The social contract sauce. Contains: Europol, big data, spyware, employment contracts (May contain traces of privacy)

Credit: Europol

On the 19th and 20th of October I was invited to participate to the Europol Cybercrime Conference held at the headquarters of Europol in Den Haag, Netherlands.

This year’s theme was “The evolution of policing” and it brought together law enforcement (“LE”) agents, private and public cybersecurity experts, Data Protection Officers, researchers and professors from all around the world to answer the question whether there’s a need for a social contract in cyberspace.

Although it may seem that the topic of cyber policing is somewhat distant from the LeADS’ scope, the two are surprisingly connected. Many links exist between aspects of European cybersecurity and law enforcement to key issues in the LeADS project, such as the regulation of cyberspace within contrasts of individual freedom vs public interests, the concept of trust and its declensions in law enforcement of the metaverse, fair vs effective data governance, the use of big data vs machine learning, as well as opportunities and challenges of portability, interoperability and re-usability of data for policing purposes.

Introducing one of the first debates, the Commissioner of Home Affairs Ms. Ylva Johansson -one of the only 8 female speakers out of 39 in the conference–opened with the statement that security is the social contract. It is understandable why Rousseau’s social contract idea be intertwined with that of demanding security to the power of the state, with its checks and balances, and take away the pursuit of justice from the hands of people who are driven by their individualistic amour propre. However, there is a part of that reading that is missing that I personally believe is the most important, and which has been too many times discounted throughout the conference-sometimes accidentally, sometimes wilfully—that is the following: in Rousseau’s vision of the social contract each person should enjoy the protection of the state “whilst remaining as free as they were in the state of nature.”

Security is a necessary pillar for the existence and evolution of democratic societies, but it is only a starting point, one of the bases, not the social contract itself. It is conditional to the existence of the social contract, but it is far from exhausting its functions. There is so much more that citizens of a democratic society can and should expect form a national state other than the mere prevention and investigation of crimes, offline and online. Examples are, the upholding of policies for improving social welfare, civil rights, healthcare, protection from discrimination or anti-competitive behaviors, and so on. Understanding the social contract in its miopic security meaning would legitimize Orwellian-like states that secure people through mass surveillance and social credit scoring. Privacy, in this context, is the first line of protection to that Rousseau’s individual freedom, together with personal data protection that functions as proxy to the protection of every other fundamental right, freedom and legitimate interest enshrined in the European “constitutions“. It is in the anticipation of the moment for law enforcement action before the violation of fundamental rights that lays the essence of the social contract, while all fundamental rights are in the balance—and security is only one among many.

This underlying leitmotiv of the conference has resurfaced in many occasions. Representatives of law enforcement have repeatedly lamented that bureaucracy concerning rule of law and privacy most times end up dulling investigative tools, for example, when limiting the collection of personal data to specific legal bases, along with the time for its retention and analysis. However, what these laws limit is only the indiscriminate, trawl collection of non-contextual data for unspecified use and unlimited time in case they might come handy in the future. It seems also clear that LE is still holding on to the promise of big data analytics, with its tenet of always collecting and retaining everything possible, while discounting the use of privacy friendlier alternatives powered by machine learning algorithms that do not need such amounts of data, but smaller, sanitized, quality datasets to train and test models. A hybrid system that combines machine learning models to targeted data analysis would reduce dramatically the need for voluminous, noisy, cumbersome, leakable data collection and storage, while respecting privacy of non-interested citizens: the first would help in the hunt for suspicious activities online, while the second circumscribes the area of investigation to only suspected individuals –so upholding proportionality.

LE’s request for more access to data depends on the trust of people in governmental institutions. And such trust is hard to establish, but breaks easily. One investigative journalist, in this regard, raised the thorny issue about the use of the Pegasus spyware by European LE agencies. The reference was to the spyware found installed on phones belonging not only to criminal suspects, but also to journalists, European prime ministers, members of parliament, and civil society activist; in total, it collected 4 petabytes of data of innocent people before being exposed by Citizen Lab, a Canadian research centre. Mutatis mutandis, but with the same critical lenses, we should look at the current EDPS legal action against Europol. Pending before the ECJ, the EDPS wants to fight the legitimacy of the new articles 74a and 74b of the Europol Regulation that retroactively legalize Europol’s processing of large volumes of individuals’ personal data with no established link to criminal activity. It is no wonder that the happening of such events erode the trust for people in LE. Transparency in operations and decision making could have played a positive role in establishing trust between private citizens and LE, yet in these occasions the lack thereof backfired abundantly–perhaps irremediably.

