Special Edition Blog Series on PhD Abstracts (Part I)

In this special edition series of blog posts, we are excited to present the PhD abstracts of our 15 Early Stage Researchers (ESRs). Each ESR has not only contributed to the interdisciplinary research within the LeADS project and its four Crossroads but has also pursued their own individual research within the scope of their PhD thesis.

While the topics and titles of their PhD theses may not align exactly with the specific LeADS research areas assigned to them, the influence of their work within the project has undoubtedly shaped and enriched their doctoral research. This diversity of topics reflects the depth and breadth of inquiry fostered within the LeADS project. We invite you to explore a variety of research topics and witness the valuable insights developed throughout the research journeys of our ESRs.


 

Qifan Yang: Reciprocal interplay between personal data protection under the GDPR and market competition in the data-driven society.

With the rapid development of the data economy, data has gradually become the key input and critical production factor and extracting value from big data has also been a significant source of power for internet market players. The review of the process of data generation reveals that most valuable data are produced by users.The frequent and massive collection and processing of data in the digital age have raised concerns about data privacy leaks and misuse. The EU General Data Protection Regulation covers personal data protection and cross-border transfers in the hope to tackle the protection of data subjects and its complex interrelation with economic and political implications via a comprehensive legal regime.

Against this backdrop scenario, as a rule of market governance, personal data protection seeks the balance between economic interests and individual rights taking into account the differences in their sensitivity. Although we cannot measure every influencing factor and turn them into conditions for a desired model, this research project will analyse the debate and impacts of the data protection regulation on competition dynamics in the EU and other countries, especially the impacts of personal data protection on the consolidation of market dominance. Due to the reciprocal interplay between competition law and personal data protection, personal data protection is also affected by competition law in a constant loop reaching different equilibria. Therefore, another important research objective is to sketch the mechanisms through which competition law can have an impact on data privacy in the legal and economic context. Methodologically, this research will be leveraging relevant legal, economic, technical and combining both a theoretical methodology with empirical analysis.

Louis Sahi: Distributed reliability and blockchain like technologies.

Data processing and AI-based techniques are now widely used in multiple sectors, including business, sociology, healthcare, mobility, research, etc. Moreover, companies and public organizations have produced and/or collected various types of data which today are stored in data silos that need to be integrated to build a data economy that drives innovation. Such data spaces should involve different stakeholders in collaborative data processing including distributed data life cycle as well as decentralized data governance. Naturally, when several systems are interconnected to carry out each step of the data life cycle, this data life cycle can be defined as distributed. When multiple entities manage data governance, this type of data governance is called decentralized data governance. Collaborative data processing raises several issues and challenges, especially, ensuring the reliability of distributed systems, trust in the decentralized governance of data processing, and compliance with legal requirements concerning data processing. Data quality plays a central role in these challenges to create a data economy. Data quality evaluation is a potential indicator to enhance the reliability, trust, and legal compliance of shared data across collaborative data processing. The main contribution of my research will respond to questions such as: are data governance stakeholders able to make the right decisions to maintain data quality? What are the data quality criteria that can be used to assess trust in all data governance stakeholders based on their actions and decisions? What are the data quality criteria pertinent to data governance? Then, how to assess the reliability of all components in distributed systems, i.e. the ability of each component to perform correctly and not degrade the quality of the data? How to create data quality contracts at each step of the data life cycle based on appropriate data quality criteria? Finally, how do we respond to the fact that there is no existing work that categorizes data quality criteria according to different EU regulations, such as the GDPR, the Data Act, or the Data Governance Act?

LeADS Conference “Legally compliant data-driven society”

2024, the final year of the LeADS project, will finish with an intensive three-day meeting packed with a wide variety of LeADS activities. Organized by the LeADS consortium, the activities will take place in Pisa at the Sant’Anna School of Advanced Studies. During these three days, three distinct events will take place, amongst them the Conference on Legally compliant data-driven society on 11 October 2024.

The first panel on Data-driven markets and Innovation Rationale will be initiated at 12:00 with opening remarks by Prof. Giovanni Comande’. The following talks were by Giovanni Pitruzzella, the Constitutional Court, Jeroen van den Hoven TU Delf, and Antonio Buttà, the AGCM.

The second panel on Research and secondary use of data will be initiated at 2 pm with opening remarks by Prof. Giovanni Comande, followed by talks by Loes Markenstein, EDPB, Regina Becker, Luxembourg National Data Service LNDS, Guido Scorza, Italian DPA, and Piotr Drobek, UODO Personal Data Protection Office, Poland.

Finally, Gabriele Lenzini, UniLu, will initiate the third panel at 4 pm on Data Society and technological sovereignty security, which will be followed by talks by Riccardo Masucci, Intel Bruxelles, Jorge Maestre Vidal, Indra · Digital Labs, Domenico Ferrara, ENISA, and Nicola Lattanzi, IMT.

