LeADS Project at CPDP 2022

The annual Computers, Privacy and Data Protection conference (CPDP) will take place from 23 May to 25 May in Brussels, Belgium. CPDP is widely considered as the go-to conference for everyone whose work touches privacy and data protection. CPDP brings together a stimulating mix of stakeholders from all over the world to exchange ideas and discuss the emerging issues and the latest trends.

LeADS Project is organising a dissemination and public engagement activity at CPDP. Through interacting with the diverse community that CPDP brings to Brussels, we will spread the word about the ongoing research and activities taking place within the LeADS Project. Apart from informing the conference participants about LeADS Project, we will also organize a dissemination activity where ESRs Xengie Doan and Barbara Lazarotto will present their research using creative tactics. You can find us at the exhibit space in the main venue (Les Halles de Schaerbeek).

Some of LeADS Project beneficiaries are also contributing to CPDP with panels and talks. Scuola Superiore Sant’Anna di Pisa is organising a panel titled “Justice 3.0: AI In and For Justice and Case Law as Big Data Challenges” which is programmed to take place on Wednesday, 25th May. Prof. Giovanni Comandé from LeADS consortium will be moderating the panel. Another LeADS beneficiary, University of Luxembourg‘s Interdisciplinary Centre for Security, Reliability and Trust (SnT) is also organizing a panel which is titled “Privacy Design, Dark Patterns, and Speculative Data Futures”. The panel is scheduled to take place on Tuesday, 24th May. Dr. Arianna Rossi from LeADS consortium will speak on the panel. Prof. Paul De Hert, from Vrije Universiteit Brussel will deliver the opening remarks to the conference.

We are looking forward to engaging with the interdisciplinary and diverse community at CPDP, sharing our research and having fruitful discussions surrounding our project.

ESR Presentation during LeADS mid-term meeting

The Legal Perspective in LeADS – Training in Pisa, Italy

From 28th March to 9th April 2022, the 15 ESRs met again for two weeks in Pisa at Scuola Superiore Sant’Anna (SSSA) for their third training module of the LeADS project. Whereas the first training modules in Novembre-Decembre 2021 involved mainly the discussion of subjects related to computer and data science, this training module focussed on the legal perspective.

The cross-interdisciplinary training program for the 15 ESRs constitutes a fundamental part of the LeADS project. Being capable to fully understand the challenges posed by the digital transformation and data economy requires knowledge in different fields such as computer science, law, or economics. The LeADS training program is therefore structured around six modules that together aim at training a new generation of researchers as Legality Attentive Data Scientists that become experts in both law and data science capable of working within and across the two disciplines.

Training Week 1: Digitalisation, the Law and Challenges Related to its Enforcement

The first week began with a research design course on how to assess the societal relevance of research questions taught by Madeline Polmear from Vrije Universiteit Brussel (VUB). The following lectures were marked in particular by introductory courses to EU and international law for non-experts to level the playing field between lawyers and computer scientists in the group. Fryderyk Zoll from Jagiellonian University (JU) introduced the researchers to EU anti-discrimination law and how it translates into legislation that prohibits, for instance, unjustified geo-blocking to prevent discriminations based on customers’ nationality or their place of residence. A more general introduction to international and European protection of human rights was given by Paul De Hert (VUB). In addition, an introduction to human rights theory and how human rights law developed since the creation of the first international instruments, De Hert gave an outlook on possible new fundamental rights that might emerge in the digital era.

Gloria González Fuster (VUB) zoomed into the regulatory framework that surrounds a fundamental right that is of particular importance for the LeADS project: the right to data protection. In her engaging presentation she gave a short overview on the history of the right to data protection and presented both the key players (data subjects, data controllers & processors, data protection authorities) as well as the main data protection principles that lie at the heart of the protection regime of the GDPR. Vagelis Papakonstantinou (VUB) introduced the researchers to another important branch of law in the context of digitalisation: cyber security law. In his lectures he presented EU law and policy with a particular focus on legislative instruments such as the NIS directive or the EU Cybersecurity Act.

Besides various introductory lectures to different fields of law, the researchers had the opportunity to gain practical insights into enforceability of technological regulation in the EU, thanks to the intervention by Anotonio Buttà, chief economist at the Italian competition authority AGCM (Garante della Concorrenza e del Mercato). He elucidated how the competition authority had to set up a diverse team of computer scientists, data scientists, economists, and lawyers in order to address challenges and identify collusive and discriminatory practices in an environment characterized by the implementation of new technologies like machine learning algorithms.