The problems that LE is facing is not only the need for more data and easier access to it, but also that data be formatted, visualized and shared in a way that is actionable. Data actionability, in the context of coordination and crime prevention, requires both understandability by operators (starting with human-readability) and portability to receiving system (starting with machine-readability). Unfortunately, on the side of operators, many high-level officers lamented the extreme lack of human resource with data sciences skills, which is in stark contrast with their pledge to big data and their concomitant jettisoning or not-hiring of digitally competent personnel coming from civil society or the private sector—most open vacancies at Europol are restricted to seconded officials. On the side of portability and interoperability of data and systems there is a lack of standardization, which renders communications and coordination among the national police forces cumbersome and inefficient–much like in the European market for data.

All in all, the conference left a bitter taste in my mouth. One of the biggest tenets that years of research in regulatory aspects of technology taught me is that technology regulation is complex. To make sense of it, analysts need a granular, expert and sensible look at the specific context in which technologies are deployed, but also an understanding of their effects in the macroscopic picture of international geopolitical, economic and social systems. Cybercrime prevention and repression is one of such complex systems, whose analysis and management need multidisciplinarity, of the box thinking, lateral and longitudinal vision, innovative skills, state of the art tools. But most importantly, this evolutionary process of policing will need to be built on the essence of Rousseau’s social contract, the credo that security is corollary to freedom-not the other way around–and it must serve its purposes.

Unfortunately, at least from an organizational standpoint, it seemed that Europol is following a different-if not altogether opposite–path to reach its security goals: the call for more data retention, the discounting of machine learning, the lack of expertise in digital skills and the admission to have difficulties in acquiring some, the hunt for human and technical resources from only inside LE seems less like an evolution of a trustworthy, pioneering, EU values-driven agency, and more like a gradual transformation into an old-school police department.

Scuola Superiore Sant’Anna ESRs at Bright Night – Night of the Researchers

On 30.09.2022, teams from Scuola Superiore Sant’Anna and Consiglio Nazionale Della Ricerche have been scouting “intergalactic parliamentarians” to solve the most pressing legal challenges of the next 100 years. And what better parliamentarians than those who will be living then? Children and parents, participants of the discussion game Regolare Technologie che Regolano (“how to regulate technologies that regulate”), got to try it for themselves!

The ESRs joined efforts to deliver an electrifying interactive spectacle during the Bright Night – Night of the Researchers, as the discussion game gave participants a unique chance to learn about the regulatory aspects of new technologies while engaging in dynamic and family-friendly debates based on an idea of tug-of-war. Participants were presented with an idea or problem [“Should we install one thousand new CCTV cameras in Pisa?” “Should we restrict video game time to only three hours a week?” Should we provide housecare robots to all over 65ers?”] and then asked to express their opinion by moving around the room and placing themselves on one of the five sectors of the parliament (strongly in favor, in favor, not sure, in disagreement, strongly in disagreement).

Participants were then confronted with a set of facts, based on real-life events, specifically picked to question their primitive opinions –and hopefully switch sides, repeatedly! According to the first goal of the game, this first part of the game was designed to make them reflect on how hard it is to regulate technologies, as the changing of context and use would significantly affect their “gut” opinions. After the round of facts was finished, teams were formed based on their positioning into one (Agree) or the other (Disagree) “hemisphere” of the parliament. Eventually, the two opposing sides clashed against each other in a heated and often unexpectedly funny debate about the pressing issues. Based on the outcomes of the debate, a final vote was cast, and the proposition was either adopted, abandoned, or modified to reach an agreement –the highlight of the game was when the kids stacked against their parents snatched the result to play 1.5 hours a day!

The procedure was so designed to reach goal 2 of the game, to critically evaluate facts and put forward the most convincing argumentation, and 3, to learn how democratic debates develop by mimicking the actual rules of parliamentary democracies (albeit – in a slightly simplified version).

The game lasted for more than 4 hours and dozens of participants debated over more than seven available topics that touched on different areas of regulatory challenges. Given h
how much attraction and enthusiasm the game has generated we expect reeditions in the upcoming years.

Join us there!

RGDP: Une maturité sans cesse challengée Conference

The LeADS supervisor Prof. Jessica Eynard is co-organizing a Conference titled “RGDP: Une maturité sans cesse challengée” at the Université UT1 Capitole – Amphithéâtre Maury, Toulouse on Friday, October 21 2022.


13:30 – Introduction by Prof. Jessica Eynard

13:45 – Introduction by Prof. Reinout Van Tuyll

14:00 – Quelle Effectivité des droits de la personne concernée? – Prof. Jessica Eynard and Remi Cauchois

15:00 – Le casse-tête des durées de conservation des données – Prof. Guillaume Desgens-Pasanau and Dr. Benjamin Laroche

16:00 – Pause

16:30 – Les impossibles (?) transfers e données vers les États-Unis – Prof. Cécile de Terwangne and Reinout Van Tuyll

17:30 – Une Approache par le risque à Renouveler? – Fabien Crozet and Prof. Yves Poullet

18:30 – Closing remarks

For registration, please contact


ESR Mitisha Gaur presents her work at the IE Law School’s LawTomation Days Conference 2022

The IE Law School (Madrid, Spain) hosted a conference on the 29th and 30th of September – LawTomation Days, which was focused on the examination and discussion about the development of AI in various aspects of society. ESR Mitisha Gaur presented her work with predictive justice as a panel member on the discussion track Legal Tech and E-Justice.

