Editorial of July 2018

artificial-intelligence-698122_960_720

 by Alessandra Silveira, Editor 
 and Sophie Perez Fernandes, Junior Editor


Artificial intelligence and fundamental rights: the problem of regulation aimed at avoiding algorithmic discrimination

The scandal involving Facebook and Cambridge Analytica (a private company for data analysis and strategic communication) raises, among others, the problem of regulating learning algorithms. And the problem lies above all in the fact that there is no necessary connection between intelligence and free will. Unlike human beings, algorithms do not have a will of their own, they serve the goals that are set for them Though spectacular, artificial intelligence bears little resemblance to the mental processes of humans – as the Portuguese neuroscientist António Damásio, Professor at the University of Southern California, brilliantly explains[i]. To this extent, not all impacts of artificial intelligence are easily regulated or translated into legislation – and so traditional regulation might not work[ii].

In a study dedicated to explaining why data (including personal data) are at the basis of the Machine-Learning Revolution – and to what extent artificial intelligence is reconfiguring science, business, and politics – another Portuguese scientist, Pedro Domingos, Professor in the Department of Computer Science and Engineering at the University of Washington, explains that the problem that defines the digital age is the following: how do we find each other? This applies to both producers and consumers – who need to establish a connection before any transaction happens –, but also to anyone looking for a job or a romantic partner. Computers allowed the existence of the Internet – and the Internet created a flood of data and the problem of limitless choice. Now, machine learning uses this infinity of data to help solve the limitless choice problem. Netflix may have 100,000 DVD titles in stock, but if customers cannot find the ones they like, they will end up choosing the hits; so, Netflix uses a learning algorithm that identifies customer tastes and recommends DVDs. Simple as that, explains the Author[iii].
Continue reading “Editorial of July 2018”

Advertisements

The first steps of a revolution with a set date (25 May 2018): the “new” General Data Protection regime

regulation-3246979_1280

by Pedro Madeira Froufe, Editor


1. Homo digitalis[i] is increasingly more present in all of us. It surrounds us, it captures us. Our daily life is digitalising rapidly. We live, factually and considerably, a virtual existence… but very real! The real and the virtual merge in our normal life; the frontiers between these dimensions of our existence are bluring. Yet, this high-tech life of ours does not seem to be easily framed by law. Law has its own time – for now barely compatible with the speed of technologic developments. Besides, in face of new realities, it naturally hesitates in the pursuit of the value path (therefore, normative) to follow. We must give (its) time to law, without disregarding the growth of homo digitalis.

2. Well, today (25 May 2018) the enforcement of Regulation 2016/679 (GDPR) begins. Since 25 January 2012 (date of the presentation of the proposal for the Regulation) until now the problems with respect to the protection of fundamental rights – in particular the guarantee of personal data security (Article 8 CFREU) – have been progressively clearer as a result of the increase in the digital dimension of our lives. Definitely, the personal data became of economic importance that recently publicized media cases (for example, “Facebook vs. Cambridge Analytics”) underline. Its reuse for purposes other than those justifying its treatment, transaction and crossing, together with the development of the use of algorithms (so-called “artificial intelligence” techniques) have made it necessary to reinforce the uniform guarantees of citizens, owners of personal data, increasingly digitized.
Continue reading “The first steps of a revolution with a set date (25 May 2018): the “new” General Data Protection regime”

The ultimate guide(line) to DPIA’s

11484777313_9b3f7f8f67_o

by João Marques, member of the Portuguese Data Protection National Commission and member of CEDU

Although merely advisory in its nature, the Article 29 Working Party (WP 29) has been a major force in guaranteeing a minimum of consistency in the application of the Directive 95/46/CE, allowing member states’ public and private sectors to know what to expect from their supervisory authorities perspectives on various data protection subjects. Its independence has played a major role in the definition of its views and opinions, focusing on the fundamental rights at stake and delivering qualified feedback to the difficult issues it has faced.

The new European legal framework on data protection has produced a step forward on this regard by instituting a new formal EU Body – the European Data Protection Board – EDPB (Art. 68 of the General Data Protection Regulation – GDPR). This will represent a significant step forward in the European institutional landscape concerning data protection but it does not mean that the WP 29 is already dead and buried, quite the opposite.

As it is already known, the EDPB will have far reaching powers designed to guarantee consistency and effectiveness to the rules of the regulation across the EU. One of the said powers translates into the issuance of guidelines in several matters [Art. 70 (1)(d), (f), (g), (h), (i), (j), (k), (m) of the GDPR].

The problem is, of course, that this new EU Body will only exist from May 2018 onwards, leaving a gap of two years (from May 2016, when the regulation entered into force) to be filled by the current legal and institutional frameworks. As such the WP29 took it into its hands to materialize these particular tasks of the EDPB during this transitional phase, fully aware that the guidelines it may issue for the time being could still be rebutted by the EDPB members. Nevertheless this is a calculated risk as the members currently sitting in the WP 29 will almost certainly be the ones who’ll be sitting in the EDPB.

