On two law and technology events (AI, Law, and Otter Things #23)
Today's newsletter covers two topics. First, it presents a new blog on digital constitutionalism, which you are more than welcome to visit and contribute to. It then presents some remarks on data protection by design in Brazilian law, followed by links to some open calls for papers. By the end, as usual, there are some adorable otters.
Welcome to another issue of AI, Law, and Otter Things! I had quite a bit of fun with the previous issue, so I think I might try and do other monographical newsletters from time to time. This edition, instead, will be more fragmented: I was swamped by work, so it will be easier to share some text snippets than to write something out of the blue.
Digital Constitutionalism comes home
Last Monday, we held a launch event for The Digital Constitutionalist (Digi-Con). This blog intends to provide an environment for global debates on digital constitutionalism: the application to the information society of the constitutionalist ideals of restraining power through the commitment to the separation of powers and the protection of fundamental rights. We construe this scope broadly, and indeed the very possibility of digital constitutionalism is far from uncontroversial. But, by casting this wide net, we hope to foster debate on whether and how constitutionalism is possible (or desirable), including voices from all over the world.
We welcome writings on what—if anything—is digital constitutionalism, as well as on questions that appear when applying (a) digital constitutionalism to various domains. For this purpose, we have organised the blog around four thematic sections, which I present below. While the separation between each section is not and cannot be clean-cut, this classification provides an initial organisation that is itself open to debate.
The Digital Rights section focuses on digitalisation and individual and collective rights: are new rights necessary? Are existing rights adequately safeguarded? What other new challenges can appear? Who has a say about digital rights? Here, we intend to cover discussions on the fundamental rights of individuals, but also on social rights—such as labour rights—and collective rights, for example, considering the impact of digitisation on the environment.
The Platform Governance section deals with a shift in the dynamics of power: whereas the initial constitutionalist movements sought to contain state power, our current information society is marked by the concentration of power in the hands of digital actors. This section explores whether and how digital constitutionalism can provide a framework for restraining corporate power. Within this discussion, the section also provides a space to assess the limits of proposed approaches for regulating platforms, such as their lack of attention to the participation of the governed in platform governance.
My personal involvement in the blog focuses on two sections. The first one is called Digital State, as it fosters discussions about how state actors are affected by the changes brought upon by digitalisation. In some cases, digital technologies pose new questions and offer new opportunities to perform traditional state tasks, such as taxation. But states are not merely passive actors when it comes to technological change, and so this section also intends to foster discussion on how states regulate technology beyond platforms, for example by discussing regulatory approaches to emerging technologies such as AI. Finally, states do not exist—and regulate—on their own, but rather within a regulatory framework that includes other states and non-state actors. Accordingly, this section welcomes posts on the impact of technologies in international and transnational law.
Our last section is the Science Fiction section, which we see as an integral part of the Digi-Con project. As we deal with technological issues, anticipation often comes to mind: how will we communicate in 2050? Will AI ever push us towards dreams (or nightmares) of singularity? Even more deeply, our very understandings of technology and society itself are modulated by works of science fiction, as seen by the amount of pop culture references that appear in any debate on AI. In this section, we want to provide a space for discussing how science fiction influences our approaches to technology regulation, by informing current and past societies about the risks and potential of technology. And we also welcome works of art—short stories, visual art, and other media—that provide insights into the challenges of digital constitutionalism.
We welcome posts from authors working on any themes that fall into the broad scope described above. The blog focuses on legal questions, but authors from other disciplines—such as computer science and the social sciences—are more than welcome to bring their perspectives to the debates. We have an open call for submissions of blog posts of 1000 to 2000 words, and from time to time we will release narrower calls for thematic symposia. In addition, we also share calls for papers, events, and job offers related to our core themes.
So, I would like to invite you to visit our blog, share it with people that might be interested, and add your voice to the discussion by publishing a post with us! And, of course, any feedback about the site is much appreciated.
Data protection by design
28 January (a.k.a. last Friday) is Data Protection Day, a celebration that honours Convention 108, the first international law text on the protection of personal data. As one would expect, this festive day gives a perfect excuse for entities working on personal data to create events aimed at a general audience. This year, I participated in one of them, speaking to a Brazilian conference on privacy tendencies for 2022. It appears a video (in Portuguese) will be available soon, but this is not the case as I write the newsletter.
In my participation, I spoke about data protection by design as outlined by the General Data Protection Law (LGPD). Unlike the GDPR, the LGPD does not explicitly refer to "data protection by design", but it nevertheless establishes such a requirement. Under Article 46 LGPD, data controllers and data processors are required to adopt technical and organisational measures to protect data subjects from security threats, as well as to prevent any inadequate or unlawful data processing. Furthermore, Article 46(2) requires adopting measures both when a data processing operation is conceived and at the moment of its execution. The result, therefore, is roughly equivalent to Article 25(1) GDPR while incorporating the security by design provisions from Article 32 GDPR.
Despite this functional equivalence, there are some differences between the Brazilian and EU approaches that warrant further attention. For example, the LGPD expands the "by design" duties to data processors, something that the GDPR explicitly does not, as it only mentions design obligations for processors sparingly at its recitals. Another point in which the LGPD goes beyond its European template is that Article 49 LGPD sets duties regarding "[t]he systems used for processing personal data". At least in my understanding, this formulation can be leveraged to address systemic impacts of data processing that are not adequately covered under the GDPR. But we have to see if this potential will be enforced in practice.
These and other differences prompt me to write a comparison between the approaches each jurisdiction adopts to data protection by design. Here, however, I face a few constraints. The first one is time, as I have quite a few open projects nowadays—and a thesis to write. The second is a methodological issue: best practices in comparative law scholarship usually recommend comparing three jurisdictions, to allow for some triangulation between approaches. Hence, I would appreciate any suggestions of other jurisdictions with interesting by design provisions for analysis. That said, if anyone is interested in collaborating on this analysis, just drop me a line, and we can start discussing it.
A few events and calls for papers
Since one of the goals of Digi-Con is to share events on themes related to digital constitutionalism, I recommend you follow our News and Conferences section. From time to time, I will still share some highlights here, as well as other interesting events that fall outside the scope of the blog.
CPDP LatAm Call for papers on Artificial Intelligence, Automation and Data Protection in Latin America (Rio de Janeiro, Brazil. Deadline 10 February).
AAAI/ACM Conference on AI, Ethics, and Society (Oxford, UK. Deadline 22 February)
EUI–University of Portsmouth joint event on Surveillance, Democracy, and the Rule of Law. (Florence, Italy. Deadline 28 February. Feel free to contact me in case of any questions about this one)
2nd ACM Symposium on Computer Science and Law (Washington, USA. Deadline 15 March.)
Special Issue on Artificial Intelligence and Public Administration: Actors, Governance, and Policy (Public Policy and Administration, Deadline 28 February).
And now...the otters
Thank you for your time, and see you in two weeks!