Erhalten Sie Zugang zu diesem und mehr als 300000 Büchern ab EUR 5,99 monatlich.
- Herausgeber: buch & netz
- Kategorie: Fachliteratur
- Sprache: Englisch
“Taming the Algorithm” by Paweł Kuch deals with the EU's latest data protection law that is special in various respects. In contrast to the other norms of the GDPR, the provision on automated individual decisions (Art. 22 GDPR) does not contain any general specifications for the processing of personal data but regulates a specific constellation of such processing. Art. 22 GDPR is based on the assumption that making decisions by machines and algorithms is problematic and must therefore be legally framed and the final decision left to a data subject. With the recent developments in artificial intelligence (AI), numerous fields opened up. The question of the legal understanding of automated individual decisions has thus recently gained importance.
Sie lesen das E-Book in den Legimi-Apps auf:
Seitenzahl: 316
Veröffentlichungsjahr: 2022
Das E-Book (TTS) können Sie hören im Abo „Legimi Premium” in Legimi-Apps auf:
Ähnliche
Taming the algorithm
The right not to be subject to an automated decision in the General Data Protection Regulation
Dissertation der Rechtswissenschaftlichen Fakultät der Universität Zürich zur Erlangung der Würde eines Doktors der Rechtswissenschaft
vorgelegt von
Paweł Kuch aus Polen
genehmigt auf Antrag von Prof. Dr. Florent Thouvenin und Prof. Dr. Felix Uhlmann
Taming the algorithm by Paweł Kuch is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License, except where otherwise noted.
© 2022 – CC BY-NC-ND (Werk), CC BY-SA (Text)
Author: Paweł KuchPublisher: EIZ Publishing (eizpublishing.ch)Production, Set & Distribution: buch & netz (buchundnetz.com)ISBN:978-3-03805-509-9 (Print – Softcover)978-3-03805-510-5 (PDF)978-3-03805-511-2 (ePub)DOI: https://doi.org/10.36862/eiz-509Version: 1.00 – 20220826
The dissertation was submitted by Paweł Kuch and adopted by the Faculty of Law of the University of Zurich, represented by Dean Prof. Dr. Thomas Gächter, on 6 April 2022.It was supervised by Prof. Dr. Florent Thouvenin and Prof. Dr. Felix Uhlmann.
The open access publication of this book has been published with the support of the Swiss National Science Foundation (SNF).
This work is available in print and various digital formats in OpenAccess. Additional information is available at: https://eizpublishing.com/publikationen/taming-the-algorithm/.
The publication is also available on the website of the Zurich Central Library:https://www.zb.uzh.ch/de/
1
Acknowledgements
For a practicing Attorney-at-Law, coming back to academia is an exciting experience. After years of immediate and decisive actions regarding a variety of legal topics and numerous different laws and regulations, a time of peaceful research and thorough analysis of one particular subject is an intriguing change.
I want to take this opportunity to thank the people who enabled and aided this fantastic adventure.
I would like to extend my immense appreciation to my supervisor, Professor Florent Thouvenin, who encouraged me to write a doctoral dissertation on automated decision-making. Thank you very much for your open-minded approach and challenging but valuable counsel. Our discussions were always very inspirational and gave me a great sense of intellectual enjoyment.
Great thanks to Professor Marcin Moskalewicz, whose example and advice helped me decide to take a scholar and researcher path.
I would also like to thank Mrs. Ana-María Llorente for her support and sharing inside views on cooperation with the data protection supervising authorities regarding my dissertation topic. Your interesting observations and thorough analysis helped me to obtain a better perspective on the subject matter.
Also, I owe many thanks to my brother, Karol Kuch. Without your example and support, I would not be a lawyer in the first place.
This project would not have been possible without my fantastic family’s help and support, especially my wonderful wife. Anna, I am forever thankful for all your unselfish love and kindness. Nadia and Lena, thank you for your patience and understanding – you are the best daughters in the world!
And finally, separate words of appreciation to the Law Faculty and Zurich University for the excellent opportunity to do my Ph.D. here. It is a remarkable and vibrant place. Your beautiful library and its hard seats will stay in my memory forever.
