Cutting-Edge Research Papers at the Intersection of Law and Technology

/in /by

Pisa, Italy, July 2023. The culmination of months of dedicated interdisciplinary research conducted by the group of our 15 Early-Stage-Researchers (ESRs) has resulted in the publication of six cutting-edge working papers. For more than a year have our ESRs been working together in the Legality Attentive Data Scientist project (LeADS) that brings together aspiring researchers with diverse academic (law, economics, computer science) and cultural backgrounds. The objective: finding answers in a collaborative effort to pressing and emerging questions of today’s data economy and to effectively bridge the existing gaps between law and computer science.

By fostering collaboration between legal scholars and computer scientists, the project demonstrates that research conducted at the intersection of law and data science is a rich, complex and yet necessary task which ultimately yields innovative solutions to complex challenges. The melding of these disciplines allows for a more comprehensive understanding of the legal implications of rapidly advancing technologies. In their working papers, our scholars dived into and explored divers topics such as the definition and implementation of fairness in automated decisions, transparency and relevancy of consent policies, case studies on data access and re-use of vehicle data, or how technology might facilitate the creation of ‘data collaboratives’ where data can be shared in a privacy-friendly way.

The findings have already been presented to a wider scientific audience at prestigious conferences, such as the annual ACM Conference on Fairness, Accountability, and Transparency 2023 (FAccT) which this year was held in Chicago. Furthermore, the ESRs will present their research at a conference organised by the LeADS consortium that will take place at the Vrije Universiteit Brussel in January 2024.

 

ESR Barbara Lazarotto facilitates workshop at FARI

/in /by

On July 13 ESR Barbara Lazarotto participated as an expert facilitating a workshop at FARI – the AI for the Common Good Institute, which aims to enable, promote and perform cross-disciplinary research on Artificial Intelligence in Brussels led by LeADS beneficiary Vrije Universiteit Brussel (VUB) and the Université libre de Bruxelles (ULB).

The workshop lasted the whole afternoon, and Barbara joined a group facilitating the discussions on the use of Artificial Intelligence to enforce the right to repair products inside the concept of Repair Cafes. Along with participants from civil society and from the industry, the workshop aimed to find solutions for the obstacles faced by repair cafes, such as the lack of tools, spare parts, and information on how to repair multiple objects.

Other topics such as Intelligent Parts Identification, Predictive Maintenance, Virtual Repair Assistance, and Knowledge Sharing Platforms were discussed. Barbara also facilitated the discussion on the other topics. The main findings from the groups were presented to the whole group at the end.

The opportunity to join the workshop was greatly appreciated by Barbara since it gave her the chance to apply in practice concepts of data quality, data portability, and trade secrets.

ESR Fatma S. Doğan at The Young Digital Law Conference 2023

/in /by

ESR Fatma S. Doğan participated in The Young Digital Law Conference 2023 between 5th-7th July. The conference was organized by the University of Vienna, Department of Innovation and Digitalisation in Law and the Research Platform Governance of Digital Practices Department of Innovation and Digitalisation in Law, and the Research Platform Governance of Digital Practices. Fatma presented her study titled “Digital Discrimination in Healthcare and European Health Data Space Proposal”.

The emerging point of this study comes from technological developments in the medical sphere with the increasing use of AI technologies. Although these enhancements look highly promising, bias in these systems and related outcomes poses a prominent caveat. In her study, Fatma sought the question of ‘how does recently proposed European legislations plan to tackle this problem while putting a specific focus on the European Health Data Space proposal’. The European Health Data Space proposal was introduced last year with aiming to harmonize electronic health data systems of Member States and enable secondary use of health data for new technological developments. The proposal has numerous provisions related to AI systems yet would they bring a solution to bias-related issues in healthcare is open to discussion. Due to the reference to the AI Act proposal, Fatma also included the relevant provisions of the AI Act in the discussion.