ESR Barbara Lazarotto at Annual Privacy Forum 2024

The Annual Privacy Forum (APF) 2024 hosted in Karlstad, Sweden, on September 4-5, brought together leaders, researchers, policymakers, and industry experts to discuss cutting-edge data protection and privacy developments. The Conference was organized by ENISA, DG Connect, and Karlstad University. This year’s event focused on the complex interplay between emerging technologies and privacy regulations, particularly as AI, 5G, and smart systems evolve. With topics ranging from GDPR implementation to privacy in AI-driven environments, APF 2024 provided a platform for interdisciplinary collaboration to address future privacy challenges.

Barbara presented her research written along with colleague Pablo Rodrigo Trigo Kramcsak on the topic of “Another Data Dilemma in Smart Cities: the GDPR’s Joint Controllership Tightrope within Public-Private Collaborations“. The paper explored the legal challenges and implications of processing personal data within Public-Private Partnerships in smart city contexts.

The paper is available at the Conference’s proceedings and was greeted with warming feedback.

New publication by ESR Barbara Lazarotto

Annual Privacy Forum 2024

 

ESR Barbara Lazarotto will present her research paper written along with her colleague Pablo Trigo Kramcsák on the topic of “Another Data Dilemma in Smart Cities: The G DPR’s Joint Controllership Tightrope Within Public-Private Collaborations” at The Annual Privacy Forum (APF) 2024 organized by ENISA (the European Union Agency for Cybersecurity), DG Connect (Directorate-General for Communications Networks, Content and Technology), and Karlstad University.

The event will be a critical platform for discussing personal data protection, industry developments, and future challenges. It will bring together academia, industry, and government experts to explore the evolving landscape of data privacy and legal frameworks. By fostering collaboration and knowledge exchange, the event aims to contribute to the ongoing effort to enhance data privacy across the EU and beyond.

More information on the event and the full program can be found here

The book with the proceedings of the event, along with Barbara’s research paper is here

ESR Barbara Lazarotto at Webinar Regulation of Digital Infrastructure in the EU

Image previewOn July 25, 2024, CTS-FGV hosted a highly insightful webinar titled “Regulation of Digital Infrastructure in the EU: from Networks to Platforms,” featuring  Thomas Lohninger and ESR Bárbara Lazarotto. This event provided an in-depth examination of the recent regulatory developments within the European Union, focusing on their impact on digital infrastructure, including electronic networks, digital platforms, and data regulation.

The webinar was held in a hybrid format, aiming to understand the evolving landscape of EU digital policy. Thomas Lohninger, CEO of epicenter.works, and  ESR Bárbara Lazarotto led the discussion. Both speakers brought their extensive expertise to the table, offering a thorough analysis of the current and upcoming EU regulations that are poised to reshape the digital ecosystem.

During the session, Lohninger and Lazarotto delved into several key pieces of legislation, including the AI Act, the Digital Markets Act (DMA), the Digital Services Act (DSA), and the Data Act. They also touched on the controversial “fair share” proposals, which have sparked significant debate within the EU and beyond. The discussion highlighted not only the implications of these regulations within Europe but also their potential to influence global digital governance.

Moderated by Luca Belli, the webinar fostered a dynamic and interactive environment where attendees could engage directly with the speakers. The conversation illuminated the complexities and challenges of regulating digital infrastructure in a rapidly evolving technological landscape. The speakers emphasized the importance of balancing innovation with regulation to ensure that the digital economy remains open, competitive, and fair.

Overall, the event was a resounding success, offering valuable insights into the future of digital regulation in the EU. As the digital landscape continues to evolve, understanding these regulatory frameworks will be crucial for stakeholders worldwide. This webinar was a testament to CTS-FGV’s commitment to fostering informed discussions on critical global issues.

The webinar can be watched online at this link

ESR Barbara Lazarotto at CPDP LatAm 2024

Call for panels - 2024 - CPDP LatAm 2024On July 17th, ESR Barbara Lazarotto participated in a panel discussion on ‘The Impact of EU AI Regulation on Latin American AI Governance: Emerging AI Authorities?’ at CPDP Latam.

The event took place at FGV Cultural Center in Botafogo, in Rio de Janeiro, focusing on discussing diverse data protection topics in Latin America in its two-day program. For this reason, the Conference has a diverse audience and is held in three official languages: Portuguese, Spanish, and English. Although the Conference was held in person, the opening and closing plenaries were live-streamed, and live translation services were also offered.