Zurich, 12 January 2022 Paweł Kuch
2
Table of Contents
Acknowledgments
Table of contents
Abbreviations
Bibliography
Materials
Table of figures
Chapter 1 Setting the goals
BackgroundResearch focusResearch objectivesAdopted methodologyAim of the researchValue of the researchChapter 2 Genesis of the European personal data protection laws and automated decision-making provisions
Common roots of privacy and data protectionConcepts of privacy and data protectionEmancipation of data protection from privacy rightEvolution and ever-growing fundamentalism of the data protection rightsEvolution of data protection rightsData protection as a fundamental right in the EU legal frameworkNon-prohibitive character of EU data protection lawsEmpowerment of the supervisory authoritiesRationale for including automated decision-making provisions in data protection lawsRoots of automated decision-making provisionsHistorical viewsData Protection Directive’s travaux préparatoires perspectiveAnthropocentric perspectiveChapter 3 Main interpretational rules, methods and principles concerning European Union legislation
Independent legal systemMain interpretational methods, and principles concerning European Union legislationGrammatical method.Systematic or contextual interpretation; the principle of effectiveness (effet utile)Teleological interpretationSubjective or historical interpretation; travaux préparatoiresSummaryChapter 4 Role of recitals
Non-binding effect of a preamble; the purpose of recitalsRecitals in the GDPRRecitals referring to Art. 22 GDPRChapter 5 Guidelines on Automated individual decision-making and Profiling for the purposes of the GDPR
Guidelines on Art. 22 GDPRPosition of guidelines in the EU legal frameworkControversial genesis of the A29WP GuidelinesControversial content of Guidelines; sophistries of the A29WPChapter 6 Current state of research
“General prohibition of automated decision-making”Confusions regarding Art. 22 GDPRScholarly authorsDreyer and SchulzMendoza and BygraveKaminskiWachter, Mittelstadt, FloridiTosoniCommentary authorsEsser, Kramer, LewinskiGolaMartiniChapter 7 Automated individual decision-making, including profiling, and its legal meaning; Art. 22(1) GDPR
Definition of automated individual decision-makingInsignificant disparities of automated decision-making definitions under Art. 15(1) DPD and Art. 22(1) GDPRComponents of Art. 22(1) GDPR explainedProfilingDistinguishing profiling in the GDPRRisks regarding profilingAutomated form of processingPersonal dataEvaluating the personal aspects of a natural personChapter 8 Employing the CJEU canon for interpretation of Art. 22 GDPR
Grammatical interpretation of Art. 22 GDPRContextual interpretation of Art. 22 GDPRTeleological interpretation of Art. 22 GDPRHistorical interpretation of Art. 22 GDPRChapter 9 Provisions influencing automated individual decision-making
The decision – a focal point of derogation under Art. 22(2); the GDPR principles perspectiveLawfulness of processing; relation between Art. 6(1) and Art. 22(2) GDPRPrinciple of lawfulnessRelation between Art. 6(1) and Art. 22(2) GDPRMinimum requirements to safeguard personal data – Art. 22(3) GDPRThe right to human interventionThe A29WP views on the right to human interventionHuman intervention – a requirement to maintain anthropocentric legal consensusThe right to express the individual’s point of viewThe right to contest the decisionGeneral prohibition of using an individual’s sensitive personal data for automated decision-making purposes – Art. 22(4) GDPRObligation to inform individuals about the existence of automated decision-making (Article 13, 14 and 15 of the GDPR) and “the right to explanation”Principle of transparencyIndividualized transparencySystemic transparencySupportive role of the right to be informed and the right to explanation in keeping the algorithmic decision-making accountableChapter 10 Summary and conclusions
Research objectives – introductionResearch objectives – findingsResearch objectives – conclusionsPrimary objectivesSecondary objectivesRecommendationsContribution to knowledgeAbstract
Curriculum Vitae
3
Abbreviations
4
Bibliography
Literature
Almada, M., ‘Human Intervention in Automated Decision-Making: Toward the Construction of Contestable Systems,’ (June 2019), ICAIL ’19: Proceedings of the Seventeenth International Conference on Artificial Intelligence and Law.
Ananny, M., Crawford, K., ‘Seeing without Knowing: Limitations of the Transparency Ideal and its Application to Algorithmic Accountability,’ (2018), New Media & Society, v. 20(3): 973-989.
Andenas, M., Zleptnig, S., ‘Surveillance and Data Protection: Regulatory in the EU and the Member States,’ (2003), European Business Law Review,14(6):765-813.
Arnull, A., ‘The European Union and Its Court of Justice,’ (2006), Oxford University Press.
Asimov, I., ‘Runaround,’ (March 1942), in Astounding Science Fiction, John W. Campbell, Jr. (ed), Street & Smith Publications, Inc.
Bailey, D., ‘The role of Guidelines in EU competition law,’ (2013), Brick Court Chambers King’s College London.
Beveridge, F., Nott, S., ‘A Hard Look at Soft Law,’ (1998), in Paul Craig and Carol Harlow (eds.), ‘Lawmaking in the European Union,’ Kluwer Law International.
Bignami, F.E., ‘Protecting Privacy Against the Police in the European Union: The Data Retention Directive,’ (2006), GWU Legal Studies Paper No 2013–43.
Bigus, J.P., ‘Data Mining with Neural Networks: Solving Business Problems from Application Development to Decision Support,’ (1996), McGraw-Hill, New York.
Bird & Bird, ‘Profiling and Automated Decision-Taking,’ (n.d.), available at:https://www.twobirds.com/~/media/pdfs/gdpr-pdfs/35–guide-to-the-gdpr–profiling-and-automated-decisiontaking.pdf
Blumenstock, J., Cadamuro, G., On, R., ‘Predicting Poverty and Wealth from Mobile Phone Metadata,’ (November 27, 2015), Science 350, no. 6264: 1073–76.
Bosco, F., D’Angelo, E., Vermeersch, E., ‘National Data Protection Authorities’ views on profiling,’ in ‘Profiling Technologies in Practice. Applications and Impact on Fundamental Rights and Values,’ (2015), Wolf Legal Publishers.
Brennan-Marquez, K., Henderson, S.E., ‘Artificial intelligence and role-reversible judgment,’ (2019), Journal of Criminal Law and Criminology, v. 109(2).
Breyer, P., ‘Telecommunications Data Retention and Human Rights: The Compatibility of Blanket Traffic Data Retention with ECHR,’ (2005), 11(3) European Law Journal 365.
Brkan, M., ‘Do Algorithms Rule the World? Algorithmic Decision-Making in the Framework of the GDPR and Beyond,’ (August 1, 2017), a revised version of this paper has been published in International Journal of Law and Information Technology, (11 January 2019).
Brown, L., Kennedy, T., ‘The Court of Justice of the European Communities,’ (1994), Sweet & Maxwell as in Holland, J., Julian, W., ‘Learning Legal Rules – A Student’s Guide to Legal Method and Reasoning,’ (2010), Oxford University Press.
Brugger, W., ‘Legal Interpretation, Schools of Jurisprudence, and Anthropology: Some Remarks From a German Point of View,’(1994), The American Journal of Comparative Law, Volume 42, Issue 2, Pages 395–421.
Bygrave, L.A., ‘Automated Profiling: Minding the Machine: Article 15 of the EC Data Protection Directive and Automated Profiling,’ (2001), Computer Law & Security Review 17.
Bygrave, L.A., ‘Data protection law, approaching its rationale, logic and limits,’ (2002), Kluwer Law International.
