1,720,976 research outputs found
Why a Right to Legibility of Automated Decision-Making Exists in the General Data Protection Regulation
No full text"Intellectual Privacy": Trade Secrets and the Propertization of Consumers' Personal Data in the EU
No full textThis paper attempts to find a much-needed balance between data protection rights and trade secret rights on customer information in the European Union framework. Our analysis proposes a “shared management” of secret data between businesses and customers based on an operation of de-contextualization of customer databases.
Several rights are in conflict in these two legal domains. For instance, the right to access to personal data and the new proposed right to “data portability” conflict with the interests of trade secret holders. What is even more problematic is that both analyzed legal frameworks are more and more based on a “proprietary” approach to data: they are both a form of abstract “monopoly”.
In a first step we analyze, in comparison with USA law, when and how the scope of data protection and trade secret protection coincide in practice, according to the proposed EU reforms in the field. As illustrated by literature, balancing rules in these two frameworks are vague and schizophrenic. However, from a literal interpretation of the analyzed it is possible to understand a “favor” for data protection rights.
In analyzing the apparent favor to personality rights compared to other (e.g., economic) rights we investigate (both in USA and selected European states) trade secrets in the perspective of personality rights and data protection rights. As a result of our study we propose a change in perspective from the contrast between customers and businesses, to the conflict between customers and businessmen that enables us to verify whether and when personality rights of data subjects affect the above-mentioned personality rights of businessman in practice.
the paper proposes to “decontextualize” secret data so that customers can access only data strictly related to their biographical information while trade secret holders can be free not to disclose the output of their data processing (behavior evaluation, forecast, studies on life expectancy, personalized marketing plan, pricing, etc.) if disclosure can adversely affect their interests. In this framework the “proprietary” approach of European laws must be caught as an opportunity, not as an obstacle: we can consider secret data as a “shared good” of customers and businessmen. A multi-level management of data should be based on interests that are common to customers and trade secret holders (secrecy and data updating)
Recommended from our members
Vulnerability and data protection law /
No full textOffers a rich analysis of the meaning of 'data subjects' and 'vulnerability' within the context of the General Data Protection Regulation. It seeks to reconceptualise data subjects' vulnerability in the digital age and to promote a 'vulnerability-aware' interpretation of the GDPR
Data-powerful. Un'indagine sulla nozione di potere e il suo rapporto con la vulnerabilità nel mercato digitale
No full textL’indagine dei caratteri e dei fattori costitutivi delle condizioni di vulnerabilità
individuale suscita un vivace dibattito nel campo della tutela dei dati personali. Nondi-
meno, gli sforzi per identificare e proteggere i soggetti vulnerabili attraverso il ricorso agli
strumenti della data protection law(basati su una nozione sovente non pienamente
elaborata di «asimmetria di potere») appaiono ancora insoddisfacenti, sia in termini di
elaborazione teorica, sia in una dimensione maggiormente operazionale. Inoltre, la
dottrina che del tema si è occupata ha solo marginalmente considerato la possibilità che
il diritto della concorrenza possa contribuire all’indagine delle nuove forme di vulnera-
bilità digitale. La proposta di legge europea sull’Intelligenza Artificiale sottolinea altresì
il legame esistente tra la vulnerabilità individuale e lo squilibrio di potere (articolo 7,
paragrafo 2, lettera f)), ma tale legame non è ancora adeguatamente esplorato. Pertanto,
il presente contributo si propone di valutare se, e a quali condizioni, il diritto della
concorrenza possa avere un ruolo nella definizione dei caratteri della vulnerabilità, in
particolare attraverso un’elaborazione critica del concetto di «potere». Conseguente-
mente, ci si chiede se la nozione di potere accolta nel diritto antitrust possa integrare la
disciplina in materia di protezione dei dati personali nella definizione e nella protezione
delle vulnerabilità individuali. Si osserverà, a tale scopo, come le esistenti nome in
materia di data protectionpaiono focalizzate sulla prospettiva individuale della vulnera-
bilità degli interessati, laddove l’analisi del «potere» delle tech companiespare potersi
svolgere in maniera maggiormente efficace attraverso il ricorso ad altri giuridici, ed in particolare al diritto della concorrenza. Si evidenzierà, inoltre, come l’analisi delle
dinamiche di potere e di sfruttamento delle vulnerabilità da un’unica prospettiva — come avviene, ad esempio, nel caso della disciplina in materia di protezione dei dati personali
— comporti il rischio di addivenire a definizioni sostanzialmente circolari: se la vulne-
rabilità degli interessati è, infatti, definita solo nei termini di squilibrio di potere e lo
squilibrio di potere è — a sua volta — definito esclusivamente come la possibilità di
sfruttare la vulnerabilità dei data subject, risulta complesso interpretare e contestualiz-
zare queste definizioni nella pratica. Al fine di superare le premesse criticità, il contributo
propone di conseguenza un approccio interdisciplinare alle dinamiche del potere: lad-
dove la data protection(e, in parte, il diritto dei consumi) appare necessaria per
analizzare la vulnerabilità, il diritto della concorrenza offre una solida giurisprudenza ed
una ricca riflessione dottrinale in merito alla nozione di potere. In aggiunta, la prospettiva
del diritto della concorrenza si presenta, in termini operativi, complementare al modello
della data protection, permettendo di portare a sintesi le due concezioni rispettivamente
strutturale e relazionale dell’asimmetria di potere. Ciò è particolarmente evidente nei
mercati digitali, alla luce della nota decisione resa dell’autorità antitrust tedesca nei
confronti di Facebook, ma altresì in considerazione di una pluralità di casi emersi in anni
recenti in diversi Stati Membri. Si ritiene, di conseguenza che, basandosi sui due approcci