The conference was filled with insightful talks and engaging keynote addresses. At the end of the third day of the conference, the final panel took place at the Austrian Supreme Court, which allowed young researchers to witness the incredible atmosphere of the Supreme Court. Fatma also had the opportunity to receive valuable comments and thought-stimulating questions following her presentation.

ESR Barbara Lazarotto moderates “Beyond Data” book discussion

/in /by

 

Brussels Privacy Hub organized a book presentation event on “Beyond Data: Human Rights, Ethical and Social Impact Assessment in AI” by Prof. Alessandro Mantelero at the premises of LeADS beneficiary Vrije Universiteit Brussel.

The book explores how data-intensive artificial intelligence (AI) systems have transformed various industries but also how traditional assessment models and procedures, such as data protection impact assessments, are insufficient to address the complex issues associated with AI systems.

ESR Bárbara da Rosa Lazarotto moderated the session where the author together with Prof. Gianclaudio Malgieri and Prof. Sophie Stalla-Bourdillon discussed the thought-provoking book. The author proposes a human rights-centered assessment framework, which considers ethical and societal issues alongside data protection, emphasizing the need to ensure that AI systems respect and uphold fundamental human rights, such as privacy, non-discrimination, and autonomy.

The discussion was recorded and will be soon available on Youtube.

New book: “AI Law – Between Sectoral Rules and Comprehensive Regime”

/in /by

Artificial intelligence (AI) has undoubtedly become one of the most transformative technologies in recent years. As its capabilities continue to evolve, so do the legal implications surrounding its use. To shed light on this complex and ever-changing field, a newly published book on AI Law titled AI Law – Between Sectoral Rules and Comprehensive Regime has been released, with Prof. Jessica Eynard, an associate professor at the LeADS beneficiary University of Toulouse, serving as its co-editor.

Bringing together a diverse group of forty authors from various corners of the globe, this book delves into the recent legislative advancements in their respective jurisdictions within the emerging field of AI law. By exploring the rapidly evolving landscape of AI legislation, the book aims to compare normative approaches while considering the social, cultural, historical, and legal system differences that may exist between different countries. The contributors to the book hail from countries such as Canada, France, Belgium, the United States, Brazil, Mexico, and Senegal, ensuring a wide range of perspectives and experiences are represented. By including authors from such diverse backgrounds, it becomes possible to evaluate and analyze the different approaches taken by each jurisdiction in addressing the legal challenges posed by AI.

The book aims to provide readers with a comprehensive overview of the current state of AI law globally, allowing for an understanding of the similarities, disparities, and gaps that exist between different jurisdictions. By examining these legislative advancements, researchers, policymakers, and legal professionals can gain insights into the challenges faced by various countries and identify potential best practices or areas for improvement.

More information is available on this website.

ESR Aizhan Abdrassulova attends to “International Scientific and Practical Conference of Young Scientists”

/in /by

On May 20, ESR Aizhan Abdrassulovapresented her research online at the Conference “International Scientific and Practical Conference of Young Scientists” in Ternopil, Ukraine with the topic “Data Ownership”. Aizhan explored the concept of data ownership, and its potential risks, and benefits, including data privacy and security concerns. Aizhan’s work was well-received by the audience who appreciated her insights and contribution to the conversation on data ownership.

Additionally, during the months of May to June 2023, Aizhan completed her first secondment at the Vrije Universiteit subBrussel (VUB). The period at VUB provided Aizhan with valuable exposure to the academic community and allowed her to establish professional connections with other researchers in her field. During her secondment, she had the opportunity to collaborate with experts in her area of interest and further develop her research skills. She also had the chance to explore the city of Brussels and immerse herself in the local culture, which gave her a broader perspective on social and scientific issues. Through her participation in numerous scientific events, conferences, and seminars, Aizhan expanded her knowledge and gained new insights into the latest research findings and developments. Overall, her first secondment was a highly enriching and rewarding experience that helped her to grow both academically and personally.