The researchers had furthermore the opportunity to present and discuss the advancement of their work within the foESR Presentation during LeADS mid-term meetingur crossroads of the LeADS project (1. Privacy vs Intellectual Property 2. Trust in Data processing & Algorithmic Design 3. Data Ownership 4. Empowering individuals), i. e. challenges that still need to be addressed in data-driven societies. Since all ESRs are placed in beneficiary institutions in six different countries, the meeting in Pisa constituted a valuable opportunity to discuss and give meaningful feedback in person on each other’s research. The first training week ended with the mid-term meeting where the general advancement of the LeADS project was discussed together with the project officer from the European Commission and where the researchers had the opportunity to present themselves and their individual research.

Training Week 2: The Law and Challenges Posed by New Technologies

During the second training week Giovanni Comandé (SSSA) ensured that the perspective would not only remain interdisciplinary but also cross-cultural, by introducing the researchers to American and Chinese approaches to privacy. The international perspective was maintained in the class by Maria Gagliardi (SSSA) who presented the complex rules of the GDPR that apply to international transfers of personal data.

Furthermore, Giovanni Comandé explained how new computing capabilities and processing technologies transformed us into a networked, data driven, classifying society, where data is increasingly being exploited and used, for instance, to make predictions about individuals’ future actions and to increasingly employ nudging techniques that impact our decision-making behaviour. Questions that will have to be dealt with would therefore concern the frontier between techniques that merely support the decision-making process versus techniques that coerce somebody to take a specific decision. Arianna Rossi and Marietjie Botes from University of Luxembourg (LU) further elaborated on this topic by introducing dark patterns and ethics of online manipulative behaviour.Presentation on Dark Patterns

Gianclaudio Malgieri (VUB) elucidated how big data and AI technologies have created new risks for data subjects since discrimination would be possible based on new “affinity profiling” characteristics. The AI ecosystem would thus lead to layers of vulnerability based on specific contexts.

Caterina Sganga (SSSA) presented in her lecture how AI technology challenges the regulatory framework of intellectual property – would it be possible to conceive machines as an inventor or author and what happens if AI agents infringe IP rights?

Finally, one of the latest legislative proposals, the AI Act, was presented in detail by Giovanni Comandé and enabled discussions on how EU policy attempts to respond to challenges posed by new technologies.

The next training module in June 2022 will take the ESRs to Greece where, in addition to courses in data management and analytics, the ESRs will have the possibility to present and discuss in detail the findings of their research which they have gathered within the first months of their participation in the LeADS project.


LiderLab and EMbeDS of Scuola Superiore Sant’Anna showed the experimentation of an innovative platform for searching and interpreting legal documents at TG2 News Rai (National broadcasting).

The platform exploits the latest developments in Artificial Intelligence on legal texts to automatically recognize personal data to be anonymized, proposed facts, verified facts, the reasoning of the judge, legal rules used, and decisions made on a specific legal case.

The annotated data is made available to different types of users using a sophisticated search engine that allows to easily identify and compare the most relevant parts of a trial.

This tool will provide decision support to judges, who can easily evaluate the reasoning and decisions of colleagues on similar cases.  Lawyers will be able to identify the determining factors in decisions, such as which legal rules have been applied and which facts have been established. Citizens will be able to autonomously analyze the jurisprudential consistency and the compliance with the principle of equality on a fully anonymized database, for example by identifying judgments with similar facts but different decisions.

The platform makes it possible to strengthen the trust of citizens in the judicial system. Also obvious are the spin-offs in terms of reduction of litigation and the possibility of agreed solutions between the parties involved.


N. 2 Postgraduate Scholarships for research activities of the duration of 6 months / each, possibly renewable, on the topic: For a just justice: Innovation and efficiency in judicial offices – Justice AGILE “

N. 2 Postgraduate Scholarships for research activities of the duration of 6 months / each, possibly renewable, on the topic: For a just justice: Innovation and efficiency in judicial offices – Justice AGILE “| Sant’Anna School of Advanced Studies (santannapisa.it)

For more info on the call and how to apply N. 2 Borse di Studio post-laurea per attività di ricerca della durata di 6 mesi/cadauna, eventualmente rinnovabili, sul tema: Per una giustizia giusta: Innovazione ed efficienza negli uffici giudiziari – Giustizia AGILE” | Scuola Superiore Sant’Anna (santannapisa.it)

Deadline for the submission of applications: 22.04.2022



Toward Self-Sovereign Identity

Author: Cristian Lepore


1. Introduction

As many people work from home, daily activities move from the physical world to the digital one posing concerns about personally identifiable information (PII) management. This post aims to clarify the importance of designing a proper identity management system that brings control of own data.

