Innovation Law Insights

Podcast

The EU AI Act explained in the time it takes for a coffee

Do you still wonder about the most relevant contents of the EU’s regulation on AI?

In this quick video, Giulio Coraggio, Location Head of DLA Piper’s Italian Intellectual Property and Technology practice, breaks down the key points of the EU AI Act in the time it takes you to enjoy your morning coffee as part of the podcast Diritto al Digitale. Watch the video here.

 

Legal Design

Legal design tricks: Secrets to using legal design in your daily activities

We’re introducing our new series of infographics titled "Legal Design Tricks" to help you master your legal design capabilities!

In an increasingly digital world, legal complexity can seem like an intricate and intimidating maze. So we’ve created a series of infographics to illustrate how to make law more accessible and understandable in daily life and business activities.

Why is Legal Design important for businesses?

In our first edition, we focus on a crucial topic: why businesses should adopt Legal Design in their operations. Legal Design is an innovative methodology that combines law and design to create more user-friendly legal solutions. But why is it so important for businesses?

• Clarity and transparency: Legal Design makes legal documents clearer and more understandable, reducing the risk of misunderstandings and disputes.
• Operational efficiency: More streamlined and intuitive legal processes increase operational efficiency, allowing businesses to save time and resources.
• Enhanced customer trust: A user-centred legal approach improves the customer experience, building trust and loyalty.
• Innovation and competitiveness: Businesses that adopt Legal Design demonstrate innovation, standing out from the competition.

Our infographics will guide you through these concepts with engaging visuals and practical information. Stay tuned to discover how Legal Design can transform your business, making it more agile and competitive in the digital market. This is just the beginning of a journey that will make Legal Design a valuable part of your business strategy.

The infographic is available here.

Author: Deborah Paracchini

 

Data Protection and Cybersecurity

Italian Data Protection Authority issues GDPR fine for unlawful monitoring of employee attendance at work using facial recognition

In a recent decision, the Italian Data Protection Authority (Garante or Authority) imposed a fine of EUR120,000 against a car dealership for unlawfully monitoring employee attendance through facial recognition.

The facts and the violations found by the Garante

The Authority's intervention came as a result of a complaint filed by an employee alleging unauthorized processing of personal data through a biometric system installed in the two production units of his employer, a car dealership (the Company).

The employee's complaint also raised concerns about the Company's use of management software, which required employees to keep detailed records of repairs performed on vehicles, the time and manner in which the work was performed, and periods of inactivity with reasons.

The inspection activity conducted by the Garante revealed serious violations of EU Regulation 679/2016 (GDPR) with particular reference to processing biometric data.

The Company justified using the biometric system saying it was necessary to improve service quality and efficiency. But the Garante clarified that processing biometric data is generally prohibited and can only be carried out in specific circumstances provided by law (Art. 9(2) of the GDPR). These circumstances include specific employment-related obligations and rights authorised by EU or Member State law, with appropriate safeguards for fundamental rights.

According to the Garante, the Company failed to demonstrate the necessity and proportionality of the biometric processing, violating Article 9(2)(b) of the GDPR. The Garante also found that the information regarding processing activities provided to employees was incomplete, as it didn’t adequately clarify the characteristics of the processing, the safeguards taken, and the possibility of alternatives to the biometric system. This also violated the principle of transparency.

With reference to the management software used by the Company to create monthly reports for the parent company, the inspections found that these reports included aggregate data on workshop work times, without an adequate legal basis and without providing clear and transparent information to employees. After the Authority sent repeated requests to obtain in detail the essential characteristics of the management system used, the Company provided very general and evasive feedback. The Company didn’t allow the Authority to have full knowledge of the processing carried out, to know the nature and type of data processed, the manner and timing of data storage, and to assess its actual necessity and proportionality with respect to the purposes to be pursued. This information was not even brought to the attention of the employees, who were provided with information that was incomplete and inadequate to fully represent the processing carried out. The Garante found this practice contrary to the principles of lawfulness, fairness and transparency set out in Articles 5(1)(a), 6 and 13 of the GDPR.

