13th International Workshop on Socio-Technical Aspects in Security

LeADS Beneficiary University of Luxembourg is organising the 13th International Workshop on Socio-Technical Aspects in Security which will take place on 7 July 2023 as a hybrid event in Delft, The Netherlands. ESR Xengie Doan and Prof. Gabriele Lenzini are on the organising team of the event.

The objective of the workshop is to stimulate an exchange of ideas on how to design systems that are secure in the world where they interact with users of varying lived experiences and diverse needs. Bringing together experts working in various areas of computer security as well as in social and behavioral sciences.

The Call for Papers accept original papers in several formats:

  • Full Papers discussing original research, answering well-defined research questions, and presenting full and stable results;
  • Work in Progress describing original but unfinished piece of work, based on solid research questions or hypotheses.
  • Position Papers discussing existing challenges and introducing and motivating new research problems;

For more information check STAST 2023 website!

Brief presentation of research of Xengie Doan

Brief presentation of research of Xengie Doan (ESR9)

March 2nd 2023 at 1 p.m.

Room 1, Palazzo Toscanelli, Sant’Anna School of Advanced Studies (Pisa)

For further info

ESR Soumia Zohra El Mestari at 5th AAAI/ACM conference on Artificial Intelligence , Ethics and Society (AIES)

Early-Stage Researcher Soumia Zohra El Mestari attended the fifth AAAI/ACM conference on Artificial Intelligence, Ethics and Society (AIES) hosted at Keble college, university of Oxford in the United Kingdom from August 1st to 3rd 2022.

Soumia applied and was selected to attend the doctoral programme that was organized by the conference. As part of the student programme, Soumia participated in various workshops along with PhD students from different disciplines namely: Ethics, Law, Philosophy, and computer science.

The participants took part in many group working sessions along with mentors who are distinguished scientists in their fields. The workshops were followed by lunch roundtables with mentors.

During the last day of the conference, Soumia presented her PhD work around the usage of Privacy Enhancing Technologies(PETs) in machine learning pipelines as a tool to achieve the EU vision of trustworthy AI systems.

 

 

She first began by discussing the various conceptions of privacy in the context of data driven solutions, the different threat points throughout the machine learning pipeline and how these threat points can be exploited to maintain strong privacy attacks that can not only lead to heavy leakage bills but also may be invisible to detect. Then, the presentation also discussed the various PETs used to mitigate those attacks along with the pros and cons of each mitigation strategy.

Finally, Soumia concluded her presentation by stressing on the fact that the effective identification of the threat points can be a key element to solve some of the privacy issues. However, solving some privacy issues may come at the cost of other trustworthiness elements such as fairness and transparency. Hence, building a trustworthy AI pipeline is a challenging task since the acceptable tradeoff between those trustworthiness elements remains hard to measure.

ESR Tommaso Crepax at Panel on Data Portability organised by the SoBigData++ project.

On November 28th, ESR Tommaso Crepax was invited to participate as speaker to an Awareness Panel on Data Portability organised by the SoBigData++ project.

The speakers Dr. Denise Amram (SSSA), Kyle Mc Kibbin (University of Ghent) and our Tommaso Crepax (SSSA) discussed issues of portability as embedded in relevant pieces of regulations. Opening with an explanation on article 20 GDPR from Dr. Amram, Mc Kibbin discussed the interplay between portability in GDPR in respect to the Data Governance Act and Data Act. Closing the debate, Tommaso highlighted that, contrary to what most data scientist would believe –that is, data protection and governance laws are obstacles to research—there are plenty of cases where laws such as the Open Data Directive or the Free flow of Non-Personal Regulation actually open up or give access to useful datasets – according to some specific conditions. Re- searchers, it seems, have more opportunities to access data than they think they have!

 

The recording of the event can be found here.

LeADS and LiderLab co-organize Workshop on ethical and legal issues in technology

The LeADS project will co-organize a workshop with the LiderLab titled “Dealing with ethical legal issues in technology development: the current approaches adopted in ongoing projects” in a hybrid format at the Aula Magna Storica – Scuola Superiore Sant’Anna, Pisa Italy on March 3rd 2023 12.00 – 13.30.

Program:

12.00 – 12.10 – Greetings and introduction to the workshop, D. Amram

12.10 – 12.20 – The VALKYRIES ecosystem and the ethical-legal issues, D. Amram & G. Comandé

12.20 – 12.30 5GSOSIA Proof of concept and ethical-legal remarks, V. Lionetti & M. Gagliardi & L. Valcarenghi

12.30 – 12.40 The RESCUER toolkit, E. Keremidou

12.40 – 12.50 The FACILITATE project and its challenges, J. M. C. Blom & D. Mascalzoni

12.50 – 13.20 Hands up Session: Q&A and Discussion, All

13.20 – 13.30 Conclusions: LeADS and the legality attentive generation of data scientists, G. Comandé

Please register to the event here and the link for event can be found here

 

ESRs in Podcasts: Xengie Doan on Interdisciplinary Research

ESR Xengie Doan got invited on the Ethical allies podcast that aims to uncover what really happens with ethical tech, digital rights, and more. In the episode “Data Science & Law: How Interdisciplinary Research Addresses Future Challenges”, Xengie addresses various questions on the importance of an interdisciplinary perspective in data science and law – despite both being fundamentally different.

