WINNERS of the Innovation Challenge “AI Act Compass: Navigating Requirements for High-Risk AI Systems”

It was a long day

It was a restless but fair competition,

a lot of energies were spent,

innovative solutions were developed

it was challenging

it was great.

All the Teams invested their best efforts to solve both the Off-line and In-person phases of the challenge, all the solutions were excellent but… some more than others, it was hard but this is the Jury verdict (click on the Team names to know the winners’ solutions and bios)

1st prize: The Data Jurists 

2nd prize: The AI-Act Navigators 

3rd prize: The AI-WARE

Special prizes: 

Most innovative Solution: The Data Jurists 

Best Presentation: AI-Renella 

 

Special Edition Blog Series on PhD Abstracts (Part IV)

This post is a continuation of the blog post series on PhD abstracts. You can find the first part of the series here.

 

Barbara Lazarotto: Business to Government Data Sharing in the EU and the protection of personal data: Making sense of a complex framework.

Data is a crucial resource that plays an essential role in the economy and society. Yet, due to market failures, data has been often treated as a commodity and held in silos by a few actors, often large companies. In light of recent developments, there have been talks about transferring data from exclusive control of certain groups to making it accessible for public use. The European Union has taken a step in this direction by introducing the “European Data Strategy”, a set of rules and regulations that amongst other objectives, also aimed at making it easier for stakeholders to share data among themselves and with governments. However, this regulatory framework which includes different modalities of business-to-government data sharing is fairly new and the synergy between them is still yet to be seen since many of them may overlap and have possible contradictions.

Against this backdrop, there is a pressing need to analyze the current legal and regulatory landscape for business-to-government data sharing in the EU, how they interact with each other, and their possible consequences for the rights of data subjects. The analysis will delve into the complexities of the regulatory conundrum associated with business-to-government data sharing and explore whether the current framework effectively addresses the data subject’s data protection rights as enshrined in the GDPR. Ultimately, this research aims to provide a comprehensive understanding of the legal and regulatory landscape for business-to-government data sharing and its connections with data subject’s rights.

Fatma Dogan: Navigating the European Health Data Space: A Critical Analysis of Transparency Implications in Secondary Data Use under GDPR.

This thesis aims to critically examine the European Health Data Space (EHDS) proposal, with a specific focus on its secondary use framework and the implications of transparency requirements of the General Data Protection Regulation (GDPR). The research delves into the intricate intersection of EHDS provisions, GDPR transparency requirements, and the proportionality principle. In this context, whether a rights-based approach to privacy regulation still suffices to address the challenges triggered by new data processing techniques such as secondary use of data will be discovered. GDPR’s rights-based approach grants individuals a set of rights and obligation to offer transparency is one of them. However, it is highly unclear how these rights could be able to employ by data subjects under EHDS secondary use framework.

Xengie Doan: Tools and Methods for User-Centered, Legal-Ethical Collective Consent Models: Genomic Data Sharing.

Health data is sensitive and sharing it could have many risks, which is especially true for genetic data. One’s genome might also indicate physical or health risks that could be used for more personalized healthcare or personalized insurance premiums. These risks affect not only the individual who has initially consented to the collection and sharing, but also those who may be identified from the DNA, such as genetic relatives or those who share a genetic mutation. How can relevant individuals come together to consent to genetic data sharing? Collective consent stems from indigenous bioethics where indigenous tribes fought for their right to consent to biomedical research as a community, not just as individuals. It has been used in research partnerships with indigenous groups to improve stakeholder involvement instead of treating indigenous populations as test subjects. Though it has been proposed, no digital collective consent (wherein multiple individuals consent in different via different governance structures such as families or tribal leader) exists for the general public. Challenges span legal-ethical issues and technical properties such as transparency and usability. In order to build collective digital consent to meaningfully address real world challenges, this work uses genetic data sharing as a use case to better understand what tools and methods can enhance a user-friendly, transparent, and legal-ethically aware collective consent. I conducted a theoretical and empirical study on collective consent processes for health data sharing. First, we explored the privacy and biomedical gaps in collective consent, as it has not been implemented widely outside of indigenous populations. Then I surveyed user goals and attitudes towards engaging elements within different consent mediums, then I analyzed the transparency and user-relevancy of policies from notable DTC genetic testing companies to find gaps in. Last, I validated the framework for transparent, user-centered collective consent with a use-case with a company in Norway.

Special Edition Blog Series on PhD Abstracts (Part III)

This post is a continuation of the blog post series on PhD abstracts. You can find the first part of the series here.

