once a year at the exceptionally beautiful Stanford University. The organizers Prof. Siegfried Fina and Dr. Roland Vogl go to great lengths to get their legal friends from Meta, Google, etc. as guest speakers, which makes this event something special. Nowhere else in the world can you discuss with the legal movers and shakers of the IP world as easily as in this seminar. The Stanford Law, Science & Technology Program (LST) and its Transatlantic Technology Law Forum (TTLF) have a long tradition of sharing their expertise in IP and technology law with lawyers from all over the world. To further promote understanding of the global IP legal systems, the TTLF has set up an intensive one-week certificate program on U.S. IP law for international lawyers.
CR 2023, R64-R65
Legal limits for AI decision-making in the context of autonomous driving
According to the StVG, an algorithm may not make a weighting on the value of a human life
In talk shows as well as in philosophical discussions, the utopia is occasionally described that in the future, autonomous cars will have to decide which people they would kill in a hopeless situation. In this situation, the vehicle’s algorithm would have to evaluate whether the vehicle would rather kill the genocide-committing Taliban or the innocent little girl. The algorithm could or should therefore decide on the value of a person to society. It is often even seen as a breakthrough that in the future algorithms would generally be allowed to decide on the value of a human life. Apart from the fact that such a constellation is very unlikely for technical reasons, the algorithm would not be allowed to make such a decision at all according to the new Section 1e Paragraph 2 No. 2 lit. c) StVG. With the creation of this standard, this tiresome discussion was nipped in the bud, but the new Section 1e Paragraph 2 No. 2 Letter c) StVG still leaves a question open because this point has not been thought through to the end.
Recht Digital RDi 2023, 239
The cooperation between the Palatinate Higher Regional Court and Kaiserslautern University of Applied Sciences is now also active in research
The cooperation between the Palatinate Higher Regional Court and Kaiserslautern University of Applied Sciences, which has existed for several years, will now also be active in research in addition to teaching.
For example, Presiding Judge at the Higher Regional Court Schwarz and Professor Söbbing will soon be publishing two specialist articles on current and as yet unanswered questions in the field of artificial intelligence in scientific journals. Further joint scientific works will follow. The current topics dealt with by the authors, which are virtually “ahead of the legal development”, confirm the expectation of the university and the judiciary that this unique and innovative cooperation in Germany will lead to a close integration of theory and practice.
The cooperation on an equal footing on both sides enables new and in-depth perspectives in research as well.
Contract models for agile projects
Three contract structures that can be used for agile projects and their risks
ITRB 2023, 135 – 139
General Meeting of the Harvard Law School Association of Germany e.V. on June 23, 2023, 4:00 p.m., Jones Day, Thurn-und-Taxis Platz 6, 60313 Frankfurt am Main, Germany
It was really nice to be there again.
Many thanks to the organizers!
(None) Copyright clauses in SaaS contracts
Are copyright clauses in Software as a Service contracts still up to date?
Until now, it was a dogma that copyright clauses were an integral part of every IT contract. However, this may have changed with the Software as a Service (SaaS) business model. This is because in the genuine (actual) SaaS model, the customer no longer receives software, but only the output of the software. With the genuine SaaS solution, software is no longer transferred to the customer’s systems, so that the question rightly arises as to whether copyrights still have to be transferred. This is not a national issue, but a global one, which is also being discussed intensively in the USA, among other places
ITRB 2023, 75 – 79
Many thanks to Professor Wanner for his great hosting for my Masters students in Business and Law at Worcester College, Oxford.
DS-GVO: Wer trägt die Kosten einer anlasslosen Inspektion bei einem Autragsdatenverarbeiter?
Die Sichtweise des BayLfD auf wirtschaftliche Fragen hat sich geändert
War der Bayerische Landesbeauftragte für den Datenschutz (BayLfD) in der Vergangenheit noch der Auffassung, dass der Auftragnehmer einer Auftragsdatenverarbeitung nach Art. 28 DS-GVO die Kosten für ein anlassloses Audit tragen muss, so vertritt er die Sichtweise in dieser Form mich mehr. Grundsätzlich hat er sich nun der Sichtweise des Europäischen Datenschutzausschuss angeschlossen, wonach die wirtschaftliche Gestaltung der Austauschbeziehung zwischen dem Verantwortlichen und dem Auftragsverarbeiter durch den Markt und nicht durch die Datenschutz-Grundverordnung reguliert wird.
