Iβm hoping to use the EUβs draft AI Act as a way to think about how we can safely use Artificial Intelligence. The Commissionβs draft sets a number of obligations on both providers and users of AI; formally these only apply when AI is used in βhigh-riskβ contexts, but they seem like a useful βhave […]
Category: Articles
Thoughts on regulatory and ethical issues relating to the use of technology in education and research
Explaining Network Telemetry
A really interesting series of talks on how to gather and share information about the performance of networks at todayβs GEANT Telemetry and Data Workshop. One of the most positive things was a clear awareness that this information can be sensitive both to individuals and to connected organisations. So, as the last speaker, I decided […]
GDPR Article 21 provides a βright to objectβ whenever personal data are processed based on either Legitimate Interests or Public Interests. In both cases, an individual can highlight βgrounds relating to his or her personal situationβ and require the data controller to consider whether there remain βcompelling legitimate grounds for the processing which override the […]
I was invited to contribute to a seminar on the Right to Object (RtO). Normally this GDPR provision is seen as a way to prevent harm to a particular individual because of their special circumstances. But I wondered whether data controllers could also use the RtO process as an opportunity to review whether their processing […]
When the Government first announced plans to regulate online discussion platforms I wondered whether small organisations would be able to outsource the compliance burden to a provider better equipped to deliver rapid and effective response. Clause 180(2) of the Online Safety Bill suggests the answer is yes: The provider of a user-to-user service is to […]
[21/6: Added more examples of public engagement] [22/3: Updated analysis of why read-only access fits within the para 8 exemption] The Government has now published its Online Safety Bill: the text that will be debated, and no doubt amended, in Parliament. Compared to last summerβs draft, this is somewhat clearer on whether platforms operated by […]
Weβve been talking to computers for a surprisingly long time. Can you even remember when a phone menu first misunderstand your accent? Obviously there have been visible (and audible) advances in technology since then: voice assistants are increasingly embedded parts of our lives. A talk by Joseph Turow to the Privacy and Identity Lab (a […]
Information sharing, trust, and moreβ¦
Using and sharing information can create benefits, but can also cause harm. Trust can be an amplifier in both directions: with potential to increase benefit and to increase harm. If your data, purposes and systems are trusted – by individuals, partners and society β then you are likely to be offered more data. By choosing […]
Managing the risks of Subject Access
My LLM dissertation (published ($$) in 2016 as βIs the Subject Access Right Now Too Great a Threat to Privacy?β) discussed the challenge of reliably identifying a data subject who you only know through pseudonymous digital channels or identifiers. Others have conducted practical experiments, finding that it would, indeed, be relatively easy to use GDPR […]
Automating Digital Infrastructures
Most of our digital infrastructures rely on automation to function smoothly. Cloud services adjust automatically to changes in demand; firewalls detect when networks are under attack and automatically try to pick out good traffic from bad. Automation adjusts faster and on a broader scale than humans. That has advantages: when Jisc’s CSIRT responded manually to […]