Bygrave, L.A., Berg, P., ‘Reflections on the Rationale for Data Protection Laws,’ (1995), in Bing and Torvund (eds.), 25 Years Anniversary Anthology in Computers and Law Oslo.
Cannataci, J.A., Mifsud-Bonnici, J.P., ‘Data Protection Comes of Age: The Data Protection Clauses in the European Consitıtutional Treaty,’ (2005), Information and Communications Technology Law, 14(1):5-15.
Carey, P., ‘Data Protection: A Practical Guide to UK and EU law,’ (2015), 4th edn, Oxford University Press.
Chasalow, I., ‘The First National Law and Electronics Conference,’ (March 1, 1961), v. 4(7), 31-34, available at:https://journals.sagepub.com/doi/abs/10.1177/000276426100400709
Clarke, A.C., ‘Profiles of the Future: An Inquiry into the Limits of the Possible,’ (revised edition, 1973), Popular Library.
Crawford, K., Schultz, J., ‘Big Data and Due Process: Toward a Framework to Redress Predictive Privacy Harms,’ (2014), Boston College Law Review, v. 55(1).
David, R., Brierley, J., ‘Major Legal Systems in the World Today,’ (1985), Stevens&Sons Ltd, as in Holland, J., Julian, W., ‘Learning Legal Rules – A Student’s Guide to Legal Method and Reasoning,’ (2010), Oxford University Press.
De Hert, P., Gutwirth, S., ‘Data protection in the case law of Strasbourg and Luxemburg: Constitutionalisation in action,’ (2009), in De Hert, P., Gutwirth, S.and others (eds.), ‘Reinventing data protection?’ Springer.
de Montjoye, Y.A., et al., ‘Predicting Personality Using Novel Mobile Phone-Based Metrics,’ (2013), in ‘Social Computing, Behavioral-Cultural Modeling and Prediction,’ ed. Greenberg, A.M., Kennedy, W.G., Bos, N.D., Springer-Verlag Berlin Heidelberg, vol. 7812, 48–55.
Desai, D.R., Kroll, J.A., ‘Trust But Verify: A Guide to Algorithms and the Law,’ (2017), Harvard Journal of Law & Technology, v. 31(1).
Dreyer, S., Schulz, W., ‘The GDPR and Automated Decision-Making: Will It Deliver?: Potentials and Limitations in Ensuring the Rights and Freedoms of Individuals, Groups and Society as a Whole,’ (2019), Discussion Paper Ethics of Algorithms, Bertelsmann Stiftung.
Düwell, M., Bos, G., ‘Human rights and future people — Possibilities of argumentation,’ (2016), Journal of Human Rights, 15:2, 231-250.
Dworkin, G., ‘The Theory and Practice of Autonomy,’ (1988), Cambridge University Press.
Epp, C., Lippold, M., Mandryk, R.L., ‘Identifying Emotional States Using Keystroke Dynamics,’ (2011), in ‘Proceedings of the 2011 Annual Conference on Human Factors in Computing Systems – CHI ’11,’ the 2011 annual conference, Vancouver, BC, Canada, ACM Press.
Esser, M., Kramer, P., von Lewinski, K., ‘Datenschutz-Grundverordnung Bundesdatenschutzgesetz und Nebengesetze, Kommentar. Heymanns Kommentare,’ (2017), Carl Heymanns Verlag.
EU Parliament, Counsel & Commission, ‘Joint Practical Guide of the European Parliament, the Council and the Commission for Persons Involved in the Drafting of European Union Legislation’, (2015), Publications Office of the European Union.
Fabbrini, F., ‘Human Rights in the Digital Age, The European Court of Justice Ruling in the Data Retention Case and its Lessons for Privacy and Surveillance in the us,’ (2015), Harvard Human Rights Journal.
Faiden, R., Beauchamps, T., ‘A History and Theory of Informed Consent,’ (1996), Oxford University Press.
Fayyad, U., Uthurusamy, R., ‘Data Mining and Knowledge Discovery in Databases,’ (1996), 39 Communications of the ACM, no 11.
Fennelly, N., ‘Legal Interpretation at the European Court of Justice,’ (1996), 20 Fordham International Law Journal, at 664.
Flemming, J.E., ‘Securing Deliberative Autonomy,’ (1995), Stanford Law Review, Vol. 48, N.1.
Flemming, J.E., ‘Securing Deliberative Democracy,’ (2004), Fordham Law Review, Vol. 72.
Froomkin, A.M., ‘Flood Control on the Information Ocean: Living with Anonymity, Digital Cash, and Distributed Databases,’ (1996), 15 University of Pittsburgh Journal of Law and Commerce, 395, Pt IV.
Galetta, U.D., Hofmann, H.C.H., Puigpelat, O.M., Ziller, J., ‘The general principles of EU administrative procedural law, European Parliament,’ (2015), Government of the Republic of Slovenia: Public Administration development Strategy 2015-2020.
Gellert, R., Gutwirth, S., ‘The Legal Construction of Privacy and Data Protection,’ (2013), Computer Law & Security Review (CSLR), Vol. 29, 522–530.
General Secretariat of the Council, ‘Manual of Precedents for Acts Established within the Council of the European Union,’ (2015), no. SN 1250/6/10 REV 6 (n.d.).
Gola, P., ‘Datenschutz-Grundverordnung VO (EU) 2016/679, Kommentar,’ (2017), C.H.Beck.
Gonzalez Fuster, G., Gellert, R., ‘The fundamental right of data protection in the European Union: in search of an uncharted right,’ (2012), International Review of Law, Computers & Technology 26.
González, E.G., ‘Understanding the Legal Provisions That Allow Processing and Profiling of Personal Data—an Analysis of GDPR Provisions and Principles,’ (2019), Springer, Europäische Rechtsakademie ERA Forum 19:597–621.
