Innovation and Regulation | Quizlet

Define 'regulation' and explain how it differs from 'law'.

Regulation is any instrument (legal or non-legal) used to influence behavior. Unlike law, regulation can be private or non-binding and includes tools like technical standards or code .

List and describe three regulatory strategies from Baldwin, Cave & Lodge's framework.

1. Command-and-control: Fixed rules backed by sanctions. 2. Incentive-based: Uses taxes, subsidies to change behavior. 3. Market-harnessing: Relies on competition law to steer market behavior.

What are the main economic rationales for regulation?

1. Market failures (monopolies, externalities, information asymmetry). 2. Public goods provision. 3. Property rights issues (e.g., IP).

What is the 'pacing problem' in regulation and how can it be addressed?

It's the regulatory disconnect due to tech innovation outpacing legal adaptation. Addressed using risk-based regulation, sandboxes, or the precautionary principle.

What are the two primary objectives of the European Health Data Space (EHDS)?

1. Primary Use: Increase citizen access/control over health data. 2. Secondary Use: Enable research, innovation, and policy via data reuse.

Explain the difference between MyHealth@EU and HealthData@EU.

MyHealth@EU supports cross-border care (primary use), while HealthData@EU supports secondary uses like research and policymaking.

What is the opt-out mechanism under EHDS for secondary use?

Individuals can opt out of secondary data use anytime. However, Member States may override this for significant public interest purposes.

What is the difference between copyright and sui generis protection for databases under the EU Database Directive?

Copyright protects the structure if it's original (AOIC), while sui generis protects the content if there's substantial investment in obtaining/verifying it.

Why do most databases fail to qualify for copyright protection?

Because they follow standard/technical structures rather than reflecting personal creative choices.

What rights are granted under Article 3 of the DSM Directive for TDM?

Researchers in public institutions may mine lawfully accessed databases without needing rightholder permission, and this exception cannot be overridden by contract.

What are the main types of bias in AI datasets?

Selection bias, implicit bias, overfitting, underfitting, reporting bias, and group attribution bias.

Describe how the AI Act categorizes AI risks and what is required for high-risk systems.

AI risks: Unacceptable, High, Limited, Minimal. High-risk systems require rigorous data governance (Article 10), including dataset quality and bias monitoring.

What is FanFAIR and what does it assess?

A Python tool that assesses dataset fairness using six features including balance, completeness, and compliance.

Define 'testability' in the context of data regulation.

Testability refers to how easily a third party can verify the accuracy of reported data, including access, anchoring, and identifiability.

What are the problems with testability in Open Finance?

Lack of interoperability, poor metadata anchoring, asymmetric access to APIs, and unverifiable data outputs.

What is the main risk of over-crediting in carbon offset markets?

Non-additional projects and inflated baselines can exaggerate actual emissions reductions, undermining environmental goals.

What are the three main pillars of EU competition law?

1. Article 101 TFEU - Anti-competitive agreements. 2. Article 102 TFEU - Abuse of dominance. 3. Merger control - EUMR.

What five criteria are used to prove abuse of dominance under Article 102 TFEU?

1. Undertaking 2. Dominant Position 3. Abuse 4. Substantial market effect 5. No objective justification.

How does the EU assess anti-competitive agreements under Article 101 TFEU?

By checking: agreement between undertakings, object/effect of restricting competition, cross-border effect, and lack of exemption under Article 101(3).

What is a key difference between EU and US competition law?

EU focuses on internal market integration and public enforcement, while the US prioritizes consumer welfare and includes criminal penalties.

What is the difference between general and specific rules in regulation?

General rules apply across industries (e.g., data protection), while specific rules target particular sectors (e.g., HIPAA in healthcare).

Give an example of a command-and-control strategy in digital regulation.

GDPR's Article 5, which sets strict principles for data processing, enforced with fines for non-compliance.

What is 'regulatory capture' and which strategy is most vulnerable to it?

Regulatory capture occurs when regulated industries unduly influence regulators. Command-and-control is highly vulnerable due to close oversight.

What is a market-harnessing strategy and where is it applied?

A strategy that relies on competition law to shape behavior, such as preventing monopolies in digital platforms.

Why is disclosure a limited regulatory tool?

Because even when firms disclose information, it may be too complex for consumers to understand or act upon.

Describe 'rights and liabilities' as a regulatory strategy.

This allocates legal responsibilities and liabilities to incentivize compliance and allow harmed parties to seek redress.

What are the strengths of risk-based regulation?

It allows flexible, proportional responses and prioritizes regulatory efforts based on harm likelihood and severity.

What are weaknesses of incentive-based strategies?

They rely on predicting behaviors and may fail to stigmatize harmful conduct, such as pollution or algorithmic harm.

Define the Collingridge dilemma and how it relates to timing in regulation.

Early regulation lacks knowledge

Who are Health Data Access Bodies (HDABs) and what is their role?

