ESR Tommaso Crepax presents his research at the Privacy Symposium

ESR Tommaso Crepax presented his article on “The ‘Meta-moth-phosis’ of Data Portability: Observing the Transformation of Data Portability Through a Comparative Analysis of Definitions Across European Legislation” at this year’s Privacy Symposium conference, which took place in Venice, Italy, from June 10th to June 14th.

In his article, Tommaso examines the varying interpretations of data portability across different legislative frameworks. While each jurisdiction labels the concept as “portability,” the underlying understanding of what constitutes portability significantly differs. This research shows that the notion of data portability has undergone a substantial transformation: initially centered on empowering users by enabling data export and transfer, it has progressively shifted focus to benefit the data market by making data accessible to various entities in an easily-modifiable, machine-readable format. The metamorphosis of portability is complete in the Data Act: from larva to moth—the meta-moth-phosis.

For more information, read his blog post and abstract.

ESR Onntje Hinrichs publication in the Journal of European Consumer and Market Law (EuCML)

Cover image ofJournal of European Consumer and Market LawESR Onntje Hinrichs’ article on “Consumer Law and the Regulation of the Free Flow of Data: Upsetting the Balance of the European Data Protection Framework” has been published in the Journal of European Consumer and Market Law (EuCML).

Over the past years, scholars have increasingly investigated the complementarity of data protection and consumer law with regard to the protection of consumer data. No attention, however, has thus far been paid to the consequences which consumer law might have on the free flow of both personal and non-personal data.

In his article, Onntje analyzes various consumer law instruments and shows how consumer law transposes the principle of free movement of data from data protection to non-personal data via maximum harmonization. At the same time, however, his article demonstrates how consumer law risks undermining the object of data protection law to create a harmonized legal framework that facilitates the free flow of personal data.

The entire article can be accessed via this link.

 

 

ESR Fatma Doğan at PhD Summer School on Artificial Intelligence and Law 2024 at Tübingen University

 

Between the 13th and 17th of May, ESR Fatma Doğan had the opportunity to attend the Summer School, an event that brought together researchers from a variety of fields to share insights, foster collaboration, and advance collective knowledge. It was an invigorating experience, to say the least.

One of the most rewarding aspects of the summer school was the opportunity for Fatma to present a part of her PhD research. Sharing her work with such a diverse and knowledgeable audience was exhilarating. The feedback received was invaluable, offering new perspectives and ideas that Fatma is eager to incorporate into her research. The summer school provided a fantastic platform for Fatma to network with other researchers. Engaging with peers from different disciplines opened her eyes to various methodologies and approaches that she hadn’t considered before. These interactions highlighted the importance of interdisciplinary collaboration in driving innovation and solving complex problems.

The event featured many esteemed scholars who gave insightful talks on a wide range of topics such as Nadya Purtova, Lilian Edwards, Michael Veale, Uli Sachs and Yong Lim. Just to give an example, Fatma shared some remarks from Woodrow Hartzog’s speech.

Prof. Hartzog delved into the complex risks of AI and the challenges of regulating this technology. He highlighted the difficulty of understanding AI’s full risks, noting the divide between techno-optimists and techno-doomers. Prof. Hartzog stressed the dangers of an unregulated information ecosystem and the necessity of proactive measures to prevent harmful advancements by less scrupulous actors. He pointed out the growing privacy risks posed by IoT devices like facial recognition doorbells and the increasing use of AI for micro-management in schools, workplaces, and universities. This creates an “AI micro-managing machine” that personalizes ads and perpetuates misinformation—a scenario he described as a “snake eating its own tail.”

Regarding regulation, Prof. Hartzog critiqued Biden’s executive order on AI, which focuses on transparency but often falls short. Transparency is insufficient without real power for individuals, and debiasing AI is challenging and doesn’t necessarily make systems less dangerous. Ethical guidelines and advisory boards, while well-intentioned, often lack authority, creating a false sense of progress. Emphasizing individual control over personal data is misleading when system designs don’t support genuine autonomy. Prof. Hartzog mentioned that governments must protect individuals regardless of their choices because ‘no technology is neutral’. Lawmakers should be involved in tech development to ensure alignment with societal values. He highlighted the importance of maintaining social trust and pointed out that meaningful AI development might reduce industry profits but is essential to avoid societal harm. Technologies requiring significant human exploitation might not be necessary.

