UNIO – EU Law Journal

Data protection and the transformation of rights in the digital society

2024-05-19T14:07:13+00:00

This paper analyses the centrality that data protection is acquiring in the digital society as a right that, together with that of consumer protection, is expanding and occupying spaces for guaranteeing other rights that by themselves have weaker protections. This evolution also contributes to transforming the system of rights insofar as it detaches them from substantive principles and values in order to secure them from the market’s standpoint. This instrumental character to the market is especially relevant in data protection, since in addition to being a right, it is also a commodity in the framework of the data economy. The paper also highlights the challenges posed by Generative Artificial Intelligence, not only for data protection, but also for the data economy itself and the digital society, as it has the capacity to generate and propagate disinformation of a systemic nature.

Data protection and appropriate measures: too many uncertainties in the judicial applications?

2024-05-19T14:18:57+00:00

The present paper analyses, from a comparative perspective, the accountability rules outlined in the GDPR and their practical application by the courts of Member States. The first part of the article highlights the influence of the GDPR on Third Countries, with specific attention to Chinese legislation regarding data protection. The second part is mainly focused on the obligations relating to accountability and the notion of appropriateness of measures to be adopted by Data Controllers, as well as its connection with liability rules stated in Article 82 of the GDPR. The analysis considers the application of these rules, emphasising the different interpretations made by Data Protection Authorities, national courts, and more recently, by the Court of Justice of the European Union.

Building on the EU’s unique strategy for Artificial Intelligence (AI): can an ethical foundation be successfully integrated into its design and deployment?

2024-05-19T15:16:44+00:00

In this article, the Author investigates the ethical principles espoused by the European Union’s (EU) policies on Artificial Intelligence (AI) and discuss their effectiveness in providing an ethical foundation for the entire process of developing and deploying AI in Europe. To this end, the scope of the term “ethics” in the regulatory process is analysed, and the extent to which ambiguity about its meaning can contribute to inadequate policies, is considered. The Author also addresses the criticisms and suggestions that have been made regarding the use of certain concepts, such as ‘trustworthiness’ and ‘human-centric’, which are so often used in European AI guidelines. The aim of the article is to explore the ways in which ethical values have been applied and identify potential areas of improvement to further safeguard and advance the rule of law, human rights, and democracy in the EU. This quest proves to be relevant amidst the various challenges that arise from emerging technologies like AI, which are of an unknown magnitude to our contemporary democracies, constituting a complete paradigm shift. In exploring the issues set out here, the Author navigates some of the new developments that the EU’s
Artificial Intelligence Act (AI Act) introduces, as well as the pressing criticisms levelled at it in the context of the overarching theme of this article.

The role of Artificial Intelligence (AI) in rehabilitation and in the reduction of the use of imprisonment

2024-05-19T15:45:34+00:00

Over the past few decades, the criminal justice system has experienced a shift towards risk management (actuarial justice). The New Public Management ideology has also entered the field of criminal policy and currently there is a growing recognition of the importance of adopting an Offender Management System. This new way of managing the criminal justice is increasingly supported by Artificial Intelligence and related digital technologies. The use of these technologies has enormous potential from a rehabilitation perspective. However, the current trend is to use them mainly for security and control purposes. This analysis examines whether the goal of rehabilitation can still be accommodated in a criminal justice system with the aforementioned characteristics. Criminal policy has the responsibility to ensure that the control it imposes on citizens can be balanced by an ethical use of digital technologies, which effectively contributes to rehabilitation and to the reduction in the resort to imprisonment.

Regulation of artificial intelligence in Brazil: examination of Draft Bill no. 2338/2023

2024-06-20T21:11:16+00:00

This article aims to explore the challenges faced by Brazilian Draft Bill no. 2338/2023 in its purpose to implement risk-based regulation of artificial intelligence in Brazil. Based on the inspiration received from the European AI Act, the article describes the Brazilian classification of risks and its impacts for the regulation, the governance rules, the practical application of principles of prevention and precaution, and the administrative and civil liability.

Is it worthwhile for Latin American countries to obtain adequate level of personal data protection from the European approach, or is it better to promote the use of contractual clauses to export such information?

2024-06-28T19:17:03+00:00

The international transfer of personal data between countries with diverse legal cultures is set to continue growing as social and economic relationships expand alongside the increasing number of internet users and the widespread adoption of information and communication technologies worldwide. This paper proposes to re-evaluate the emphasis on the “adequate level of data protection” as a strategy to ensure the minimum standards for the proper handling of personal data when exported to other countries. Instead, it suggests that standard data protection clauses might be a more effective approach to achieve this objective. Ensuring an adequate level of data protection is essential for all countries. However, this does not necessarily mean that such a level can only be attained by adhering to processes established by foreign organisations or local authorities from other nations. The absence of a formal certification of an adequate level does not imply that a country lacks the effective mechanisms to ensure proper personal data treatment. The lengthy duration and high uncertainty associated with the adequacy processes are inconvenient for entities that need to legally export personal data to other countries. Therefore, standard data protection clauses are presented as a practical and sensible tool to achieve this goal. It is highly likely that the use of these clauses will eventually replace the need to rely on the “adequate level of data protection” framework.