REGULATION AND LAW
Paul Halliday
TABLE OF CONTENTS
Cluster 1: Introduction to law and data science............................................................................................ 4
1. Preliminary reading .................................................................................................................................... 4
1.1. Sources of law ................................................................................................................................... 4
1.2. What is law in a constitutional democracy?..................................................................................... 5
2. The relationship between law and data science ...................................................................................... 10
2.1. Example of some legal issues with regards to data........................................................................ 10
3. Some clarifying concepts .......................................................................................................................... 12
3.1. Rights .............................................................................................................................................. 12
3.2. Purposes and functions of law ....................................................................................................... 12
3.3. Principles > rules ............................................................................................................................. 14
3.4. Sources and their hierarchy ............................................................................................................ 14
3.5. Legal domains ................................................................................................................................. 15
4. Legal argumentation and legal reasoning ............................................................................................... 17
4.1. Interpretation methods .................................................................................................................. 17
4.2. Argumentation................................................................................................................................ 17
4.3. Legal reasoning ............................................................................................................................... 17
5. International and European law .............................................................................................................. 20
5.1. Jurisdiction ...................................................................................................................................... 20
5.2. EU law ............................................................................................................................................. 20
5.3. The Council of Europe..................................................................................................................... 20
5.4. Law vs. Regulation .......................................................................................................................... 21
Cluster 2: Private Law ............................................................................................................................... 22
1. Contract law ............................................................................................................................................. 24
1.1. Contract in general ......................................................................................................................... 24
1.2. Formation of contract ..................................................................................................................... 24
1.3. Content of contract ........................................................................................................................ 26
1.4. Remedies for a breach of contract ................................................................................................. 29
1.5. Time limits ...................................................................................................................................... 32
1.6. In practice ....................................................................................................................................... 32
2. Property law ............................................................................................................................................. 33
2.1. Introduction .................................................................................................................................... 33
2.2. How do you become owner?.......................................................................................................... 34
2.3. Property law & contract law ........................................................................................................... 36
2.4. Property law & tort law: enforcement ........................................................................................... 36
2.5. Reclaiming property ....................................................................................................................... 36
2.6. Insolvency ....................................................................................................................................... 37
2.7. Virtual property and data ............................................................................................................... 38
3. Tort law .................................................................................................................................................... 40
3.1. Introduction .................................................................................................................................... 40
3.2. The elements of fault-based liability .............................................................................................. 41
1
, 3.3. Strict liability ................................................................................................................................... 45
3.4. Torts connected to data ................................................................................................................. 47
3.5. Case example .................................................................................................................................. 49
Cluster 3: Intellectual property rights and data protection ......................................................................... 50
1. Introduction .............................................................................................................................................. 50
1.1. Reasons for creating IPRs ............................................................................................................... 50
1.2. IPRs are neither rivalrous nor exclusionary .................................................................................... 50
1.3. IPRs are limited in time and across jurisdictions ............................................................................ 51
2. Trade Secrecy ........................................................................................................................................... 52
2.1. Criteria/requirements for a trade secret ........................................................................................ 52
2.2. Characteristics of a trade secret ..................................................................................................... 52
3. Patent law ................................................................................................................................................ 53
3.1. Requirements for a patent (these are cumulative) ........................................................................ 53
3.2. Procedure: first come first served .................................................................................................. 53
3.3. In the EU “computer programs as such” are not patentable ......................................................... 53
4. Copyright .................................................................................................................................................. 54
4.1. What is protected? ......................................................................................................................... 54
4.2. It refers to exclusive rights ............................................................................................................. 55
4.3. Software.......................................................................................................................................... 57
5. Database rights ........................................................................................................................................ 60
5.1. Relation of database right to copyright .......................................................................................... 60