Reflecting on historical lessons, Prof. Hartzog noted the decline in public trust in tech companies and the growing calls for stricter regulations, such as bans on facial recognition. Local efforts, like city councils banning facial recognition, demonstrate meaningful action once considered unimaginable. Finally, Prof. Hartzog emphasized that addressing bias in AI is crucial but just a starting point. Bias correction alone won’t eliminate the risk of AI being used oppressively. He compared AI regulation to speed limits—necessary for safety despite being imperfect. He also noted that surveillance-driven advertising contributes to misinformation, underscoring the need for comprehensive and proactive AI governance, ethical development, and privacy protection to ensure technology serves society responsibly.

This summer school was more than just an academic exercise; Fatma is looking forward to applying the insights gained to her ongoing research. Lastly, Fatma is thankful to the organizers and participants who made the Summer School a success.

LeADS Game Night

The LeADS Project has developed a set of board games that we would love to share with you. The games were developed by the four crossroads of the LeADS projects and are designed to be engaging and educational. Interested in trivia games? Join us for around of “Know-IT All!” Interested in games of role-playing, discussion and debate? Join us for a round of “Jury Trials,” “Privacylandia,” or “SynergyLegal”.

The Game Night will be held on the 9th of July 2024 from 7:00 PM onwards in Pisa! Details are on the flyer (attached).  The games will be conducted in English, so feel free to get family and friends! See you there!

For more info and location here

LeADS Online Seminar with Prof. Mohammad Hamad

LeADS Online Seminar with Prof. Mohammad Hamad
“Security and Resilience of IoT: A Focus on Connected and Autonomous Vehicles”
Thursday, July 25th 2024 – 2 pm (CEST)
Online participation link: Join the meeting
Join Prof. Mohammad Hamad in conversation around security challenegs that connected and autonomous vehicles face and present an innovative solution developed by TUM.
IoT systems are almost everywhere, and they form the backbone of many systems we inetract with in our daily lives. One great example of such systems is connected and autonomous vehicles. These vehicles, with their advanced technology and artificial intelligence, optimise efficiency and enhance safety. However, that also brings critical security challenges. Ensuring the security of these systems is crucial to prevent potentially catastrophic consequences. An unsecured autonomous system could be exploited, leading to accidents, disruptionsin traffic flow, and even threats to public safety.

Dr. Ing. Mohammad Hamad is an Associate Professor of Embedded Systems and Internet of Things in the Department of Computer Engineering at Technical University of Munich (TUM). He received his Ph.D. in computer engineering from the Institute for Data Technology and Communication Networks at TU Braunschweig in 2020. Before his Ph.D, he completed his bachelor in software engineering and information system at Aleppo University, Syria.

ESRs Secondments at Indra, SSSA, Tellu, Jagiellonian University and AGCM

In this special edition of our blog posts, our ESRs write about their experiences and insights they made during their secondments.

Secondments enable ESRs to engage with prominent academics and practitioners at both partner universities and research institutes as well as industrial and regulatory entities. ESRs gain practical experience in how their research might translate into real-life problems encountered by businesses. At the same time, ESRs will be able to complement their research with practical experiences gained throughout the secondment and adapt their research projects accordingly. Finally, they also constitute an invaluable networking opportunity and grant our ESRs the possibility to identify possible career paths. Whether in the academic, regulatory, or industry sectors.

Each ESR will complete two secondments: one at a beneficiary (universities and research institutes) and one at the partners (industry or regulatory bodies) of the LeADS project.

ESR Onntje Hinrichs at Indra and SSSA

From February to March 2024 Onntje completed his secondment at Indra in Madrid, Spain, together with ESR Barbara Lazarotto. From April to June, he is still currently completing his academic indrasecondment at Scuola Superiore Sant’Anna (SSSA) in Pisa, Italy. Both secondments provided him with valuable, new perspectives and insights on his LeADS research topic on ‘solving conflicts between data holders and exploiters through a spectrum of quasi-property models’ and thus the broader question on how to solve and deal with conflicting interests in data by different stakeholders.

During the secondment at Indra, Onntje and Barbara looked at how EU law impacts the regulation of cyber ranges. Cyber ranges are generally understood as platforms for the development, delivery and use of interactive simulation environments. Their purpose can differ depending on the concrete use case and involves, for instance, security testing, competence building or security education and thus concern a wide range of sectors and relevant actors such as corporate, strategic decision makers, military agencies, students or researchers. During their secondment, both ESRs developed together a regulatory mapping to identify relevant policies and regulations for the creation and development of cyber ranges. One of the objectives was to identify how EU law impacts the regulation of data in cyber ranges – for instance the GDPR or the more recent Data Act and AI Act. The secondment provided both researchers with valuable insights to reflect on how a variety of laws become relevant in the context for the development and deployment of digital (cyber security) services and showed the complexity of the still evolving regulatory framework for data in Europe.

