Vol. 2022 (2022)
Machine-learning algorithms in regulatory practice Nine organisational challenges for regulatory agencies
A growing body of literature discusses the impact of machine-learning algorithms on regulatory processes. This paper contributes to the predomi- nantly legal and technological literature by using a sociological-institutional perspective to identify nine organisational challenges for using algorithms in regulatory practice. Firstly, this paper identifies three forms of algorithms and regulation: regulation of algorithms, regulation through algorithms, and regulation of algorithms through algorithms. Secondly, we identify nine organisational challenges for regulation of and through algorithms based on literature analysis and empirical examples from Dutch regulatory agencies. Finally, we indicate what kind of institutional work regulatory agencies need to carry out to overcome the challenges and to develop an algorithmic regu- latory practice, which calls for future empirical research.
Impossible Asks: Can the Transparency and Consent Framework Ever Authorise Real-Time Bidding After the Belgian DPA Decision?
On 2 February 2022, the Belgian Data Protection Authority handed down a decision concerning IAB Europe and its Transparency and Consent Framework (TCF), a system designed to facilitate compliance of real-time bidding (RTB), a widespread online advertising approach, with the GDPR. Here, we summarise and analyse this large, complex case. We argue that by characterising IAB Europe as a joint controller with RTB actors, this important decision gives DPAs an agreed-upon blueprint to deal with a structurally difficult enforcement challenge. Furthermore, under the DPA’s simple-looking remedial orders are deep technical and organisational tensions. We analyse these “impossible asks”, concluding that absent a fundamental change to RTB, IAB Europe will be unable to adapt the TCF to bring RTB into compliance with the decision.
Wastewater analysis and surveillance are well-established practices whose use has dramatically expanded during the COVID-19 pandemic. In this article, we argue that the extraction of diverse types of data from wastewater is part of the larger phenomenon of ‘datafication’. We explore the evolving technologies and uses of wastewater data and argue that there are insufficient legal and ethical frameworks in place to properly govern them. We begin with an overview of the different pur- poses for wastewater data analyses as well as the location and scale of collection. We then consider legal and ethical principles and oversight frameworks that shape current approaches to wastewater collection. After situating wastewater collection within its particular civic context, we argue in favour of greater engagement with legal and ethical issues and propose doing so through a civic perspective. Our paper concludes with a discussion of the normative shifts that are needed and how we might achieve these.
The Regulation of Digital Technologies in the EU: The law-making phenomena of “act-ification”, “GDPR mimesis” and “EU law brutality”
EU regulatory initiatives on technology-related topics has spiked over the past few years. On the basis of its Priorities Programme 2019-2024, while creating “Europe fit for the Digital Age”, the EU Commission has been busy releasing new texts aimed at regulating a number of technology topics, including, among others, data uses, online platforms, cybersecurity, or artificial intelligence. This paper identifies three basic phenomena common to all, or most, EU new technology-relevant regulatory initiatives, namely (a) “act-ification”, (b) “GDPR mimesis”, and (c) “regulatory brutality”. These phenomena divulge new-found confidence on the part of the EU technology legislator, who has by now asserted for itself the right to form policy options and create new rules in the field for all of Europe. These three phenomena serve as indicators or early signs of a new European technology law-making paradigm that by now seems ready to emerge.
Human rights requirements for person-based predictive policing lessons from selected ECtHR case law and its limits
The article addresses human rights requirements for person-based predictive policing. It looks into human rights standards, as elaborated in the selected European Court of Human Rights case law on creating police databases, watchlists and registries, and the police’s use of new technologies. The article argues that in the case of new technologies deployed by law enforcement the availability of evidence on the effectiveness and accuracy of a given method should be essential to assess that an interference with a human right using this technology is ‘necessary in a democratic society’. The article notes that the Court’s unwillingness to assess the claims about the utility of technology critically might suggest that its evaluation of human rights compliance of person-based predictive policing and other experimental technologies would suffer from a severe blind spot.
Special Issue: Should Data Drive Private Law?
This paper investigates the practice of algorithmic price discrimination with a view to determining its impact on markets and society and making a possible plea for regulation. Online market players are gradually gaining the capacity to adapt prices dynamically based on knowledge generated through vast amounts of data, so that, theoretically, every individual consumer can be charged the maximum price he or she is willing to pay. The article discusses the downsides of data-driven price discrimination. It considers the extent to which such downsides are mitigated by European Union law, and what role remains for national provisions and consumer-empowering technologies. We find that the existing EU provisions address price discrimination only marginally and that full harmonisation, a goal pursued through many acts regulating consumer markets, restricts the Member States’ margin for independent legislation. Accordingly, consumer protection against algorithmic pricing may rely, in practice, on consumer-empowering technologies and initiatives. We investigate the implications of this state of affairs, arguing that an unbalanced “digital arms race” between the use of algorithms as market devices on the one hand, and their use as consumer protection tools on the other, does not ensure consumer protection. Based on these findings, we advance a claim for regulation which pursues two main goals: first, to make the race more balanced by strengthening the digital tools available to consumer protection actors and, second, to limit the battlefield by clarifying and refining the applicable rules and defining clearer categories of impermissible behaviours.
The legal status of co-generated data with particular focus on the ALI-ELI Principles for a Data Economy and the rules on accession, commingling and specification
A major problem when trying to resolve questions surrounding the legal status of data is how they should be defined, classified and specified. By defining we mean making a statement regarding the meaning of a term, classification refers to arranging data in classes following particular criteria, specification means delineating data such that both between parties to a contract (‘inter partes’ or bilaterally) and to a considerable and relevant group of third parties (multilaterally) it is clear which data are referred to. Most data cannot be captured as easily as a block on a blockchain or data on your USB stick, because they are in constant motion. How to create a legal object, in the stricter sense of an object as to which a subject may claim a right against a considerable and relevant group of other subjects, out of this continuous flow of streams, activities, services? Legal objects tend to be static, such as a house or a car, but a flow by its very nature is dynamic. Do we not need a re-thinking of what can be a legal object given that the number of such flows is ever growing? What does the dynamic nature of such objects mean for the entitlement to any economic benefits? These are the questions we face when looking at data more generally. However, even more questions arise, in particular in terms of regulating the use of and access to the data, when data emanate from different sources in the sense that more than one party can be said to have (somehow) contributed to their generation, in other words: co-generated data. This contribution aims to shed some light on how longstanding principles of (among others) Dutch, German and Belgian property law could prove useful in finding a way to regulate the use of and access to co-generated data. These property law principles are in place, and have been in place for a very long time, to solve the ownership issue that arises when, as is the case with co-generated data, more than one party can be said to have somehow contributed to the creation of something, that something in the case of traditional property law being a tangible.
This special issue tackles the question of whether and how data shapes private law. The development of new technologies enabled the generation, collection and processing of both personal and non-personal data on an unprecedented scale. The implications
of this phenomenon for private law are threefold. One, how does data affect our understanding of technology regulation in private law relationships? Two, how does data affect the way in which private law is applied? Three, what is the role of data in the design of law from a public policy perspective that transcends doctrinal considerations relating to private law?