Artificial agents – from autonomous cars and weapon systems to social bots, from profiling and tracking programmes to risk assessment software predicting criminal recidivism or voting behaviour – challenge general principles of national and international law. This article addresses three of these principles: responsibility, explainability, and autonomy. Responsibility requires that actors are held accountable for their actions, including damages and breaches of law. Responsibility for actions and decisions taken by artificial agents can be secured by resorting to strict or objective liability schemes, which do not require human fault and other human factors, or by relocating human fault, i.e. by holding programmers, supervisors or standard setters accountable. “Explainability” is a term used to characterise that even if artificial agents produce useful and reliable results, it must be explainable how these results are generated. Lawyers have to define those areas of law that require an explanation for artificial agents’ activities, ranging from human rights interferences to, possibly, any form of automated decision-making that affects an individual. Finally, the many uses of artificial agents also raise questions regarding several aspects of autonomy, including privacy and data protection, individuality, and freedom from manipulation. Yet, artificial agents do not only challenge existing principles of law, they can also strengthen responsibility, explainability, and autonomy.
10 February 2018
'Artificial Agents and General Principles of Law' by Antje von Ungern-Sternberg German Yearbook of International Law (Forthcoming)) comments
'Ownership of Personal Data in the Internet of Things' by Václav Janeček comments
This article analyses, defines, and refines the concepts of ownership and personal data. It critically examines the traditional dividing line between personal and non-personal data and argues for a strict conceptual separation of personal data from personal information. The article also considers whether, and to what extent, the concept of ownership can be applied to personal data in the context of the Internet of Things (IoT).
This consideration is framed around two main approaches shaping all ownership theories: bottom-up and top-down approach. Via these dual lenses the article reviews existing debates relating to four elements supporting introduction of ownership of personal data, namely the elements of control, protection, valuation, and allocation of personal data. It then explores the explanatory advantages and disadvantages of the two approaches in relation to each of these elements as well as to ownership of personal data in IoT at large. Lastly, the article outlines a revised approach to ownership of personal data in IoT that may serve as a blueprint for future regulatory and policy debates in the context of EU law and beyond.'Your Smart Coffee Machine Knows What You Did Last Summer: A Legal Analysis of the Limitations of Traditional Privacy of the Home under Dutch Law in the Era of Smart Technology' by Lisa van Dongen and Tjerk Timan in (2017) 14(2) SCRIPT-ed 208 comments
Today, the Internet has become one of our prime platforms for communication and consumption. Moving beyond the personal computer or smartphones only, increasingly other devices are being connected to the Internet, from coffee machines and watches to beds and toys. Our homes and our activities in the home are thus becoming more and more transparent, due to such objects entering our homes. Through these objects, new forms of spying can be conducted, both qualitatively and quantitatively, that are more invasive than any spying taking place by physically entering and searching the home today. While the rapidly advancing development of the smart(er) home is both undeniably exciting and promising, it is accompanied by a great deal of inadequately answered or otherwise unanswered questions that seem unable to slow its development down enough for us to properly address them. Potential problems arise from many uncertainties regarding these technologies. For instance, where do the digital perimeters of the protected home end? How will privacy be protected, and from whom? Or, in light of the rise of autonomous technological objects, should we start asking from what? Even though it is not possible to properly address and find an answer to these questions in the limited size of this paper, if at all at the present time, these questions are important to raise and consider for the protection of privacy in an increasingly smart(er) world”.
Instead, this paper will address the question: are the existing definitions of privacy of the home adequate to deal with today’s challenges posed by ‘smart home’ technologies? The focus of this analysis will be on the legal landscape of the Netherlands. As will be argued throughout this paper, this question is answered in the negative. To demonstrate that some of the privacy-related problems are more pressing than most people seem to realise, this paper will first elaborate on developments and implications of smart technologies for the home environment in the second section. This will be followed by a breakdown of some of the elements of the Dutch “home right” in the third section of this paper, for which the focus will be on the meaning and ramifications of the limited legal definitions used for both the “home” and “entering”. In addition, the potential and limits of data protection to account for these weaknesses will be explored in the fourth section. Furthermore, two smart objects will be analysed in the fifth section, namely the smart thermostat and the smart toy ‘Hello Barbie’. These analyses will be used to illustrate the weaknesses under the existing scope of data protection and the “home right”.