Mitisha Gaur: Re-Imagining the Interplay Between Technical Standards, Compliances and Legal Requirements in AI Systems Employed in Adjudication Environments Affecting Individual Rights

The doctoral thesis investigates the use of AI technology in automated decision making systems (ADMS) and subsequent application of these ADMS within Public Authorities as Automated Governance systems in their capacity as aides for the dispensing of public services and conducting investigations pertaining to taxation and welfare benefits fraud. The thesis identifies Automated Governance systems as a sociotechnical system comprising three primary elements- social (workforce, users), technical (AI systems and databases) and organisational (Public Authorities and their internal culture).

Fuelled by the sociotechnical understanding of automated governance systems, the thesis’ investigation is conducted through three primary angles, Transparency, Human Oversight and Algorithmic Accountability and their effect on the development, deployment and subsequent use of the Automated Governance systems. Further, the thesis investigates five primary case studies against the policy background of the EU’s HLEG Ethics guidelines for AI systems and the regulatory backdrop of the AI Act (and on occasion the GDPR).

Finally, the thesis concludes with observed gaps in the ethical and regulatory governance of Automated Governance systems and recommends core areas of action such as the need to ensure adequate agency for the decision-subjects of the AI systems, the importance of enforcing contextual clarity within AI Systems deployed in a high risk scenario such as Automated Governance and advocates for strict ex-ante and ex-post requirements for the developers and deployers of Automated Governance systems.

Maciej Zuziak: Threat Detection and Privacy Risk Quantification in Collaborative Learning

This thesis compiles research on the brink of privacy, federated learning and data governance to answer numerous issues that concern the functioning of decentralised learning systems.  The first chapters introduce an array of issues connected with European data governance, followed by an introduction of Data Collaboratives – a concept that is built upon common management problems and serves as a generalization of numerous approaches to collaborative learning that have been discussed over the last years. The subsequent work presents the results of the experiments conducted on the selected problems that may arise in collaborative learning scenarios, mainly concerning threat detection, clients’ marginal contribution quantification and assessment of re-identification attacks’ risk. It formalizes the problem of marginal problem contribution, introducing a formal notion of Aggregation Masks and Collaborative Contribution Function that generalizes many already existing approaches such as Shaple Value. In relation to that, it presents an alternative solution to that problem in the form of Alpha-Amplification functions. The contribution analysis is tied back to threat detection, as the experimental section explores using Alpha Amplification as an experimental method of identifying possible threats in the pool of learners. The formal privacy issues are explored in two chapters dedicated to spoofing attacks in Collaborative Learning and the correlation between the former and membership inference attacks, as the lack thereof would imply that similar (deletion-based) metrics would be safe to employ in the Collaborative Learning scenario. The last chapter is dedicated to the selected compliance issues that may arise in the previously presented scenarios, especially those concerning the hard memorization of the models and the consent withdrawal after training completion.

PUBLIC PRESENTATION – INNOVATION CHALLENGE “AI Act Compass: Navigating Requirements for High-Risk AI Systems”

PISA -10 OCTOBER 2024

1  CHALLENGE

7  TEAMS FROM ALL OVER EUROPE

7  INNOVATIVE IDEAS

1   WINNER (OR MAYBE 3)!

Join us to discover the 7 innovative solutions that will help developers or deployers of AI systems to navigate the risk classification system of the AI Act.

The EU project “LeADS- Legality attentive data scientists- GA 956562”, in collaboration with the Pisa Internet Festival, is happy to invite you to attend the 7 presentations and  discover which Team will find the BEST solution of the Innovation Challenge“AI Act Compass: Navigating Requirements for High-Risk AI Systems” and win 2.500€

WERE

Sala Kinzica – Officine Garibaldi, via Via Vincenzo Gioberti 39, Pisa , Italy

WHEN

10 October 2024

16.00-18.00 presentations

19.00  Winners Announcement

 

 

LeADS Final Conference: Legally compliant data-driven society

11th of October 2024

Aula Magna – Sant’Anna School of Advanced Studies  

Piazza martiri della Libertà 33, Pisa

Free Event – Organized in the framework of the Pisa Internet Festival 

Data drive our societies, open to new technological solutions and scientific discoveries. Data create new market opportunities and new challenges also to security. These processes require a multidisciplinary approach for a governance able to reap the benefits of them while guaranteeing fundamental rights and freedoms. The LeADS final conference tackles this task in 3 key domains with its outstanding speakers.