5.2. Sui generis right .............................................................................................................................. 60
5.3. Exclusive rights ............................................................................................................................... 62
5.4. Lawful users of a database: what may they do? ............................................................................ 62
Cluster 4: Privacy and data protection ....................................................................................................... 63
Introduction ....................................................................................................................................................... 63
1. GDPR’s scope, definitions & main actors ................................................................................................. 64
1.1. Scope of GDPR ................................................................................................................................ 64
1.2. Controller vs. processor .................................................................................................................. 66
1.3. GDPR audit ...................................................................................................................................... 70
1.4. Data Protection Officer (DPO) ........................................................................................................ 71
2. Sanctions and enforcement ...................................................................................................................... 73
2.1. Sanctions ......................................................................................................................................... 73
2.2. The role of supervisory authority a.k.a. data protection authorities (DPA)................................... 73
3. Key data protection principles.................................................................................................................. 76
3.1. Lawfulness, fairness and transparency........................................................................................... 76
3.2. Purpose limitation .......................................................................................................................... 80
3.3. Data minimisation........................................................................................................................... 80
3.4. Data accuracy ................................................................................................................................. 81
3.5. Storage limitation ........................................................................................................................... 82
3.6. Integrity and confidentiality (security) ........................................................................................... 82
3.7. Accountability ................................................................................................................................. 84
4. Data subjects’ rights ................................................................................................................................. 85
4.1. Right to be informed....................................................................................................................... 85
4.2. Right of access ................................................................................................................................ 86
4.3. Right to rectification ....................................................................................................................... 86
4.4. Right to erasure (right to be forgotten).......................................................................................... 87
4.5. Right to restriction of processing ................................................................................................... 88
4.6. Right to data portability.................................................................................................................. 88
4.7. Right to object ................................................................................................................................ 89
2
, 4.8. Right to retract from automated individual decision-making, incl. profiling ................................. 89
5. International data transfers ..................................................................................................................... 91
6. Main internal obligations for compliance ................................................................................................ 92
6.1. Data protection by Design and by Default ..................................................................................... 92
6.2. Data protection impact assessments (DPIA) .................................................................................. 92
6.3. Record of processing activities ....................................................................................................... 93
Cluster 5: Ethics in data science ................................................................................................................. 94
1. Introduction .............................................................................................................................................. 94
1.1. Ethically significant actions ............................................................................................................. 94
1.2. Law and ethics ................................................................................................................................ 95
2. Virtues ...................................................................................................................................................... 96
2.1. Three levels of ethics in data science ............................................................................................. 96
2.2. What are virtues? ........................................................................................................................... 96
2.3. Moral exemplars ............................................................................................................................. 97
3. Emerging ethical problems of data science ............................................................................................. 98
3.1. Free will and autonomy .................................................................................................................. 98
3.2. Visibility........................................................................................................................................... 98
3.3. Collective impacts in a system based on individual rights ............................................................. 99
3.4. Prediction, profiling and categorisation ......................................................................................... 99
3.5. Experimentation ........................................................................................................................... 100
3.6. Quantification of human life ........................................................................................................ 100
4. Automated decision making: two case studies ...................................................................................... 101
4.1. Suicide Prevention ........................................................................................................................ 101
4.2. Prediction of crimes ...................................................................................................................... 102
5. Data science and/as research ................................................................................................................ 103
5.1. What constitutes human subjects research, and why do we regulate it? ................................... 103
5.2. History of scientific research: how did frameworks for research evolve? ................................... 103
5.3. Assumptions in the Common Rule ............................................................................................... 105
5.4. Why scientific research rules don’t translate well to data science practices .............................. 105
6. New theoretical approaches that can help ............................................................................................ 107
6.1. Theories (philosophical and social frameworks) on how data should be used ........................... 107
6.2. Practical approaches to justice in datafication ............................................................................ 109
3
, CLUSTER 1: INTRODUCTION TO LAW AND DATA SCIENCE
Paul Halliday
1. PRELIMINARY READING
Law, Democracy, and the Rule of Law – by Mireille Hildebrandt
Legal philosopher Gustav Radbruch defined law in terms of three constitutive values:
1) legal certainty,
2) justice,
3) instrumentality.