This paper aims to convey two messages. First, that the traditional understanding of privacy of the home in the Netherlands is in need of reconsideration in the era of smart technology. Second, that the ramifications of smart technologies in the home environment require a (stronger) protection of privacy, not just against the state, but increasingly also in horizontal relations.
'Gender Recognition As a Human Right' by Holning Lau in Andreas von Arnauld, Kerstin Odendahl and Mart Susi (eds) New Human Rights: Recognition, Novelty, Rhetoric comments
Governments around the world issue identity documents (IDs) that list people’s gender. These IDs include birth certificates, passports, national identification cards, and driver’s licenses, among others. People are expected to present IDs in everyday life for a wide range of purposes, such as opening a bank account, renting a car, boarding an airplane, and voting. Longstanding human rights principles support the proposition that, if IDs contain gender markers, individuals have the right to obtain markers that match their gender identity. For example, a transgender woman should have the right to identify herself as female on her IDs. A transgender man should have the right to identify himself as male. Individuals should also be given the right to indicate if they identify outside the male/female binary.
This book chapter proceeds in three parts. First, I map out the ways in which the right to choose one’s own gender markers—which I will refer to as the right to gender recognition—derives from other well-established human rights. The right to gender recognition is not explicitly mentioned in any international human rights treaty, but this chapter contends that existing treaty provisions nonetheless cover the right to gender recognition. Second, I examine and ultimately reject potential justifications for overriding the right to gender recognition. Third, I assess the extent to which legal institutions have come to acknowledge and protect the right to gender recognition.
06 February 2018
'English Competition Law Before 1900' (Fordham Law Legal Studies Research Paper) by Barry E. Hawk comments
English competition law before 1900 developed over the course of many centuries beginning in the medieval period. That development reflected changes in political conditions, economic theories, and broader cultural values. English competition law mirrored the historical movements in England from the medieval ideal of fair prices and just wages to 16th and 17th century nation state mercantilism to the 18th and 19th century Industrial Revolution, laissez faire capitalism and freedom of contract. The development of English competition law is rich in insights for modern antitrust issues like the adaptability of case law and legislation to changing economic conditions, the role of economic theories in the formulation of legal rules, and the role of political and social values in competition policy.
Today the predominant if not exclusive emphasis on economics in the application of modern antitrust laws has resulted in a quasi-regulatory system far more technical, specialized and narrowly focused than the case making of generalist English common law judges. Modern antitrust law adapts well to changes in economic theories and conditions but it is less adaptable than English common law to shifts in political and social values. This lack of adaptability is viewed by most commentators as a beneficial insulation of decision-making from political or social influences. Proponents of non-economic policy concerns (like fear of concentration for political or social reasons), on the other hand, are forced to formulate their concerns in economic terms because of the prevailing view that only economics counts in antitrust. They would have had an easier task under the English common law.
The new Commonwealth Secure Cloud Strategy from the Digital Transformation Agency (DTA) states
The case for cloud is no secret to industry or government. A move to cloud computing - away from on premise owned and operated infrastructure - can generate a faster pace of delivery, continuous improvement cycles and broad access to services. It can reduce the amount of maintenance effort required to ‘keep the lights on’ and refocus that effort into improving service delivery.
Cloud, however, is a new way of sourcing Information Communication and Technology (ICT) services and many agencies will have to change the way they operate to make the most of this new model. In the Australian Government, a number of factors can get in the way of agencies realising their cloud aspirations, from a shortage of knowledge and experience, decades old, stubborn operating models and a struggle to sell the case for cloud across the business.
The Secure Cloud Strategy has been developed to guide agencies past these obstacles and make sure everyone has the opportunity to make the most of what cloud has to offer. This is not a simplistic ‘lift and shift’ view of the transition. Instead, the strategy aims to lay the foundations for sustainable change, seizing opportunities to reduce duplication, enhance collaboration, improve responsiveness and increase innovation across the Australian Public Service.
Some agencies have already embraced the cloud model. A coordinated approach for further adoption will make sure government derives the maximum value from this shift. The strategy will ensure experience and expertise is not locked-up and create opportunities to reuse and share capabilities through increased collaboration.
The strategy is based around a number of key initiatives designed to prepare agencies for the shift to cloud and support them through the transition:
- Agencies will develop their own cloud strategies. There is no one-size-fits-all approach to implementing cloud. Agencies will use the Secure Cloud Strategy as a starting point to produce their own value case, workforce plan, best-fit cloud model and service readiness assessment.