The modern identity system can be traced back to Napoleon with the first version of the Digital Identity card that emerged to track the workforce. Fast forward to the 1960s, a magnetic stripe with data storage capabilities was embedded into a plastic card, shaping the notion of digital identity as we know it today. We later entered the digital (Internet) era in which digital identity substituted appearing in person with paper documents.


2. Digital Identity

There has been a significant effort in crafting the term “identity” from a legal, political, and social perspective. For example, [1] defines identity as a map to a unique set of characteristics or as “unchanging physical traits of the person that reflect someone else perceptions”. In 2016, [2] provided a relation-wise definition of identity as an instrument to collect data directly tied to a person from official credentials. This information can prove who you are.

Finally, the digital identity collects all information directly tied to PII from official credentials in a single spot. This (digital) identity may evolve interacting with people, and attributes get modified to suit these interactions.

Maintaining a digital identity does not mean being in control of our information. For example, imagine that you get into a bar for a beer. The bartender might ask you whether you are over 21 by checking your ID card. Unfortunately, that card includes even other information that represents you. If in the wrong hands, this information could jeopardize your identity. With this in mind, part of the solution is called Self-Sovereign Identity (SSI) which means giving people control of their private information. Back to our example, the idea is to provide the bartender only with the minimum amount of data to prove your age.


3. Identity models

A spotlight on the identity models’ evolutionary path was depicted by Christopher Allen in his blog post [3] by encompassing four models, as highlighted in [4]. We quickly pass through all of them.

The centralized model introduced in [5] to deliver service-specific resources consists of a service provider that allocates identities and credentials to users and separately distributes them to everyone, as described in [6]. Every person needs to register with an account for each service available. In this scenario, there are two parties involved, namely 1) the service provider (SP) that provides credentials (username and password) and 2) users who wish to benefit from the service. The model is also referred to as Siloed [7] because credentials get never shared between organizations in a siloed way. The downside of this model is that the actual owner of the digital identity is the organization or institution that stores data in a central repository. If the credential gets somehow compromised, the security of the authentication mechanism is compromised as well, resulting in identity theft.

A federated model combines several siloed domains into one federation by binding the identity provider with the service provider from different siloes.
Typically, each individual is entitled to a different set of credentials for each service she registers. The operation of authentication and identification takes place inside the federation.
Like our previous model, the process of authenticating requires trust among entities (users, identity provider and service provider) and is a two-step procedure where firstly, the user authenticates herself to the identity provider. Then, an indirect access path that does not require any new authentication re-directs the user to the service provider to consume the service [6].
Federation is mostly adopted in large businesses, where single sign-on mechanisms allow a user to access multiple internal services, providing a degree of portability to a centralized identity. An example of this model is the university network, where we usually see one identity provider and many service providers, such as email, library, printing, etc… The identity provider keeps track of students’ usernames and passwords, and by logging into one service (for example, the email), students gain access to all other services.

The term user-centric refers to the technology that ensures users control of their digital identity [8]. This paradigm shifts the focus from the service provider to the user’s perspective. The model is similar to the previous one, but with a subtle difference: there is no need to define trust among entities because the concept of trust is intrinsically decentralized. Hence, a service provider does not need to bind itself into a federation, from here the name open-trusted model. Whenever an individual tries to access a service provider, her request is forwarded to the identity provider which is in charge of authenticating the user and, in turn, releases a profile for the user to the service provider where an authorization decision is taken, based on her grants.

Self-Sovereign Identity
Most of the efforts to define SSI conducted in [9] describes Self-Sovereign Identity (SSI) as a set of rules and principles with the idea to put individuals at the center of the digital ecosystem. Most importantly, the user has control over what is disclosed to whom and how it is used. Two important principles come along with that: 1) the right to be forgotten (deleted), and 2) the right to move information to another service. SSI is part of the inevitable paradigm shift towards the decentralization of trust and enhancement of privacy in computer systems and beyond.



