#DATAGOV1 – European Data Governance

European Citizens’ data protection, data governance and cybersecurity: fundamental rights and personal data processing in big data era

Academic Year 2019/2020 – October/December 2019

(48 hours – 6 CFU/ECTS – 12 Lessons)

ROOM M500 (Via Santa Sofia, 9/1, 20122 Milano MI)

Prof. Avv. Giovanni Ziccardi, Phd.

Keystaff: Avv. Prof. Simone Bonavita, LLM, Phd, Prof. Massimo Farina, LLM, Phd, Avv. Stefano Mele, Phd, Prof. Avv. Pierluigi Perri, Phd

With the tutorships of: Ing. Paolo Dello Vicario – Avv. Silvia Martinelli –  Dott.ssa Ambra Pacitti –  Dott.ssa Alessandra Salluce – Dott.ssa Andrea Scirpa – Dott.ssa Samanta Stanco – Dott. Gabriele Suffia – Dott. Jacopo Ziffer

The course is focused on the Legal Informatic analysis of the EU law related to data and information treatment following an integrated approach, which allows students to understand the importance of relevant changes in EU norms, not only in the field of personal data but also related to other kinds of data and of their impact on infrastructures and services within the information society.

Lesson #1 – 3 October 2019 (09:30 – 12:30)

Module 1: Personal data processing within the European Union (1/5)

Lesson: Giovanni Ziccardi

Key Staff: Simone Bonavita, Stefano Mele

Tutor: Alessandra Salluce

  • Introduction to the Jean Monnet Course on data governance
  • The concept of “data” and the data treatment
  • Security and cybersecurity in the European Union legal framework
  • The “economy of data”
  • The ENISA activity
  • Cybersecurity norms and Directives
  • Personal data and fundamental rights of the European citizens

To be discussed:

Arrieta Ibarra, Imanol and Goff, Leonard and Jiménez Hernández, Diego and Lanier, Jaron and Weyl, Eric Glen, Should We Treat Data as Labor? Moving Beyond ‘Free’ (December 27, 2017). American Economic Association Papers & Proceedings, Vol. 1, No. 1, Forthcoming. Available at SSRN: https://ssrn.com/abstract=3093683

For deepening research:

Micheli M., Blakemore M., Ponti M., Craglia M.,The Governance of Data in a Digitally Transformed European Society, Second Workshop of the DigiTranScope Project, available at https://www.researchgate.net/publication/330223608_The_Governance_of_Data_in_a_Digitally_Transformed_European_Society

Lesson #2: 7 October 2019 (09:30 – 12:30)

Module 1: Personal data treatment within the European Union (2/5)

Lesson: Giovanni Ziccardi

Key Staff: Pierluigi Perri

Tutor: Alessandra Salluce

  • An introduction to the GDPR
  • The Europeanisation of Data Protection
  • Personal data processing within the EU end non-EU countries
  • E-communication and privacy issues
  • An introduction to security measures

To be discussed:

Lynskey, Orla. “The ‘Europeanisation’of Data Protection Law.” Cambridge Yearbook of European Legal Studies 19 (2017): 252-286. Available  at http://eprints.lse.ac.uk/68471/7/Lynskey_The%20Europeanisation%20of%20Data%20Protection%202016.pdf

Lesson #3: 10 October 2019 (9:30 – 12:30)

Module 1: Personal data treatment within the European Union (3/5)

Lesson: Giovanni Ziccardi

Key Staff: Pierluigi Perri

Tutor: Silvia Martinelli

  • Privacy by design
  • Privacy by default
  • The idea of “data portability”
  • Risk Analysis before data processing activities
  • Privacy impact assessment
  • European smart cities, sharing economy & data security

To be discussed:

De Hert, Paul, et al. “The right to data portability in the GDPR: Towards user-centric interoperability of digital services.” Computer Law & Security Review 34.2 (2018): 193-203. Available at: https://www.sciencedirect.com/science/article/pii/S0267364917303333

For deepening research:

Ni Loideain, Nora, A Port in the Data-Sharing Storm: The GDPR and the Internet of Things (October 10, 2018). King’s College London Law School Research Paper No. 2018-27. Available at SSRN: https://ssrn.com/abstract=3264265 or http://dx.doi.org/10.2139/ssrn.3264265

Edwards, Lilian, Privacy, Security and Data Protection in Smart Cities: A Critical EU Law Perspective (January 5, 2016). European Data Protection Law Review (Lexxion), 2016, Forthcoming. Available at SSRN: https://ssrn.com/abstract=2711290 or http://dx.doi.org/10.2139/ssrn.2711290

Rubinstein, Ira, Regulating Privacy by Design (May 10, 2011). Berkeley Technology Law Journal, Vol. 26, p. 1409, 2012. Available at SSRN: https://ssrn.com/abstract=1837862

