กฎหมายไซเบอร์และเทคโนโลยี
อาชญากรรมทางไซเบอร์ ความปลอดภัยออนไลน์ การกำกับดูแล AI พาณิชย์อิเล็กทรอนิกส์ และพยานหลักฐานดิจิทัล
บทนำ
Cyber and technology law is a rapidly evolving area covering cybercrime (Computer Misuse Act 1990), online safety (Online Safety Act 2023), electronic commerce, digital evidence, artificial intelligence, and the regulation of emerging technologies. The Computer Misuse Act 1990 remains the principal statute criminalising hacking, malware, and DDoS attacks. The Online Safety Act 2023 imposes duties on internet platforms to protect users from illegal content and (for large platforms) content that is harmful to children. The UK Government's approach to AI regulation is currently principles-based rather than legislation-driven, though sector-specific regulators are developing AI frameworks.
หลักการพื้นฐาน
Computer Misuse — The Computer Misuse Act 1990 creates three tiers of offence: unauthorised access (s.1), unauthorised access with intent to commit further offences (s.2), and unauthorised acts with intent to impair or with recklessness (s.3). Section 3ZA covers acts causing serious damage (max: life imprisonment).
Online Safety — The Online Safety Act 2023 imposes duties of care on user-to-user services and search services. Platforms must take steps to remove illegal content, protect children from harmful content, and provide transparency reports. Ofcom is the regulator.
Electronic Evidence — Digital evidence in court proceedings is governed by the Police and Criminal Evidence Act 1984 (s.69, now repealed), the Civil Evidence Act 1995, and case law on authenticity and admissibility.
E-Commerce — The Electronic Commerce (EC Directive) Regulations 2002 and the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 govern online transactions, including the 14-day cooling-off period for distance sales.
AI Regulation — The UK approach is sector-specific and principles-based. The Government's AI White Paper (2023) proposed five principles: safety, transparency, fairness, accountability, and contestability. Sector regulators (FCA, Ofcom, CMA, ICO) are developing guidance.
Deepfakes and Intimate Images — The Online Safety Act 2023 criminalises the sharing of intimate images without consent (including deepfakes). The Criminal Justice Bill (if enacted) will create a specific offence of creating sexually explicit deepfakes.
Encryption and Investigatory Powers — The Investigatory Powers Act 2016 provides for the interception of communications and requires telecommunications operators to maintain the ability to remove encryption when served with a technical capability notice.
Blockchain and Crypto — Crypto-assets are regulated by the FCA for anti-money laundering purposes. The Law Commission has recommended treating crypto-tokens as a distinct category of personal property.
กฎหมายสำคัญ
คดีชี้นำ
R v Gold and Schifreen
[1988] AC 1063
สถานการณ์ทั่วไป
Employee hacks into colleague's email
Unauthorised access to another person's email account is an offence under s.1 Computer Misuse Act 1990, punishable by up to 2 years' imprisonment. If the access is used to commit a further offence (e.g., fraud, blackmail), it falls under s.2 with a maximum of 5 years.
Social media platform fails to remove harmful content
Under the Online Safety Act 2023, platforms have a duty to remove illegal content and protect children. Ofcom can issue enforcement notices, impose fines of up to £18 million or 10% of worldwide revenue (whichever is greater), and in extreme cases, require ISPs to block access to the service in the UK.