1. Abelson, H., Lessig, L., Covell, P., Gordon, S., Hochberger, A., Kovacs, J., et al.:Digital identity in cyberspace. White Paper Submitted for 6.805/Law of Cy-
berspace: Social Protocols (1998)

2. Andrieu, J.: A technology – free definition of self-sovereign identity. Rebooting theWeb of Trust III (October), 2–5 (2016)
3. Allen, C.: The path to self-sovereign identity.[online] life with alacrity blog (2016)
4. Ferdous, M.S., Chowdhury, F., Alassafi, M.O.: In search of self-sovereign identityleveraging blockchain technology. IEEE Access7, 103059–103079 (2019)
5. Jøsang, A., Fabre, J., Hay, B., Dalziel, J., Pope, S.: Trust requirements in identitymanagement. In: Proceedings of the 2005 Australasian workshop on Grid
comput-ing and e-research-Volume 44. pp. 99–108. Citeseer (2005)
6. Gruner, A., Muhle, A., Gayvoronskaya, T., Meinel, C.: A comparative analysis oftrust requirements in decentralized identity management. In:
International Confer-ence on Advanced Information Networking and Applications. pp. 200–213. Springer(2019)
7. Suriadi, S., Foo, E., Jøsang, A.: A user-centric federated single sign-on system.Journal of Network and Computer Applications32(2), 388–401 (2009)
8. El Maliki, T., Seigneur, J.M.: User-centric mobile identity management services.In: SECURWARE International Conference. Citeseer (2007)
9. Cameron, K.: The laws of identity. Microsoft Corp12, 8–11 (2005)

The general concept of information

Author: Aizhana Abdrassulova

Of great importance for science is the development of definitions for many concepts related to information law. In particular, it is necessary to determine what information means, what is its legal regime. The importance of defining these concepts is associated with many factors, the main of which should be called the fact that information is becoming one of the main attributes of modern society, influencing politics, economics, cultural and social life. And especially this process concerns the legal system.

The entry of the Republic of Kazakhstan into the global digital community is a necessary condition for full-fledged international cooperation in all spheres. The information system of the Republic of Kazakhstan is becoming part of a single global information space in which it is possible to function effectively only if it relies on the creative use and further enrichment of the accumulated experience of organizing information processes by mankind.

Legal regulation of the information sphere in the Republic of Kazakhstan should be carried out comprehensively, on the basis of a competently developed scientific concept and regulatory framework that can take into account the current state of development of information processes in the republic from the standpoint of its tasks, functions, stages, features, development trends, etc. At the same time, these structural components of the information system should fit appropriately into the general context of the country’s strategic development course.

In order to establish effective transformational processes in the field of information activity in order to build a highly developed democratic society, it is necessary to solve a number of tasks. First of all, it is important to define the concept of information, information system, information process in their modern meaning, to identify the structure, subjects of information activity, its tasks.

The concept of “information”, which can be called the key for a number of related categories, concentrates a whole range of relations, giving it the character of a phenomenon studied in various aspects by philosophy, law, sociology, economics, history, psychology, cultural studies.

The term “information” is derived from Lat. iformatio -(explanation, exposition), originally – information transmitted by people orally, in writing or in another way (using conditional signals, technical means, etc.); since the middle of the 20th century – a general scientific concept that includes the exchange of information between people, a person and an automaton, an automaton and an automaton; the exchange of signals in the animal and plant world; the transfer of signs from cell to cell, from organism to organism.

The inconsistency and volume of this term, the greatest unity of views has been achieved in determining the levels of information that can reflect the essence of this phenomenon and characterize it from three points of view: syntatics, semantics and pragmatics.

At the level of synthetics, information is considered as a set of signs and relations between them.

At the level of semantics, information is considered as a relationship between signs and the objects designated by them. Semantics is sometimes considered as a “theory of meaning”, since information in this case is considered a kind of replacement of the reflected object.

At the level of pragmatics, information is considered as a product created and used by people in specific circumstances. At the pragmatic level, the issues of the value and usefulness of information, i.e. its significance for specific individuals and society as a whole, are solved.

Of the listed levels of information, only pragmatics is interested in specific users of the information product and the area of public relations in which they participate. In other words, the pragmatic aspect characterizes the side of information that gives it the quality of good. In this respect, the pragmatic aspect of information, in contrast to the syntactic and semantic, should be recognized as legally significant, since it is the good, and not the relationship between signs and the objects designated by them, that is the category immanent to the concept of the object of rights.

