Ingiustizia del danno – Pagina 2

Due proposte della Commissione UE sulla responsabilità civile: da intelligenza artificiale e sostituzione di quella generale da prodotto difettoso

Comunicato della Commissione sull oggetto e cioè sulle seguente due proposte dir dir.:

– Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on liability for defective products, Brussels, 28.9.2022 – COM(2022) 495 final, 2022/0302 (COD): qui ad es. importante disciplina (in parte anticipata da dottrina o giurisprudenza) sull’onere della prova, art. 9;

– Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on adapting non-contractual civil liability rules to artificial intelligence
(AI Liability Directive) , Brussels, 28.9.2022 – COM(2022) 496 final, 2022/0303 (COD) : molto interessanti gli art. 3 (Disclosure of evidence and rebuttable presumption of non-compliance ) e art. 4 (Rebuttable presumption of a causal link in the case of fault). E’ prcisato che la dir. regola la responsabilità aquiliana cioè non da contratto, art. 1.

Non c’è responsabilità di Uber per gli assalti a passeggeri compiuti da falsi Uber drivers

Così la Corte di appello californiana, 2 app. dist.-division one, 01 giungo 2022, B310131 (Los Angeles County Super. Ct. No. 19STCV11874).

Questione molto interessante, anche a livello teorico. Il punto è se U. doveva una protezione speciale alle attrici (vittime di adescamenti e aggressione da parte di falsi guidatori U.) ad es. fornendo accurate informazioni sull’esistenza di tali rischi nonchè predisponendo soluzioni (informatiche o altro) per evitarli.

La domanda giudiziale: << Through the SAC, the Jane Does seek to hold Uber liable for failing to warn them about or implement other measures to protect them against rapists employing the fake Uber scheme in the portions of West Hollywood and Los Angeles where the Uber entities knew rapists had repeatedly implemented the scheme. The SAC alleges the Uber entities “have not taken . . . any affirmative precautions to warn Uber users in” these or any other areas “of the continuous fake Uber sexual assault scheme” (capitalization omitted), and have not implemented additional safety features to help Uber app users assure they are entering the car of their authorized Uber driver>>, p. 8.

La regola nel diritto usa: <<The general rule that one has no duty, absent a special relationship, to protect others against harm at the hands of third parties is rooted in the idea that, “[g]enerally, the ‘person who has not created a peril is not liable in tort merely for failure to take affirmative action to assist or protect another’ from that peril.” (Brown, supra, 11 Cal.5th at p. 214, italics added, quoting Williams v. State of California (1983) 34 Cal.3d 18, 23.) A necessary corollary to this is that when a defendant has affirmatively “created a peril” that foreseeably leads to the plaintiff’s harm (Williams, supra, at p. 23), the defendant can, even absent a special elationship, be held liable for failing to also protect the plaintiff from that peril. This scenario does not represent a true exception to the general rule that there is no duty to protect. Rather, it involves more than a mere failure to protect (nonfeasance), and instead involves both misfeasance— the defendant has “ma[de] the plaintiff’s position worse, i.e., defendant has created a risk”—and the nonfeasance of failing to protect against that risk once created. (Weirum v. RKP General, Inc. (1975) 15 Cal.3d 40, 49 (Weirum).)>>, p. 17

Di conseguenza : <<The fake Uber scheme may be a foreseeable result of the Uber business model, and the Jane Does’ assailants may not have been able to as easily commit their crimes against the Jane Does, were it not for the Uber app and the Uber business model. But these connections cannot establish that the harm the
Jane Does suffered is a “necessary component” of the Uber entities’ actions. (Sakiyama, supra, 110 Cal.App.4th at p. 408.) “The violence that harmed [the Jane Does]”—abduction and rape—“[is] not ‘a necessary component’ of” the Uber business model. (See Melton, supra, 183 Cal.App.4th at p. 535.) Nor does such harm become a necessary component of the Uber business model because the Uber entities marketed the Uber app as safe to use, refused to cooperate with sexual assault investigations, or concealed sexual assaults related to the use of the app. Even accepting such allegations as true, the Uber entities still are not alleged to have “[taken] . . . action to stimulate the criminal conduct” (ibid.), as was the case in Weirum, where defendants encouraged plaintiffs to drive as quickly as possible to the designated location. (See Weirum, supra, 15 Cal.3d at p. 48.) To the contrary, like the defendants in Sakiyama, the Uber entities made efforts to prevent the type of conduct that harmed the plaintiffs—namely, they included matching system features in the Uber app that, if utilized, can thwart efforts like the fake Uber scheme. The conduct based on which the Jane Does seek to impose liability thus does not constitute misfeasance that can give rise to a duty to protect>>, P. 22 .