Grabenwarter, C., ‘The European Convention for the Protection of Human Rights and Fundamental Freedoms: A Commentary,’ (2014), Beck/Hart Publishing.
Gutwirth, S., Friedewald, M., Wright, D., Mordenite, E., et al., ‘Legal, social, economic and ethical conceptualisations of privacy and data protection,’ (2010), Deliverable D1 of the Prescient project, ‘Privacy and emerging fields of science and technology: Towards a common framework for privacy and ethical assessment,’ access:https://zenodo.org/record/1182961#.YFoJ7GPdj-Y
Habermas, J., ‘Between Facts and Norms,’ (1996), MIT Press.
Helberger, N., Zuiderveen Borgesius, F., Reyna, A., ‘The Perfect Match? A Closer Look at The Relationship Between EU Consumer Law and Data Protection Law,’ (2017), 54 Common Market Law Review 1427.
Helios, J., Jedlecka, W., ‘The Derivative Concept of Legal Interpretation in Eu Law,’ (2018), Acta Universitatis Wratislaviensis No 3867, Przegląd Prawa i Administracji 115.
Herman, S., ‘Quot Judices Tot Sententiae: A Study of English Reaction to Continental Interpretative Techniques,’ (1981), Legal Studies, 165.
Hildebrandt, M., ‘Privacy as protection of the incomputable self: from agnostic to agonistic machine learning,’ (2019), Theoretical Inquiries in Law (TIL), 20(1), 83-121.
Hildebrandt, M., ‘The Dawn of a Critical Transparency Right for the Profiling Era,’ (2012), Bus, J. (ed.), Digital Enlightenment Yearbook 41.
Holland, J., Webb, J., ‘Learning Legal Rules – A Student’s Guide to Legal Method and Reasoning,’ (2010), Oxford University Press.
Hubick, K.T., ‘Artificial Neural Networks in Australia,’ (1992), Dept. of Industry, Technology & Commerce, Canberra.
Itzcovich, G., ‘The Interpretation of Community Law by the European Court of Justice,’ (2009), 10 German Law Journal 537, at 552.
Jones, P., ‘Group Rights,’ (Summer 2016 Edition), The Stanford Encyclopedia of Philosophy Edward N. Zalta (ed.).
Kaltheuner, F., Bietti, E., ‘Data Is Power: Towards Additional Guidance on Profiling and Automated Decision-Making in the GDPR,’ (March 14, 2018), Journal of Information Rights, Policy and Practice 2, no. 2.
Kamarinou, D., Millard, C., Singh, J., ‘Machine Learning with Personal Data,’ (2016), Queen Mary School of Law Legal Studies Research Paper 247.
Kaminski, M.E., ‘The Right to Explanation, Explained,’ (2018), University of Colorado Law Legal Studies Research Paper No. 18‐24.
Keats Citron, D., ‘Technological Due Process,’ (2008), Washington University Law Review, v. 85(6).
Keats Citron, D., Pasquale, F.A., ‘The Scored Society: Due Process for Automated Predictions,’ (2014), Washington Law Review, v. 89(1).
Kennedy, R., ‘Algorithms and the Rule of Law,’ (April/May 2017), Cambridge University Press, Legal Information Management, 17(3), 170-172.
Kim, P. T., ‘Auditing Algorithms for Discrimination,’ (2017), University of Pennsylvania Law Review Online, v. 166(1).
Klimas, T., Valiciukaite, J., ‘the Law of Recitals in European Community Legislation,’ (2008), Vol. 15:1, ILSA Journal of International & Comperative Law.
Koops, B.J., ‘The Trouble with European Data Protection Law,’ (2014), 4 International Data Privacy Law 250.
Korff, D., ‘New Challenges to Data Protection Study – Working Paper No. 2: Data Protection Laws in the EU: The Difficulties in Meeting the Challenges Posed by Global Social and Technical Developments’, (2010), European Commission DG Justice, Freedom and Security.
Kosta, E., ‘Consent in European Data Protection Law,’ (2013), Brill, Nijhoff Studies in European Union Law, Volume: 3.
Kroll, J.A., Huey, J., Barocas, S., Felten, E.W., Reidenberg, J.R., Robinson, D.G., Yu, H., ‘Accountable Algorithms,’ (2017), University of Pennsylvania Law Review, v. 165(3).
Lasser, M., ‘Judicial Deliberations: A Comparative Analysis of Judicial Transparency and Legitimacy,’ (2005), Oxford University Press.
Lenaerts, K., ‘The Rule of Law and the Coherence of the Judicial System of the European Union,’ (2007), 44 Common Market Law Review 1625.
Lenaerts, K., Gutiérrez-Fons, J.A., ‘To Say What the Law of the EU Is: Methods of Interpretation and the European Court of Justice,’ (2013), Working Paper, access:http://cadmus.eui.eu//handle/1814/28339.
Lenaerts, K., Gutiérrez-Fons, J.A., ‘The Constitutional Allocation of Powers and General Principles of EU law,’ (2010), 47 Common Market Law Review 1629.
Liccardi, I., Abdul-Rahman, A., Chen, M., ‘I Know Where You Live: Inferring Details of People’s Lives by Visualizing Publicly Shared Location Data,’ (2016), in ‘Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems – CHI ’16,’ the 2016 CHI Conference, Santa Clara, California, USA, ACM Press.
Linderfalk, U., ‘On the Interpretation of Treaties,’ (2007), Springer Netherlands.
Llorens, A.A., ‘The European Court of Justice, More than a Teleological Court,’ (1999), Cambridge Yearbook of European Legal Studies 2: 373–98.
Lord Justice Leveson, ‘An Inquiry into the Culture, Practices and Ethics of the Press,’ (2012), London.
Lynskey, O., ‘Deconstructing Data Protection: The “Added-Value” of a Right to Data Protection in the EU Legal Order,’ (2014), 63 ICLQ, 585.
