Finally, the ECJ is interpreting Article 22 GDPR (on individual decisions based solely on automated processing, including profiling)

Alessandra Silveira (Editor)
           

1) What is new about this process? Article 22 GDPR is finally being considered for before the European Court of Justice (ECJ) – and on 16 March 2023, the Advocate General’s Opinion in Case C-634/21 [SCHUFA Holding and Others (Scoring)][1] was published. Article 22 GDPR (apparently) provides a general prohibition of individual decisions based “solely” on automated processing – including profiling – but its provisions raise many doubts to the legal doctrine.[2] Furthermore, Article 22 GDPR is limited to automated decisions that i) produce effects in the legal sphere of the data subject or that ii) significantly affect him/her in a similar manner. The content of the latter provision is not quite clear, but as was suggested by the Data Protection Working Party (WP29), “similar effect” can be interpreted as significantly affecting the circumstances, behaviour or choices of data subjects – for example, decisions affecting a person’s financial situation, including their eligibility for credit.[3] To this extent, the effectiveness of Article 22 GDPR may be very limited until EU case law clarifies i) what a decision taken solely on the basis of automated processing would be, and ii) to what extent this decision produces legal effects or significantly affects the data subject in a similar manner.

2) Why is this case law so relevant? Profiling is an automated processing often used to make predictions about individuals – and may, or may not, lead to automated decisions within the meaning of the Article 22(1) GDPR. It involves collecting information about a person and assessing their characteristics or patterns of behaviour to place them in a particular category or group and to draw on that inference or prediction – whether of their ability to perform a task, their interest or presumed behaviour, etc. To this extent, such automated inferences demand protection as inferred personal data, since they also make it possible to identify someone by association of concepts, characteristics, or contents. The crux of the matter is that people are increasingly losing control over such automated inferences and how they are perceived and evaluated by others. The ECJ has the opportunity to assess the existence of legal remedies to challenge operations which result in automated inferences that are not reasonably justified. As set out below, the approach adopted by the Advocate General has weaknesses – and if the ECJ adopts the conditions suggested by the Advocate General, many reasonable interpretative doubts about Article 22 GDPR will persist.

3) What questions does Article 22 GDPR raise?  Does this Article provide for a right or, rather, a general prohibition whose application does not require the party concerned to actively invoke a right?  What is a decision based “solely” on automated processing? (which apparently excludes “largely” or “partially” but not “exclusively” automated decisions). Will the provisions of Article 22 GRPD only apply where there is no relevant human intervention in the decision-making process? If a human being examines and weighs other factors when making the final decision, will it not be made “solely” based on the automated processing? [and, in this situation, will the prohibition in Article 22(1) GDPR not apply]?

Continue reading “Finally, the ECJ is interpreting Article 22 GDPR (on individual decisions based solely on automated processing, including profiling)”

The future regulation on non-contractual civil liability for AI systems

By Susana Navas Navarro (Professor at the Universidad Autónoma de Barcelona)

I was surprised and struck by the fact that, after all the work carried out within the European Union (“EU”), on the subject of civil liability for Artificial Intelligence (“AI”) Systems, the European Commission has opted for a Directive (the Proposal for a Directive on adapting non contractual civil liability rules to artificial intelligence or “Proposal for a Directive”) as the instrument to regulate this issue. Moreover, a Directive with a content focused exclusively on two issues: a) the disclosure of relevant information for evidence purposes or to decide whether or not to bring forth a lawsuit and against whom (Article 3) and b) the presumption of the causal link between the defendant’s fault and the result or absence thereof that an AI system should produce (Article 4). The argument for this is the disparity of civil liability regimes in Europe and the difficulties there have always existed in harmonization (see the Explanatory Memorandum accompanying the Proposal, p. 7). Choosing a Regulation as proposed by the European Parliament[1] or the proposals of the White Paper on AI would have allowed such harmonisation, and could have included rules on evidence. It seems to me that behind this decision lies the invisible struggle, previously evidenced in other issues, between the Commission and the European Parliament. I believe that the risks for all involved in the use and handling of AI systems, especially high-risk ones, are compelling reasons in favour of harmonization and strict liability.

In relation to this aspect, the Proposal for a Directive abandons the risk-based approach that had been prevailing in this area, since it assumes that the civil liability regimes in most of the Member States are based on fault. This is referred to, for example, in Article 3(5) when presuming the breach of duty of care by the defendant or directly in Article 2(5) when defining the action for damages, or Article 4(1) when admitting the presumption of the causal link between it and the result produced by the IA system or by the absence or failure in the production of such a result which causes the damage. Therefore, if in the national civil liability regime, the case was subsumed under a strict liability regime (e.g., equated to the use or operation of a machine or vicarious liability of the employer), these rules would not apply. National procedural systems, in relation to access to evidence, are not so far r from the provisions of this future Directive.

