Archive for category: Blog

This post is a continuation of the blog post series on dissemination pieces. You can find the first part of the series here.

Barbara Lazarotto – ESR 7: Can Business-To-Government Data Sharing Serve The Public Good?

Data is considered to be the world’s biggest business, leading some to affirm that it can be considered a commodity. Access to data has been essential to promote competition and innovation between different stakeholders, including the public sector. The European Union has enacted a series of Regulations that overlap and interconnect with the main objective of enhancing the sharing of data from all parties. In this context, this research aims to explore them and analyze if they indeed assist business-to government data sharing.

Fatma Dogan – ESR 8: To Use or Not to Use? Re-using Health Data in AI Development

This study examines the re-use of health data in the context of AI development, focusing on regulatory frameworks governing this practice under the European Health Data Space. It explores how transparency and the protection of personal data are balanced with the need for innovation in healthcare. By analysing real-world examples and the application of General Data Protection Regulation principles, particularly transparency, this study assesses whether health data can be re-used for AI-driven healthcare advancements without undermining individuals’ data protection rights.

Xengie Doan – ESR 9: Collective Consent, Risks and Benefits of DNA Data Sharing

Health data is sensitive and sharing it could have many risks for personal or shared genetic data. So how can impacted individuals consent together? Collective consent has been used in person, but no digital collective consent exists yet. Challenges span legal-ethical issues and technical properties such as transparency and usability. To address these challenges, this work uses genetic data sharing as a use case to better understand what tools and methods can enhance a user-friendly, transparent, and legal-ethically aware collective consent.

Armend Duzha – ESR 10: Extracting Data Value through Data Governance

Harvesting value from data requires an organization-wide approach. Data governance plays an essential role in a heterogenous environment with multiple entities and complex digital infrastructures, enabling organisations to gain a competitive advantage. This research examines a new approach for data governance developed to extract data value respecting the ever delicate balance between transparency and privacy. In addition, it provides an overview of the key innovations brought in by novel technologies such as Artificial Intelligence, Federated Learning and Blockchain, and how these can be integrated in a data governance program.

Christos Magkos – ESR 11: Persοnal Health Infοrmatiοn
Management Systems (PHIMS) Fοr User Empοwerment: A
Cοmprehensive Overview

The management of continuously increasing personal health data, in the digital information era, is becoming more and more relevant in modern healthcare. Through integrating raw data in digital platforms, personal health information management systems (PHIMS) could provide a method for the storage, management, and regulation of personal health data access. We examine how PHIMS can empower users to take control of their own healthcare by combining diverse health information sources such as health monitoring devices and electronic health records into a single easily accessible system.

Aizhan Abdrassulova – ESR 12: Personal Data Ownership:
Individuals’ Perspective in the EU

Speaking about the concept of data ownership, first of all it is necessary to look at the existing gaps and problems “from the inside”, and find out what is generally considered problematic for the data subject itself? What are the expectations of the data subjects themselves? What level of control over their data do they consider acceptable and sufficient? Along with efforts to find answers to these pressing questions, there is an obvious need to provide suggestions
for improving the level and quality of personal data management, which could be satisfactory for data subjects.

Onntje Hinrichs – ESR 13: Why Your Data is not Your Property (and Why You Still End Up Paying With It)

This essay explores three interrelated topics that reveal tensions in the European approach towards the regulation of the data economy: (i) data as property (ii) data and fundamental rights, and (iii) data as payment. By retracing how scholars and policy makers have attempted to find an appropriate regulatory framework for the data economy, this essay shows that up to this day, contradictions in the EU’s approach to the data economy persist and become evident in our everyday lifes online. Despite not owning our data, we end up paying for digital content and services with our data. This essay explains this paradox and its role in ongoing legal battles between the large corporations, civil society and the EU.

Robert Poe – ESR 14: The Perils of Value Alignment

This essay argues that global AI governance risks institutionalizing violations of fundamentalrights. It critiques the ethical foundation of AI governance, observing that moral objectives are being prioritized over legal obligations, leading to conflicts with the rule of law. The essay calls for a re-evaluation of AI governance strategies, urging a realistic approach that respects citizens, legal precedent, and the nuanced realities of social engineering, aiming to provide an account of some of the dangers in governing artificial intelligence—with an emphasis on Justice.