Professionals from both fields would benefit from having a deeper understanding of the other perspective: data scientists should understand the fundamentals of the GDPR to find better and more flexible ways of implementing it and to be more ethical within those guidelines. Lawyers, on the other hand, should have a deeper understanding of the complexity of evolving technologies to find and develop an appropriate legal framework.

The Podcast can be listened to on the website of the Ethical Commerce Alliance.

ESR Qifan Yang participation at Symposium on Frontier of Smart Nomocracy & China Economic Law Annual Conference

Early-Stage Researcher Qifan Yang (ESR 1) presented her work about personal data value and protection systems in the Symposium on Frontier of Smart Nomocracy jointly sponsored and hosted by the Journal of Xi’an Jiaotong University (Social Science), Journal of the East China University of Politics & Law, SJTU Law Review, and Journal of Cyber and Information Law in Xi’an (China) on the 12th-13th of November.

As a part of the panel “Data Property Rights and Data Trading System”, she analyzed the value distributions of personal information among different subjects and across various transaction parties in the data collection, processing, and analysis process from the perspectives of communication and information economics.

Unlike ordinary trading objects, data has both basic use value “information collection” (eliminating the information asymmetry between the parties in the transaction) and potential use value “data analysis and prediction”. Personal data have little use value for information producers but have exchange value for other parties in the transaction to achieve information symmetry or expand the advantages of information asymmetry. Other available data in the market have basic use value for individual users to obtain information, but it is difficult to generate exchange value through individual collection or analysis because of its openness and accessibility. The company or platform can realize both the basic value and the potential value through data aggregation, data fusion, etc.

On the 3rd-4th of December, ESR1 Qifan Yang’s research “Personal Data Wavering between Privacy and Efficiency: Is Propertization a Good Answer?” won the third prize at the China Economic Law Annual Conference organized by China Economic Law Society in Wuhan (China). It illustrated the causes for de facto property rights in personal data, the attribution of de facto property rights in the free market, and its endogenous flaws through the Coase theorem and property theory based on law and economics.

Data sharing as a tool to enhance transparency in short-term accommodation rentals apps: EUCOM proposes a new Regulation

Short-term rental applications, such as Airbnb, have revolutionized the real estate market and tourism sector. By acting as an intermediary, the application offers peer-to-peer accommodation for a short period, growing exponentially. However, tout n’est pas rose dans la vie. Airbnb business model became a source of concern both for the traditional tourism accommodation sector and the real estate market of destinations. Labelled as a “disruptive innovation”, Airbnb has helped to construct an informal tourism accommodation sector which has impacted many cities. Lisbon is a good example of Airbnb’s impact, in a movement to renovate buildings, the Portuguese national rental law was modified, facilitating evictions and boosting the short holiday rentals market.

 

Looking at this problem, the European Commission has adopted a Proposal for a Regulation to enhance transparency in short-term accommodation rentals. With the objective of helping public authorities to ensure balance in a developing tourism sector, the Proposal aims to create a data-sharing framework between hosts and platforms to inform effective and proportionate local policies. Furthermore, reducing bureaucracy for hosts, impacting the market and facilitating the development of urban planning plans through data harmonization. Thus, the Proposal fits into the already existing policy provisions, such as GDPR, Digital Services Act, e-Commerce Directive, Platform to Business Regulation, and Data Act Proposal.

Hereinafter, I will focus this blog post on a few aspects of the Proposal which are connected to data protection, data sharing and data portability.

In an effort to create a harmonized database, Article 5 (b) sets that where hosts are natural persons, they must submit their name, national identification number, or any other identification information, address, telephone number, and mail address in order to insert their rental on the platform. Member States may require that the information provided is accompanied by supporting documents, however, it leaves it to the Member States to further regulate the format of this documentation. Article 5 (5) defines that Member States must ensure that the information and documentation submitted are retained in “a secure and confidential manner and only for a period which is necessary for the identification of the unit”, establishing the data can only be kept up until 1 year after the host’s request to remove the unit from the application’s registry.

Another very interesting section of the Proposal is the second part of Article 5 (5), which mentions that the Member States must ensure the documentation is “only used to ensure compliance with the applicable rules of the Member State concerning access to and provision of short-term accommodation rental services”. This statement opens the door to a myriad of suppositions: would it be possible to process this data for tax purposes related to short-term accommodation rental services? Article 12 of the Proposal seems to answer yes, by setting that access to information shall be granted to the competent authority responsible for “implementing rules governing the access to and the provision of short-term accommodation rental services”.

Lime e-scooter red zone example

When it comes to urban planning and public policy, Article 7 establishes that platforms must design and organize their interface in a way that makes it possible for hosts to self-declare where the rental service is located. This determination is a big step towards the regulation of the short-term rental market by the Public Sector, allowing the creation of a “short-term services map”, with “red zones” areas in which short-term rentals are forbidden similar to the ones implemented by e-scooters.