Continue reading “The future regulation on non-contractual civil liability for AI systems”

Editorial of December 2021

By Alessandra Silveira (Editor)

AI systems and automated inferences – on the protection of inferred personal data

On 23 November 2021 the European Commission published the consultation results on a set of digital rights and principles to promote and uphold EU values in the digital space – which ran between 12 May and 6 September 2021.[1] This public consultation on digital principles is a key deliverable of the preparatory work for the upcoming “Declaration on digital rights and principles for the Digital Decade”, which European Commission will announce by the end of 2021. The consultation invited all interested people to share their views on the formulation of digital principles in 9 areas: i) universal access to internet services; ii) universal digital education and skills for people to take an active part in society and in democratic processes; iii) accessible and human-centric digital public services and administration; iv) access to digital health services; v) an open, secure and trusted online environment; vi) protecting and empowering children and young people in the online space; vii) a European digital identity; viii) access to digital devices, systems and services that respect the climate and environment; ix) ethical principles for human-centric algorithms.  

Continue reading “Editorial of December 2021”

Editorial of June 2021

By Tiago Sérgio Cabral (Managing Editor)

Data Governance and the AI Regulation: Interplay between the GDPR and the proposal for an AI Act

It is hardly surprising that the recent European Commission’s proposal for a Regulation on a European Approach for Artificial Intelligence (hereinafter the “proposal for an AI Act”) is heavily inspired by the GDPR. From taking note of the GDPR’s success in establishing worldwide standards to learning from its shortcomings, for example by suppressing the stop-shop mechanism (arguably responsible for some of its enforcement woes).[1]

The proposal for an AI Act should not be considered a GDPR for AI for one singular reason: there is already a GDPR for AI, and it is called the GDPR. The scope and aims of the proposal are different, but there is certainly a high degree of influence and the interplay between the two Regulations, if the AI Act is approved, will certainly be interesting. In this editorial we will address one particular aspect where the interplay between the GDPR and the AI act could be particularly relevant: data governance and data set management.

Before going specifically into this subject, it is important to know that the AI Act’s proposed fines have a higher ceiling than the GDPR’s: up to 30,000,000 euros or, if the offender is company, up to 6% of its total worldwide annual turnover for the preceding financial year (article 71(3) of the proposal for an AI Act). We should note, nonetheless, that this specific value is applicable to a restricted number of infringements, namely:

Continue reading “Editorial of June 2021”

Artificial intelligence: 2020 A-level grades in the UK as an example of the challenges and risks

by Piedade Costa de Oliveira (Former official of the European Commission - Legal Service)
Disclaimer: The opinions expressed are purely personal and are the exclusive responsibility of the author. They do not reflect any position of the European Commission

The use of algorithms for automated decision-making, commonly referred to as Artificial Intelligence (AI), is becoming a reality in many fields of activity both in the private and public sectors.

It is common ground that AI raises considerable challenges not only for the area for which it is operated in but also for society as a whole. As pointed out by the European Commission in its White Paper on AI[i], AI entails a number of potential risks, such as opaque decision-making, gender-based bias or other kinds of discrimination or intrusion on privacy.

In order to mitigate such risks, Article 22 of the GDPR confers on data subjects the right not to be subject to a decision based solely on automated processing which produces legal effects concerning them or similarly significantly affects them[ii].

Continue reading “Artificial intelligence: 2020 A-level grades in the UK as an example of the challenges and risks”

Labor Apartheid: the next frontier of social inequality and the role of European Union

Maria Fernanda Brandão, Master's degree student in EU Law at UMinho
 ▪

 

Guiding the reasoning by the dialectic theory, in the perspective of Hegel and Marx, it is possible to contemplate the history of humanity as an inexhaustible class struggle. The conflict between dominant and dominated groups is one of the main legacies of the human action throughout the time. Thesis, antithesis, and synthesis, this seems to be the endless plot of the path taken by man.

The perspective of what is a ruling class is modified routinely over the centuries. In the last two, the polarization have been between the owners of the productive ways and assets and the wage-earning workers, which is, by the way, the feature of the capitalism and its intrinsic contradiction and, despite the conflict, the existence of both classes is necessary for the maintenance of the economic system.

However, several social transformations that occurred throughout the 20th century created new outcast groups in need of society’s attention for its integration. This was the case of women, in the search for effective equality in terms of labor rights, or the disabled and ethnic minority groups, and their notorious difficulty in employability. The State’s action, in all these cases, has been affirmative policies, such as the setting of quotas, subsidies and social integration campaigns.