Last, in June 2021, Aizhan attended a seminar organized by Professor Fryderyk Zoll in Osnabrück, Germany. The workshop was specifically aimed at doctoral students from the University of Osnabrück. Aizhan presented to the attendees about her Ph.D. research as well as spoke about the “LeADS” project. Her contribution was received with keen interest and prompted lively scientific discussions with fellow doctoral students in attendance. The opportunity to interact with fellow scholars from Osnabrück was extremely enriching, and this interaction facilitated the sharing of knowledge, opinions, and perspectives that would help to shape subsequent research activities. The seminar was an excellent forum for young researchers to enhance their understanding of each other’s work, build social networks, and open up opportunities for future collaborations.

ESRs presenting their research at ACM FAccT

/in /by

ESRs Maciej Zuziak, Onntje Hinrichs and Aizhan Abdrassulova collaborative work got accepted for this years’ ACM conference on Fairness, Accountability, and Transparency (ACM FAccT) that was held in Chicago from 12-15th of June 2023. Maciej Zuziak presented their article on “Data Collaboratives with the Use of Decentralised Learning – an Interdisciplinary Perspective on Data Governance” during a paper session dedicated to Privacy.

In their collaboration, the ESRs combined their different research interests in law and machine learning, which enabled them to develop an interdisciplinary perspective on challenges posed by different approaches to data governance. The predominant part of the current discussion in EU data policy is centered around the challenging task of creating a data governance framework where data is ‘as open as possible and as closed as necessary’. In their article, the ESRs further elaborate on the concept of data collaboratives powered by decentralised learning techniques as a possible remedy to the shortcomings of existing data governance schemes.

Data collaboratives have been described as new emerging forms of partnerships where privately held data is made accessible for analysis and where collaboration between participants is facilitated to unlock the public good potential of previously siloed data. [1] They thus fit well the EU policy shift that has taken place over the past years. Whilst for decades, the introduction of exclusive property rights was discussed as a potential tool to empower data subjects with regard to ‘their’ data and to facilitate the emergence of data markets, this changed with the 2020 European Data Strategy. Now, the potential of the data economy should be unlocked by facilitating data access and sharing. The authors presented their concept of data collaboratives powered by decentralised learning techniques, which can be used as a tool to reach the goals of the current EU data strategy: facilitate access to data while protecting privacy and intellectual property interests which individuals and companies might have with regard to ‘their’ data. The collaboration between the ESRs thus reflected the idea behind the LeADS project that solutions to existing tensions in the data economy require an interdisciplinary perspective from both law and data science.

The paper can be accessed in the Digital ACM library via this link.

 

[1] 2020. Wanted: Data Stewards – (Re-) Defining the Roles and Responsibilities of Data Stewards for an Age of Data Collaboration

 

Participant Insights: ESR Xengie Doan Reveals the Top Highlights of CPDP 2023 Conference

/in /by

I attended CPDP 2023 and found two events very interesting and pertinent to my thesis topic regarding user-centered digital collective consent for genetic data sharing in the EU.

First, I attended a workshop on Wednesday about the Trustworthy (re)use of health data endorsed by the EHDS organized by The European Institute for Innovation through Health Data  ( i~HD).

Maria Christofidou from i~HD presented about consent the types of consent that were growing in the field, though they did point out that the EHDS does not endorse a specific type of consent, but instead suggested other legal bases for processing data. This was especially interesting to me as I am working on another model of consent, collective consent, which might be at odds with the EDHS as it currently stands. However, the speaker was unsure if consent would be replaced by other legal bases or if it would still continue to be used, but also have other legal bases as stated by the EDHS.

Then, the second speaker presented issues with data quality to make the data reusable. It was a manifold issue with only a few aspects that could currently be objectively measured, such as uniqueness (lack of duplication) while concepts like trustworthiness or representativeness were much more conceptual and difficult to be measured with current tools.

The workshop then proceeded to certification measures from the i~HD and a lively conversation with people working in complex multinational health data-sharing efforts who were unsure about the usefulness of the EDHS for facilitating easier data sharing, as it seemed to only add EU certifications on top of specific national requirements (which were sometimes at odds).