Continue reading “The ultimate guide(line) to DPIA’s”

Data Protection Officer according to GDPR

hacking-2077124_1920

by André Mendes Costa, masters student at University of Minho
 ▪

In an ever changing world of information technologies, privacy and data protection inevitably attracts considerable attention.

The Portuguese Data Protection Law and the EU Directive 95/46 will be soon replaced by a new European and National legal framework. In fact, the new General Data Protection Regulation (GDPR) alters profoundly the paradigm of the personal data protection legal regime. The 679/2016 Regulation (GDPR) is part of a new European community legislative package which also includes a directive that lays down the procedures for dealing with personal data by the competent authorities for the purposes of prevention, research, detection and prosecution of criminal offences or the execution of criminal penalties. The Regulation came into force on 25th May and establishes a vacancy period of 2 years, providing the necessary time for the public and private sectors to equip themselves to face the new regulatory demands.

This brief analysis concentrates on the post of the data protection officer (DPO), on his/her duties and competencies and on those entities who are responsible for his/her appointment.

In the new European legislation there is an important change of paradigm in the protection of personal data namely the suppression – with a few exceptions contained in the Regulation – of the requisite of pre notification to the National Commission of Data Protection (NCDP). This change assigns to the person responsible for the processing of data the onus of legal guarantor of his/her cases, thus fully observing the Regulation. In fact, in the cases where there is no prior notification to the competent authority (NCDP), the Regulation has found other forms of guarantying that the processing of personal data is legally protected by creating the post of a data protection officer (DPO).
Continue reading “Data Protection Officer according to GDPR”

Editorial of January 2017

 

board-673013_1920

by Joana Covelo de Abreu, Junior Editor
 ▪

New year’s resolutions: digital single market in 2017 – the year of interoperability

Digital Single Market is one of the major political goals for EU and its Member States since digital tools have shaped, for the past last decade, how economy behaves and how economic growth is relying on IT tools. In fact, digital economy can create growth and employment all across our continent. On the other hand, digital mechanisms cover almost every economic field, from transportation to clothes, from movies to sports since online platforms have the ability to create and shape new markets, challenging traditional ones.

The Digital Agenda for Europe (DAE) is one of the initiatives under Europe 2020 Strategy and it aims to promote economic growth and social benefits by achieving the digital single market. So it is named as one of the secondary public interests that must be pursued by European administration – both national public administrations (when they apply EU law and act as European functioning administrations) and European institutions and, in that sense, especially national public administrations must feel engaged to promote this end and objective, otherwise if those are the ones to firstly resist to innovation, Internal Market adaptation to new framework standards will suffer and economic prosperity in Europe can be undermined.

Therefore, EU has created several mechanisms to foster interoperability solutions that would bring together institutions, national public administrations, companies and individuals. In this context, interoperability stands for “the ability of disparate and diverse organizations to interact towards mutually beneficial and agreed common goals, involving the sharing of information and knowledge between organizations, through the business processes they support, by means of the exchange of data between their respective ICT systems”. It demands and implies an effective interconnection between digital components where standardization has an essential role to play in increasing the interoperability of new technologies within the Digital Single Market. It aims to facilitate access to data and services in a protected and interoperable environment, promoting fair competition and data protection.

Continue reading “Editorial of January 2017”

Editorial of June 2016

 

6914441342_775b4ab9a7_o

by João Marques, Lawyer and member of the 
Portuguese Data Protection National Commission

The right to be remembered – Directive 95/46/CE begins its twilight and makes way for the new General Data Protection Regulation (GDPR)

It was on May the 4th that the EU paradigm regarding personal data protection started to write its chapter in the common book of legal unification. As the Regulation (EU) 2016/679 [together with Directive (EU) 2016/680] finally got published in the Official Journal of the EU, a new era is jumpstarted. The first “victim” of the new paradigm is the old Directive 95/46/CE, which for the past 20 years has served European citizens honourably.

Although it faced a challenging task, Directive 95/46/EC was generally capable of protecting EU citizens against the predatory instincts of our world regarding their personal data. A suitable testament in this regard is the fact that the principles enshrined in Chapter 2 of the Directive have been, for the most part, kept almost unchanged. Lawful processing, purpose specification and limitation, data quality, fair processing and accountability remain as the bedrock of data protection under the new legal framework.

As ever, the CJEU case-law has been of paramount importance in the consolidation of a European perspective in which the citizen’s fundamental rights are at the forefront of the Union’s responsibilities, with the recent case C-362/14 (Schrems V. Data Protection Commissioner and Digital Rights Ireland Ltd) being yet another example of the approach for which the court is well known.

Continue reading “Editorial of June 2016”