The panel took a comparative approach by addressing the different complexities and challenges faced by Brazil, Chile, and the European Union when it comes to the AI governance models. The Panel was moderated by Ine van Zeeland (SMIT, VUB), joined by speakers Lucas Borges de Carvalho (ANPD), Pedro Martins (Data Privacy Brasil), Alberto Cerda (law professor from the University of Chile), Bárbara Lazarotto (LSTS, VUB), and Filipe Medon (FGV).Image

Barbara also submitted a paper co-authored with Rocco Saverino and Pablo Trigo Kramcsák to the CPDP Latam 2024 call for papers.

INNOVATION CHALLENGE – Call for participation

Call for participation to the innovation challenge

“AI Act Compass: Navigating Requirements for High-Risk AI Systems”

The challenge

The EU project “LeADS- Legality attentive data scientists- GA 956562” ( Sant’Anna School of Advanced Studies – Pisa), in collaboration with the Pisa Internet Festival, organizes an innovation challenge on the topic of the AI Act (Regulation EU 2024/1689). Participants will need to create a solution that helps developers or deployers of AI systems to navigate the risk classification system of the AI Act and understand which requirements apply to them.

DEADLINE FOR REGISTRATION 11:00 PM CEST of 6 September 2024.

The challenge is organized as follows:

Offline phase (16th of September – 6th of October 2024):

The selected teams will work offline on the first part of the challenge. On the 16th of September 2024, the teams will receive, at the contact email provided, detailed instructions and the necessary documentation. The teams will send their solution in the form of a mock-up to the mail challenge@legalityattentivedatascientists.eu  by the 6th of October 2024 h. 21:00.

In-person phase (10th of October 2024 in Pisa – Italy):

In the morning, the selected teams will receive and solve the second part of the challenge that will concern the tailoring of the solution to a concrete scenario. In the afternoon, the teams will present their solution to the jury.

The prizes

What can you win?

  • First place: 2.500€
  • Second place: 1.500€
  • Third place: 1.000€
  • Best presentation: 500€
  • Most innovative solution: 500€

The prizes will be awarded by an independent jury on the 10th of October 2024 (from 7 to 8 pm).

How will the winning solutions be selected?

The evaluation will concern the artefact (innovative, reliable, usable, efficient), the output (useful and legally accurate) and the presentation (well-structured, explanatory and engaging).

What will happen to the winning solutions?

Following the principles of open science, the winning solutions will be released under an “as open as possible” license – namely a CC BY 4.0 license (https://creativecommons.org/licenses/by/4.0/) for any document or image and a MIT license (https://mit-license.org/ ) for any software component.

Application, composition and selection of the teams

The organizers will select a maximum of 7 teams among the applicants.

How should teams be composed?

Teams must be composed of a minimum of 2 and a maximum of 3 people between 18 and 28 years old.

How should you apply?

Each team needs to apply via the form available at: https://forms.office.com/e/jiDwEGfCPW by the 6th of September 2024 at 11.00 PM CEST.

The application should contain:

  • Team name
  • Team Leader Name (contact person)
  • Team composition (minimum 2 and maximum 3 members), for each member:
    • Name and surname
    • Date of birth
    • Food intolerances
  • Email address of the team leader (contact address)
  • Link to a cloud folder (e.g., google drive, dropbox, onedrive, etc.) Containing:
    • Motivation letter of the team IN ENGLISH (Why they wish to participate and why they should be selected – max 800 words)
    • Concise CV IN ENGLISH (max 2 pages) for each team member

How will you know if you have been selected?

We will send an e-mail to the contact address provided on the 12th of September 2024.

Participation

Why should you participate?

If you are a creative young team who wants to solve innovative challenges at the intersection of technology and law and win a prize to start your own project, you are in the right place!

How will the trip to Pisa be organized and which expenses will be covered?  

The organizers of the challenge will cover the travel expenses to Pisa of the members of the selected teams, up to a maximum of 600 euros per team. The selected teams will need to organize their trips autonomously and will be reimbursed after the trip, upon presentation of the receipts and the original tickets. Breakfast, lunch and early dinner of the 10th of October will be served at the venue of the Challenge.

 What language will we use?

English will be the working and presentation language. Therefore, at least one member of each team must be able to present clearly in English and to answer questions by the Jury.

Rules and further information

OFFICIAL RULES

For any question, write to pm@legalityattentivedatascientists.eu

 

 

 

ESR Tommaso Crepax presents his research at the Privacy Symposium

ESR Tommaso Crepax presented his article on “The ‘Meta-moth-phosis’ of Data Portability: Observing the Transformation of Data Portability Through a Comparative Analysis of Definitions Across European Legislation” at this year’s Privacy Symposium conference, which took place in Venice, Italy, from June 10th to June 14th.

