Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: EU Data Protection

Data Is What Data Does: Regulating Use, Harm, and Risk Instead of Sensitive Data

Solove, Daniel J., Data Is What Data Does: Regulating Use, Harm, and Risk Instead of Sensitive Data (January 11, 2023). Management Journal for Advanced Research, Volume-2 Issue-6, December 2022, PP. 12-15, Available at SSRN: https://ssrn.com/abstract=4322198 – “Heightened protection for sensitive data is becoming quite trendy in privacy laws around the world. Originating in European Union (EU) data protection law and included in the EU’s General Data Protection Regulation (GDPR), sensitive data singles out certain categories of personal data for extra protection. Commonly recognized special categories of sensitive data include racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sexual orientation and sex life, biometric data, and genetic data. Although heightened protection for sensitive data appropriately recognizes that not all situations involving personal data should be protected uniformly, the sensitive data approach is a dead end. The sensitive data categories are arbitrary and lack any coherent theory for identifying them. The borderlines of many categories are so blurry that they are useless. Moreover, it is easy to use non-sensitive data as a proxy for certain types of sensitive data. Personal data is akin to a grand tapestry, with different types of data interwoven to a degree that makes it impossible to separate out the strands. With Big Data and powerful machine learning algorithms, most non-sensitive data can give rise to inferences about sensitive data. In many privacy laws, data that can give rise to inferences about sensitive data is also protected as sensitive data. Arguably, then, nearly all personal data can be sensitive, and the sensitive data categories can swallow up everything. As a result, most organizations are currently processing a vast amount of data in violation of the laws.  This Article argues that the problems with the sensitive data approach make it unworkable and counterproductive — as well as expose a deeper flaw at the root of many privacy laws. These laws make a fundamental conceptual mistake — they embrace the idea that the nature of personal data is a sufficiently useful focal point for the law. But nothing meaningful for regulation can be determined solely by looking at the data itself. Data is what data does. Personal data is harmful when its use causes harm or creates a risk of harm. It is not harmful if it is not used in a way to cause harm or risk of harm.  To be effective, privacy law must focus on use, harm, and risk rather than on the nature of personal data. The implications of this point extend far beyond sensitive data provisions. In many elements of privacy laws, protections should be based on the use of personal data and proportionate to the harm and risk involved with those uses.”

Predictive Justice in Light of the New AI Act Proposal

Gallese, Chiara, Predictive Justice in Light of the New AI Act Proposal (September 29, 2022). Available at SSRN: https://ssrn.com/abstract=4286023 or http://dx.doi.org/10.2139/ssrn.4286023  – “In the latest years, there has been an increasing trend for police forces and judicial authorities to employ predictive profiling technologies in criminal justice, posing major risks to the fundamental rights of citizens.… Continue Reading

Welcome to Hotel Elsevier: you can check-out any time you like … not

Dr. Eiko Fried: “In December 2021, Robin Kok wrote a series of tweets about his Elsevier data access request. I did the same a few days later. This here is the resulting collaborative blog post, summarizing our journey in trying to understand what data Elsevier collects; what data Elsevier has collected on us two specifically;… Continue Reading

Pete Recommends – Weekly highlights on cyber security issues, December 10, 2022

Via LLRX – Pete Recommends – Weekly highlights on cyber security issues, December 10, 2022 – Privacy and cybersecurity issues impact every aspect of our lives – home, work, travel, education, health and medical records – to name but a few. On a weekly basis Pete Weiss highlights articles and information that focus on the… Continue Reading

Pete Recommends – Weekly highlights on cyber security issues, November 5, 2022

Via LLRX – Pete Recommends – Weekly highlights on cyber security issues, November 5, 2022: “Privacy and cybersecurity issues impact every aspect of our lives – home, work, travel, education, health and medical records – to name but a few. On a weekly basis Pete Weiss highlights articles and information that focus on the increasingly complex… Continue Reading

Open-Source ‘Consent-O-Matic’ Tool Lets Anyone Automatically Stop Websites From Tracking Them

Vice: “Nobody really likes being tracked around the web, but rejecting cookies in a pop-up window every time you’re presented with the option can be exhausting. Now, there’s a tool that will do it for you automatically, and it’s called Consent-O-Matic.  Despite it being four years since Europe’s GDPR data protection and privacy law was… Continue Reading

EU Code of Practice on Disinformation

Brookings: “In 2018, the European Commission (EC) created the EU Code of Practice on Disinformation (Code), the first self-regulatory piece of legislation that intended to motivate companies to collaborate on solutions to the problem of disinformation. Twenty-one companies agreed to commit to this Code, and these rules resulted in tangible solutions: Facebook, Google, and Twitter… Continue Reading

Artificial Intelligence Accountability of Public Administration

Bignami, Francesca, Artificial Intelligence Accountability of Public Administration (June 1, 2022). The American Journal of Comparative Law, https://doi.org/10.1093/ajcl/avac012, GWU Legal Studies Research Paper No. 2022-37, GWU Law School Public Law Research Paper No. 2022-37, Available at SSRN: https://ssrn.com/abstract=4166881 “This article canvasses the use and regulation of artificial intelligence (AI) in US administrative agencies. It is… Continue Reading

Congress Might Pass an Actually Good Privacy Bill

Wired: “Usually, when Congress is working on major tech legislation, the inboxes of tech reporters get flooded with PR emails from politicians and nonprofits either denouncing or trumpeting the proposed statute. Not so with the American Data Privacy and Protection Act. A first draft of the bill seemed to pop up out of nowhere in… Continue Reading

An Overview of Privacy Law in 2022

Solove, Daniel J. and Schwartz, Paul M., An Overview of Privacy Law in 2022 (April 1, 2022). Chapter 1 of PRIVACY LAW FUNDAMENTALS (6th Edition, IAPP 2022), GWU Legal Studies Research Paper No. 2022-26, GWU Law School Public Law Research Paper No. 2022-26, Available at SSRN: https://ssrn.com/abstract=4072205 “Chapter 1 of PRIVACY LAW FUNDAMENTALS (6th edition,… Continue Reading

Human Rights, and Algorithmic Opacity

Lu, Sylvia Si-Wei, Data Privacy, Human Rights, and Algorithmic Opacity (May 6, 2022). California Law Review, Vol. 110, 2022 Forthcoming, Available at SSRN: https://ssrn.com/abstract=4004716 “Decades ago, it was difficult to imagine a reality in which artificial intelligence (AI) could penetrate every corner of our lives to monitor our innermost selves for commercial interests. Within a… Continue Reading