1.1. SOURCES OF LAW
A source of knowledge refers to where or how we can find the answer to questions such as: what is
the capital of France? In law, the term ‘source of law’ has a very specific meaning. It refers to both
more and less than a source of knowledge about the law, as the sources of law are constitutive of law.
A source of law (1) provides legal norms with authority based on their origin, and (2) makes legal norms
binding in their effect.
1) Specific sources that thereby give authority to legal norms
A newspaper article with information about the law is not a source of law, and neither is a Wikipedia
article or the website of a law firm. To ensure legal certainty, only a limited set of sources ‘count’ as
sources of law: treaties, legislation (including the Constitution), case law, doctrines, fundamental
principles of law, and customary law. Only these sources provide legal norms with authority and make
them binding in a specific jurisdiction (either national, international or supranational).
2) ‘The law’ attributes ‘legal effect’
Sources of law are not merely containers of information ‘about’ the law. Law actually ‘does’ things. A
court sentencing a defendant to 5 years of imprisonment, or a legislature enacting a speed limit; in
these cases, ‘the law’ attributes ‘legal effect’ based on specific conditions being fulfilled. When the law
speaks (by mouth of the administration, the court or the legislature) it actually performs what it says.
4
Paul Halliday
TABLE OF CONTENTS
Cluster 1: Introduction to law and data science............................................................................................ 4
1. Preliminary reading .................................................................................................................................... 4
1.1. Sources of law ................................................................................................................................... 4
1.2. What is law in a constitutional democracy?..................................................................................... 5
2. The relationship between law and data science ...................................................................................... 10
2.1. Example of some legal issues with regards to data........................................................................ 10
3. Some clarifying concepts .......................................................................................................................... 12
3.1. Rights .............................................................................................................................................. 12
3.2. Purposes and functions of law ....................................................................................................... 12
3.3. Principles > rules ............................................................................................................................. 14
3.4. Sources and their hierarchy ............................................................................................................ 14
3.5. Legal domains ................................................................................................................................. 15
4. Legal argumentation and legal reasoning ............................................................................................... 17
4.1. Interpretation methods .................................................................................................................. 17
4.2. Argumentation................................................................................................................................ 17
4.3. Legal reasoning ............................................................................................................................... 17
5. International and European law .............................................................................................................. 20
5.1. Jurisdiction ...................................................................................................................................... 20
5.2. EU law ............................................................................................................................................. 20
5.3. The Council of Europe..................................................................................................................... 20
5.4. Law vs. Regulation .......................................................................................................................... 21
Cluster 2: Private Law ............................................................................................................................... 22
1. Contract law ............................................................................................................................................. 24
1.1. Contract in general ......................................................................................................................... 24
1.2. Formation of contract ..................................................................................................................... 24
1.3. Content of contract ........................................................................................................................ 26
1.4. Remedies for a breach of contract ................................................................................................. 29
1.5. Time limits ...................................................................................................................................... 32
1.6. In practice ....................................................................................................................................... 32
2. Property law ............................................................................................................................................. 33
2.1. Introduction .................................................................................................................................... 33
2.2. How do you become owner?.......................................................................................................... 34
2.3. Property law & contract law ........................................................................................................... 36
2.4. Property law & tort law: enforcement ........................................................................................... 36
2.5. Reclaiming property ....................................................................................................................... 36
2.6. Insolvency ....................................................................................................................................... 37
2.7. Virtual property and data ............................................................................................................... 38
3. Tort law .................................................................................................................................................... 40
3.1. Introduction .................................................................................................................................... 40
3.2. The elements of fault-based liability .............................................................................................. 41
1
, 3.3. Strict liability ................................................................................................................................... 45
3.4. Torts connected to data ................................................................................................................. 47
3.5. Case example .................................................................................................................................. 49
Cluster 3: Intellectual property rights and data protection ......................................................................... 50
1. Introduction .............................................................................................................................................. 50
1.1. Reasons for creating IPRs ............................................................................................................... 50
1.2. IPRs are neither rivalrous nor exclusionary .................................................................................... 50