Another very interesting panel was the Privacy Engineering for Transparency and Accountability organized by TU Berlin on Thursday. This panel was full of great speakers, talks, and questions so I would highly recommend watching the recording, as this will only summarize a small portion of the panel. Transparency-enhancing technology was presented by Elias Grunewald from TU Berlin called TILT. This is a tool to scan policies for relevant transparency requirements in a machine-readable format for developers to use, which could then be translated to related privacy icons, dashboards, plugins, and more. These are interesting for my research because I am interested in enhancing transparency in digital collective consent tools that can adapt to both institutional governance and developer needs as well as user needs. Thus such a flexible system enabling different interfaces is very relevant.

Some other very interesting speakers spoke about the new offerings for privacy technology including Privado, and adversarial transparency to investigate a company’s actual practices when they are obscured (e.g. Meta).

 

16th Computers, Privacy & Data Protection – CPDP Conference in Brussels

/in /by

From 24– 26 May 2023 the 16th International Conference “Computers, Privacy & Data Protection – CPDP” took place in Brussels, Belgium, offering cutting-edge discussions in legal, regulatory, academic, and technological development in privacy and data protection. LeADS was present in panels and activities during the three days of the Conference.

Prof. Paul De Hert, one of LeADS supervisors, gave the Conference’s opening speech, introducing the new activities and the main topics discussed in 2023, such as the EDPB elections and the future of data protection in Europe in the face of recent EU Regulations.

Following the introduction, LeADS collaborator, Arianna Rossi of the SnT University of Luxembourg was one of the speakers at the panel “Measuring dark patterns and their harms: A multidisciplinary, Antecipatory Perspective”, organized by one of LeADS beneficiary Interdisciplinary Centre for Security, Reliability, and Trust (SnT), University of Luxembourg (LU), exploring the harms posed by dark patterns – such as the cookie banners – and how to address them. Arianna was also a workshop facilitator at the workshop “Personalised Privacy; How can we leverage personalisation for better privacy protection?” organized by Maastricht University, Law and Tech Lab.

On the second day of the Conference, LeADS ESR Barbara Lazarotto was a panelist at a panel on “The Underuse of Personal Data, Its Opportunity, Costs, and EU Policies” organized by the University of Turin, which focused on how the underuse of personal data can pose risks to society, such as hindering technological development of health research.

Other LeADS ESRs Fatma Dogan, Soumia El Mestari, Onntje Henrichs, Xengie Doan, and Aizhan Abdrassulova also attended the Conference, where they had the opportunity to join in interesting discussions on their research topics.

Op-Ed: “Business-to-government data sharing on the Data Act: between a rock and a hard place” by Barbara Lazarotto

/in /by

This Op-Ed was originally published on the EU Law Live Blog and can be accessed here

 

The Data Act proposal is the latest Regulation of the European Data Strategy to have been proposed in February 2022, with the main objective of removing the obstacles to the circulation of data and creating value from it through business-to-consumers, business-to-business and business-to-government data sharing. The Proposal has gained attention due to its innovative proposition, which aims to address complex and different concerns related to the data economy depending on the area of regulation. The Act addresses the market dominance within the field of IoT products, cloud and edge computing and aims to advance the European data economy through data reuse, including the public sector. Yet, the trajectory of the Data Act proposal has been a bumpy ride with a lot of back and forth between pushing for more sharing of data and furthering restrictions on data access, mostly influenced by stakeholder positions when it comes to business-to-government data sharing. In this Op-ed, I will further explore the road of the Proposal so far and how the modifications throughout the legislative process still support the industry position, and what this means for the future of business-to-government data sharing in Europe.

A wrestle between public sector access and industry interests

Before reaching the Council, the Data Act Proposal was mostly focused on data access by consumers and further sharing of data for the purposes of enhancing market competition. Chapter V, fully dedicated to business-to-government data sharing, was heavily influenced by public health management during the COVID-19 pandemic, in which access to privately held data by the public sector was considered essential. However, the use of private data is not only advantageous in exceptional circumstances but can also be essential to support the public sector in policymaking, a hypothesis which was not fully addressed by the Data Act proposal.