Soumia El Mestari – ESR 15: What AI is stealing! Data privacy risks in AI

Even if we may not realize it, AI’s presence in our lives is increasing at a great pace. Most technological services we use nowadays are driven by AI, and that could be good news since AI’s aims to improve the quality of the services. Unfortunately, to work well, AI greedily feeds on user data: AI models collect, process, and store a great deal about us, which is a problem if such sensitive information is leaked. This chapter discusses that this risk of AI’s leaking personal data is not only hypothetical and suggests how to mitigate it.

Welcome to our special edition blog post highlighting the exciting research of our 15 Early-Stage Researchers (ESRs). These talented individuals have been tackling some of the most pressing challenges at the intersection of law and technology. In this edition, we’ve compiled their abstracts, each designed for a general, non-specialist audience. Each ESR has worked to break down complex interdisciplinary research into accessible narratives that explore critical issues like privacy, data sharing, AI, and the broader regulatory landscape of the data economy. Their findings offer innovative solutions, reveal key limitations, and propose paths for future exploration.

These research pieces are written in a way that makes them valuable to a wide range of readers—from policymakers and lawyers to computer scientists and engaged citizens. They illustrate the power of interdisciplinary collaboration in driving progress and finding solutions to today’s most urgent legal-tech challenges. The complete collection of these insightful abstracts will be published in a special issue of the open-access journal Opinion Juris in Comparitione. Stay tuned for more updates and discover how this work shapes the future of law and technology.

Qifan Yang – ESR 1: Your Data Rights: How does the GDPR affect the Social Media Market?

With the development of digitalization, personal data has gradually become a valuable resource for social media companies to extract value and obtain market dominance. Personal data processing can raise serious concerns about privacy leaks and misuse. In response, the adoption of the General Data Protection Regulation (GDPR) enhances personal data protection and market competition, but also potentially influences economic interests, the rights of data subjects, as well as market dynamics. The chapter uses the social media market to understand the complex relationship between the GDPR and market competition.

Louis Sahi – ESR 2: Evaluation and Harmonization of Data Quality Criteria: Insights from Expert Interviews for Legal Application

This article focuses on the development of a framework for assessing data quality, with the goal of enabling automated evaluation. It highlights the increasing importance of data quality in modern, data-driven organizations, especially in light of evolving regulatory frameworks such as the GDPR, Open data EU regulation. The paper begins by addressing inconsistencies
in current data quality criteria (DQCs) and proposes a unified list based on a comprehensive literature review. The research seeks to align data quality standards with the broader context of data processing, including governance and lifecycle management. Through expert interviews with professionals in data management and legal fields, the study aims to consolidate the DQCs while ensuring compliance with EU regulations. The article emphasizes the need for collaborative data processing in decentralized environments, such as the European Common Data Spaces, and the importance of ensuring trust, legal compliance, and reliability in shared data. The research contributes towards bridging the gap between academic methodologies and real-world industrial applications of data quality assessment.

Tommaso Crepax – ESR 3: BYOD – Bring Your Own Data. The struggle of re-using data in a world of heterogeneous systems

Data portability, often seen as straightforward, is a complex issue in the digital era, intersecting with law, technology, and economics. This contribution uses a BBQ analogy to illustrate the challenges of ensuring data remains functional and meaningful across systems. Examining regulations like GDPR, the Digital Markets Act, and the Data Act, highlights gaps in addressing data semantics and content completeness. The piece advocates for a holistic, integrated approach to enhance data portability, emphasizing the need for a Legality Attentive Data Scientist (LeADS) approach to drive innovation and user empowerment in the digital marketplace.

This post is a continuation of the blog post series on PhD abstracts. You can find the first part of the series here.

This research will propose a new approach to protect against risks related to personal data exploitation, drawing a methodology for the implementation of data management and analytics in edge computing and serverless offerings in considering privacy properties to modulate the prevention of risks and promotion of innovation. In addition, it will establish AI-driven processes to increase the user’s ability to define in a more accurate way both his offerings in edge computing environments and the data management and analytics as regards the protection of her/his privacy; draw the architecture in terms of data governance and analytics linked with the resource resources management on such dynamic environments.