al tema del potere e sulla loro diversa focalizzazione (mercato ovvero individui), si possa
giungere in ultima analisi ad una comprensione più ampia della natura della disparità e
del suo sfruttamento
Data Extra Commercium
No full textCommerce in some data is, and should be, limited by the law (data extra commercium) because some data embody values and interests (in particular, human dignity) that may be detrimentally affected by trade. In this article, drawing on the Roman law principles regarding res extra commercium, we investigate the example of personal data as regulated under the EU Charter and the GDPR. We observe that transactions in personal data are not forbidden but subject to what we call a dynamically limited alienability rule. This rule is based on two dynamic variables: the nature of data and the legal basis for commercially trading such data (at primary or secondary level). Accordingly, in order to deal with such dynamism and the uncertainty it poses, we propose a general two-stage reasonableness test that should help legal practitioners, judges and law-makers in considering when trade in data is illicit and who (if anyone) shall be held responsible for this mischief. Finally, we show how the two-stage test and the limited alienability rule can advance European contract law and help enforce legal principles of data extra commercium in automated and autonomous data trading systems
Mental data protection and the GDPR
No full textAlthough decoding the content of mental states is currently unachievable, technologies such as neural interfaces, affective computing systems, and digital behavioral technologies enable increasingly reliable statistical associations between certain data patterns and mental activities such as memories, intentions, and emotions. Furthermore, Artificial Intelligence enables the exploration of these activities not just retrospectively but also in a real-time and predictive manner. In this article, we introduce the notion of 'mental data', defined as any data that can be organized and processed to make inferences about the mental states of a person, including their cognitive, affective and conative states. Further, we analyze existing legal protections for mental data by considering the lawfulness of their processing in light of different legal bases and purposes, with special focus on the EU General Data Protection Regulation (GDPR). We argue that the GDPR is an adequate tool to mitigate risks related to mental data processing. However, we recommend that interpreters focus on processing characteristics, rather than merely on the category of data at issue. Finally, we call for a 'Mental Data Protection Impact Assessment', a specific data protection impact assessment designed to better assess and mitigate the risks to fundamental rights and freedoms associated with the processing of mental data.SHS-EN
Algorithmic Impact Assessments Under the GDPR: Producing Multi-Layered Explanations
Full text linkPolicy-makers, scholars, and commentators are increasingly concerned with the risks of using profiling algorithms and automated decision-making. The EU’s General Data Protection Regulation (GDPR) has tried to address these concerns through an array of regulatory tools. As one of us has argued, the GDPR combines individual rights with systemic governance, towards algorithmic accountability. The individual tools are largely geared towards individual “legibility”: making the decision-making system understandable to an individual invoking her rights. The systemic governance tools, instead, focus on bringing expertise and oversight into the system as a whole, and rely on the tactics of “collaborative governance,” that is, use public-private partnerships towards these goals. How these two approaches to transparency and accountability interact remains a largely unexplored question, with much of the legal literature focusing instead on whether there is an individual right to explanation.The GDPR contains an array of systemic accountability tools. Of these tools, impact assessments (Art. 35) have recently received particular attention on both sides of the Atlantic, as a means of implementing algorithmic accountability at early stages of design, development, and training. The aim of this paper is to address how a Data Protection Impact Assessment (DPIA) links the two faces of the GDPR’s approach to algorithmic accountability: individual rights and systemic collaborative governance. We address the relationship between DPIAs and individual transparency rights. We propose, too, that impact assessments link the GDPR’s two methods of governing algorithmic decision-making by both providing systemic governance and serving as an important “suitable safeguard” (Art. 22) of individual rights.After noting the potential shortcomings of DPIAs, this paper closes with a call — and some suggestions — for a Model Algorithmic Impact Assessment in the context of the GDPR. Our examination of DPIAs suggests that the current focus on the right to explanation is too narrow. We call, instead, for data controllers to consciously use the required DPIA process to produce what we call “multi-layered explanations” of algorithmic systems. This concept of multi-layered explanations not only more accurately describes what the GDPR is attempting to do, but also normatively better fills potential gaps between the GDPR’s two approaches to algorithmic accountability
Going Beyond Counting First Authors in Author Co-citation Analysis
Full text linkThe present study examines one of the fundamental aspects of author co-citation analysis (ACA) - the way co-citation
counts are defined. Co-citation counting provides the data on which all subsequent statistical analyses and mappings
are based, and we compare ACA results based on two different types of co-citation counting - the traditional type that
only counts the first one among a cited work's authors on the one hand and a non-traditional type that takes into
account the first 5 authors of a cited work on the other hand. Results indicate that the picture produced through this non-traditional author co-citation counting contains more coherent author groups and is therefore considerably clearer. However, this picture represents fewer specialties in the research field being studied than that produced through the traditional first-author co-citation counting when the same number of top-ranked authors is selected and analyzed. Reasons for these effects are discussed
- …