Panel 1:  12.00 – 13.30 Data-driven Markets and Innovation

12.00 – 12.05 Giovanni Comandé Sant’Anna Scool of Advanced Studies Introduction
12.05 – 12.25 Giovanni Pitruzzella – Italian Constitutional Court
12.25 – 12.45 Giuseppe Turchetti – Sant’Anna Scool of Advanced Studies Introduction
12.45 – 13 .05 Antonio Buttà – Autorità Garante della Concorrenza e del Mercato
13.05 – 13.30 Discussion

 

Panel 2: 14.00 – 15.30 Research and secondary use of data

14.00 -14.05 Giovanni Comandé SSSA: Introduction
14.05 – 14.25 Paul de Hert – Vrije Universiteit of Brussel
14.25 – 14.45 Regina Becker – Luxembourg National Data Service LNDS
14.45 – 15 .05 Piotr Drobek– UODO – Personal Data Protection Office of Poland
15.05 – 15.30 Discussion

Panel 3:  16.00 – 17.30 Data Society and technological sovereignty\ security

16.00 – 16.05 Michelle Sibilla – Université Toulouse III – Introduction
16.05 – 16.25 Jorge Maestre Vidal – Indra · Digital Labs
16.25 – 16.45 Giovanni Comandé – SSSA
16.45 – 17 .05 Nicola Lattanzi – IMT Scuola Alti Studi di Lucca
17.05 – 17.30 Discussion

Registration form

Special Edition Blog Series on PhD Abstracts (Part II)

This post is a continuation of the blog post series on PhD abstracts. You can find the first part of the series here.

Tommaso Crepax: Unchaining Data portability in a Lawful Digital Economy.

Data portability is a key instrument to realize the EU policy vision on data governance. Because it allows for data sharing and re-use through forms of access control, it has the power to benefit all players while adequately protecting their rights. Regrettably, economic, legal, and technical issues have hindered the development of information exchange systems supporting data portability. To create platforms and tools for data portability, developers need that emerging expertise of “legal engineers” identifies the legal requirements, to make sure that users, consumers, and “prosumers” can enjoy their rights securely, effectively, and without infringing others’ rights and legitimate interests. This research aims at finding such legal requirements inside the actual, dynamic wave of EU legislation on the issues of data governance (including data sharing, access, control, re-usability), competition in digital markets and provision of digital services. This quest for legal requirements moves beyond black letter law, leveraging case law development, as well as European and national relevant authorities’ guidance. The goal is to clarify what is requested to developers of portability services and personal data controllers in terms of implementable organizational and technical measures. This clarification effort uses established methods of requirements engineering elicitation and documentation, and is carried out with the use of relational databases. It is coordinated with the mapping of relevant ISO standards (most importantly, ISO/IEC 27701), and further evaluated for compatibility with the elicited requirements in a loop that potentially leads to guidelines for either reform or implementation. Lastly, this work provides a list of technical solutions as individuated by relevant authorities, case law and field experts.

Cristian Lepore: A Framework to Assess E-Identity Solutions

Digital identity is important for businesses and governments to grow. When apps or websites ask us to create a new digital identity or log in using a big platform, we do not know what happens to our data. That is why experts and governments are working on creating a safe and trustworthy digital identity. This identity would let anyone file taxes, rent a car, or prove their financial income easily and privately. This new digital identity is called Self-Sovereign Identity (SSI). In our work, we propose an SSI-based model to evaluate different identity options and we then prove our model value on the European identity framework.

Special Edition Blog Series on PhD Abstracts (Part I)

In this special edition series of blog posts, we are excited to present the PhD abstracts of our 15 Early Stage Researchers (ESRs). Each ESR has not only contributed to the interdisciplinary research within the LeADS project and its four Crossroads but has also pursued their own individual research within the scope of their PhD thesis.

While the topics and titles of their PhD theses may not align exactly with the specific LeADS research areas assigned to them, the influence of their work within the project has undoubtedly shaped and enriched their doctoral research. This diversity of topics reflects the depth and breadth of inquiry fostered within the LeADS project. We invite you to explore a variety of research topics and witness the valuable insights developed throughout the research journeys of our ESRs.


 

Qifan Yang: Reciprocal interplay between personal data protection under the GDPR and market competition in the data-driven society.

With the rapid development of the data economy, data has gradually become the key input and critical production factor and extracting value from big data has also been a significant source of power for internet market players. The review of the process of data generation reveals that most valuable data are produced by users.The frequent and massive collection and processing of data in the digital age have raised concerns about data privacy leaks and misuse. The EU General Data Protection Regulation covers personal data protection and cross-border transfers in the hope to tackle the protection of data subjects and its complex interrelation with economic and political implications via a comprehensive legal regime.

Against this backdrop scenario, as a rule of market governance, personal data protection seeks the balance between economic interests and individual rights taking into account the differences in their sensitivity. Although we cannot measure every influencing factor and turn them into conditions for a desired model, this research project will analyse the debate and impacts of the data protection regulation on competition dynamics in the EU and other countries, especially the impacts of personal data protection on the consolidation of market dominance. Due to the reciprocal interplay between competition law and personal data protection, personal data protection is also affected by competition law in a constant loop reaching different equilibria. Therefore, another important research objective is to sketch the mechanisms through which competition law can have an impact on data privacy in the legal and economic context. Methodologically, this research will be leveraging relevant legal, economic, technical and combining both a theoretical methodology with empirical analysis.

