Troubleshooting AI and Consent

The Oxford Handbook of Ethics of AI ◽

10.1093/oxfordhb/9780190067397.013.23 ◽

2020 ◽

pp. 357-374

Author(s):

Meg Leta Jones ◽

Elizabeth Edenberg

Keyword(s):

Data Protection ◽

The United States ◽

The European Union ◽

Daily Lives ◽

General Data Protection Regulation ◽

Choice Making ◽

General Data ◽

The Individual ◽

Alternative Solutions

This chapter addresses the controversy over the role of consent in data protection, as artificial intelligence systems have proliferated in people’s daily lives. Digital consent has been criticized as a meaningless, procedural act because users encounter so many different, long, and complicated terms of service that do not help them effectively assess potential harms or threats. AI systems have played a role in exacerbating existing issues, creating new challenges, and presenting alternative solutions. Most of the critiques and cures for this broken arrangement address choice-making, not consent. As the United States debates whether and why to break up big tech, and the European Union considers enforcement actions under the General Data Protection Regulation and how to update its laws to address tracking techniques in a new AI-driven smart world, consent cannot be confused with choice. Consent must be defined by its moral core, involving clear background conditions, defined scope, knowledge, voluntariness, and fairness. When consent meets these demands, it remains a powerful tool for contributing to meaningful data protection at the individual and societal levels.

Download Full-text

Soft ethics, the governance of the digital and the General Data Protection Regulation

Philosophical Transactions of The Royal Society A Mathematical Physical and Engineering Sciences ◽

10.1098/rsta.2018.0081 ◽

2018 ◽

Vol 376 (2133) ◽

pp. 20180081 ◽

Cited By ~ 16

Author(s):

Luciano Floridi

Keyword(s):

Technological Innovation ◽

Data Protection ◽

The European Union ◽

Legal Compliance ◽

Theme Issue ◽

General Data Protection Regulation ◽

Digital Ethics ◽

General Data ◽

Digital Governance

The article discusses the governance of the digital as the new challenge posed by technological innovation. It then introduces a new distinction between soft ethics , which applies after legal compliance with legislation, such as the General Data Protection Regulation in the European Union, and hard ethics , which precedes and contributes to shape legislation. It concludes by developing an analysis of the role of digital ethics with respect to digital regulation and digital governance. This article is part of the theme issue ‘Governing artificial intelligence: ethical, legal, and technical opportunities and challenges’.

Download Full-text

Data Protection Commissioner v. Facebook Ireland Ltd. and Maximillian Schrems (C.J.E.U.)

International Legal Materials ◽

10.1017/ilm.2020.62 ◽

2021 ◽

Vol 60 (1) ◽

pp. 53-98

Author(s):

Michael S. Aktipis ◽

Ron B. Katwan

Keyword(s):

Data Protection ◽

Data Privacy ◽

Personal Data ◽

The United States ◽

Transfer Mechanism ◽

The European Union ◽

Privacy Concerns ◽

General Data Protection Regulation ◽

General Data ◽

The Eu

On July 16, 2020, the Court of Justice of the European Union (CJEU) issued its ruling in Data Protection Commissioner v. Facebook Ireland Limited and Maximillian Schrems, commonly known as Schrems II, invalidating the EU–U.S. Privacy Shield as a valid transfer mechanism under the EU's General Data Protection Regulation (GDPR) and creating significant legal uncertainty for the continued availability of another widely used transfer mechanism, Standard Contractual Clauses (SCCs), for transfers of EU personal data from commercial entities in the EU to the United States. The widely anticipated ruling marked the second time in five years that the CJEU had invalidated the legal foundation for such data transfers, which in both cases had been the result of a carefully negotiated compromise balancing European data privacy concerns with statutory and constitutional limitations of the U.S. system (see Schrems I).

Download Full-text

Data Sharing Under the General Data Protection Regulation

Hypertension ◽

10.1161/hypertensionaha.120.16340 ◽

2021 ◽

Vol 77 (4) ◽

pp. 1029-1035

Author(s):

Antonia Vlahou ◽

Dara Hallinan ◽

Rolf Apweiler ◽

Angel Argiles ◽

Joachim Beige ◽

...