Christos Magkos: Personal Health Information Management
Systems for User Empowerment

In the era of immense data accumulation in the healthcare sector, effective data management is becoming increasingly relevant in two domains: data empowerment and personalisation. As healthcare shifts towards personalized and precision medicine, prognostic tools that stem from robust modeling of healthcare data, while remaining compliant with privacy regulations and the four pillars of medical ethics (Autonomy, Beneficence, Non-maleficence and Justice) are lacking. The following thesis assesses the principles that the design of health data storage and processing should adhere to through the prism of  personal information management systems (PIMS). PIMS enable decentralized data processing, while adhering to data minimization and allowing for control of data exposure to third parties, hence enhancing privacy and patient autonomy. We propose a system where data is processed in a decentralized fashion, providing actionable recommendations to the user through risk stratification and causal inference modeling of health data sourced from electronic health records and IoT devices. Through an interoperable personal information management system, previously fragmented data which can be variably sourced and present with inconsistencies can be integrated into one system consistent with the EHDS, and as such data processing can proceed more accurately.  When attempting to design clinically actionable healthcare analytics and prognostic tools, one of the main issues arising through current risk stratification models is the lack of actionable recommendations that are deeply rooted to pathologies analyzed. We therefore compare whether causal inference models derived from existing literature and known causal pathways can provide equally accurate predictions to risk stratification models when medical outcomes are known. This would allow for explainable and actionable outcomes, as physicians are reluctant to act upon “black box” recommendations due to medical liabilities and patients are less likely to be compliant to unexplained recommendations, rendering them less effective when translated to the clinic.  Simulated datasets based on different types of data collected are analyzed according to risk stratification and causal inference models in order to infer potential recommendations. Different methodologies of risk stratification and causal inference are assessed and compared in order to find the optimal model that will function as a source of recommendations. Finally, we propose a holistic model under which the user is fully empowered to share data, analytics and metadata derived from this data management system with doctors, hospitals and researchers respectively with recommendations that are designed to be explainable and actionable.

This post is a continuation of the blog post series on PhD abstracts. You can find the first part of the series here.

Barbara Lazarotto: Business to Government Data Sharing in the EU and the protection of personal data: Making sense of a complex framework.

Data is a crucial resource that plays an essential role in the economy and society. Yet, due to market failures, data has been often treated as a commodity and held in silos by a few actors, often large companies. In light of recent developments, there have been talks about transferring data from exclusive control of certain groups to making it accessible for public use. The European Union has taken a step in this direction by introducing the “European Data Strategy”, a set of rules and regulations that amongst other objectives, also aimed at making it easier for stakeholders to share data among themselves and with governments. However, this regulatory framework which includes different modalities of business-to-government data sharing is fairly new and the synergy between them is still yet to be seen since many of them may overlap and have possible contradictions.

Against this backdrop, there is a pressing need to analyze the current legal and regulatory landscape for business-to-government data sharing in the EU, how they interact with each other, and their possible consequences for the rights of data subjects. The analysis will delve into the complexities of the regulatory conundrum associated with business-to-government data sharing and explore whether the current framework effectively addresses the data subject’s data protection rights as enshrined in the GDPR. Ultimately, this research aims to provide a comprehensive understanding of the legal and regulatory landscape for business-to-government data sharing and its connections with data subject’s rights.

Health data is sensitive and sharing it could have many risks, which is especially true for genetic data. One’s genome might also indicate physical or health risks that could be used for more personalized healthcare or personalized insurance premiums. These risks affect not only the individual who has initially consented to the collection and sharing, but also those who may be identified from the DNA, such as genetic relatives or those who share a genetic mutation. How can relevant individuals come together to consent to genetic data sharing? Collective consent stems from indigenous bioethics where indigenous tribes fought for their right to consent to biomedical research as a community, not just as individuals. It has been used in research partnerships with indigenous groups to improve stakeholder involvement instead of treating indigenous populations as test subjects. Though it has been proposed, no digital collective consent (wherein multiple individuals consent in different via different governance structures such as families or tribal leader) exists for the general public. Challenges span legal-ethical issues and technical properties such as transparency and usability. In order to build collective digital consent to meaningfully address real world challenges, this work uses genetic data sharing as a use case to better understand what tools and methods can enhance a user-friendly, transparent, and legal-ethically aware collective consent. I conducted a theoretical and empirical study on collective consent processes for health data sharing. First, we explored the privacy and biomedical gaps in collective consent, as it has not been implemented widely outside of indigenous populations. Then I surveyed user goals and attitudes towards engaging elements within different consent mediums, then I analyzed the transparency and user-relevancy of policies from notable DTC genetic testing companies to find gaps in. Last, I validated the framework for transparent, user-centered collective consent with a use-case with a company in Norway.