Ratio between the number of listings and the number of residences per neighborhood in the Reykjavík Capital Area.

Article 12 (3) (a) and (b) emphasizes that anonymized activity data might be shared with other public authorities tasked with developing laws, regulations and administrative provisions concerning access to and provision of short-term accommodation. This data can also be shared with entities and persons who carry out scientific research, analytical activities or develop new business models. Therefore, the Proposal removes power from platforms, giving the Public Sector the possibility to further share this data for research purposes.

Chapter III, related to “Data Reporting” creates an obligation for online platforms to share activity data and registration numbers on a monthly basis with Member States. Each Member State will create a “Single Digital Entry Point”, which will be the data entry point for the receipt and forwarding of activity data (Article 10). Each Member State will designate an authority responsible for the operation of the Single Digital Entry Point.

Article 10 also lays out a series of technical considerations related to the Single Digital Entry Point which evolves data portability. It regulates that Member States must provide a technical interface which enables platforms to provide machine-to-machine and manual transmission of activity data to the Digital Entry Points. They also must facilitate checks by platforms and competent authorities and guarantee data interoperability between the Single Digital Entry Point and with State’s documental registries for check purposes. Digital Entry Points also must guarantee data re-use, if the same information or documentation is requested by multiple registries within the same Member State.

Thus, although this is the first version of this Proposal, this future Regulation will be an interesting step forward in many aspects which include data protection, data sharing, data portability and urban public policies.

ESR Fatma Sümeyra Doğan at workshop “Towards Health Futures: Innovating with Health Data”

 

ESR Fatma Sümeyra Doğan attended a conference workshop held in Copenhagen on 11th December 2022 titled: Towards Health Futures: Innovating with Health Data as part of the International Conference on Information Systems (ICIS). The program had three parts and the first part started with two presentations from professionals who working on health data. The first presentation was given by Katharina Lauer from COVID-19 Data Portal by the ELIXIR project. In her presentation, we received insights about challenges they faced during the pandemic, for instance, lack of standardization and different interpretation of law across data-sharing infrastructures. The second presentation was given by Nikolas Molyndris from Decentriq which is a newly founded company to enable secure data connections between different partners by using privacy-enhancing technologies such as confidential computing and federated learning.

The program continued with the panel session with esteemed scholars Elizabeth J. Davidson, Katharina Lauer, Silvia Masiero, Aleksi Aaltonen and Daniel Fürstenau in moderation of Hannes Rothe. During the panel session discussion continued around the different aspects of health data in numerous disciplines. Aleksi Aaltonen pointed out that clinicians’ main focus is on the treatment of the patients however, we should shift our focus also to data collection and interpretation as this will benefit us more in the future so clinicians should be educated in this manner. Silvia Masiero mentioned that from health data, we can learn about society as well as the patient. In this sense, being discriminated against while receiving health services will also have a secondary effect. She also talked about this concept, which she defines as data injustice, and that we need to make efforts to reduce this effect. Katharina Lauer remarked on the different layers of health data and a novel area called ‘planetary health’ which we will be hearing more about in the future as a result of climate change and migrations due to these changes. Elizabeth J. Davidson referred that health data is integrated into every part of human existence and thus has enormous importance. In this regard, while technology is advancing and sharing data is getting easier day by day, hesitations around sharing must be evaluated carefully. Daniel Fürstenau flagged up the inconstant nature of health data and this feature must not be disregarded while collecting and processing health data.

After the panel session, Fatma presented her work in the roundtable session. Her study titled: Secondary Use of Health Data: A Comparative Analysis of GDPR and European Health Data Space. She focused on provisions of secondary use in the European Health Data Space and how these provisions will interplay with GDPR and made a comparison of the two legislations. Her starting point was as being a newly introduced term, how should we interpret the secondary use under GDPR and EHDS proposal. The fact that even EHDS does not offer us a definition was the main point of her discussion and she received valuable feedback after her presentation from the other participants of the roundtable.

Participation of ESR Aizhan Abdrassulova in Conferences in December 2022

Early Stage Researcher 12 Aizhan Abdrassulova presented her research at the International scientific and practical conference State, Security and Human Rights in the Digital Era” hosted by the University of Warsaw on December 8-9 2022.

Aizhan presented her topic “Data privacy and data trust – how to find a balance”, in which she raised the issue to find the best way to comply with the principle of where data is “as open as possible, as closed as necessary”.

Also on December 19, Aizhan visited Kozminsky University in Warsaw, where she was a speaker at the international conference Legal Comparatistic in Legislative-Political Discourse. Legality or Abuse”.

Aizhan’s topic “Comparative legal analysis of digitalization of the political space of Poland and Kazakhstan” was interesting from the point of view of comparing the political spaces of Poland and Kazakhstan according to such criteria as the legal framework, information awareness of citizens of both countries and digital capabilities in the political space.