Lynskey, O., ‘The “Europeanisation” of Data Protection Law,’ (2017), Cambridge Yearbook of European Legal Studies.
Malgieri, G., ‘Automated Decision-Making in the EU Member States: The Right to Explanation and Other suitable Safeguards in the National Legislations,’ (October 2019), Computer Law & Security Review, v. 35(5).
Malgieri, G., Comandé, G., ‘Why a Right to Legibility of Automated Decision-Making Exists in the GDPR,’ (November 1, 2017), International Data Privacy Law 7, no. 4: 243–65.
Martini, M., ‘DS-GVO Art. 22 Automatisierte Entscheidungen im Einzelfall einschliesslich Profiling,’ in Paal, B.P., Pauly, D., ‘Datenschutz-Grundverordunung,’ (2017), C.H.Beck.
Mendoza, I. & Bygrave, L.A., ‘The Right Not to Be Subject to Automated Decisions Based on Profiling,’ (2017), SSRN Scholarly Paper, Rochester, NY: Social Science Research Network.
Micheler, E., Whaley, A., ‘Regulatory Technology: Replacing Law with Computer Code,’ (2020), Eur Bus Org Law Rev, v. 21, 349–377
Monroe, R., ‘Thing Explainer: Complicated Stuff In Simple Words,’ (2015), Houghton Mifflin Harcourt.
Mortier, R., Haddadi, H., Henderson, T., McAuley, D., Crowcrof, J., ‘Human Data Interaction: The Human Face of the Data-Driven Society,’ (2014), MIT Technology Review.
Murphy, C., ‘EU Counter-Terrorism Law: Pre-Emption and the Rule of Law,’ (2012), Hart Publishing, Oxford.
Novek, E., Sinha, N., Gandy, O., ‘The value of your name,’ (1990), 12 Media, Culture and Society.
O’Neill, O., ‘Autonomy and Trust in Bioethics,’ (2002), Gifford Lectures, Cambridge University Press.
Oana Andreea, S., ‘European Competition Soft Law in European Courts: A Matter of Hard Principles?,’ (2008), European Law Journal, Vol. 14, No. 6, 753-772.
Orla, L., ‘Deconstructing Data Protection: The “Added-Value” of a Right to Data Protection in the EU Legal Order,’ (2014), 63 ICLQ, 585.
Pasquale, F., ‘The Black Box Society: The Secret Algorithms That Control Money and Information,’ (2015), Harvard University Press.
Pescatore, P., ‘Les objectifs de la Communauté européenne comme principes d’interprétation dans la jurisprudence de la Cour de justice,’ (1972), in Miscellanea W.J. Ganshof van der Meersch, vol. 2, at 325-363;
Pipe, P., ‘The Data Mart: A New Approach to Data Warehousing,’ (1997), 11 International Review of Law Computers & Technology 251-261.
Poiares Maduro, M., ‘Interpreting European Law: Judicial Adjudication in the Context of Constitutional Pluralism,’ (2007), 1 European Journal of Legal Studies 1.
Prakash Sinha, S., ‘The Anthropocentric Theory of International Law as a Basis for Human Rights,’ (1978), Case Western Reserve Journal of International Law (JIL), v. 10 (469).
Preschal, S., De Leeuw, M. E., ‘Transparency: A General Principle of EU Law?’ in: Bernitz U., Nergelius, J., Cardner, C., (eds), ‘General Principles of EC Law in a Process of Development,’ (2008), Kluwer Law International.
Proust, O., ‘Unravelling the Mysteries of the GDPR Trilogues,’ (2015), Privacy, Security and Information Law.
Rasmussen, H., ‘Towards a Normative Theory of Interpretation of Community Law,’ (1993), University of Chicago Press.
Raz, J., ‘The Morality of Freedom,’ (1986), Oxford: Clarendon Press.
Reich, N., ‘Understanding EU Law,’ (2005), Intersentia Publishers.
Rouvroy, A., ‘Privacy, Data Protection, and the Unprecedented Challenges of Ambient Intelligence,’ (2008), Studies in Ethics, Law, and Technology 2, no. 1.
Rustici, C., ‘GDPR Profiling and Business Practice,’ (April 1, 2018), Computer Law Review International 19, no. 2, 34–43.
Salachová, B., Vítek, B., ‘Interpretation of European law, selected issues,’ (2013), Acta Universitatis Agriculturae et Silviculturae Mendelianae Brunensis, Mendel University Press, vol. 61(7), pages 2717-2720.
Schermers, H., Waelbroeck, D., ‘Judicial Protection in the European Union,’ (2001), Kluwer Law International.
Schønberg, S., Frick, K., ‘Finishing, Refining, Polishing: On the Use of travaux preparatoires as an Aid to the Interpretation of Community Legislation,’ (2003), 28 European Law Review at 155.
Schwartz, P.M., Reidenberg, J.R., ‘Data Privacy Law: A Study of United States Data Protection,’ (1996), MICHIE Law Publishers 102.
Schwartz, P.M., Treanor, W.M., ‘The New Privacy,’ (2003) Michigan Law Review, 101.
Selbst, A.D., Barocas, S., ‘The Intuitive Appeal of Explainable Machines,’ (2018), 87 Fordham Law Review 1085.
Shapiro, M., ‘The problems of independent agencies in the United States and the European Union,’ (1997), 4(2) Journal of European Public Policy 276.
Skitka, L.J., Mosier, K., Burdick, M.D., ‘Accountability and Automation Bias,’ (2000), International Journal of Human-Computer Studies 52, no. 4,701–17.
Sloot, B., ‘Legal fundamentalism: is data protection really a fundamental right,’ (2017), in Ronald Leenes et al., (eds.), ‘Data Protection and Privacy: (In)Visibilities and Infrastructures,’ Issues in Privacy and Data Protection, Springer International Publishing.
