In this special edition of the International Review of Law, Computers & Technology, we proudly present a curated selection of six distinguished articles from the BILETA Conference 2023, held at Vrije Universiteit Amsterdam, Amsterdam Law and Technology Institute, in the Netherlands. Reflecting on the 38th BILETA Annual Conference, held on April 13th and 14th, 2023, this special edition gains additional significance. Under the compelling theme ‘Cyberlaw: Finally getting its Act(s) together?’, the conference provided a timely forum for critically examining an evolving entire body of Cyberlaw prompted by the recent surge in technology-related legislation. The event's hybrid format welcomed participants from around the globe, fostering a rich exchange of ideas among academics, researchers, practitioners, postgraduate students, activists, and those engaged in technology within the legal sphere and legal education.
The conference's backdrop was the transformative journey of Cyberlaw, from its nascent academic debates and sparse case law in the 1990s, through a dramatic expansion in case law and the emergence of directives in the early 2000s, to the current era marked by the European Union's preference for 'Acts' over 'Regulations'. This period has witnessed the introduction of groundbreaking regulations like the GDPR, DMA, DSA, Data Act, and AI Act, alongside significant national measures such as the UK's Online Safety Bill and Germany's NetzDg. These developments signify a pivotal phase in Cyberlaw, reflecting a robust legislative response to the challenges posed by digital transformation.
The BILETA Conference 2023 addressed these legislative milestones. It facilitated discussions on various topics, including privacy and data protection, surveillance, cybercrime, intellectual property, and the intersection of technology with human rights, sustainability, and education. This editorial and the following articles testify to the conference's success in sparking dialogue, sharing insights, and advancing understanding in these critical areas. As we navigate the complexities of legal frameworks in the digital age, the contributions from this conference serve as valuable guideposts for scholars, practitioners, and policymakers committed to shaping a just, equitable, and technologically advanced society.
The articles featured in this edition encapsulate the breadth and depth of discussions at the conference, ranging from data protection and privacy, cybercrime, and digital rights to the ethical implications of artificial intelligence (AI) in legal practice. Each piece contributes to understanding how legal frameworks can adapt to and shape the rapidly evolving digital landscape.
The first article, ‘Generative AI and deepfakes: a human rights approach to tackling harmful content’ by Dr Felipe Romero Moreno, comprehensively analyses the potential conflicts and challenges posed by the European Union's Artificial Intelligence Act (AIA) regulations on deepfakes concerning fundamental human rights, such as privacy and freedom of expression, under the framework of the European Convention on Human Rights (ECHR) and the General Data Protection Regulation (GDPR). It critically examines the inadequacies of the current AIA framework in preventing malicious uses of AI, such as voter manipulation and the spread of misinformation, proposing significant amendments for more effective regulation that respects human rights.
This is followed by ‘Still Losing the Race with Technology? Understanding the Scope of Data Controllers’ Responsibility to Implement Data Protection by Design and by Default’ by Monique Kalsi, a Doctoral Candidate at the University of Groningen in The Netherlands. This work critically evaluates the scope and effectiveness of Article 25 of the General Data Protection Regulation (GDPR), which mandates Data Protection by Design and by Default (DPbDD), in ensuring privacy protection from the design phase of technology development. It explores the legislative intent behind the article's limited application to data controllers and the resultant gap in responsibilities during the technology design and manufacturing stages. By comparing the DPbDD approach with the original Privacy by Design (PbD) concept and integrating GDPR's broader provisions, this paper argues for a more inclusive interpretation that potentially extends responsibilities across the digital value chain. It suggests leveraging corporate supply chain due diligence models to address ambiguities in responsibility allocation, thereby enhancing comprehensive privacy protection in technology development and deployment.
Next is ‘Infringement of data protection by design in the Dutch and British healthcare sector: does enforcement action improve eHealth? A comparative study of data protection enforcement in the Netherlands and the United Kingdom’ by Jessica P. Hof of the University of Groningen. This article conducts a comparative analysis of enforcement actions within the healthcare sector for breaches of the General Data Protection Regulation (GDPR) in the Netherlands and the UK Data Protection Act 2018 in the United Kingdom, focusing on how these actions impact compliance with the data protection by design obligation under Article 25 of the GDPR. By examining the effectiveness of enforcement measures in these jurisdictions, the author argues that more robust enforcement could incentivise healthcare entities to adhere to data protection principles from the outset, potentially preventing data breaches and complaints. In theory, this proactive approach to data protection would make enforcement and subsequent recovery actions unnecessary, thereby safeguarding individuals' fundamental rights and freedoms concerning their highly sensitive health data.
Further, Kayleen Manwaring, in the article ‘Slowing down the loop’: smart devices and the right to repair’, examines the recommendations of the recent Australian Productivity Commission Inquiry regarding the ‘right to repair’ through the lens of sustainability principles for ‘smart’ consumer products. Such products have been manufactured and released in the wake of technological developments, allowing everyday objects and environments to be computerised and connected to the Internet. Some new products will inevitably contain or develop defects compromising their function. When they are discarded, they have the potential to add substantially to the ever-growing global e-waste problem. Manwaring argues that a stronger right to repair, particularly in the context of these new products, would assist in reducing e-waste, promoting sustainability, and growing a circular economy.
Nynke E. Vellinga analysed the opacity, autonomy and complexity of AI systems that can stand in the way of a fair and efficient allocation of risk and loss via the European Commission’s newly proposed directives, the AI Liability Directive and a new Product Liability Directive. Both Directives address information asymmetries between parties in a liability claim by providing new rules on the burden of proof. In addition, the proposed Product Liability Directive has been brought ‘up-to-date’ by explicitly incorporating new technical developments and by ending the debate on software as a product.
Such contributions showcase the latest research and thinking in the field and aim to stimulate further discussion in the legal field. The intersection of computers, law, and technology presents challenges and opportunities. By bridging theory and practice, the present Special Edition navigated these complexities and emphasised the need for legal frameworks that are robust, adaptable, and equitable.
We thank the authors for their insightful contributions and the BILETA Conference 2023 organisers for facilitating a stimulating and productive forum for debate. We hope this Special Edition will serve as a valuable resource for scholars, practitioners, and policymakers as we chart the course through the uncharted territories of the digital age.