Given the seriousness of the violations, and the uncooperative attitude of the Company during the course of the investigation, the Authority:

• imposed an administrative fine of EUR120,000 on the Company; and
• ordered the Company to make the data processing carried out through the management software comply to the provisions of the privacy legislation.

Some considerations for companies

This decision highlights the importance of respecting privacy principles in the employment context, especially in relation to sensitive data such as biometric data. The Authority reiterated that the processing of biometric data must be strictly necessary, proportionate and supported by adequate safeguards to protect the fundamental rights and freedoms of employees.

Adopting biometric technologies in the workplace must be handled with great care, strictly adhering to the principles of necessity, proportionality and implementing appropriate safeguards. Employers must be aware of the privacy implications and ensure that any processing of biometric data is justified and protected by adequate security measures. And they have to provide transparent information to employees on the processing and always consider less invasive solutions.

Author: Giorgia Carneri

 

Intellectual Property

AI training with music tracks: Major record labels are suing generative AI startups

The world's major record labels have sued two AI software companies in the US, accusing them of training their generative models on copyrighted tracks without permission from the rights owners.

The case is similar to one involving the New York Times a few months ago, which had filed an action against OpenAI for copyright infringement, claiming that the company had trained its AI models by copying and using millions of articles published by the newspaper.

In this case, the major accusation concerns the AI training system: specifically, the neural networks of the technologies developed by the two startups were allegedly created using thousands of pieces of music without authorisation. The record companies claimed that the startups used copyright-protected music to train their AI because the neural networks of these systems produce outputs that are extremely similar to the original songs. As proof, they attached outputs generated by the AI, including sheet music that is similar (though not identical) in rhythm and pitch to some well-known songs. According to the plaintiffs, this not only confirms that the songs were part of the training material but also explains the AI systems' ability to construct and process works that echo the original songs.

The startups have never publicly disclosed what materials they used to train their AI. They have stated that they rely on transformative technology designed to generate new songs and deny that existing tracks are stored. Additionally, the CEO of one of the companies pointed out that their AI doesn’t allow users to specify a reference artist for the song to be created, which would prove the impossibility of copying their style or repertoire.

The record companies are seeking damages of USD150,000 for each song used without a license, as well as a warning against the use of copyrighted material in the future and payment of legal fees. But given the information asymmetry regarding how AI systems work, it may be challenging to determine exactly how many works the startups have used.

The decision will be based on American law and on the fair use doctrine, a legal theory that promotes freedom of expression by allowing the use of copyrighted works in certain circumstances and under specific conditions without prior licensing. The case might have been different had the judgment been brought in Europe, where exceptions to copyright are much narrower. For example, the AI Act in Europe expressly refers to Article 4 of the Copyright Directive (text and data mining exception), which is applicable only in very limited cases.

Author: Lara Mastrangelo

 

Technology Media and Telecommunication

Italian Space Law: Innovation and sustainability in the future of space

The Council of Ministers recently approved the first Italian law on Space and the Space Economy, proposed by the Minister for Enterprise and Made in Italy with responsibility for space and aerospace policies.

The measure puts Italy at the forefront among the major global players and anticipates the EU's intentions regarding a regulation for the space sector. The text also fills a previously existing regulatory vacuum, providing an essential framework for the space sector.

After months of consultations with the main public and private actors in the sector, the law regulates access to space for private individuals, with a view to offering significant opportunities in a sector that’s increasingly crucial for industry and the world economy.

Among the provisions, authorisation is required for foreign operators intending to conduct space activities on Italian soil, as well as for domestic operators operating abroad, unless their activities are already authorised by other states on the basis of international treaties. Authorization is subject to fulfilling objective and subjective requirements.

Objective requirements include:

• the security of space activities
• the resilience of the satellite infrastructure with respect to cyber, physical and interference risks, with the consequent capacity to identify and manage space objects, detect incidents and guarantee the control of access rights
• environmental sustainability of the activities, through a verification of the environmental footprint of all phases

Subjective requirements include:

• professional and technical capacity
• financial adequacy
• concluding an insurance contract to cover accident risks
• the availability of a collision prevention service

The Italian Space Agency (ASI) will supervise the operators, with the power to revoke authorisations in the event of violations of regulations or commitments. ASI's President, Teodoro Valente, emphasised the importance of the bill as a fundamental step for the Italian space sector, and reiterated the attention devoted to small and medium-sized enterprises. The law introduces support measures for SMEs and startups to access public contracts in the aerospace sector. The Agency will have access to the documents and information in the possession of operators regarding authorised space activity and the space object to be launched; it will be able to request information and conduct inspections on the premises and sites used. If the operator doesn’t provide the requested information or documents or doesn’t take the necessary measures, hindering the Agency's supervisory activity, it will be subject to high administrative penalties of between EUR150,000 and EUR500,000.