However, the fourth industrial revolution sheds new light into these issues since a significant portion of the existing jobs is currently at risk of extinction due to the extreme robotization associated with the existence of artificial intelligence (AI). What can be seen, therefore, is a complete change of paradigm that places individuals of the most diverse shades on the same losing side, concentrating people of different races, genders, ages, social strata and schooling in the same group, deepening the inequality that has only skyrocketed since the welfare state collapsed in most parts of the world. This is what we call labor apartheid, due to the profound segregation of human beings from work and consumption caused by their productive unavailability. Continue reading “Labor Apartheid: the next frontier of social inequality and the role of European Union”

From Visual Arts to Virtual Arts – some insights about Law, Art & Technology

42632832392_12ef6fb330_o

 by Marcílio Franca, Professor at the Federal University of Paraíba, Brazil

Leonardo Da Vinci’s life and work show us that innovation and technology have always been close to art and artists. Over the past few decades, however, deep technological innovations are modifying art in strange, new ways. The development and access to new technologies have radically changed not only the ways of producing art but also the ways of consuming, preserving, collecting and restoring art nowadays. Obviously, all this has complex legal repercussions.

Right at the University of Minho, for example, the researcher and multimedia artist João Martinho Moura is a world reference in digital art and computational aesthetics. For the past 15 years, he has been adopting new digital ways to represent audiovisual artifacts, with special interest in the human body. Some of his award-winning works can be seen at  http://jmartinho.net/. Light art, lasers, AI created art, artist robots, e-museums are also good examples the ways in which technology is making its impact in the art world and in the legal systems.

The complexity of authorship and the relevance of the dematerialization of artwork in the field of contemporary visual arts have already secured the birth of at least three Digital Art Biennials. The older is “The Wrong Art Biennale” (https://thewrong.org), a global, digital event aiming to create, promote and push forward-thinking contemporary digital art among artists, curators, collectors and institutions located in virtual pavilions. There is also the International Digital Art Biennial (BIAN), in Montréal, created in 2012. The younger Digital Art Biennial will happen in Brazil for the first time in 2020, but was born ten years ago in Belo Horizonte, as a Digital Art Festival.
Continue reading “From Visual Arts to Virtual Arts – some insights about Law, Art & Technology”

Trends shaping AI in business and main changes in the legal landscape

web-3706562_960_720

 

by Ana Landeta, Director of the R+D+i Inst. at UDIMA
and Felipe Debasa, Director of the ONSSTKT21stC at URJC

Without a doubt and under the European Union policy context, “Artificial Intelligence (AI) has become an area of strategic importance and a key driver of economic development. It can bring solutions to many societal challenges from treating diseases to minimising the environmental impact of farming. However, socio-economic, legal and ethical impacts have to be carefully addressed”[i].

Accordingly, organizations are starting to make moves that act as building blocks for imminent change and transformation. With that in mind, Traci Gusher-Thomas[ii] has identified four trends that demonstrate how machine-learning is starting to bring real value to the workplace. It is stated that each of following four areas provides value to an organisation seeking to move forward with machine-learning and adds incremental value that can scale-up to be truly transformational.
Continue reading “Trends shaping AI in business and main changes in the legal landscape”

European Ethical Charter on the use of artificial intelligence in judicial systems and their environment: what are the implications of this measure?

hand-3308188_960_720

 by Amanda Espiñeira, Master Student at University of Brasília

Artificial intelligence has become a topic of great interest for the advancement of the information society and automation. Through various themes, from art, gastronomy, the world of games, the various mechanisms that involve AI allow the expansion of human creativity and capabilities, and are very important, especially when it comes to judicial systems. A field that for a long time has remained closed to innovations and digital transformations, today it opens and allows that there is more celerity and transparency to the decisions of the legal world. In other words, AI promises to fill a gap in the area, which still has plastered processes, such as the registry offices, which are almost synonymous with bureaucracy.

However, the importance of the theme and its efficiency, debating ethical aspects in this area is extremely relevant because AI can extract insights, we could never come up using traditional data mining techniques. And is even more important in the context of recent data protection regulation, especially GDPR- General Data Protection Regulation.

Thus, the European Commission for the Efficiency of Justice (CEPEJ) of the Council of Europe has adopted the first European text setting out ethical principles relating to the use of artificial intelligence (AI) in judicial systems, published on December 4, 2018[1].
Continue reading “European Ethical Charter on the use of artificial intelligence in judicial systems and their environment: what are the implications of this measure?”