Keyword(s):

European Union ◽

Data Protection ◽

Personal Data ◽

Research Approach ◽

The European Union ◽

General Data Protection Regulation ◽

Personal Data Protection ◽

Protection Legislation ◽

General Data ◽

Almost All

The General Data Protection Regulation (GDPR) became binding law in the European Union Member States in 2018, as a step toward harmonizing personal data protection legislation in the European Union. The Regulation governs almost all types of personal data processing, hence, also, those pertaining to biomedical research. The purpose of this article is to highlight the main practical issues related to data and biological sample sharing that biomedical researchers face regularly, and to specify how these are addressed in the context of GDPR, after consulting with ethics/legal experts. We identify areas in which clarifications of the GDPR are needed, particularly those related to consent requirements by study participants. Amendments should target the following: (1) restricting exceptions based on national laws and increasing harmonization, (2) confirming the concept of broad consent, and (3) defining a roadmap for secondary use of data. These changes will be achieved by acknowledged learned societies in the field taking the lead in preparing a document giving guidance for the optimal interpretation of the GDPR, which will be finalized following a period of commenting by a broad multistakeholder audience. In parallel, promoting engagement and education of the public in the relevant issues (such as different consent types or residual risk for re-identification), on both local/national and international levels, is considered critical for advancement. We hope that this article will open this broad discussion involving all major stakeholders, toward optimizing the GDPR and allowing a harmonized transnational research approach.

Download Full-text

Location Privacy in the Wake of the GDPR

10.20944/preprints201902.0227.v1 ◽

2019 ◽

Author(s):

Yola Georgiadou ◽

Rolf de By ◽

Ourania Kounadi

Keyword(s):

Data Protection ◽

Location Privacy ◽

Cultural Theory ◽

Personal Data ◽

The European Union ◽

General Data Protection Regulation ◽

Digital Ecosystem ◽

Protection Legislation ◽

General Data ◽

Conducting Research

The General Data Protection Regulation (GDPR) protects the personal data of natural persons and at the same time allows the free movement of such data within the European Union (EU). Hailed as majestic by admirers and dismissed as protectionist by critics, the Regulation is expected to have a profound impact around the world, including in the African Union (AU). For European–African consortia conducting research that may affect the privacy of African citizens, the question is ‘how to protect personal data of data subjects while at the same time ensuring a just distribution of the benefits of a global digital ecosystem?’ We use location privacy as a point of departure, because information about an individual’s location is different from other kinds of personally identifiable information. We analyse privacy at two levels, individual and cultural. Our perspective is interdisciplinary: we draw from computer science to describe three scenarios of transformation of volunteered/observed information to inferred information about a natural person and from cultural theory to distinguish four privacy cultures emerging within the EU in the wake of GDPR. We highlight recent data protection legislation in the AU and discuss factors that may accelerate or inhibit the alignment of data protection legislation in the AU with the GDPR.

Download Full-text

Analysis of the US Privacy Model

Research Anthology on Privatizing and Securing Data ◽

10.4018/978-1-7998-8954-0.ch087 ◽

2021 ◽

pp. 1818-1825

Author(s):

Francisco García Martínez

Keyword(s):

Data Privacy ◽

Personal Information ◽

National Level ◽

The United States ◽

The European Union ◽

General Data Protection Regulation ◽

Privacy Laws ◽

The Us ◽

General Data ◽

State Of Art

The creation of the General Data Protection Regulation (GDPR) constituted an enormous advance in data privacy, empowering the online consumers, who were doomed to the complete loss of control of their personal information. Although it may first seem that it only affects companies within the European Union, the regulation clearly states that every company who has businesses in the EU must be compliant with the GDPR. Other non-EU countries, like the United States, have seen the benefits of the GDPR and are already developing their own privacy laws. In this article, the most important updates introduced by the GDPR concerning US corporations will be discussed, as well as how American companies can become compliant with the regulation. Besides, a comparison between the GDPR and the state of art of privacy in the US will be presented, highlighting similarities and disparities at the national level and in states of particular interest.

Download Full-text

The Second Internet: The Brussels Bourgeois Internet

Four Internets ◽

10.1093/oso/9780197523681.003.0007 ◽

2021 ◽

pp. 77-91

Author(s):

Kieron O’Hara

Keyword(s):

European Union ◽

Public Space ◽

Data Protection ◽

The European Union ◽

Privacy Rights ◽

General Data Protection Regulation ◽

Internet Privacy ◽

Data Protection Directive ◽

General Data ◽

Data Protection Law

This chapter describes the Brussels Bourgeois Internet. The ideal consists of positive, managed liberty where rights of others are respected, as in the bourgeois public space, where liberty follows only when rights are secured. The exemplar of this approach is the European Union, which uses administrative means, soft law, and regulation to project its vision across the Internet. Privacy and data protection have become the most emblematic struggles. Under the Data Protection Directive of 1995, the European Union developed data-protection law and numerous privacy rights, including a right to be forgotten, won in a case against Google Spain in 2014, the arguments about which are dissected. The General Data Protection Regulation (GDPR) followed in 2018, amplifying this approach. GDPR is having the effect of enforcing European data-protection law on international players (the ‘Brussels effect’), while the European Union over the years has developed unmatched expertise in data-protection law.

Download Full-text

Data protection and ethics requirements for multisite research with health data: a comparative examination of legislative governance frameworks and the role of data protection technologies†

Journal of Law and the Biosciences ◽

10.1093/jlb/lsaa010 ◽

2020 ◽

Vol 7 (1) ◽

Author(s):

James Scheibner ◽

Marcello Ienca ◽

Sotiria Kechagia ◽

Juan Ramon Troncoso-Pastoriza ◽

Jean Louis Raisaro ◽

...