For his academic secondment, Onntje currently is staying at SSSA in Pisa, Italy. At SSSA, he is integrated in the Lider Lab, a research group which has a long tradition of both theoretical and empirical legal santannaresearch, training and consulting and benefits from the interdisciplinary milieu of SSSA. In addition to regular seminaries which are highly relevant for his LeADS research topic, such as a presentation by Prof. Tao Qian from China University of Political Science and Law on ‘AI and Copyright – Comparison between China and the EU’, Onntje will present his PhD research to members of the Lab by the end of May 2024. Discussions and feedback provided by researchers at SSSA will thus enable him to further improve and refine his PhD research.

ESR Qifan Yang at Jagiellonian University and AGCM

Qifan Yang, had the privilege of being seconded to two distinct yet complementary environments, each offering invaluable insights into the intricate interplay between data regulation, competition law, and market dynamics. These experiences not only enriched her understanding of the LeADS project but also provided practical perspectives that will significantly inform her academic research.

krakovUnder the supervision of Prof. Fryderyk Zoll and Dr. Katarzyna Południak-Gierz at Jagiellonian University, Qifan Yang engaged in rigorous research activities aimed at unravelling the complexities surrounding the control of personal data and its impact on market competition and other aspects. By exploring real-world case studies, such as the Facebook case, she further analysed the regulatory challenges from data-driven anti-competitive strategies to the implications of mergers and acquisitions within data-intensive sectors, like social media. Additionally, she also explored concepts in consumer protection law, liability law, and behavioural economics, enhancing her understanding of the broader implications of data concentration on privacy reduction.

Transitioning to Autorità Garante della Concorrenza e del Mercato (AGCM), Qifan Yang delved deeper into the realm of policy evaluation and regulation concerning personal data protection and market competition. Working closely with Dr. Antonio Buttà and Dr. Emanuel Weitschek, Scientific Officers garante comunicazionein the Office of the Chief Economist, she focused on assessing the effectiveness of personal data protection policies and their implications for market dynamics. One of her primary tasks involved analysing the interplay between personal data protection and market competition, evaluating market dominance, unfair competition practices, and monopolistic behaviours in the digital economy. Practical policy evaluations, including those related to personal data protection and competition law, honed her analytical skills and provided a nuanced understanding of regulatory frameworks.

Moreover, collaborating with esteemed scholars and researchers not only broadened her academic horizons but also facilitated the generation of individual publications.

ESR Maciej Zuziak at Tellu and Jagiellonian University

Maciej visited Tellu in Oslo, Norway, in the third quarter of the year 2023, and from day one, he joined hands with the DevOps Department to navigate through European R&D projects. Tellu is a leading provider of welfare technologies for the health sector in Norway and was placed on Deloitte’s list of Fast 50 2023 Norway as a prominent and fast-growing technology company. Maciej joined Tellu to work on projects related to the fast and secure deployment of IoT devices as well as robust and automatic authentication in a decentralized environment.

After departing Norway, our ESR arrived at Jagiellonian University to stay there for the first quarter of krakov2024 and consult a part of his research that concerns the regulation of emerging technologies. As he reflects on the journey through internships, one theme that stands out is the topic of data protection. In an era defined by the digital revolution, where information is currency and privacy is paramount, his internships have provided him with invaluable insights into the complex landscape of safeguarding data. When the data is both a commodity and a vulnerability, the importance of safeguarding privacy cannot be overstated. As Maciej reports, his internships have reinforced his belief in the fundamental right to privacy and the ethical imperative to protect sensitive information. As he left Cracow by the end of April 2024, he was rendered committed to upholding the principles of data protection and championing the cause of privacy in all of his future endeavours.

ESRs Secondments at GPDP, University of Piraeus, Paul Sabatier III and AGCM

In this special edition of our blog posts, our ESRs write about their experiences and insights they made during their secondments.

Secondments enable ESRs to engage with prominent academics and practitioners at both partner universities and research institutes as well as industrial and regulatory entities. ESRs gain practical experience in how their research might translate into real-life problems encountered by businesses. At the same time, ESRs will be able to complement their research with practical experiences gained throughout the secondment and adapt their research projects accordingly. Finally, they also constitute an invaluable networking opportunity and grant our ESRs the possibility to identify possible career paths. Whether in the academic, regulatory, or industry sectors.

Each ESR will complete two secondments: one at a beneficiary (universities and research institutes) and one at the partners (industry or regulatory bodies) of the LeADS project.