Yet, when the Czech Presidency took over the rotating presidency of the EU Council from 1 July to the end of 2022, it took a pro-public sector approach by broadening the scope of the business-to-government data sharing beyond the original proposal, pushing it forward the circumstances of data access for the purposes of enacting public tasks. Prague pushed for stronger enactment of mandatory data-sharing regulation, although the text significantly reduced the scope of business-to-government data sharing to only the European Commission and the EU Agencies whereas before it applied to all EU institutions. Empowering clauses were enhanced, which allowed the public sector to challenge requests for compensation by organisations holding data. One of the main additions was the further specification of tasks in the public interest provided by law that might justify the request for privately held data, such as local transport, city planning and infrastructural services. This opened an avenue of possibilities for the use of private data for public purposes such as the development of smart cities.

 

Following the end of the Czech rotating presidency, Sweden took over in January 2023, and contrary to the previous Presidency, it turned to the industry segment by proposing the reduction of the scope of the act to all data processed via systems subjected to Intellectual Property rights or specific know-how of the data holder. Additionally, the possibility for data holders to deny the sharing of data based on any trade secret was introduced, strengthening the business position considerably. When it comes to business-to-government data sharing, the scope of data was restricted only to non-personal data, a request that was present in the EDPB-EDPS Join Opinion 02/2022 on the Data Act.

Once the Proposal reached the Parliament for the trilogues, business-to-government data-sharing regulation took a considerable step back again, following the industry organisations’ joint statement expressing the sector’s concern with the protection of trade secrets. Some hypotheses on the use of private data by governments for the fulfilment of tasks in the public interest were removed from Recital 57, although in my opinion the removal does not impact the interpretation of article 15(b) of the proposal. Most recently, a common position was reached by Coreper which has highlighted again the necessity to ‘fine-tune’ the terms of business-to-government data sharing regulation. (for more information, see the Council press release here)

Between a rock and a hard place

Following this retrospective analysis, it is possible to observe that the main objective of the Data Act is to empower consumers by giving them access to data generated by ‘smart devices’ and that the business-to-government data-sharing provisions are not the focus of the Regulation, in spite of the pro-public sector approach by the Czech Presidency. The European Parliament strengthened the industry pleas, by enhancing trade secrets protection and restricting the possibilities of data access by governments.

Therefore, one question remains. Given the abovementioned trajectory, what is the future of business-to-government data sharing in the EU?

The Data Act is a horizontal proposal which aims to propose basic data-sharing rules for all sectors, leaving room for a specific regulatory framework for specific sectors. A specific regulatory framework would need to fully address the challenges faced by the public sector when accessing privately held data due to its peculiarities and its public interest purpose. A specific regulation would be essential to coordinate how already existing regulations (e.g., General Data Protection Regulation 2016/679, Data Governance Act Regulation 2022/868, Data Base Directive 96/9/EC), Member States’ legislation (such as the French loi n° 2016-1321 du 7 octobre 2016) and future proposed regulations such as the Data Act will co-exist. Additionally, a specific regulatory framework would have to face challenges, such as how to involve the private sector in public matters without causing a ‘corporatisation’ of the public sphere while protecting public values such as transparency of administration and the interest accessing certain types of data for public purposes.

So far, I still cannot see the end of the tunnel. Due to the backseat position of business-to-government data sharing in the proposal, it is safe to affirm that the future of B2G does not depend greatly on the Data Act. At the same time, the regulatory measures brought by the proposal are too restricted to alter the status quo of business-to-government data-sharing agreements that are already taking place, and they definitely do not address the issues faced by the public sector when settling agreements, such as power imbalances, unfair contractual clauses, and restrictions on the use of data. Thus, there is only hope that a Regulation that addresses these points is in the Commission’s pipeline.

Barbara Lazarotto is a PhD researcher at the Vrije Universiteit Brussel, a member of the Law, Science, Technology and Society Research Group (LSTS) and a Marie Curie Action Fellow at the LeADS Project.