Keyword(s):

Research Ethics ◽

Data Protection ◽

Data Transfer ◽

Homomorphic Encryption ◽

Personalised Medicine ◽

The United States ◽

Health Data ◽

The European Union ◽

Data Accessibility ◽

General Data Protection Regulation

Abstract Personalised medicine can improve both public and individual health by providing targeted preventative and therapeutic healthcare. However, patient health data must be shared between institutions and across jurisdictions for the benefits of personalised medicine to be realised. Whilst data protection, privacy, and research ethics laws protect patient confidentiality and safety they also may impede multisite research, particularly across jurisdictions. Accordingly, we compare the concept of data accessibility in data protection and research ethics laws across seven jurisdictions. These jurisdictions include Switzerland, Italy, Spain, the United Kingdom (which have implemented the General Data Protection Regulation), the United States, Canada, and Australia. Our paper identifies the requirements for consent, the standards for anonymisation or pseudonymisation, and adequacy of protection between jurisdictions as barriers for sharing. We also identify differences between the European Union and other jurisdictions as a significant barrier for data accessibility in cross jurisdictional multisite research. Our paper concludes by considering solutions to overcome these legislative differences. These solutions include data transfer agreements and organisational collaborations designed to `front load' the process of ethics approval, so that subsequent research protocols are standardised. We also allude to technical solutions, such as distributed computing, secure multiparty computation and homomorphic encryption.

Download Full-text

Analysis of the US Privacy Model

International Journal of Hyperconnectivity and the Internet of Things ◽

10.4018/ijhiot.2019010103 ◽

2019 ◽

Vol 3 (1) ◽

pp. 43-52

Author(s):

Francisco García Martínez

Keyword(s):

Data Privacy ◽

Personal Information ◽

National Level ◽

The United States ◽

The European Union ◽

General Data Protection Regulation ◽

Privacy Laws ◽

The Us ◽

General Data ◽

The Eu

Download Full-text

A Weaponized Court of Justice in Schrems II

Nordic Journal of European Law ◽

10.36969/njel.v4i2.23778 ◽

2021 ◽

Vol 4 (2) ◽

pp. 1-18

Author(s):

Jeffery Atik ◽

Xavier Groussot

Keyword(s):

European Union ◽

National Security ◽

The United States ◽

Constitutional Court ◽

The European Union ◽

General Data Protection Regulation ◽

Legal Development ◽

Court Of Justice ◽

General Data ◽

The U.S

The U.S.-EU conflict over the application of the General Data Protection Regulation (GDPR) to U.S.-based digital platform companies is marked by a startling legal development: the insertion of a constitutional court squarely into the heart of the dispute. The engagement of the EU’s top court - the Court of Justice (CJEU) - in the Schrems I and Schrems II cases - has significantly inflamed the dispute. The CJEU has now twice struck down GDPR accommodations reached between the United States and the European Union. In doing so, the Court has rebuked both U.S. and EU officials. By transfiguring provisions of the GDPR with constitutional (that is, treaty-based) and human rights values, the Court has placed out of reach any accommodation that does not involve significant reform of U.S. privacy and national security provisions. Heated trans-Atlantic disputes involving assertions of extraterritorial extensions of regulatory power is an inappropriate place for a constitutional court like the CJEU to throw its declarative weight around.

Download Full-text

GDPR implementation as the main reason for the regional fragmentation in the online mediasphere

E3S Web of Conferences ◽

10.1051/e3sconf/202127308099 ◽

2021 ◽

Vol 273 ◽

pp. 08099

Author(s):

Mikhail Smolenskiy ◽

Nikolay Levshin

Keyword(s):

European Union ◽

Data Protection ◽

Personal Data ◽

Main Role ◽

The European Union ◽

Protection Measures ◽

General Data Protection Regulation ◽

Personal Data Protection ◽

The Usa ◽

General Data

The EU’s General Data Protection Regulation (GDPR) applies not only to the territory of the European Union, but also to all information systems containing data of EU’s citizens around the world. Misusing or carelessly handling personal data bring fines of up to 20 million euros or 4% of the annual turnover of the offending company. This article analyzes the main trends in the global implementation of the GDPR. Authors considered and analyzed results of personal data protection measures in nineteen regions: The USA, Canada, China, France, Germany, India, Kazakhstan, Nigeria, Russia, South Korea and Thailand, as well as the European Union and a handful of other. This allowed identifying a direct pattern between the global tightening of EU’s citizens personal data protection and the fragmentation of the global mediasphere into separate national segments. As a result of the study, the authors conclude that GDPR has finally slowed down the globalization of the online mediasphere, playing a main role in its regional fragmentation.

Download Full-text