- Cloud implementation will be guided by seven Cloud Principles: − make risk-based decisions when applying cloud security − design services for the cloud − use public cloud services as the default − use as much of the cloud as possible − avoid customisation and use cloud services as they come − take full advantage of cloud automation practices, − monitor the health and usage of cloud services in real time.
- A layered Cloud Certification Model will be created. The certification model creates greater opportunity for agency-led certifications, rather than just ASD certifications. It creates a layered certification approach where agencies can certify using the practices already in place for certification of ICT systems.
- Service procurement will be aligned with the ICT Procurement Review Recommendations. As cloud services move more rapidly than services available through panels traditionally do, the recommendations in the ICT Procurement Review align well with creating a better pathway for cloud procurement.
- cloud qualities baseline and assessment framework will be introduced to clarify cloud requirements. The cloud qualities baseline capability and assessment framework will enable reuse of assessments.
- A Cloud Responsibility Model will be developed to clarify responsibilities and accountabilities. Traditional head agreements cannot cover all cloud services and their frequent variations. A shared capability for understanding responsibilities, supported by contracts, will address unique cloud risks, follow best practice and maintain provider accountability.
- A cloud knowledge collaboration platform will be built. The platform will enable secure sharing of cloud service assessments, technical blueprints and other agency cloud expertise, to iterate on work already done rather than duplicating it.
- Cloud skills uplift programs will be designed. Increase government skills and competencies for cloud aligned with the Australian Public Service Commission Digital Skills Capability Program and create the pathways to leverage industry programs to enhance cloud-specific skills in the Australian Public Service.
- Common shared platforms and capabilities will be explored including: − Federated identity for government to enable better collaboration in the cloud. − A platform for PROTECTED information management to reduce enclaves in agencies, and continue to iterate cloud.gov.au as an exemplar platform. − Service Management Integrations services to enable agencies to manage multi provider services.
These platforms will include the integration toolkits that enable agencies to seamlessly transition between the cloud services.
These initiatives will be supported through a Digital Transformation Agency-led community of practice that will support agencies to plan and transition their environments for cloud. It will include delivering training and advice to agencies to build confidence in their ability to manage cloud services.
The Australian Government has an ambitious agenda to transform its digital service delivery. Cloud offers reusable digital platforms at a lower cost, and shifts service delivery to a faster, more reliable digital channel. Cloud services have the opportunity to make government more responsive, convenient, available and user-focused.The Strategy comments -
Myth: Privacy reasons mean government data cannot reside offshore.
“Generally, no. The Privacy Act does not prevent an Australian Privacy Principle (APP) entity from engaging a cloud service provider to store or process personal information overseas. The APP entity must comply with the APPs in sending personal information to the overseas cloud service provider, just as they need to for any other overseas outsourcing arrangement. In addition, the Office of the Australian Information Commissioner’s Guide to securing personal information: ‘Reasonable steps’ to protect personal information discusses security considerations that may be relevant under APP 11 when using cloud computing.” https://www.oaic.gov.au/agencies-and-organisations/agency-resources/privacy-agency-resource-4-sending-personalinformation-overseas
Additionally, APP 8 provides the criteria for cross-border disclosure of personal information, which ensures the right practices for data residing off-shore are in place. Our Australian privacy frameworks establish the accountabilities to ensure the appropriate privacy and security controls are in place to maintain confidence in our personal information in the cloud.'The Ethics of Cloud Computing' by Boudewijn de Bruin and Luciano Floridi in (2017) 23(1) Science and Engineering Ethics 21-39 comments
Cloud computing is rapidly gaining traction in business. It offers businesses online services on demand (such as Gmail, iCloud and Salesforce) and allows them to cut costs on hardware and IT support. This is the first paper in business ethics dealing with this new technology. It analyzes the informational duties of hosting companies that own and operate cloud computing datacenters (e.g., Amazon). It considers the cloud services providers leasing ‘space in the cloud’ from hosting companies (e.g, Dropbox, Salesforce). And it examines the business and private ‘clouders’ using these services. The first part of the paper argues that hosting companies, services providers and clouders have mutual informational (epistemic) obligations to provide and seek information about relevant issues such as consumer privacy, reliability of services, data mining and data ownership. The concept of interlucency is developed as an epistemic virtue governing ethically effective communication. The second part considers potential forms of government restrictions on or proscriptions against the development and use of cloud computing technology. Referring to the concept of technology neutrality, it argues that interference with hosting companies and cloud services providers is hardly ever necessary or justified. It is argued, too, however, that businesses using cloud services (banks, law firms, hospitals etc. storing client data in the cloud, e.g.) will have to follow rather more stringent regulations.