Legal scholars are still trying to reveal the depth and essence of the legal nature of information, but in fact there is still no single recognized legal doctrine. This is explained by the complexity and versatility of information as a general social and legal education based on the interaction of a set of tangible and intangible benefits and their corresponding information legal relations. It can also be explained to a certain extent by the fact that in the conditions of growing interconnections of information with other areas of life, the concept of “information” has inevitably undergone significant changes.

In the process of scientific analysis, when developing a category of information, researchers focus on various aspects of this concept. So, according to Korshunov, “information is information (messages, data) regardless of the form of their presentation.” Also, the author, deepening the concept proposed by him, defines the totality of information contained in databases and information technologies and technical means providing its processing as an information system. However, this does not bring the proposed definition closer to the legal aspect.

It seems to me a more reasonable point of view, according to which information is characterized as an object of civil rights, but only in relation to part of the information not known to one person, several persons, an indefinite circle of persons.

But the question of the possibility of attributing well-known information to objects of civil rights remains unclear. However, it seems to me that there are no significant obstacles to recognizing it as such.

It should be noted that in modern science there is also no clear concept, differentiation and established relationship between the terms “information”, “information process”, “information system”, “information relations”, bearing, by and large, a different semantic message, but most often used to denote similar phenomena. Also puzzling is the fact of the total lack of interpretation of these fundamental concepts in the legislative acts of the Republic of Kazakhstan regulating this area. The legislator dispensed with specific and precise definitions, but at the same time constantly uses terms not explained by him in legislative acts. In this regard, there is a need for differentiation and more detailed clarification of the content of similar categories. First of all, I will try to formulate a definition of the information process and find out the relationship with other concepts bordering on it in meaning.

The word “process” means a sequential change of phenomena, states in the development of something, as well as a set of consecutive interrelated actions to achieve the desired result. It follows from this that, in an objective sense, the information process can be interpreted as a process related to the search, storage, transmission, processing and use of information.

In a subjective sense, the information process may imply a legally fixed relationship between two or more persons related to the transfer of knowledge (ideas, concepts, hypotheses, other information) aimed at the formation and further improvement of the behavior, awareness, skills, value system of these persons.

The above concept of the information process is closely related to the definition of information, but, in our opinion, it has a more specific character, arising from the specifics of the tasks facing society for further development in the information field. If information is understood as abstract information, data, then the information process is characterized by the presence of well-defined entities operating within a well-known framework established by the state. The internal interrelation of the studied concepts is also expressed in their organic subordination: through the information process, the ultimate goals of the informatized society are realized.

Moreover, it is possible to observe a directly proportional relationship between these phenomena, since the organization of the information process can become a reliable guarantee, and in some respects even a guarantee of the effective achievement of general social goals, the formation of the worldview of the personality of modern times. It can be concluded that even expressing a different purpose and scope of content, the concepts of information and the information process are very close and inextricably interrelated.

In my opinion, the question of the relationship between the categories “information process” and “information system” also requires clarification. The latter category can be characterized as a system of documents and information technologies through which information processes are carried out.

In modern science, unfortunately, there is also no clear formulation of the definition of information relations as a subject of legal regulation, which is a significant gap and complicates the study of the essence and patterns of information processes, since as a special type of public relations, information relations arise directly during the implementation of the information process and act between its subjects.

The definitions of information relations available in the literature can be reduced to the following two approaches. According to V.A. Kopylov, an information legal relationship is “an informational public relationship regulated by an information legal norm, the parties of which act as carriers of mutual rights and obligations established and guaranteed by an information legal norm.”

The essence of the second approach is that information relations are proposed to be understood as relations related to the search, receipt, transmission, production, distribution, transformation and consumption of information. It should be borne in mind that not every relationship that has developed in the information sphere can be subject to legal regulation. In this form, only those real social relations that are regulated by the norms of information legislation or artificially formed as a result of such regulation appear.

One of the important categories inextricably linked with the information process is the category of quality of stored and used information – the main criterion for evaluating the organization of the information process. The quality of information depends on a variety of objective and subjective factors: the state of information technologies that ensure the information process, the effectiveness of the information system itself as a whole, the presence or absence of a mechanism for self-development of the system, the effectiveness of methods and the qualifications.