RDV 2022 Heft 6 2022, 315 – 317
Outsourcing and cloud computing in the financial sector Updates on the outsourcing of iT services by banks and financial institutions
Outsourcing is still a popular option for the external procurement of IT services by banks and financial institutions and is therefore an integral part of digitalization strategies. With the 6th MaRisk amendment adopted on August 16, 2021, the German Federal Financial Supervisory Authority (BaFin) has also revised its requirements for outsourcing. With the new version of the circular, the requirements from the Guidelines on Outsourcing Arrangements (EBA/GL/2019/02 – Outsourcing Guidelines) of the European Banking Authority (EBA) of 25.2.2019 were adopted into national supervisory practice.
The changes affect the entire outsourcing cycle and therefore also have a massive impact on the design of outsourcing agreements with which banks and financial institutions outsource payment services to third parties. The following article will first discuss the importance of IT infrastructure for banks and financial institutions, then the basics of banking supervisory law and the requirements for outsourcing will be explained. Finally, the reference to the Payment Services Supervision Act as well as the reference to the Financial Market Integrity Strengthening Act and the Securities Institutions Act are considered.
Recht Digital, RDi 2022, 373 ff.
Dear Marc, thank you very much for the great workshop with your team for my master students from economics and law at your premises of MGRP in Frankfurter Opern Turn.
Liability for consultancy agreements
Poor performance of the IT consultant and its legal (non-) consequences in service contracts
If no success to be achieved within the meaning of § 631 para. 2 BGB can be defined in an IT project, e.g. when drawing up a specification sheet, the only recourse is often the service contract within the meaning of § 611 BGB. The service contract is sometimes very unpopular with clients, as it offers little opportunity to exert legal pressure on the IT consultant. The following analysis shows how few legal options the service contract actually offers the client.
ITRB 2022, 258 – 262
Individual legal issues of digitalization in the automotive industry
Legal challenges regarding updates over the air (OTA), platforms and cybersecurity in vehicles
Today, it is impossible to imagine vehicles such as cars and trucks without so-called “in-car software”. This is the result of a lengthy transformation process in the automotive industry. Digitalization offers a wealth of new technical possibilities in vehicles, which are often summarized under the term CASE (connected, autonomous, shared, electrical, sometimes also called ACES). This is not always just about autonomous driving, but rather about everyday topics such as over-the-air (OTA) updates, platforms and cybersecurity. However, these topics alone pose new legal challenges for the automotive industry.
Thomas Söbbing / Katharina Groß CR 2022, 613-620
Revision of Swiss data protection law
Switzerland has been working on revising its Data Protection Act (DPA, see Söbbing, ITRB 2021, 198) for some time. A revised version of the Act (revDSG) and the Ordinance to the DPA (revVDSG) have now been published in a final version. The Swiss Federal Council is expected to decide in August 2022 that the revDSG and revVDSG will enter into force on 1.9.2023 after a one-year informal transition period.
Although Switzerland is not bound by the GDPR, it wants to come closer to the requirements there with the amendment in order to maintain the adequacy of the level of data protection in accordance with Art. 45 GDPR from the perspective of the EU Commission.
ITRB 2022, 194-196
Professor Söbbing participated in the “International Professional Summer Program Understanding U.S. Intellectual Property Law 2022” as part of his research project on the legal issues of artificial intelligence.
Recht der Datenverarbeitung, RDV 2022, 204 – 207
ITRB 2022, 206 – 208
Professor Söbbing spoke at the international conference of the Aspen Institute Italy on June 24/25, 2022 in Venice about the importance of ethics, artificial intelligence and defense.
Price control clauses
Legal framework and advice on drafting contracts
The ongoing pandemic and the war in Ukraine have led to a significant increase in prices, which has not left the IT sector unscathed. As a result, there is a growing call in the IT industry to include so-called “price escalation clauses” in IT contracts, which were previously not particularly popular as inflation has remained fairly stable in recent years. The following article is dedicated to the question of which legal framework conditions need to be taken into account and provides corresponding samples for the use of price escalation clauses.
ITRB 2022, 163 ff
In one case, it may also lead to criminal consequences for the controller if contracts are terminated without further ado, as the consequences would constitute a criminal offense (see 2b). Rather, the parties should think about sensible alternatives instead of insisting on the enforcement of stereotypical standard clauses.
ITRB 2022, 44 – 46
Data protection authorities in Germany impose fines for data protection violations, in some cases directly against the respective company. In an evaluation of data protection law (Evaluation of the Act on the Adaptation of Data Protection Law to Regulation [EU] 2016/679 and the Implementation of Directive [EU] 2016/680, as of October 2021), the Federal Ministry of the Interior has now clarified that direct corporate liability is not the intention of the German legislator.
ITRB 2022, 2 – 3
Professor Söbbing has been awarded a research contract by the Research Senate of Kaiserslautern University of Applied Sciences for the legal aspects of artificial intelligence. The research contract has been endowed with a large five-figure sum.