Snyder, F. ‘The Effectiveness of European Community Law: Institutions, Processes, Tools and Techniques,’ (1993), Modern Law Review 56.
Snyder, F., ‘Soft Law and Institutional Practice in the European Community: Institutions, Processes, Tools and Techniques,’ (1993), EUI Working Papers (Law), No. 93/5.
Solove, D.J., ‘“I’ve Got Nothing to Hide” and Other Misunderstandings of Privacy,’ (2007), 44 SanDiegoLRev 745, 771.
Spaho, E., ‘Data Protection: When Others Know What You Want Before You Do,’ (2019), n.d, access:https://www.academia.edu/39917165/Data_Protection_When_Others_Know_What_You_Want_Before_You_Do
Stefan, O.A., ‘European Competition Soft Law in European Courts: A Matter of Hard Principles?’ (2008), European Law Journal, Vol. 14, No. 6, 753-772.
Tallberg, J., ‘Paths to Compliance: Enforcement, Management, and the European Union,’ (2002), International Organization, Vol. 56, Issue 3, 609–643.
Tichý, L., et al., ‘Evropské Právo, 4.Vydání,’ (2010), C.H.Beck.
Tosoni, L., ‘The Right to Object to Automated Individual Decisions: Resolving the Ambiguity of Article 22(1) of the General Data Protection Regulation,’ (May 14, 2021), 11 International Data Privacy Law (2021) (Forthcoming), University of Oslo Faculty of Law Research Paper No. 2021-07, available at:https://ssrn.com/abstract=3845913
van der Sloot, B., ‘Legal fundamentalism: Is data protection really a fundamental right,’ (2017), in R. Leenes, R. van Brakel, S. Gutwirth, & P. De Hert (eds.), Data protection and privacy: (In)visibilities and infrastructure (pp. 3-30). (Law, Governance and Technology Series; Vol. 36), (Issues in Privacy and Data Protection).
Veale, M., Edwards, L., ‘Clarity, Surprises, and Further Questions in the Article 29 Working Party Draft Guidance on Automated Decision-Making and Profiling,’ (2018), Computer Law & Security Review: The International Journal of Technology Law and Practice 34, no. 2, 398–404.
Veale, M., Edwards, L., ‘Slave to the Algorithm? Why a “Right to an Explanation” is Probably Not the Remedy You Are Looking For,’ (2017), 16 Duke Law and Technology Review 18.
Wachter, S., Mittelstadt, B., and Floridi, L., ‘Why a Right to Explanation of Automated Decision-Making Does Not Exist in the GDPR,’ (2016), SSRN Scholarly Paper (Rochester, NY: Social Science Research Network.
Wachter, S., Mittelstadt, B., Russell, C., ‘Counterfactual Explanations without Opening the Black Box: Automated Decisionmaking and the GDPR,’ (2018), Harvard Journal of Law & Technology, v. 31(2).
Wacks, R., ‘Privacy – A very short introduction,’ (2010), Oxford University Press.
Wagner, W.E., ‘Administrative Law, Filter Failure, and Information Capture,’ (2010), 59 Duke Law Journal.
Walzer, M., ‘Interpretation and Social Criticism,’ (1987), Cambridge, Mass., Harvard.
Warren, S., Brandeis, L., ‘The Right to Privacy,’ (Dec. 15, 1890), Harvard Law Review, Vol. 4, No.5.
Wihlborg, E., Larsson, H., Hedström, K., ‘“The Computer Says No!”: A Case Study on Automated Decision-making in Public Authorities,’ (2016), 49th Hawaii International Conference on System Sciences (pp. 2903-2912).
Woolridge, M., Jennings, N.R., ‘Intelligent Agents: Theory and Practice,’ (1995), The Knowledge Engineering Review, Volume 10, no 2.
Youyou, W., Kosinski, M., Stillwell, D., ‘Computer-Based Personality Judgments Are More Accurate than Those Made by Humans,’ (January 27, 2015), Proceedings of the National Academy of Sciences 112, no. 4: 1036–40.
Zarsky, T.Z., ‘Transparent Predictions,’ (2013), University of Illinois Law Review, v. 2013(4).
Zuiderveen Borgesius, F., Poort, J., ‘Online Price Discrimination and EU Data Privacy Law,’ (2017), 40 Journal of Consumer Policy 3, 347–366.