In connection with the above, there is a need to dwell on another important concept called the value of information, which is completely untouched in science, since the issue of introducing values into the information process has an enduring social significance. Today we have to admit that in many ways and through the informatization of society, a new understanding of the meaning of life and the purpose of a person, awareness of the prospects for future development and the desire for unity of actions aimed at achieving general humanitarian goals should be determined. The essence of a modern personality is largely determined by what system of values he adheres to, what motivates him to work, what goals he pursues. Not only the fate of the country, but also the future of humanity truly depends on this.

Distinctive characteristics that show the value of information are:

– universality of the ideas of the information society;

– openness of the information space, which expands the boundaries of human interaction (his value system) and new information;

– continuity of information transmission and consumption, focusing on the value of mastering the most essential, fundamental, sustainable knowledge underlying the scientific picture of the modern world and the global fundamental processes taking place in it.

In my opinion, the implementation of fundamental values in the information process is one of the strategic goals of today’s information society and objectively serves to form a new generation of people with innovative creative thinking, high ideological culture, highly qualified specialists with an ethically responsible attitude to the world.


The EU Data Act: Towards a data-sharing economy?

Author: Barbara da Rosa Lazarotto


There has never been so much data available about individuals. In 2025, the value of the data economy in the EU will be comparable to the GDP of the Netherlands [1]. IoT companies hold large amounts of non-personal data from customers that at first glance might look useless, yet they hold huge relevance.

In the current world, it is almost impossible for an individual not to have any digital footprint in any data-related company, thus we can affirm that data is a form of capital[2] and that we live in a “data economy”. Following this movement, the EU is currently working on a data strategy which consists of several acts such as the Data Governance Act[3] and the most recently proposed Data Act. Today I will focus on the recently proposed Data Act[4].

The Data Act is founded on the premise that data is the lifeblood of economic development[5] and it aims to clarify who can access and use data by removing barriers and providing a safe environment for data sharing.

Currently, we are in the midst of a technological revolution where ordinary tools such as a coffee maker and a vacuum can generate data. Thus, the Data Act aims to determine that consumers can access data generated by these everyday devices and oblige companies to share them with other companies for better use. This will generate innovation, job creation and especially benefit small businesses.

The Data Act also aims to avoid unfair competition when it comes to data sharing by creating a fairness test that prohibits companies from unilaterally imposing unfair contractual clauses related to data sharing. This tool ensures fairness in the allocation of data value among the actors of the data economy.

The Act also addresses my research subject which is public-private data sharing. On this point, in Article 14 the Act states that companies must make data available to the public sector bodies in certain circumstances e.g. in case of emergencies and other exceptional needs. In this context, there is a very good example of data sharing in case of emergencies that could easily have fit under the Data Act provisions.

In August 2005 Hurricane Katrina struck the southeastern United States leaving a widespread of death and damage. Efforts to recover the New Orleans area have gained a powerful ally with the use of data sharing. “Valassis Communications” is a company that mails promotional circulars to virtually every house in the United States. Using this colossal database volunteers were able to apply funds more efficiently and help directly to the individuals who needed it without spending time with house-to-house surveys. Additionally, the nonprofit independent former “Greater New Orleans Data Center”, was able to track the city’s repopulation block by block. [6] Using this data, the Data Center produced several reports such as geographies of poverty, housing developments and abandonment, trace life expectancy and others. These reports can be a great aid to the government to place the efforts to the ones who most need assistance. [7] According to the Data Center, the data available to government officials at the time of the hurricane was an outdated census of New Orleans of the 2000s, thus the data provided by the private company Valassis therefore exemplifies the potential benefits of public-private data sharing in case of emergencies.

The Data Act also is supposed to make it easier for customers to switch between cloud services providers, determining that these providers must ensure easy switching conditions for customers.

Last but not least, the Data Act points out the importance of standardisation and semantic interoperability to data sharing and the formation of a single market of data. Thus, Article 28 refers to several essential requirements that must be complied with to ensure interoperability, e.g. data methodology, data quality, data formats and taxonomies.

With this, it is possible to observe that The Data Act is a good first step forward in the responsible and effective use of data, which will be able to create job opportunities and push the economy with new types of services.



[1] https://www.inlinepolicy.com/blog/eu-data-act

[2] Jathan Sadowski, ‘When Data Is Capital: Datafication, Accumulation, and Extraction’ (2019) 6 Big Data & Society 205395171882054.