Space activity, within the meaning of the legislative proposal, is understood to mean:

• launching, releasing, in-orbit handling and re-entry of space objects, including disposing of Earth orbits and removing objects;
• in-orbit services;
• assembling and using orbiting space stations;
• producing objects in outer space and on celestial bodies;
• exploring, extracting and using natural resources in outer space and on celestial bodies;
• launching, flight and residence of living beings in outer space and on celestial bodies;
• activities conducted through stratospheric platforms and sounding rockets; and
• any other activities conducted in outer space and on celestial bodies.

The legislative proposal also regulates the aspect of the liability of space operators and the state: the operator is liable for damage caused as a result of space activities and is always obliged to pay compensation for damage caused to third parties on the earth's surface. It is also liable for damage to aircraft in flight and to persons and property on board those aircraft. Liability will be excluded only if the operator proves the damage was caused exclusively and maliciously by a third party not involved in the space operation and that the third party's act was not preventable, or if they prove the damage was caused exclusively by the injured party.

The proposal emphasises the importance of the state developing space activity as a promising factor for economic growth. It specifies that access to data, services and resources of national space infrastructures will be guaranteed in a fair and non-discriminatory manner. And that it should contribute to sustainable development and exploit the potential of space in managing environmental resources and local effects of climate change, in facilitating telecommunications and logistics management.

To promote space activities, the government will draw up a National Plan for the Space Economy. It will contain analysis, evaluation and quantification of the needs for innovation to increase production capacities for developing the national space economy. It will also analyse the framework of institutional requirements related to services based on using space technologies. And it will include a plan for public partnership initiatives, defining synergies that can be activated between different financing and intervention instruments, and the allocation of initiatives. A multi-annual fund has also been established, the Fund for the Space Economy, with an initial endowment of EUR85 million for 2024, EUR160 million for 2025 and EUR50 million for 2026.

Author: Alessandra Faranda

---

Innovation Law Insights is compiled by DLA Piper lawyers coordinated by Arianna Angilletta, Matteo Antonelli, Edoardo Bardelli, Carolina Battistella, Carlotta Busani, Giorgia Carneri, Maria Rita Cormaci, Camila Crisci, Cristina Criscuoli, Tamara D’Angeli, Chiara D’Onofrio, Federico Maria Di Vizio, Enila Elezi, Alessandra Faranda, Nadia Feola, Laura Gastaldi, Vincenzo Giuffré, Nicola Landolfi, Giacomo Lusardi, Valentina Mazza, Lara Mastrangelo, Maria Chiara Meneghetti, Deborah Paracchini, Maria Vittoria Pessina, Tommaso Ricci, Rebecca Rossi, Roxana Smeria, Massimiliano Tiberio, Giulia Zappaterra.

Articles concerning Telecommunications are curated by Massimo D’Andrea, Flaminia Perna and Matilde Losa.

For further information on the topics covered, please contact the partners Giulio Coraggio, Marco de Morpurgo, Gualtiero Dragotti, Alessandro Ferrari, Roberto Valenti, Elena Varese, Alessandro Boso Caretta, Ginevra Righini.

Learn about Prisca AI Compliance, the legal tech tool developed by DLA Piper to assess the maturity of AI systems against key regulations and technical standards here.

You can learn more about “Transfer,” the legal tech tool developed by DLA Piper to support companies in evaluating data transfers out of the EEA (TIA) here. And check out a DLA Piper publication outlining Gambling regulation here, a report analyzing key legal issues arising from the metaverse qui, and a comparative guide to regulations on lootboxes here.

If you no longer wish to receive Innovation Law Insights or would like to subscribe, please email Silvia Molignani.