Special Edition Blog Series on PhD Abstracts (Part II)

This post is a continuation of the blog post series on PhD abstracts. You can find the first part of the series here.

Tommaso Crepax: Unchaining Data portability in a Lawful Digital Economy.

Data portability is a key instrument to realize the EU policy vision on data governance. Because it allows for data sharing and re-use through forms of access control, it has the power to benefit all players while adequately protecting their rights. Regrettably, economic, legal, and technical issues have hindered the development of information exchange systems supporting data portability. To create platforms and tools for data portability, developers need that emerging expertise of “legal engineers” identifies the legal requirements, to make sure that users, consumers, and “prosumers” can enjoy their rights securely, effectively, and without infringing others’ rights and legitimate interests. This research aims at finding such legal requirements inside the actual, dynamic wave of EU legislation on the issues of data governance (including data sharing, access, control, re-usability), competition in digital markets and provision of digital services. This quest for legal requirements moves beyond black letter law, leveraging case law development, as well as European and national relevant authorities’ guidance. The goal is to clarify what is requested to developers of portability services and personal data controllers in terms of implementable organizational and technical measures. This clarification effort uses established methods of requirements engineering elicitation and documentation, and is carried out with the use of relational databases. It is coordinated with the mapping of relevant ISO standards (most importantly, ISO/IEC 27701), and further evaluated for compatibility with the elicited requirements in a loop that potentially leads to guidelines for either reform or implementation. Lastly, this work provides a list of technical solutions as individuated by relevant authorities, case law and field experts.

Cristian Lepore: A Framework to Assess E-Identity Solutions

Digital identity is important for businesses and governments to grow. When apps or websites ask us to create a new digital identity or log in using a big platform, we do not know what happens to our data. That is why experts and governments are working on creating a safe and trustworthy digital identity. This identity would let anyone file taxes, rent a car, or prove their financial income easily and privately. This new digital identity is called Self-Sovereign Identity (SSI). In our work, we propose an SSI-based model to evaluate different identity options and we then prove our model value on the European identity framework.

Special Edition Blog Series on PhD Abstracts (Part I)

In this special edition series of blog posts, we are excited to present the PhD abstracts of our 15 Early Stage Researchers (ESRs). Each ESR has not only contributed to the interdisciplinary research within the LeADS project and its four Crossroads but has also pursued their own individual research within the scope of their PhD thesis.

While the topics and titles of their PhD theses may not align exactly with the specific LeADS research areas assigned to them, the influence of their work within the project has undoubtedly shaped and enriched their doctoral research. This diversity of topics reflects the depth and breadth of inquiry fostered within the LeADS project. We invite you to explore a variety of research topics and witness the valuable insights developed throughout the research journeys of our ESRs.


 

Qifan Yang: Reciprocal interplay between personal data protection under the GDPR and market competition in the data-driven society.

With the rapid development of the data economy, data has gradually become the key input and critical production factor and extracting value from big data has also been a significant source of power for internet market players. The review of the process of data generation reveals that most valuable data are produced by users.The frequent and massive collection and processing of data in the digital age have raised concerns about data privacy leaks and misuse. The EU General Data Protection Regulation covers personal data protection and cross-border transfers in the hope to tackle the protection of data subjects and its complex interrelation with economic and political implications via a comprehensive legal regime.

Against this backdrop scenario, as a rule of market governance, personal data protection seeks the balance between economic interests and individual rights taking into account the differences in their sensitivity. Although we cannot measure every influencing factor and turn them into conditions for a desired model, this research project will analyse the debate and impacts of the data protection regulation on competition dynamics in the EU and other countries, especially the impacts of personal data protection on the consolidation of market dominance. Due to the reciprocal interplay between competition law and personal data protection, personal data protection is also affected by competition law in a constant loop reaching different equilibria. Therefore, another important research objective is to sketch the mechanisms through which competition law can have an impact on data privacy in the legal and economic context. Methodologically, this research will be leveraging relevant legal, economic, technical and combining both a theoretical methodology with empirical analysis.