Lesson #4: 17 October 2019 (9:30 – 12:30)

Module 1: Personal data treatment within the European Union (3/5)

Lesson: Giovanni Ziccardi

Key Staff: Simone Bonavita

Tutor: Alessandra Salluce

  • The right to be forgotten
  • Oblivion, digital journalism and computational journalism
  • Citizens’ rights concerning data processing
  • Big Data, Privacy Regulations and Intellectual Property rights

To be discussed

Lundqvist, Bjorn, Big Data, Open Data, Privacy Regulations, Intellectual Property and Competition Law in an Internet of Things World (December 29, 2016). Faculty of Law, University of Stockholm Research Paper No. 1. Available at SSRN: https://ssrn.com/abstract=2891484

For deepening research:

Edwards, Lilian and Veale, Michael, Slave to the Algorithm? Why a ‘Right to an Explanation’ Is Probably Not the Remedy You Are Looking For (May 23, 2017). 16 Duke Law & Technology Review 18 (2017). Available at SSRN: https://ssrn.com/abstract=2972855 or http://dx.doi.org/10.2139/ssrn.2972855

Voss, W. Gregory and Castets-Renard, Céline, Proposal for an International Taxonomy on the Various Forms of the ‘Right to Be Forgotten’: A Study on the Convergence of Norms (June 12, 2016). 14 Colorado Technology Law Journal 281 (2016) (Issue 14.2) (pp. 281-344). Available at SSRN: https://ssrn.com/abstract=3418877

Lesson #5: 14 November 2019 (9:30 – 12:30)

Module 1: Personal data treatment within the European Union (5/5)

Lesson: Giovanni Ziccardi

Key Staff: Pierluigi Perri

Tutor: Alessandra Salluce, Paola Aurucci

  • Data processing and public sector
  • Data processing in the Public Administration
  • Data processing in hospitals and health data management
  • Data processing and public infrastructures

To be discussed:

Bender, Jacqueline Lorene, et al. “Ethics and privacy implications of using the internet and social media to recruit participants for health research: A privacy-by-design framework for online recruitment.” Journal of Medical Internet Research 19.4 (2017): e104., Available at https://www.jmir.org/2017/4/e104/pdf

Lesson #6:  21 November 2019 (09:30 – 12:30)

Module 2: The free flow of non-personal data in the European Union (1/4)

Lesson: Giovanni Ziccardi

Key Staff: Simone Bonavita

Tutor: Ambra Pacitti, Paolo dello Vicario

  • Big data and big data analysis;
  • Free movement of data within the European Union
  • From personal data to non-personal data
  • Pseudonymisation
  • De-anonymisation
  • Anonymisation

To be discussed:

Mourby, Miranda, et al. “Are ‘pseudonymised’data always personal data? Implications of the GDPR for administrative data research in the UK.” Computer Law & Security Review 34.2 (2018): 222-233. Available at https://www.sciencedirect.com/science/article/pii/S0267364918300153

For deepening research:

Stalla-Bourdillon, Sophie and Knight, Alison, Anonymous Data v. Personal Data — A False Debate: An EU Perspective on Anonymization, Pseudonymization and Personal Data (March 6, 2017). Wisconsin International Law Journal, 2017. Available at SSRN: https://ssrn.com/abstract=2927945

Lesson #7: 22 November 2019 (09:30 – 12:30)

Module 2: The free flow of non-personal data in the European Union (2/4)

Lesson: Giovanni Ziccardi

Key Staff: Simone Bonavita

Tutor: Ambra Pacitti

  • The idea of “non-personal” data and the legal regulation
  • Big data, non-personal data and databases
  • Intellectual property issues related to non-personal data

To be discussed:

Janeček, Václav and Malgieri, Gianclaudio, Data Extra Commercium (June 7, 2019). in S. Lohsse, R. Schulze and D. Staudenmayer (eds), Data as Counter-Performance—Contract Law 2.0? (Hart Publishing/Nomos 2019) (Forthcoming). Available at SSRN: https://ssrn.com/abstract=3400620

Janeček, Václav. “Ownership of personal data in the Internet of Things.” Computer law & security review 34.5 (2018): 1039-1052. Available at https://osf.io/preprints/lawarxiv/6d7as/download

Lesson #8: 25 November 2019 (09:30 – 12:30)

Module 2: The free flow of non-personal data in the European Union (3/4)

Lesson: Giovanni Ziccardi

Key Staff: Pierluigi Perri

Tutor: Ambra Pacitti, Silvia Martinelli

  • Artificial Intelligence and Law
  • Artificial Intelligence and data processing
  • Ethical points related to Artificial Intelligence

To be discussed:

Cath, Corinne, et al. “Artificial intelligence and the ‘good society’: the US, EU, and UK approach.” Science and engineering ethics 24.2 (2018): 505-528. Available at https://ora.ox.ac.uk/

Lesson #9: 28 November 2019 (09:30 – 12:30)

 Module 2: The free flow of non-personal data in the European Union (4/4)

Lesson: Giovanni Ziccardi

Key Staff: Stefano Mele

Tutor: Ambra Pacitti

  • Data processing and criminal/procedural issues
  • Procedure for cooperation between European authorities according to Directive 2018/1807
  • The data flow in Europe related to computer crimes and digital investigations

To be discussed:

Graef, Inge and Gellert, Raphael and Husovec, Martin, Towards a Holistic Regulatory Approach for the European Data Economy: Why the Illusive Notion of Non-Personal Data is Counterproductive to Data Innovation (September 27, 2018). TILEC Discussion Paper No. 2018-029. Available at SSRN: https://ssrn.com/abstract=3256189 or http://dx.doi.org/10.2139/ssrn.3256189

Lesson #10: 2 December 2019 (09:30 – 12:30)

Module 3: Data discrimination within the European Union (1/3)

Lesson: Giovanni Ziccardi

Key Staff: Pierluigi Perri

Tutor: Gabriele Suffia

  • Big data and fundamental rights implications
  • Profiling and digital discrimination
  • Legal and ethical issues

To be discussed:

Schroeder, Ralph, and Josh Cowls. “Big data, ethics, and the social implications of knowledge production.” data ethics workshop, New York, NY. Available at http://dataethics.github.io/proceedings/BigDataEthicsandtheSocialImplicationsofKnowledgeProduction.pdf

For deepening research:

Wachter, Sandra and Mittelstadt, Brent and Russell, Chris, Counterfactual Explanations Without Opening the Black Box: Automated Decisions and the GDPR (October 6, 2017). Harvard Journal of Law & Technology, 31 (2), 2018. Available at SSRN: https://ssrn.com/abstract=3063289 or http://dx.doi.org/10.2139/ssrn.3063289

Lesson #11: 5 December 2019 (9:30 – 12:30)

Module 3: Data discrimination within the European Union (2/3)

Lesson: Giovanni Ziccardi

Key Staff: Pierluigi Perri

Tutor: Gabriele Suffia

  • Discrimination activity by algorithms
  • Data-supported decision making and discrimination: AI, predictions, algorithms
  • Facial recognition systems, Biometrics system, and fundamental rights

To be discussed:

Barocas, Solon, et al. “Big data, data science, and civil rights.” arXiv preprint arXiv:1706.03102 (2017), Avaliable at https://arxiv.org/ftp/arxiv/papers/1706/1706.03102.pdf

For deepening research:

Wachter, Sandra and Mittelstadt, Brent and Floridi, Luciano, Why a Right to Explanation of Automated Decision-Making Does Not Exist in the General Data Protection Regulation (December 28, 2016). International Data Privacy Law, 2017. Available at SSRN: https://ssrn.com/abstract=2903469 or http://dx.doi.org/10.2139/ssrn.2903469

Kroll, Joshua A. and Huey, Joanna and Barocas, Solon and Felten, Edward W. and Reidenberg, Joel R. and Robinson, David G. and Yu, Harlan, Accountable Algorithms (March 2, 2016). University of Pennsylvania Law Review, Vol. 165, 2017 Forthcoming; Fordham Law Legal Studies Research Paper No. 2765268. Available at SSRN: https://ssrn.com/abstract=2765268

Lesson #12: 9 December 2019 (9:30 – 12:30)

Module 3: Data discrimination within the European Union (3/3)

Lesson: Giovanni Ziccardi

Key Staff: Simone Bonavita

Tutor: Gabriele Suffia

  • The data processing through machine learning and fundamental rights problems
  • The use of data for evidence based policies and decision making
  • Smart cities data and the problem of discrimination

To be discussed:

Kamarinou, Dimitra and Millard, Christopher and Singh, Jatinder, Machine Learning with Personal Data (November 7, 2016). Queen Mary School of Law Legal Studies Research Paper No. 247/2016. Available at SSRN: https://ssrn.com/abstract=2865811

Edelman, Benjamin G. and Luca, Michael, Digital Discrimination: The Case of Airbnb.com (January 10, 2014). Harvard Business School NOM Unit Working Paper No. 14-054. Available at SSRN: https://ssrn.com/abstract=2377353 or http://dx.doi.org/10.2139/ssrn.2377353

For deepening research:

Acquisti, Alessandro and Fong, Christina M., An Experiment in Hiring Discrimination Via Online Social Networks (July 17, 2015). Available at SSRN: https://ssrn.com/abstract=2031979 or http://dx.doi.org/10.2139/ssrn.2031979