Articles and Blogs
Adams, D., ‘8 bold biohacks that blur the line between human and machine,’ (May 20, 2017), digital trends:https://www.digitaltrends.com/cool-tech/coolest-biohacking-implants/
Andrews, E., ‘Who invented the internet?’, 2013, available at:https://www.history.com/news/who-invented-the-internet
Bogost, I., ‘My Cow Game Extracted Your Facebook Data,’ (March 22, 2018), The Atlantic, available at:https://www.theatlantic.com/technology/archive/2018/03/my-cow-game-extracted-your-facebook-data/556214/
Cisco Annual Internet Report, N/D, available at:https://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/vni-hyperconnectivity-wp.html
Darabi, A., ‘New Zealand explores machine-readable laws to transform government,’ (11 May 2018), Apolitical, available at:https://apolitical.co/solution_article/new-zealand-explores-machine-readable-laws-to-transform-government/
Gardner, B., ‘Making the law machine-readable,’ (16 October 2018), available at:https://www.wavelength.law/blog/makingthelawmachinereadablepart1#_ftn6
Gobry, P.E., ‘The Internet Is 20% Of Economic Growth,’ (May 24, 2011), Business Insider, available at:http://www.businessinsider.com/mckinsey-report-internet-economy-2011-5?IR=T
Google ‘2019 research review: Insights we uncovered in 2019 that will take you into 2020,’ available at:https://www.thinkwithgoogle.com/data-collections/2019-consumer-insights/
Heimes, R., ‘Top 10 Operational Impacts of the GDPR: Part 5 – Profiling,’ iapp.org, accessed 10 November 2019:https://iapp.org/news/a/top-10-operational-impacts-of-the-gdpr-part-5-profiling/
Huawei and Oxford Economics, ‘Digital Spillover: Measuring the True Impact of the Digital Economy,’ (2017), Huawei and Oxford Economics, available at:https://www.huawei.com/minisite/gci/en/digital-spillover/files/gci_digital_spillover.pdf
Internet Association, ‘New Report Calculates the Size of the Internet Economy,’ (December 10, 2015), Internet Association, available at:https://internetassociation.org/121015econreport/
Kleinman, Z., ‘Facebook denies “listening” to conversations,’ (28 October 2017), BBC News, available at:https://www.bbc.com/news/technology-41776215
Knight, D., ‘Personal computer history: 1975-1984,’ 2014, available at:https://lowendmac.com/2014/personal-computer-history-the-first-25-years/
Multistakeholder Expert Group, ‘Contribution from the Multistakeholder Expert Group to the Stock-Taking Exercise of June 2019 on One Year of GDPR Application,’ (June 13, 2019), Multistakeholder Expert Group, available at:https://ec.europa.eu/info/sites/info/files/report_from_multistakeholder_expert_group_on_gdpr_application.pdf
Nielsen, N., ‘EU Data Retention Law Said to Breach Privacy Rights’, (13 Dec. 2013), EU Observer, access:https://euobserver.com/justice/122459
Posey, B., ‘Digital implants are the future — but are they a good idea?,’ (May 13, 2019), techgenix:http://techgenix.com/digital-implants/
Sahin, G., ‘Privacy and Data Protection in EU,’ (2010), available at:https://www.academia.edu/11755258/Privacy_and_Data_Protection_in_EU
Schumaker, E., ‘Elon Musk unveils brain chip implant: “It’s like a Fitbit in your skull,”’ (August 30, 2020), abc News:https://abcnews.go.com/Health/elon-musk-unveils-brain-chip-implant-fitbit-skull/story?id=72703840
Su, J., ‘Why Amazon Alexa Is Always Listening To Your Conversations: Analysis’, (May 16, 2019), Forbes, available at:https://www.forbes.com/sites/jeanbaptiste/2019/05/16/why-amazon-alexa-is-always-listening-to-your-conversations-analysis/?sh=309331f22378
United Nations, ‘Gender Equality and Women’s Empowerment,’ United Nations Sustainable Development (blog), accessed May 24, 2019 at:https://www.un.org/sustainabledevelopment/gender-equality/
5
Materials
EU Treaties
Treaty of Lisbon amending the Treaty on European Union (TEU) and the Treaty establishing the European Community (TEEC), signed at Lisbon, 13 December 2007, Official Journal C306/1, 17.12.2007 (cited: Lisbon Treaty)
Treaty on European Union (consolidated version as amended by the Treaty of Lisbon) 9 May 2008, Official Journal C115/3, 9.5.2008 (cited: TEU)
Treaty on the Functioning of the European Union (consolidated version as amended by the Treaty of Lisbon) Official Journal 115/47, 9.5.2008 (cited: TFEU)
Charters and Conventions
Charter of Fundamental Rights of the European Union, (2000/C364/01), Official Journal (OJ) C 326, 26/10/2012, (cited: Charter)
UN General Assembly, Universal Declaration of Human Rights, 10 December 1948, 217 A(III)
Council of Europe, European Convention for the Protection of Human Rights and Fundamental Freedoms, as amended by Protocols Nos. 11 and 14, 4 November 1950, ETS 5 (cited: ECHR)
― Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, ETS. No. 108, Strasbourg, 18 January 1981 (cited: Convention 108)
― Draft modernized Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, ETS. No. 108, drawn up by the Council of Europe’s Ad hoc Committee on Data Protection (version of September 2016, document GR-J(2016)14)
― Additional Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, regarding Supervisory Authorities and Transborder Data Flows, ETS No. 181, open for signature 8 November 2001, in force 1 July 2004
― Protocol amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No. 108), CM(2018)2-final, adopted on 17-18 May 2018
― Resolution (73) 22 on the Protection of the Privacy of Individuals vis-à-vis Electronic Data Banks in the Private Sector, September 26, 1973, published in: Forward in Europe, Legal Supplement No. 10, Information Bulletin of the Directorate of Legal Affairs, April 1974
― Resolution (74) 29 on the Protection of the Privacy of Individuals vis-à-vis Electronic Data Banks in the Public Sector, September 20, 1974, published in: Forward in Europe, Legal Supplement No. 11, Information Bulletin of the Directorate of Legal Affairs, October 1974
Vienna Convention on the Law of Treaties (United Nations [UN]), 1155 UNTS 331, 8 ILM 679 (1969), 63 AJIL 875 (1969) (cited: Vienna Convention)
EU Regulations
Regulation (EC) No 1907/2006 of the European Parliament and of the Council of 18 December 2006 concerning the Registration, Evaluation, Authorisation and Restriction of Chemicals (REACH), establishing a European Chemicals Agency, amending Directive 1999/45/EC and repealing Council Regulation (EEC) No 793/93 and Commission Regulation (EC) No 1488/94 as well as Council Directive 76/769/EEC and Commission Directives 91/155/EEC, 93/67/EEC, 93/105/EC and 2000/21/EC (Regulation 1907/2006/EC)
Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance), OJ L 119, 4.5.2016 (cited: GDPR)
EU Directives
Council Directive 2004/113/EC of 13 December 2004 implementing the principle of equal treatment between men and women in the access to and supply of goods and services OJ L 373, 21.12.2004 (cited: Directive 2004/113)
Directive 1995/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, (Data Protection Directive) Official Journal (OJ) L 281, 23/11/1995, (cited: DPD)
Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC [2006] OJ2006 L105/54 (cited: Directive 2006/24).