[3] https://eur-lex.europa.eu/legalcontent/EN/TXT/?uri=CELEX%3A52020PC0767

[4] https://digital-strategy.ec.europa.eu/en/library/data-act-proposalregulation harmonised-rules-fair-access-and-use-data

[5] COM (2020) 66 final p.2

[6] https://spectrevision.net/2008/08/22/junk-mail-pings-new-orleans/

[7] https://www.datacenterresearch.org/maps/reference-maps/




Participation of Tommaso Crepax (ESR 3) at the PrivacyCamp22

25 GENNAIO 2022
Tommaso Crepax participated at the PrivacyCamp22 with a panel ”Regulation vs. Governance: Who is marginalised, is “privacy” the right focus, and where do privacy tools clash with platform governance”
Click here for the Session description

Click here for the Session recording

For all the panel summaries and recordings of the Conference

Summary and Video of the Awareness Conference

Legality Attentive AI: Awareness Conference on Explainability of AI

28th of January, 2022

Webinar organised by LeADS in collaboration with the Brussels Privacy Hub



Summary of the Conference authored by ESR Robert Poe

For Privacy Day 2022, LeADS (Legality Attentive Data Scientists) and the Brussels Privacy Hub collaborated on the Awareness Conference on the Explainability of AI. Together, the group put on a panel of distinguished speakers: Paul Nemitz of the European Commission; Catelijne Muller, President of ALLAI, EESC, OECD for AI, and HLEG on AI; Dafna Feinholz of UNESO; Riccardo Masucci of Intel; and Fosca Giannotti of Scoula Normale Superiore and CNR.


From the start, meaningful debate arose. And, until the last word, each speaker expressed themselves seriously and eloquently.


Dafna Feinholz spoke both of the great benefits and risks of AI and of the recent UNESCO Recommendations on the Ethics of AI (Nov. 2021). The Recommendations are admirable, advocating from design to deployment, an ethical approach benefiting all actors involved in an AI projects lifecycle.


Paul Nemitz marked the recent change of direction by the EU, from a focus on ethics to an establishment of legislation. Paul stressed that, in his opinion, these Codes of Conduct (professional ethics) were created to defend companies against regulatory action. Further, he argued that we need binding rules to have fair competition in the EU, and that companies should not be allowed to wash their hands of responsibility for artificial intelligence systems when they have released them in the marketplace.


Catelijne Muller thoughtfully rejected the commonly held belief that regulation would stifle innovation, saying, “First of all, they don’t, they promote innovation because they level the playing field.” She added that regulations do not only give much needed legal certainty to corporate actors, but regulations also produce standards that will push companies to develop more sustainable and worthwhile AI systems. Catelijne continued by asking the audience to keep in mind the limited capabilities of AI systems today. She ended with a hopeful legal remark on explainability: where a human is already required by law to explain something, the AI is bound as well.


Riccardo Masucci celebrated the consensus the EU has built around the general ethical principles that should guide the development of AI but lamented that convergence on technical solutions has not yet happened. He added that future investments must be put into standardization.


Fosca Giannotti, coming from a technical background, enthusiastically welcomed the responsibility placed on developers of AI, arguing that it brings forth new scientific challenges; and that, in the context of explainability, this responsibility is changing AI research: ensuring a focus on the synergistic collaboration between humans and AI systems. However, she expressed the need for appropriate validation processes for such systems, which is difficult because it requires the evaluation of human-machine interactions (social-technical interactions).


Afterwards, during the discussion phase, a debate sprang forth around a tweet shared in the chat, “…you have to choose between a black box AI surgeon that cannot explain how it works but has a 90% cure rate and a human surgeon with an 80% cure rate that can explain how they work.” Nemitz referred to such hypotheticals as “boogeymen” used to argue against fundamental rights. Meanwhile Muller firmly confronted a commenter who asked whether a human surgeon could even explain themselves, saying that she would certainly hope so, and that these types of hypotheticals are nonsensical.


Over 70 attendees came to celebrate Privacy Day with an afternoon packed full of thought-provoking interaction. Thank you to everyone involved at LeADS and the Brussels Privacy Hub for hosting such an event.

WATCH AGAIN THE SoBigData++ and LeADS Awaraness Panel

Recent Perspectives on Dynamic Consent in Research: a Combined Legal and Technical Approach