ESR Fatma Doğan at University of Piraeus and GPDP

Fatma S. Doğan started on her first secondment at the University of Piraeus in September 2023. During this one-month period, Fatma undertook her secondment at the Data and Cloud Lab under the guidance of Prof. Dimosthenis Kyriazis. piraeusFatma had the chance to communicate with fellow researchers about their studies, and through this exchange, possible collaborations have emerged, given several studies conducted on health data within the University of Piraeus. Fatma also attended the European Researchers’ Night event in Athens on September 29. At this scientific fair, Fatma and fellow ESRs promoted the LeADS project while at the same time engaging with researchers from various fields.

Continuing her studies from December 18th to April 30th, 2024, Fatma is undertaking her non-academic secondment at the gddpItalian Data Protection Authority (GPDP) in Rome. She conducts her studies under the supervision of Dr. Roberto Lattanzi and Dr. Cosimo Comella, focusing on the evolving landscape of data protection regulations, particularly the proposed European Health Data Space regulation. On February 9th, Fatma attended the “State of AI” conference organized as part of the Privacy Symposium. The conference welcomed several esteemed guests from Member States’ supervisory bodies and tech companies such as Google, Meta, and Microsoft. During this full-day event, possible outcomes of the AI Act were evaluated by panel attendees. Speakers from international bodies such as NATO and OECD provided a novel vision to the audience. GPDP’s investigation of OpenAI regarding its data protection breaches of GDPR was also discussed in terms of setting a precedent.

In general, it has been and still is an enriching experience to witness the breakthroughs of AI technologies at GPDP. Though these breakthroughs excite us all, they bring numerous concerns regarding data protection. As one of the supervisory bodies closely following these technological developments, investigations conducted by GPDP remind us of these concerns.

Read more about the latest investigations about OpenAI’s SORA here.

ESR Robert L. Poe at Paul Sabatier III and AGCM

I spent the late spring and early summer of 2023 at Paul Sabatier III in Toulouse, researching algorithmic fairness and non-discrimination under the guidance of the mathematician, Prof. Jean-Michel Loubes. Prof. Loubes has published extensively in the field of fair machine learning, and the afternoons spent brainstorming with him were well spent. While there, I and fellow ESR Soumia El Mestari finished our Working Paper, a final draft of which will be presented in June of this year at ACM FAccT in Brazil. I also finished a second paper which was presented in the autumn of 2023 at the European garante comunicazioneConference on Machine Learning and Data Mining. While my time in Toulouse was productive, it was also enjoyable. I look back fondly on the many lunches shared with fellow ESR Barbara Lazarotto, Mohamed Ali Kandi and Giorgia Macilotti, discussing the sociological effects of emerging technologies and whether and how certain risks might be mitigated.

ESRs Secondments at CNR, GPDP, University of Luxembourg and Intel

In this special edition of our blog posts, our ESRs write about their experiences and insights they made during their secondments.

Secondments enable ESRs to engage with prominent academics and practitioners at both partner universities and research institutes as well as industrial and regulatory entities. ESRs gain practical experience in how their research might translate into real-life problems encountered by businesses. At the same time, ESRs will be able to complement their research with practical experiences gained throughout the secondment and adapt their research projects accordingly. Finally, they also constitute an invaluable networking opportunity and grant our ESRs the possibility to identify possible career paths. Whether in the academic, regulatory, or industry sectors.

Each ESR will complete two secondments: one at a beneficiary (universities and research institutes) and one at the partners (industry or regulatory bodies) of the LeADS project.

ESR Soumia El Mestari at CNR and GPDP

As part of her PhD, Soumia spent around 5 months in Italy split into two secondments one took place at CNR Pisa from April to June and the second was in the Eternal City (Rome) at the Data Protection Authority GPDP.

During the first secondment, Soumia had the chance to exchange and collaborate with the CNR teams and ESRs that work on adjacent topics to hers. As Soumia’s research focus is around privacy issues in machine learning pipelines, her time in CNR was valuable since it allowed her to explore other horizons in the same topic as well as learn different approaches of privacy especially those related to federated learning and K-anonymity techniques. During that period, Soumia worked on different projects including the WOPA paper on fairness in machine learning systems and another collaboration project to study privacy attacks in federated learning settings.

In her second secondment in Rome at the GPDP Soumia got the chance to learn more about the legal aspect of data cnrprotection for machine learning systems. The exchange she had shaped the legal side of her thesis and equipped her with the necessary background to be as flexible in the legal discussion of privacy-preserving machine learning tools as she is on the technical side of the topic.