They manage data access applications for secondary use under the EHDS, ensuring legal and ethical compliance.

What format must EHR data be provided in under EHDS?

In an interoperable European Electronic Health Record Exchange Format (EEHRxF).

What is the role of Digital Health Authorities (DHAs)?

They enforce EHDS rights for primary data use, such as patient access and rectification.

Why is GDPR not sufficient alone for health data sharing?

It doesn't mandate interoperable formats or specify reuse rules, which EHDS addresses through lex specialis.

How is the opt-out from secondary data use enforced?

Through systems managed by HDABs; however, states may override this for major public interest needs.

What is a Secure Processing Environment (SPE)?

A digital infrastructure where researchers can access health data without extracting or identifying individuals.

List two critical risks of EHDS implementation.

1. Overburdened HDABs due to complex duties. 2. Erosion of public trust from perceived loss of control over sensitive data.

Why does EHDS extend rights to inferred health data?

Because diagnoses and test results are derived from raw data and must be portable to ensure continuity of care.

What are the key concerns raised about value leakage in EHDS?

Big Tech may extract public health data value and sell results back to public institutions, raising fairness issues.

What is the duration of sui generis protection for databases?

15 years, renewable with each substantial investment, potentially leading to indefinite protection.

Why is this rolling renewal problematic?

It can lead to de facto permanent monopolies over factual data, stifling reuse and innovation.

What kind of investment qualifies for sui generis protection?

Substantial investment in obtaining, verifying, or presenting database contents—not in data creation.

What are spin-off databases and are they protected?

Databases created during data production (e.g., sensor data logs). These do not qualify for sui generis protection.

What case confirmed that contractual clauses can override user rights to unprotected databases?

Ryanair Ltd v PR Aviation BV.

What is a key limitation of Article 4 DSM Directive?

Rightholders can opt out, limiting the use of TDM by commercial actors, unlike the US fair use system.

What reform has been suggested for Article 4 DSM?

Make the general TDM exception unwaivable to promote innovation in the private sector.

Why is the AOIC standard hard to meet for database copyright?

Most databases follow functional or technical logic, not personal creative choices.

What does Article 10 of the AI Act require for training data?

It must be relevant, representative, error-free, and complete.

How does the AI Act handle special category data?

It may be processed if necessary for bias monitoring, but this raises privacy concerns.

Name two errors that reduce fairness in datasets.

1. Incompleteness (missing values) 2. Overfitting (model memorizes noise).

What is implicit bias and how does it affect AI systems?

Unconscious stereotypes embedded in data or design choices, leading to discriminatory outcomes.

Why is fairness more than just a technical issue?

It involves ethical, legal, and social dimensions like consent, transparency, and accountability.

How does FanFAIR handle sensitive variables?

It flags datasets as unfair if sensitive attributes (e.g., gender) are strongly correlated with predictions.

What is group attribution bias?

The assumption that individuals share the characteristics of their group, often reflected in skewed training data.

What is the tradeoff between performance and fairness?

Sometimes improving fairness may reduce accuracy, but good preprocessing can improve both.

What are the three attributes of testability?

Evidentiary anchoring, access symmetry, and identifiability.

What are fragile openness regimes in finance?

Systems that offer partial transparency but lack full auditability due to cost or privacy limitations.

How does Open Finance aim to improve data quality?

Through regulated APIs, standardization, and verifiability—but current efforts are incomplete.

What is the biggest barrier to API interoperability in finance?

Lack of uniform standards across banks, creating integration burdens for FinTechs.

What is evidentiary anchoring and why is it important?

It ties data claims to verifiable sources, preventing manipulation or distortion.

What is the role of default parameters in offset baselines?

They introduce estimation risks, so regulators use discount factors to prevent over-crediting.

Why is crop-switching a perverse incentive in offsets?

If farmers switch to higher-emission crops due to credits, it undermines environmental goals.

What is a better way to view carbon offsets, according to experts?

As investment schemes managed by regulators, not precise emission accounting tools.

What is required for a merger to fall under EU merger control?

It must meet the Community dimension threshold based on combined turnover in the EU.

What is SIEC in merger control?

Significant Impediment to Effective Competition—the test used to assess mergers under EUMR.

How is abuse defined under Article 102 TFEU?

Conduct by a dominant firm that distorts competition, such as exclusionary or exploitative behavior.

What was the anti-competitive conduct in the Meta/TikTok case?

Sharing sensitive information (algorithms, pricing) indicating collusion to avoid competition.

Why is collusion a 'hardcore' restriction under Article 101 TFEU?

Because it directly undermines market competition and cannot usually be justified.

What is the role of intent in proving anti-competitive practices?

While not always necessary, awareness of collusive content may be enough for liability.

What is a conglomerate merger and why is it scrutinized?

A merger between firms in different markets, assessed for potential leveraging or foreclosure effects.

What justification can companies offer during a merger review?

They may claim efficiencies and innovation gains outweigh competition harm—but this must be proven.