Düsseldorf Higher Regional Court in a ruling from 11.03.2021 (Ref. I-15 U 6/20)
The new Trade Secrets Act (GeschGehG) still leaves many questions unanswered, which also concern the IT world. It is therefore all the more important that guidelines for the interpretation of the GeschGehG are provided on the basis of judgments. For example, in a recent ruling (11.03.2021, ref. I-15 U 6/20), the Düsseldorf Higher Regional Court addressed the question of what measures companies must take in order to qualify drawings as trade secrets within the meaning of the Trade Secrets Protection Act Sec. 2 (1) GeschGehG.
ITRB 2021, 273–274
In the negotiations of data processing agreements (DPAs) in accordance with Art. 28 GDPR, the question often arises as to who pays the processor’s expenses if the controller wishes to carry out an investigation of the processor’s IT infrastructure and processes without cause. The data protection officer (DPO) of the controller likes to refer to a recommendation of the Bavarian State Commissioner for Data Protection (BayLfD), according to which these costs are to be borne by the processor or a flat-rate agreement should be made for this purpose. This raises the legitimate question as to whether a state data protection officer should be allowed to influence the commercial provisions of a data processing agreement without further ado.
DSB 2021, 308 ff
Professor Söbbing has been appointed Head of the Business and Law (M.A.) course in cooperation with the Palatinate Higher Regional Court and Head of the Business and Law (B.A.) course, also in cooperation with the Palatinate Higher Regional Court.
The German Federal Financial Supervisory Authority (BaFin) is currently working on the new version of Circular 09/2017 (BA) – Minimum Requirements for Risk Management – better known as MaRisk. With the consultation draft of the new version of the circular, the requirements from the Guidelines on Outsourcing Arrangements (EBA/GL/2019/02 – Outsourcing Guidelines) of the European Banking Authority (EBA) of February 25, 2019, among other things, were adopted into national supervisory practice.
The changes affect the entire outsourcing cycle (see AT 9 MaRisk). For example, requirements for risk analysis and determining materiality, for structuring the outsourcing agreement and for managing and monitoring the risks of outsourcing agreements have been included or specified (source: BaFin). The amendment is expected to come into force at the end of 2021 or beginning of 2022. It is not yet known how long the transition period will be before it comes into force.
ITRB 2021, 240 – 244.
While the GDPR has been applicable in the EU since 25.5.2018, Switzerland is still struggling to create a new Data Protection Act (nDSG). The Swiss parliament had already adopted the “totally revised” Swiss Data Protection Act on 25.9.2020. In order for this to enter into force, the corresponding implementing provisions in the Ordinance to the Federal Act on Data Protection (OFADP) must be amended. At its meeting on 23.6.2021, the Federal Council opened the consultation on this, which will last until 14.10.2021. However, it is not expected that the revised nDSG (CH) will come into force before 2022. It is currently assumed that this will happen in the second half of 2022.
ITRB 2021, 198
The Higher Regional Court of Zweibrücken and the University of Kaiserslautern with the Zweibrücken campus have expanded their existing cooperation for the Master’s degree program “Business and Law”.
Article: Pfälzischen Merkur (Download)
SaaS: Subscriber contracts – practice-oriented risk management when concluding SaaS subscription contracts
Software-as-a-Service (SaaS) offers promise an uncomplicated solution for all the requirements of the modern world. No installation and therefore no complicated release and license management is necessary, no infrastructure is required and the customer only receives what they really need, namely the service. This makes it all the more incomprehensible how the corresponding subscriber contracts for SaaS business models are structured. In many subscriber contracts, SaaS providers demand comprehensive guarantees for their SaaS applications, which sounds completely exaggerated from a German perspective and is certainly unacceptable to many customers. In addition, the SaaS provider merely promises that it will endeavor to provide its services (“best effort”). On the other hand, it does not make sense to enter into large-scale contract reviews if the Total Contract Value (TCV) is far too low and perhaps the practical risk is manageable at first glance. A pragmatic solution is therefore needed to make the legal risks manageable without major legal expense.
ITRB 2021, 168 – 171
Law and practice of automated and autonomous systems
Edited by attorney Dr. Kuuya Josef Chibanguza, LL.B., attorney Christian Kuß, LL.M., Dipl.-Jur. Hans Steege
Nomos, 2021, approx. 850 pages, hardcover
ISBN 978-3-8487-7161-5
I am one of the authors and am very excited about the work
Will be published in August 2021
In-vitro-meat: A legal view of the diet of the 21st century
The 21st century is constantly presenting us with new challenges that go far beyond what our parents ever prepared us for. In addition to the entirely justified ethical question of whether humans should be allowed to eat animals, the global increase in meat consumption is having a massive impact on the environment. Biotechnology seems to be finding solutions to these problems through completely new methods of meat production, namely in-vitro meat. In future, meat will no longer be bred in cowsheds, but “brewed” in laboratories. This development presents us with new economic, cultural and, of course, legal challenges. After all, scientific progress always means challenges for the law. This article examines the legal aspects of in-vitro meat.