"The Program Risks of Work-Integrated Learning: A Study of Australian University Lawyers' by Craig Cameron, Brett Freudenberg, Jeff Giddings and Christopher Klopper in (2017) 40(1) Journal of Higher Education Policy and Management 67-80 comments
Work-integrated learning (WIL) is a risky business in higher education. The strategic opportunities that WIL presents for universities cannot be achieved without taking on unavoidable legal risks. University lawyers are involved with managing the legal risks as part of their internal delivery of legal services to universities. It is important to identify the risks that potentially arise, so these can then be managed. A case study involving Australian university lawyers reveals the ‘program risks’ of WIL. Program risk is a type of legal risk that relates to the conduct of universities, host organisations and students before, during and after a WIL placement, as well as the personal characteristics of students that can expose the university to legal risk. The research findings may be applied by university lawyers, academic disciplines and university management to evaluate and improve risk management in WIL programs'Risks and Rewards of Externships: Exploring Goals and Methods' (Monash University Faculty of Law Legal Studies Research Paper No. 3071105) by Linda Smith, Jeff Giddings and Leah Wortham explores
the full range of goals one might have for an extern program and the methods one should use to achieve those goals. Despite regulatory focus on practice readiness and “skills” development, externships need not and sometimes should not have “skills” as the primary goal. If skills are to be a focus, then students must learn the theory and methods behind the skills to be used in the placement either through targeted pre-requisites, a skills-focused classroom component, or selection of placement supervisors with the ability to impart both the relevant theory and methods. Commentators have identified both skills and professionalism as lacking in legal education, and externships have special advantages for development of professional identity and for institutional critique--the micro and the macro aspects of professionalism. Students are in the “real world,” able to try out a professional identity and to study the ways in which their supervisors enact the lawyering role. They are encountering actual legal institutions that function well or not-so-well, which should lead to critical inquiry into these institutions. The emotional and analytical distance between the teacher at the law school and the day-to-day supervisor should facilitate the exploration of both professional identity and institutional critique. Exploring these aspects of professionalism are rich and important goals, we argue, that extern programs ought to seek.
'Is the Privacy Paradox in Fact Rational? by Benjamin Agi and Nicolas Jullien comments
Research on the privacy paradox – the dichotomy between individuals’ intentions to disclose personal information and their actual disclosure behavior – has become popular as policy makers have been working on privacy laws. This article provides a literature review of the privacy paradox across fields of study. Many researchers have explored the privacy paradox and come up with the conclusion that decisions taken by individuals regarding the transmission of private data were irrational. This article first provides a systematized review of the extensive literature in psychology, sociology, management, economics and biology that explores the decision-making process related to online transfer of private data. Then, we show that the literature seems to agree on the fact that people act either rationally or with limited rationality. To conclude, we focus on the potential importance of awareness campaigns or key historical moments to explain the different sensitivities people have regarding privacy issues.
The Rise of Robots and the Law of Humans (Oxford Legal Studies Research Paper No. 27/2017) by Horst Eidenmueller comments
In this article, I attempt to answer fundamental questions raised by the rise of robots and the emergence of ‘robot law’. The main theses developed in this article are the following: (i) robot regulation must be robot- and context-specific. This requires a profound understanding of the micro- and macro-effects of ‘robot behaviour’ in specific areas. (ii) (Refined) existing legal categories are capable of being sensibly applied to and regulating robots. (iii) Robot law is shaped by the ‘deep normative structure’ of a society. (iv) If that structure is utilitarian, smart robots should, in the not too distant future, be treated like humans. That means that they should be accorded legal personality, have the power to acquire and hold property and to conclude contracts. (v) The case against treating robots like humans rests on epistemological and ontological arguments. These relate to whether machines can think (they cannot) and what it means to be human. I develop these theses primarily in the context of self-driving cars – robots on the road with a huge potential to revolutionize our daily lives and commerce.