Brief report on PI.lab Conference 7 December 2017
The annual conference of the PI.lab took place December 7th in Utrecht. Theme of this year’s conference was ‘GDPR countdown’. The conference started with a keynote presentation by prof Mireille Hildebrandt and ended with a keynote by prof Ronald Deibert. ‘In between’, two sets of parallel sessions covered the way organisations are working on the GDPR, the coming referendum on the Dutch law for intelligence services, the construction of privacy by design, the concept of personal data and a discussion of how to create and enforce data justice.
Prof Hildebrandt gave an in-depth overview of the way the GDPR deals with machine learning. She unravelled the various inroads from the GDPR into the problem area that machine learning proposes. A structured approach to machine learning is needed in order to enable a proper assessment of what it can do and what it can’t do. To this end, a distinction should be made between systems that are exploratory – i.e. aimed at finding new correlations – and systems that are confirmatory – i.e. that confirm expected correlations. Another inroad is the need for a distinction between ex ante justification and ex post justification of automated decision making and profiling. Both elements contribute to enhanced transparency, but in different manners. The keynote provided a wealth of insights and food for thought.
The panel on the ambition of Dutch branch organisations with respect to the business value of privacy demonstrated the variety in approaches as put forward by DDMA, ICT Nederland and Thuiswinkel.org. All three organisations are active in promoting responsible behaviour concerning the implementation of the GDPR. All have their own instruments. It was agreed that to promote the relevance of privacy as business value a more concerted effort is needed. The organisations expressed their willingness to be engaged in such an activity. It could build upon the action programme Privacy as an innovation opportunity, in which the PI.lab and DDMA are already collaborating.
Sander Venema gave an introduction in the Freedom Index. The Freedom Index is a proposed international standard for the classification of human rights information on the internet. The problem is that indexing is biased, due to algorithmic decisions by Google, and many information, especially in foreign languages is unfindable. One universal indexing system designed to catalogue all data relating to human rights and fundamental freedoms would tackle the problem that due to an increasing amount of human rights information, the information is becoming inaccessible and even invisible. The Freedom Index works like the Dewey Decimal System, but instead of one index number for one document (e.g., in a library), they group closely-related documents.
The panel on the Dutch Law on surveillance and intelligence presented a nuanced perspective on issues at stake. For one, it is clear that the claim that intelligence services need more room to manoeuvre makes sense, given technological developments over the past decades. For another, the lack of clear restrictions on this additional room and the lack of a stringent system of overview and supervision makes this law unbalanced and introduces risks that should not be played down. The debate demonstrated the need for detailed and thorough presentation of the real assets of the new law. The referendum was welcomed as a means to engage civilians with the intricacies of this debate.
Linnet Taylor and Nadya Purtova, both from the Tilburg Institute for Law, Technology, and Society (TILT), Tilburg University, Netherlands, discussed the future of privacy and data protection. Linnet Taylor focussed on her concept of Data Justice. Her core research question: What problems create claims to data justice, and what would constitute a globally inclusive framework? Nadya Purtova took it from there and explained here concept of justice in the data-driven world. Her research focussed on understanding information for legal protection of people against information-induced harms. Both Linnet and Nadya challenged the focus on the individual and on personal data, and instead focus on data gathering, analysis and usage as such.
Finally, prof. Deibert presented the workings of his research group in Toronto, Canada on unravelling the way intelligence services try to gain access to persons they want to trace. By delving deep into the intricacies of the technologies behind zero-days exploits (vulnerabilities of systems that are known to specific communities – such as intelligence services – but not to others) his research group is able to demonstrate the way intelligence services operate. A relevant partner is a commercial enterprise within Israel that is able to make use of these zero-days exploits. Demonstrating the workings of the intelligence services does not easily come. The research group of prof Deibert exists for ten years now, is dependent on donations in order to do its valuable work and needs to secure itself thoroughly from not being tapped into by intelligence services itself.
For the presentations of the various speakers, click here.