In his article, Tommaso examines the varying interpretations of data portability across different legislative frameworks. While each jurisdiction labels the concept as “portability,” the underlying understanding of what constitutes portability significantly differs. This research shows that the notion of data portability has undergone a substantial transformation: initially centered on empowering users by enabling data export and transfer, it has progressively shifted focus to benefit the data market by making data accessible to various entities in an easily-modifiable, machine-readable format. The metamorphosis of portability is complete in the Data Act: from larva to moth—the meta-moth-phosis.

For more information, read his blog post and abstract.

ESR Onntje Hinrichs publication in the Journal of European Consumer and Market Law (EuCML)

Cover image ofJournal of European Consumer and Market LawESR Onntje Hinrichs’ article on “Consumer Law and the Regulation of the Free Flow of Data: Upsetting the Balance of the European Data Protection Framework” has been published in the Journal of European Consumer and Market Law (EuCML).

Over the past years, scholars have increasingly investigated the complementarity of data protection and consumer law with regard to the protection of consumer data. No attention, however, has thus far been paid to the consequences which consumer law might have on the free flow of both personal and non-personal data.

In his article, Onntje analyzes various consumer law instruments and shows how consumer law transposes the principle of free movement of data from data protection to non-personal data via maximum harmonization. At the same time, however, his article demonstrates how consumer law risks undermining the object of data protection law to create a harmonized legal framework that facilitates the free flow of personal data.

The entire article can be accessed via this link.

 

 

ESR Fatma Doğan at PhD Summer School on Artificial Intelligence and Law 2024 at Tübingen University

 

Between the 13th and 17th of May, ESR Fatma Doğan had the opportunity to attend the Summer School, an event that brought together researchers from a variety of fields to share insights, foster collaboration, and advance collective knowledge. It was an invigorating experience, to say the least.

One of the most rewarding aspects of the summer school was the opportunity for Fatma to present a part of her PhD research. Sharing her work with such a diverse and knowledgeable audience was exhilarating. The feedback received was invaluable, offering new perspectives and ideas that Fatma is eager to incorporate into her research. The summer school provided a fantastic platform for Fatma to network with other researchers. Engaging with peers from different disciplines opened her eyes to various methodologies and approaches that she hadn’t considered before. These interactions highlighted the importance of interdisciplinary collaboration in driving innovation and solving complex problems.

The event featured many esteemed scholars who gave insightful talks on a wide range of topics such as Nadya Purtova, Lilian Edwards, Michael Veale, Uli Sachs and Yong Lim. Just to give an example, Fatma shared some remarks from Woodrow Hartzog’s speech.

Prof. Hartzog delved into the complex risks of AI and the challenges of regulating this technology. He highlighted the difficulty of understanding AI’s full risks, noting the divide between techno-optimists and techno-doomers. Prof. Hartzog stressed the dangers of an unregulated information ecosystem and the necessity of proactive measures to prevent harmful advancements by less scrupulous actors. He pointed out the growing privacy risks posed by IoT devices like facial recognition doorbells and the increasing use of AI for micro-management in schools, workplaces, and universities. This creates an “AI micro-managing machine” that personalizes ads and perpetuates misinformation—a scenario he described as a “snake eating its own tail.”

Regarding regulation, Prof. Hartzog critiqued Biden’s executive order on AI, which focuses on transparency but often falls short. Transparency is insufficient without real power for individuals, and debiasing AI is challenging and doesn’t necessarily make systems less dangerous. Ethical guidelines and advisory boards, while well-intentioned, often lack authority, creating a false sense of progress. Emphasizing individual control over personal data is misleading when system designs don’t support genuine autonomy. Prof. Hartzog mentioned that governments must protect individuals regardless of their choices because ‘no technology is neutral’. Lawmakers should be involved in tech development to ensure alignment with societal values. He highlighted the importance of maintaining social trust and pointed out that meaningful AI development might reduce industry profits but is essential to avoid societal harm. Technologies requiring significant human exploitation might not be necessary.

Reflecting on historical lessons, Prof. Hartzog noted the decline in public trust in tech companies and the growing calls for stricter regulations, such as bans on facial recognition. Local efforts, like city councils banning facial recognition, demonstrate meaningful action once considered unimaginable. Finally, Prof. Hartzog emphasized that addressing bias in AI is crucial but just a starting point. Bias correction alone won’t eliminate the risk of AI being used oppressively. He compared AI regulation to speed limits—necessary for safety despite being imperfect. He also noted that surveillance-driven advertising contributes to misinformation, underscoring the need for comprehensive and proactive AI governance, ethical development, and privacy protection to ensure technology serves society responsibly.

This summer school was more than just an academic exercise; Fatma is looking forward to applying the insights gained to her ongoing research. Lastly, Fatma is thankful to the organizers and participants who made the Summer School a success.