Louis Sahi: Distributed reliability and blockchain like technologies.

Data processing and AI-based techniques are now widely used in multiple sectors, including business, sociology, healthcare, mobility, research, etc. Moreover, companies and public organizations have produced and/or collected various types of data which today are stored in data silos that need to be integrated to build a data economy that drives innovation. Such data spaces should involve different stakeholders in collaborative data processing including distributed data life cycle as well as decentralized data governance. Naturally, when several systems are interconnected to carry out each step of the data life cycle, this data life cycle can be defined as distributed. When multiple entities manage data governance, this type of data governance is called decentralized data governance. Collaborative data processing raises several issues and challenges, especially, ensuring the reliability of distributed systems, trust in the decentralized governance of data processing, and compliance with legal requirements concerning data processing. Data quality plays a central role in these challenges to create a data economy. Data quality evaluation is a potential indicator to enhance the reliability, trust, and legal compliance of shared data across collaborative data processing. The main contribution of my research will respond to questions such as: are data governance stakeholders able to make the right decisions to maintain data quality? What are the data quality criteria that can be used to assess trust in all data governance stakeholders based on their actions and decisions? What are the data quality criteria pertinent to data governance? Then, how to assess the reliability of all components in distributed systems, i.e. the ability of each component to perform correctly and not degrade the quality of the data? How to create data quality contracts at each step of the data life cycle based on appropriate data quality criteria? Finally, how do we respond to the fact that there is no existing work that categorizes data quality criteria according to different EU regulations, such as the GDPR, the Data Act, or the Data Governance Act?

LeADS Conference “Legally compliant data-driven society”

2024, the final year of the LeADS project, will finish with an intensive three-day meeting packed with a wide variety of LeADS activities. Organized by the LeADS consortium, the activities will take place in Pisa at the Sant’Anna School of Advanced Studies. During these three days, three distinct events will take place, amongst them the Conference on Legally compliant data-driven society on 11 October 2024.

The first panel on Data-driven markets and Innovation Rationale will be initiated at 12:00 with opening remarks by Prof. Giovanni Comande’. The following talks were by Giovanni Pitruzzella, the Constitutional Court, Jeroen van den Hoven TU Delf, and Antonio Buttà, the AGCM.

The second panel on Research and secondary use of data will be initiated at 2 pm with opening remarks by Prof. Giovanni Comande, followed by talks by Loes Markenstein, EDPB, Regina Becker, Luxembourg National Data Service LNDS, Guido Scorza, Italian DPA, and Piotr Drobek, UODO Personal Data Protection Office, Poland.

Finally, Gabriele Lenzini, UniLu, will initiate the third panel at 4 pm on Data Society and technological sovereignty security, which will be followed by talks by Riccardo Masucci, Intel Bruxelles, Jorge Maestre Vidal, Indra · Digital Labs, Domenico Ferrara, ENISA, and Nicola Lattanzi, IMT.

ESR Barbara Lazarotto at Annual Privacy Forum 2024

The Annual Privacy Forum (APF) 2024 hosted in Karlstad, Sweden, on September 4-5, brought together leaders, researchers, policymakers, and industry experts to discuss cutting-edge data protection and privacy developments. The Conference was organized by ENISA, DG Connect, and Karlstad University. This year’s event focused on the complex interplay between emerging technologies and privacy regulations, particularly as AI, 5G, and smart systems evolve. With topics ranging from GDPR implementation to privacy in AI-driven environments, APF 2024 provided a platform for interdisciplinary collaboration to address future privacy challenges.

Barbara presented her research written along with colleague Pablo Rodrigo Trigo Kramcsak on the topic of “Another Data Dilemma in Smart Cities: the GDPR’s Joint Controllership Tightrope within Public-Private Collaborations“. The paper explored the legal challenges and implications of processing personal data within Public-Private Partnerships in smart city contexts.

The paper is available at the Conference’s proceedings and was greeted with warming feedback.