Vol. 2020 (2020)

This article critiques key proposals of the United Kingdom’s “Online Harms” White Paper; in particular, the proposal for new digital regulator and the imposition of a “duty of care” on platforms. While acknowledging that a duty of care, backed up by sanctions works well in some environments, we argue is not appropriate for policing the White Paper’s identified harms as it could result in the blocking of legal, subjectively harmful content. Furthermore, the proposed regulator lacks the necessary independence and could be subjected to political interference. We conclude that the imposition of a duty of care will result in an unacceptable chilling effect on free expression, resulting in a draconian regulatory environment for platforms, with users’ digital rights adversely affected.

The ethics of big data and AI have become the object of much public debate. Technology firms around the world have set up ethics committees and review processes, which differ widely in their organisation and practice. In this paper we interrogate these processes and the rhetoric of firm-level data ethics. Using interviews with industry, activists and scholars and observation of public discussions, we ask how firms conceptualise the purposes and functions of data ethics, and how this relates to core business priorities. We find considerable variation between firms in the way they use ethics. We compare strategies and rhetoric to understand how commercial data ethics is constructed, its political and strategic dimensions, and its relationship to data ethics more broadly.

This article argues that the AdTech market has undermined the fundamental right to privacy in the European Union and that current legislative and fundamental rights protections in the EU have been unsuccessful in restraining these privacy harms. The article further argues that these privacy consequences have imported additional reductions in individual autonomy and have the capacity to harm the Rule of Law.

In this work, we analyze the legal requirements on how cookie banners are supposed to be implemented to be fully compliant with the ePrivacy Directive and the GDPR.

Our contribution resides in the definition of 17 operational and fine-grained requirements on cookie banner design that are legally compliant, and moreover, we define whether and when the verification of compliance of each requirement is technically feasible.

The definition of requirements emerges from a joint interdisciplinary analysis composed of lawyers and computer scientists in the domain of web tracking technologies. As such, while some requirements are provided by explicitly codified legal sources, others result from the domain-expertise of computer scientists. In our work, we match each requirement against existing cookie banners design of websites. For each requirement, we exemplify with compliant and non-compliant cookie banners.

As an outcome of a technical assessment, we verify per requirement if technical (with computer science tools) or manual (with any human operator) verification is needed to assess compliance of consent and we also show which requirements are impossible to verify with certainty in the current architecture of the Web.  For example, we explain how the GDPR’s requirement for revocable consent could be implemented in practice: when consent is revoked, the publisher should delete the consent cookie and communicate the withdrawal to all third parties who have previously received consent.

With this approach we aim to support practically-minded parties (compliance officers, regulators, privacy NGOs, researchers, and computer scientists) to assess compliance and detect violations in cookie banners’ design and implementation, specially under the current revision of the EU ePrivacy framework.

The concentration and privatization of data infrastructures has a deep impact on independent research. This article positions data rights as a useful tool in researchers’ toolbox to obtain access to enclosed datasets. It does so by providing an overview of relevant data rights in the EU’s General Data Protection Regulation, and describing different use cases in which they might be particularly valuable. While we believe in their potential, researching with data rights is still very much in its infancy. A number of legal, ethical and methodological issues are identified and explored. Overall, this article aims both to explain the potential utility of data rights to researchers, as well as to provide appropriate initial conceptual scaffolding for important discussions around the approach to occur.

Data governance is a phenomenon that brings many interests and considerations together. This editorial argues that active involvement of various stakeholders is vital to advance discussions about how to create value from data as a means to stimulate societal progress. Without adequate checks and balances, each stakeholder group on its own will not have sufficient incentives to do its utmost to achieve this common goal. Policymakers and regulators need to be stimulated to look beyond short-term results to ensure that the design of their initiatives is fit for purpose. Industry players have to be transparent about their practices to prevent strategic behaviour that may harm society. And researchers must inform their findings with real-world evidence and proper terminology.

This article describes the challenges of data governance in terms of the broader framework of knowledge commons governance, an institutional approach to gov- erning shared knowledge, information, and data resources. Knowledge commons governance highlights the potential for effective community- and collective-based governance of knowledge resources. The article focuses on key concepts within the knowledge commons framework rather than on specific law and public pol- icy questions, directing the attention of researchers and policymakers to critical inquiry regarding relevant social groups and relevant data “things.” Both concepts are key tools for effective data governance.

Data governance for data sharing is becoming an important issue in the rapidly evolving data economy and society. In the smart cities’ context, data sharing may be particularly important, but is also complicated by a diverse array of interests in data collected, as well as significant privacy and public interest considerations. This paper examines the data governance body proposed by Sidewalk Labs as part of its Master Innovation Development Plan for a smart city development on port lands in Toronto, Canada. Using Sidewalk Lab’s Urban Data Trust as a use case, this paper identifies some of the challenges in designing an effective and appropriate data governance structure for data sharing, and analyzes the normative issues underlying these challenges. In this example, issues of data ownership and control are contested from the outset. The proposed model also raises interesting issues about the role and relevance of the public sector in managing the public interest; and the need to design data governance from the ground up. While the paper focuses on a particular use case, the goal is to distil useful knowledge about the design and implementation of data governance structures.

The paper aims to contribute to the discussion on how to regulate and govern data as an economic asset. It critically discusses the ‘data flow paradigm’, defined here as the regulatory focus on data (transactions) with the purpose to enhance data exchange by establishing data markets. Based on the examples of the electricity and the automotive sectors with respect to data governance, the paper finds that the data flow paradigm alone is too narrow. This paradigm seems to bear the idea that there should be well-operating data markets, possibly by the operation of the law, and that such markets alone would deliver the grand policy expectations, such as ‘AI’ or ‘data-driven innovations’. Yet, fostering data exchange is not an end in itself and should be regarded with respect to the sectoral objectives and constraints. As the study of the examples shows, the quest for appropriate mechanisms to govern data often leads to rediscovering old concepts, such as (data) commons or (data) platform. Finally, the paper discusses future possible regulatory intervention.

Data intermediaries may foster data reuse, thus facilitating efficiency and innovation. However, research on the subject suffers from terminological inconsistency and vagueness, making it difficult to convey to policymakers when data governance succeeds and when data sharing requires regulatory intervention. The paper describes what distinguishes data intermediaries from other data governance models. Building on research on intellectual property governance, we identify two distinct types of data intermediaries, data clearinghouses and data pools. We also discover several governance models that are specific to data and not present in the context of intellectual property. We conclude that the use of more refined terminology to describe data intermediaries will facilitate more accurate research and informed policy-making on data reuse.