Both secondments were beneficial for the thesis and the ability to work with senior people and collaborate with them was extremely valuable. The secondment also added an aspect of discovering the hosting institution and its cultural surroundings. Being in Romeand Pisa was a pleasure and a trip into history that made the experience much more enriching. Interacting with people from different backgrounds made Soumia develop soft skills such as communication with law collaborators from different levels of expertise and exploring the viewpoints around the same privacy issues and how they can be influenced by the cultural backgrounds of each person.

ESR Louis Sahi at University of Luxembourg and Intel

 

Secondment at University of Luxembourg, April-June 2023:

sntThe main challenge of my research is evaluating trust and reliability in data processing using data quality criteria. This period at University of Luxembourg (UL) was an opportunity to discuss with several data management, cybersecurity, finance, entrepreneurship and innovation, and law teachers concerning a survey on data quality criteria. These exchanges allowed me to perform the methodology and results of my survey. Finally, they suggested that I interview data professionals from different domains to consolidate my academic findings. Then, we proposed a draft to conduct these interviews to get the best feedback from the data professionals.

Secondment at Intel, December 2023 – February 2024:

This secondment allows me to benefit from the expertise of Intel professionals and partners to consolidate my academic intelresults. As data quality is a current concern in the data processing ecosystem, I have provided a framework that lists 30 relevant data quality criteria in the literature review. From the definitions of the literature review, I proposed a unified and standardized definition for each criterion. At Intel Corporation, I had the opportunity to interview several data actors in the European area about data quality challenges. Then, I collected the opinions on the relevant criteria for each professional (their criteria, definitions and evaluation levels). Finally, I analyzed the feedback and compared it with my previous findings.

LeADS Online Seminar with Prof. Papakonstantinou and Prof. De Hert

LeADS Online Seminar with Prof. Papakonstantinou and Prof. De Hert
“The Regulation of Digital Technologies in the EU: Act-ification, GDPR Mimesis and EU Law Brutality at Play”
Thursday, June 6th, 2024 – 2pm (CET)
Online participation link: Join the meeting
Join Prof. Vagelis Papakonstantinou and Prof. Paul De Hert in conversation around their new book, The Regulation of Digital Technologies in the EU: Act-ification, GDPR Mimesis and EU Law Brutality at Play (Routledge, 2024).
The regulation of digital technologies in the EU : act-ification, GDPR mimesis, and EU law brutality at play | Coleurope
EU regulatory initiatives concerning technology-related topics have spiked over the past few years. On the basis of its Priorities Programme, which is focused on making Europe ‘Fit for the Digital Age’, the European Commission has been busily releasing new texts aimed at regulating a number of technology topics, including data uses, online platforms, cybersecurity, and artificial intelligence.

Offering a comprehensive analysis, this book identifies three phenomena which are common to all EU digital technologies-relevant regulatory initiatives: act-ification, GDPR mimesis, and regulatory brutality. These three phenomena serve as indicators or early signs of a new European technology law-making paradigm that now seems ready to emerge. They divulge new-found confidence on the part of the EU digital technologies legislator, who has now asserted for itself the right to form policy options and create new rules in the field for all of Europe.

Vagelis Papakonstantinou is Professor of Personal Data Protection Law at the Faculty of Law & Criminology of the Free University of Brussels (VUB, Vrije Universiteit Brussel), focusing on cybersecurity, intellectual property and the broader topic of technology regulation. He works through the Cyber and Data Security Lab, for which he is the scientific coordinator, as well as through VUB’s Research Group on Law Science Technology & Society (LSTS) and the Brussels Privacy Hub.

Paul de Hert is Professor at the Faculty of Law & Criminology at the VUB and an associate professor at the Law School/Tilburg Institute for Law and Technology (TILT), University of Tilburg. He is Director of the VUB’s Research Group on Human Rights, Vice-Dean of the Faculty of Law & Criminology, and a former director of the LSTS and of the Department of Interdisciplinary Studies of Law.

ESR Mitisha Gaur at the DigiBooks “Safeguarding the Right to Good Administration in the Age of AI”

ESR Mitisha Gaur’s groundbreaking work, “The Adequacy of the AI Act’s Fundamental Impact Assessment in Cases of High-Risk AI Systems by Government Agencies,” has been featured in the thought-provoking e-book “Safeguarding the Right to Good Administration in the Age of AI,” published by The Digital Constitutionalist.

This compelling publication delves into the intricate landscape of integrating cutting-edge technologies into public sector decision-making. It also sheds light on the formidable challenges associated with regulating public power in the context of rapidly advancing AI systems. The book meticulously examines the potential risks to accountability, transparency, and fairness, and addresses the critical issues of discrimination, biases, and the broader implications for the humane aspect of public administration.

The full publication can be found here