Her work titled “The core tenets for designing a reliable predictive justice AI system” focused on investigating the use of AI systems in courts and the basic design issues with AI Systems which make justice merely statistical and prediction based instead of deliberative in nature. Through her work, she highlighted the importance of creating an AI system which is focused on including context and background of the facts as a core component which will allow AI Systems to better understand the issues placed before them.

Her work also focused on highlighting the hyper-reliance on substantive law and how that skewers the ability of judicial officers and lawyers to rely on the computations of predictive justice algorithms as they completely ignore the use of procedural law in the system and therefore produce results which are incompatible with the real-world applications and how the inclusion of procedural law while designing predictive justice systems is crucial from the context of fairness, reliability and accountability of the AI system.

ESR Fatma Doğan presents her work at Digital Law & Policy Conference


Between the dates 10-11 September, Digital Law & Policy – Proportionality Principle In IT Regulation Conference was held in Warsaw. The Conference was organized by the University of Warsaw under the patronage of the European Data Protection Supervisor. The program started with the opening speech of the lead coordinator of the conference, Jan Czarnocki in his opening words, he pointed our attention to the fact that proportionality is a concept that is often omitted and ensuring the balance in the law-making process must pay attention.

The European Data Protection Supervisor gave a presentation and mentioned the advisory document published by EDPS, titled: Guidelines for assessing the proportionality of measures that limit the fundamental rights to privacy and the protection of personal data. The first day of the conference continued with the presentations of the valuable speakers.

ESR Fatma Doğan gave a presentation on the topic she worked on with Prof Paul de Hert, titled: A Year After EU Digital COVID Certificate Regulation: An Analysis in Retrospect. In the presentation, she mentioned the proportionality and data protection constraints of the mentioned Regulation, especially from a health data protection perspective. The fact that the Regulation was extended for one more year even though its problematic features make the topic worth discussing further.

ESRs Armend Duzha and Christos Magkos at National Technical University of Athens Researchers’ Night


On September 30th at the National Technical University of Athens, in the historical Averof building, ESRs Armend Duzha and Christos Magkos together with an associate researcher in LeADS Manolis Alexakis participated in the 2022 Researchers’ Night. An annual event in which all universities and research centers of the Attica region gathered to present the ongoing activities they are involved in. We were present at the “European Corner”, where the MSCA fellows presented their posters, ESRs addressed questions from not only the audience but also other researchers and students of both universities and schools.


Researchers were able to learn about ongoing research and innovation in physics, computer science, and chemistry as well as discuss on topics regarding Human Rights, European policy, and the ever-increasing importance of privacy in a digital world.

ESRs Fatma Doğan and Aizhan Abdrassulova at Jagiellonian University’s Researchers Night


On September 30th, Researchers’ Night is celebrated with various events and activities by Jagiellonian University, the oldest university in Poland. The university opened its doors to show how science is created and prepared many scientific attractions for the guests so that everyone could find something suitable for themselves.

ESR Fatma Doğan attended the “Astronomical Observatory of the Jagiellonian University” event. Unfortunately, due to some unexpected renovation works the event held place online, nevertheless, both ESRs have learned a lot about the mysteries of the universe.

ESR Aizhan Abdrassulova emphasizes the high level of organization of this important event in the scientific world, the university has thought out a system of early registration, ticket issuance, and the opportunity to choose an interesting topic from a wide range of topics presented. Following her personal interests, she attended events about climate problems and the influence of nature on the human body, which were also held online at our university. The events enriched her with new knowledge and gave her the opportunity to discuss her own research with other attendees.

ESRs Louis Sahi and Cristian Lepore at Nuit Europeenne des chercheur.e.s

On Friday, September 30, more than 170 scientists from all disciplines slip away from their labs and met students at the Cité de l’Espace in Toulouse for an evening under the sign of science. They had more than 6 hours to discover the museum and join researchers from the three universities of Toulouse to discuss their findings, share experiences, and exchange thoughts about original and offbeat animations.

ESRs Louis Sahi and Cristian Lepore who are Ph.D. researchers at the University Toulouse III – Paul Sabatier, got the opportunity to discover the present concerns of astronomy and technological research along with LeADS collaborator Ali Kandi. They also had the opportunity to discuss their research with other participants.