Louis Sahi: Distributed reliability and blockchain like technologies.

Data processing and AI-based techniques are now widely used in multiple sectors, including business, sociology, healthcare, mobility, research, etc. Moreover, companies and public organizations have produced and/or collected various types of data which today are stored in data silos that need to be integrated to build a data economy that drives innovation. Such data spaces should involve different stakeholders in collaborative data processing including distributed data life cycle as well as decentralized data governance. Naturally, when several systems are interconnected to carry out each step of the data life cycle, this data life cycle can be defined as distributed. When multiple entities manage data governance, this type of data governance is called decentralized data governance. Collaborative data processing raises several issues and challenges, especially, ensuring the reliability of distributed systems, trust in the decentralized governance of data processing, and compliance with legal requirements concerning data processing. Data quality plays a central role in these challenges to create a data economy. Data quality evaluation is a potential indicator to enhance the reliability, trust, and legal compliance of shared data across collaborative data processing. The main contribution of my research will respond to questions such as: are data governance stakeholders able to make the right decisions to maintain data quality? What are the data quality criteria that can be used to assess trust in all data governance stakeholders based on their actions and decisions? What are the data quality criteria pertinent to data governance? Then, how to assess the reliability of all components in distributed systems, i.e. the ability of each component to perform correctly and not degrade the quality of the data? How to create data quality contracts at each step of the data life cycle based on appropriate data quality criteria? Finally, how do we respond to the fact that there is no existing work that categorizes data quality criteria according to different EU regulations, such as the GDPR, the Data Act, or the Data Governance Act?

LeADS Conference “Legally compliant data-driven society”

2024, the final year of the LeADS project, will finish with an intensive three-day meeting packed with a wide variety of LeADS activities. Organized by the LeADS consortium, the activities will take place in Pisa at the Sant’Anna School of Advanced Studies. During these three days, three distinct events will take place, amongst them the Conference on Legally compliant data-driven society on 11 October 2024.

The first panel on Data-driven markets and Innovation Rationale will be initiated at 12:00 with opening remarks by Prof. Giovanni Comande’. The following talks were by Giovanni Pitruzzella, the Constitutional Court, Jeroen van den Hoven TU Delf, and Antonio Buttà, the AGCM.

The second panel on Research and secondary use of data will be initiated at 2 pm with opening remarks by Prof. Giovanni Comande, followed by talks by Loes Markenstein, EDPB, Regina Becker, Luxembourg National Data Service LNDS, Guido Scorza, Italian DPA, and Piotr Drobek, UODO Personal Data Protection Office, Poland.

Finally, Gabriele Lenzini, UniLu, will initiate the third panel at 4 pm on Data Society and technological sovereignty security, which will be followed by talks by Riccardo Masucci, Intel Bruxelles, Jorge Maestre Vidal, Indra · Digital Labs, Domenico Ferrara, ENISA, and Nicola Lattanzi, IMT.

ESR Barbara Lazarotto at Annual Privacy Forum 2024

The Annual Privacy Forum (APF) 2024 hosted in Karlstad, Sweden, on September 4-5, brought together leaders, researchers, policymakers, and industry experts to discuss cutting-edge data protection and privacy developments. The Conference was organized by ENISA, DG Connect, and Karlstad University. This year’s event focused on the complex interplay between emerging technologies and privacy regulations, particularly as AI, 5G, and smart systems evolve. With topics ranging from GDPR implementation to privacy in AI-driven environments, APF 2024 provided a platform for interdisciplinary collaboration to address future privacy challenges.

Barbara presented her research written along with colleague Pablo Rodrigo Trigo Kramcsak on the topic of “Another Data Dilemma in Smart Cities: the GDPR’s Joint Controllership Tightrope within Public-Private Collaborations“. The paper explored the legal challenges and implications of processing personal data within Public-Private Partnerships in smart city contexts.

The paper is available at the Conference’s proceedings and was greeted with warming feedback.

New publication by ESR Barbara Lazarotto

Annual Privacy Forum 2024

 

ESR Barbara Lazarotto will present her research paper written along with her colleague Pablo Trigo Kramcsák on the topic of “Another Data Dilemma in Smart Cities: The G DPR’s Joint Controllership Tightrope Within Public-Private Collaborations” at The Annual Privacy Forum (APF) 2024 organized by ENISA (the European Union Agency for Cybersecurity), DG Connect (Directorate-General for Communications Networks, Content and Technology), and Karlstad University.

The event will be a critical platform for discussing personal data protection, industry developments, and future challenges. It will bring together academia, industry, and government experts to explore the evolving landscape of data privacy and legal frameworks. By fostering collaboration and knowledge exchange, the event aims to contribute to the ongoing effort to enhance data privacy across the EU and beyond.

More information on the event and the full program can be found here

The book with the proceedings of the event, along with Barbara’s research paper is here