AI, Law, and Otter Things - Issue #3
Dear reader,
Here we go again! When I was growing up in Brazil, any professional football player who had scored a hat-trick in that matchday could ask Fantástico, a major Sunday TV show, to play a song in their honour. Since this is my third newsletter, I will seize the opportunity to recommend two pieces: Caetano Veloso's Eclipse Oculto and King Crimson's Waiting Man. None of them is really a thematic fit for this newsletter, so feel free to pick one (or both, or none at all) based on your musical tastes.
Today, I plan to cover two topics: a brief discussion about design-centric approaches in tech regulation, followed by a personal rant about my first year in Europe. As always, your feedback is welcome, either by replying to this message or by commenting on social media!
Design can only take us so far
Technology law has increasingly resorted to provisions requiring the adoption of technical measures and safeguards to ensure compliance with the law. The data protection by design requirement introduced by Article 25(1) GDPR is a paradigm of this approach, giving legal force to (some) of the measures devised since the 1990s by the privacy by design while inspiring some authors (including yours truly) to examine whether other legal rights and interests could be protected through technical means. Furthermore, regulators and courts have also established that compliance with the GDPR requires some measures and safeguards, and legislators in the EU (e.g. Title III of the AI Act) and beyond (e.g. Art. 46 LGPD) have adopted provisions that mandate specific technical practices.
Given the complexity of technological artefacts such as large databases or AI systems, design-centric approaches are often presented as a way to ensure lawfulness or at least reduce the burdens imposed upon less tech-savvy users and data subjects. Nevertheless, we must be careful not to expect too much from data protection by design and its counterparts, since there are limits to what such approaches can deliver.
The first, and perhaps principal, limit to design-centric approaches is inherent to the design process. Design is a human activity in which people make decisions to create an artefact for certain purposes. But who gets to be involved in the design process? Who decides which purposes will be pursued? How do we reconcile purposes that might conflict with one another? Design processes require designers to make implicit or explicit choices about these factors, and often these choices entail the prioritisation of some perspectives over others. This, of course, does not mean that the law has nothing to say about the design process itself — it has an important role, e.g., when it comes to ensuring equal treatment —, but it suggests that design might not be sufficient to cover all interests protected by law.
Design-centric approaches are also limited by technical constraints. Theoretical computer science has established various impossibility results, such as those relating to software testing or properties of distributed systems, while there are ongoing debates on whether computers can capture ambiguity, principles and other aspects of legal reasoning. My personal impression is that the legal implications of such results warrant more attention from interdisciplinary research. Yet, these implications should not be overestimated: while an impossibility result might mean that there is no clear-cut way to achieve a legally desirable outcome in all cases, it does not necessarily mean that this goal cannot be achieved in some, or even most, cases. In some cases, this might mean that it is possible to enforce a goal by design, even if legislators and regulators must pay attention to the cases in which design might not deliver the specific results.
The power of design is further constrained by practical feasibility: even if a design outcome is not mathematically impossible, it might impose excessive demands upon a system. Consider, for example, the requirement of human intervention in automated decision-making. While human intervention might be advantageous for various reasons, one must make sure that the human intervenor can actually change the decision. Economic factors might also become relevant, as prioritising technical factors over organizational approaches might increase the burden upon private users or small and medium businesses, while large corporations would be better positioned to implement new software to deal with the required changes.
None of the factors I briefly discuss above means that design should not play a major role in technological regulation, but they suggest that design requirements might not be the most appropriate way to achieve legal objectives under certain circumstances. Instead, as I argue in a forthcoming chapter on Article 25 GDPR (with Giovanni Sartor and Juliano Maranhão), few cases can rely solely on technical (or organisational) measures. But I would love to hear your thoughts on this.
Advantages of scale
After finishing last week's newsletter, my wife and I took a short trip to Rome. Our itinerary was nothing unusual: we walked around a lot — gravitating towards Pokémon GO hotspots, of course — and visited some of the most famous touristic attractions, such as the Colosseum and St. Peter's Square. All things considered, it was a good choice for our first trip since arriving in Italy, almost a year ago.
It is a well-established fact that Rome is an astounding city, and I do not really have anything to add to the vast literature that already exists about the city's tourist attractions (other than mentioning we had some excellent drinks at Bar Baccano, near the Fontana di Trevi). All I can do is enthusiastically suggest that you visit the city at some point if you have the opportunity to do so.
The trip, however, has made me think about how much I miss living in a large city. Florence is not really small in absolute terms: with its 380,000-ish inhabitants, it is the eighth-largest city in Italy (65th in the European Union). Yet, it is dwarfed not only by São Paulo (pop. ~22 million) but by various other cities in which I have lived over the past decades, which means that moving to Florence has required some changes in my lifestyle.
In general, I find my Florentine life much more comfortable than the one I had in São Paulo. Violent crime is not really a problem, the EUI offers an excellent research environment that is well integrated with other research groups in Europe and beyond, and global inequalities enable access to infrastructure and amenities that would not be available in a city of similar scale in Brazil (such as the excellent tram service or my local arepas). Still, life in Florence feels somewhat small, both in terms of geographic extension and social dynamics outside of work.
Of course, it would be unfair to blame this smallness entirely on Florence and its environs. Moving in a pandemic is not the easiest way to integrate oneself into a city's cultural life, and the initial challenges in learning the language did not help, either. Nevertheless, this trip to Rome reminded me that I feel more comfortable in a fast-paced urban environment and the social dynamics such an environment affords.
That's it for today. Next week, I'll be back with some words on science fiction and technology law.
Thank you for your attention, and please feel free to subscribe to the newsletter if you haven't done so yet, and to share it with friends and colleagues who might be interested in the topics I cover.
A dopo!