Journal of Food Law, ZLR 2021, 290 – 301
IT outsourcing and digitization in practice Procedure – management – control – quality of results
Edited by Torsten Gründer
3rd, completely revised and significantly expanded edition 2021
ISBN978-3-503-19158-1
I am one of the authors and am very excited about the work
Will be published in July 2021
Introduction to the legal issues of genetic engineering
The Genetic Engineering Act and its latest developments (CRISPR decision)
New findings from immunology and the cultivation of tissues are being used in the pharmaceutical industry to create new medicines through the use of genetic engineering. The decision of the European Court of Justice on the CRISPR “gene scissors” on July 25, 2018 is a serious legal setback for innovation in genetic engineering: organisms mutated by gene editing processes are considered genetically modified within the meaning of the EU directive. They now have to undergo a complex approval procedure before they are allowed to grow in a field, for example, while mutations caused by radioactive radiation or mutagenic chemicals remain permitted without such restrictions. These latest legal developments show how important it is to deal with the fundamentals of genetic law up to and including the effects of the ECJ’s CRISPR decision of 25 July 2018.
Fundamental legal issues of digital banking
Publisher : Fachmedien Recht und Wirtschaft in Deutscher Fachverlag GmbH; 1st edition 2021
Author : Thomas Söbbing
Paperback : 250 pages
Published in July 2021
Thomas Söbbing, who holds the Chair of Civil Law with Digital Economy Law at Kaiserslautern University of Applied Sciences, has been appointed to the university’s Research Committee.
EU: Legal framework for the regulation of artificial intelligence
On April 21, 2021, the European Commission presented a draft AI regulation. Its aim is for “Europe to become the global center for trustworthy artificial intelligence (AI).” This is primarily a prohibition law that bans the use of AI systems in special application scenarios or makes it dependent on technical and organizational requirements. The aim is to strengthen citizens’ trust in AI without inhibiting the willingness to research and innovate in the EU through over-regulation.
ITRB 2021, 125 – 126
Artificial neural networks: How to view AI learning structures legally
Artificial neural networks (ANNs) are used in machine learning to create a complex learning structure with the aim of enabling intelligent behavior. A very practical example of such intelligent machines are autonomous vacuum robots that use various sensors to learn how to explore a room and use this knowledge to control the vacuum robot’s motors. A similar method is also used in algorithmic securities trading. Information from different sources is collected, evaluated and weighted and the output can be, for example, the buying or selling of a security. The creation of such learning and control mechanisms can be considered very complex and is therefore associated with high investments. In order to safeguard these investments and protect the creation of the KNN, legal answers are required. As is so often the case with new technologies, the legal answer is not as clear-cut as the developers of artificial intelligence (AI) systems would like. The following article is intended to help understand how ANNs work in order to evaluate options for legal protection.
MMR 2021, 111
Fundamental legal issues of artificial intelligence
with a foreword by Prof. Dr. Gerald Spindler
@kit-Schriftenreihe, Feb. 2019, 278 Seiten
Deutscher Fachverlag GmbH, Fachmedien Recht und Wirtschaft
ISBN 978-3-8005-1700-8
Comments on the book:
“I have read this work with great pleasure and congratulate the author on this scientific achievement”
Prof. Dr. Thomas Hoeren (leading voice of Digital Law)
Currently out of print, I am working on the second edition
Contract Theory (Nobel Prize 2016): Creating incentive systems in contracts
Describing in contracts what the parties want to agree is merely the basis for drafting a contract. Contracts should actually be able to do much more, e.g. create the right incentives so that both parties benefit from the contract design accordingly. Fully comprehensive insurance without an excess certainly does not encourage the insured person to drive carefully. It is therefore important to strike the right balance when drafting contracts. The “Contract Theory” by Oliver Hart (Harvard) and Bengt Holmström (MIT), which was awarded the Nobel Prize in Economic Sciences in 2016, deals with such incentive systems in contracts. The following article will explain the basics of contract theory and the corresponding incentive systems, provide examples and present concrete approaches for implementing contract theory in corresponding incentive systems.
Gesellschafts- und Wirtschaftsrecht, GWR 2020, 238 ff.