National Legislation
Belgian data protection legislation (Wet tot omzetting van de Richtlijn 95/46/EG van 24 oktober 1995 van het Europees Parlement en de Raad betreffende de Bescherming van Natuurlijke Personen in verband met de Verwerkung van Persoonsgegevens en betreffende de Vrij Verkeer van die Gegegevens, van 11 december 1998)
Lesotho’s Data Protection Act No. 5 of 2012
South Africa’s Protection of Personal Information Act No. 4 of 2013
Hesse Data Protection Act of 7 October 1970, originally published in Gesetz- und Verordnungsblatt I S. 625-627 i.d.F. des Hess. Gesetztes zur Anpassung des Landesrechts an das Einführungsgesetz zum Strafgesetzbuch vom 4. September 1974 (GVBl. I S. 361) Gesetz- und Verordnungsblatt II 300-10 (unofficial English translation by OECD, Informatics Studies No. 2, 1971, pp. 47 et seqq.) (cited: Hesse Data Protection Act)
Portuguese data protection law (Lei no 10/91 de 12. de Abril 1991, da Proteccão de Dados Pessoais face à Informática); replaced and repealed by Law no 67/98 of 26.10.1998)
Spanish data protection law (Ley organica 5/1992 de 29 de octubre 1992, de Regulación del Tratamiento Automatizado de los Datos de Carácter Personal; replaced and repealed by Law 15/1999 of 13.12.1999)
German Federal Data Protection Act of 14 January 2003, published in Federal Law Gazette I, (in German called: Bundesdatenschutzgesetz (BDSG))
The Macao Special Administrative Region, Act 8/2005 on Personal Data Protection
Senegal’s Data Protection Act of 2008 – Loi n° 2008-12 sur la Protection des données à caractère personnel
Angola’s Law No. 22/11 on Data Protection of 2011
Resolutions, Communications, Decisions and Guidelines
Commission Decision 2000/520/EC of 26 July 2000 on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce, OJ L 215/7
Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield, OJ L 207/1
Commission of the European Communities – Proposal for Council Directive concerning the protection of individuals in relation to the processing of personal data, COM(90) 314 final – SYN 287, 13.9.1990
― Amended proposal for Council Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data, COM(92) 422 final – SYN 287, 15.10.1992
European Commission – Report SURVANT Research Project. Fast Track to Innovation, (2017).
European Data Protection Board – Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects, Adopted on 9 April 2019 (version for public consultation)
European Parliament – ‘Guidelines on Gender-neutral Language in the European Parliament,’ (2018)
― (2013) Report on the proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR) (COM(2012)0011 – C7-0025/2012 – 2012/0011(COD))(A7- 0402/2013; PE501.927v05-00),
European Union and Council of Europe, eds., ‘Handbook on European Data Protection Law,’ 2018 edition.
Ontario Information and Privacy Commissioner, Data Mining: Staking a Claim on Your Privacy, January 1998.
The Council of Europe’s Guidelines on the Protection of Individuals with Regard to the Processing of Personal Data in the World of Big Data (adopted 23 January 2017; T-PD(2017)01)
UN General Assembly, Resolution Adopted by the General Assembly, (22 March 2017), Human Rights Council, A/HRC/34/L.7/Rev.1
Opinions of Data Protection Authorities
Article 29 Working Party – Guidelines on Automated Individual Decision-Making and Profiling for the Purposes of Regulation 2016/679 (Wp251rev.01) – European Commission (cited: Guidelines)
― Transfers of personal data to third countries: Applying Articles 25 and 26 of the EU data protection directive, (Wp 12, 1998), DG XV D/5025/98 – European Commission
― Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679, WP248 rev. 01, (17/EN), 4 October 2017 (cited: DPIA Guidelines)
Case Law
Court of Justice of the European Union
CJEU, 113/80 Commission v. Italy [1981]
CJEU, 148/78 Pubblico Ministero v. Ratti [1979]
CJEU, 15/74 Centrafarm v. Sterling Drug [1974]
CJEU, 152/84 Marshall v. Southampton and South West Area Health Authority [1986]
CJEU, 187/87 Land de Sarre and others [1988]
CJEU, 24/62 Germany v. Commission [1963]
CJEU, 26/62 Van Gend en Loos v. Nederlandse Administratie der Belastingen [1963]
CJEU, 267/83 Diatta [1985]
CJEU, 27/72 Aimer v. Einfuhr-und Vorratsstelle Getreide [1972]
CJEU, 29/69 Stauder [1969]
CJEU, 31/70 Getreide-und Futtermittel Handelsgesellschaft v. Hza Hamburg-Altona [1970]
CJEU, 314/85 Foto-Frost v. Hza Lübeck-Ost [1987]
CJEU, 41/74 Van Duyn v. Home Office [1974]
CJEU, 43/75 Defrenne v. Sabena [1976]
CJEU, 46/76 Bauhuis [1977]
CJEU, 6/64 Costa v. ENEL [1964]
CJEU, 6/77 Schouten v. Hoofdprodukstchap voor Akkerbouwprodkten [1977]
CJEU, 78/70 Deustche Gramophon v. Metro [1971]
CJEU, C-105/03 Pupino [2005]
CJEU, C-115/08 ČEZ [2009]
CJEU, C-116/02 Gasser [2003]
CJEU, C-12/11 McDonagh [2013]
CJEU, C-127/08 Metock and others [2008]
CJEU, C-134/08 Hauptzollamt Bremen v. Tyson Parketthandel [2009]
CJEU, C-136/04 Deutsches Milch-Kontor [2005]
CJEU, C-139/01 Österreichischer Rundfunk and Others [2003]
CJEU, C-149/10 Chatzi [2010]