E se fosse stata portata in corte da noi? Può dirsi che che U. abbia il dovere ex art. 2043 (certo non contrattuale) di avvisare l’utenza che ci son falsi autisti e di implementare meccanismi di autenticazione o altro, per non incapparvi? Una risposta positiva pare tutt’altro che impossibile. Non parrebbe però utile la disciplina della responsabilità precontrattuale , dato che non c’è stato alcun contatto tra le vittime e U.

(notizia e link alla sentenza dal blog del prof. Eric Goldman)

Ancora sul c.d. data scraping: i dati pubblici dei profili Linkedin possono essere utilizzati da terzi

Interessante decisione di appello (di rimando dalla Suprema Corte) nella lite HiQ Labs c. Linkedin da parte del 9° circuito, 18.04.2022, 3:17-cv-03301-EMC (link fornito dal blog del prof. Eric Goldman) sulla questione della liceità dello scraping (raschiare/grattare) automatizzato (tramite bot) di dati presenti nei profili Linkedin pubblici.

Linkedid (L.) è scocciata per la raccolta dei dati dei suoi utenti da parte di HiQ che li usa per fornire offerte di profilazione ad aziende (ove è di fatto in concorrenza con la stessa L.) e tenta di bloccare la pratica.

Allo stato però in via cautelare (preliminary injunction) è ritenuta più probabilmente legittima che uillegittima.

Si v. spt. il § B Balance of equities, p. 17 ss sul bilanciamento dei reciproci danni probabili : In short, even if some users retain some privacy interests in their information notwithstanding their decision to make their profiles public, we cannot, on the record before us, conclude that those interests—or more specifically, LinkedIn’s interest in preventing hiQ from scraping those profiles—are significant enough to outweigh hiQ’s interest in continuing its business, which depends on accessing, analyzing, and communicating information derived from public LinkedIn profiles, p. 19.

Poi la corte affronta il merito cautelare (likelihood of success), p. 20 ss, favorevole ad HiQ sia per l’azione di tortious interference che per il CFAA.

Sulla prima (interferenza di L. sui rapporti contrattuali di HiQ con i suoi clienti): Balancing the interest in contractual stability and the specific interests interfered with against the interests advanced by the interference, we agree with the district court that hiQ has at least raised a serious question on the merits of LinkedIn’s affirmative justification defense … or all these reasons, LinkedIn may well not be able to demonstrate a “legitimate business purpose” that could justify the intentional inducement of a contract breach, at least on the record now before us. We therefore conclude that hiQ has raised at least serious questions going to the merits of its tortious interference with contract claim. Because such a showing on the tortious interference claim is sufficient to support an injunction prohibiting LinkedIn from selectively blocking hiQ’s access to public member profiles, we do not reach hiQ’s unfair competition claim.(p. 24-5 e 26/7).

Sulla seconda (Computer Fraud and Abuse Act (CFAA) ): il requisito di legge sull’accesso a computer altrui <<without authorization >> non si rifeisce al caso in cui i dati siano volutamente resi pubblici: <<We therefore conclude that hiQ has raised a serious question as to whether the reference to access “without authorization” limits the scope of the statutory coverage to computers for which authorization or access permission, such as password authentication, is generally required. Put differently, the CFAA contemplates the existence of three kinds of computer systems: (1) computers for which access is open to the general public and permission is not required, (2) computers for which authorization is required and has been given, and (3) computers for which authorization is required but has not been given (or, in the case of the prohibition on exceeding authorized access, has not been given for the part of the system accessed). Public LinkedIn profiles, available to anyone with an Internet connection, fall into the first category. With regard to websites made freely accessible on the Internet, the “breaking and entering” analog ue invoked so frequently during congressional consideration has no application, and the concept of “without authorization” is inapt >>. Soluzione esatta, direi (pur se relativo al diritto usa; da noi ad es. si v. il chiaro disposto dell’art. 615 ter c. pen.).

A ciò segue la sentenza 4 novembre 2022 sulla violazione contrattuale: Northern District of ColumbiaCase 3:17-cv-03301-EMC, HIQW c. Linkedin, 4.11.2022 , che di fatto limita la vittoria di HJQ sopra riportata (anche questa sentenza e link dal blog del prof. Eric Goldman).

Si v. ora l’aggiornamento sulla importante questione del data scraping postato il 28 marzo 2023 da Kieran McCarthy nel blog di Eric Goldman .