1.3. IPRs are limited in time and across jurisdictions ............................................................................ 51
2. Trade Secrecy ........................................................................................................................................... 52
2.1. Criteria/requirements for a trade secret ........................................................................................ 52
2.2. Characteristics of a trade secret ..................................................................................................... 52
3. Patent law ................................................................................................................................................ 53
3.1. Requirements for a patent (these are cumulative) ........................................................................ 53
3.2. Procedure: first come first served .................................................................................................. 53
3.3. In the EU “computer programs as such” are not patentable ......................................................... 53
4. Copyright .................................................................................................................................................. 54
4.1. What is protected? ......................................................................................................................... 54
4.2. It refers to exclusive rights ............................................................................................................. 55
4.3. Software.......................................................................................................................................... 57
5. Database rights ........................................................................................................................................ 60
5.1. Relation of database right to copyright .......................................................................................... 60
5.2. Sui generis right .............................................................................................................................. 60
5.3. Exclusive rights ............................................................................................................................... 62
5.4. Lawful users of a database: what may they do? ............................................................................ 62
Cluster 4: Privacy and data protection ....................................................................................................... 63
Introduction ....................................................................................................................................................... 63
1. GDPR’s scope, definitions & main actors ................................................................................................. 64
1.1. Scope of GDPR ................................................................................................................................ 64
1.2. Controller vs. processor .................................................................................................................. 66
1.3. GDPR audit ...................................................................................................................................... 70
1.4. Data Protection Officer (DPO) ........................................................................................................ 71
2. Sanctions and enforcement ...................................................................................................................... 73
2.1. Sanctions ......................................................................................................................................... 73
2.2. The role of supervisory authority a.k.a. data protection authorities (DPA)................................... 73
3. Key data protection principles.................................................................................................................. 76
3.1. Lawfulness, fairness and transparency........................................................................................... 76
3.2. Purpose limitation .......................................................................................................................... 80
3.3. Data minimisation........................................................................................................................... 80
3.4. Data accuracy ................................................................................................................................. 81
3.5. Storage limitation ........................................................................................................................... 82
3.6. Integrity and confidentiality (security) ........................................................................................... 82
3.7. Accountability ................................................................................................................................. 84
4. Data subjects’ rights ................................................................................................................................. 85
4.1. Right to be informed....................................................................................................................... 85
4.2. Right of access ................................................................................................................................ 86
4.3. Right to rectification ....................................................................................................................... 86
4.4. Right to erasure (right to be forgotten).......................................................................................... 87
4.5. Right to restriction of processing ................................................................................................... 88
4.6. Right to data portability.................................................................................................................. 88
4.7. Right to object ................................................................................................................................ 89
2
, 4.8. Right to retract from automated individual decision-making, incl. profiling ................................. 89
5. International data transfers ..................................................................................................................... 91
6. Main internal obligations for compliance ................................................................................................ 92
6.1. Data protection by Design and by Default ..................................................................................... 92
6.2. Data protection impact assessments (DPIA) .................................................................................. 92
6.3. Record of processing activities ....................................................................................................... 93
Cluster 5: Ethics in data science ................................................................................................................. 94
1. Introduction .............................................................................................................................................. 94
1.1. Ethically significant actions ............................................................................................................. 94
1.2. Law and ethics ................................................................................................................................ 95
2. Virtues ...................................................................................................................................................... 96
2.1. Three levels of ethics in data science ............................................................................................. 96
2.2. What are virtues? ........................................................................................................................... 96
2.3. Moral exemplars ............................................................................................................................. 97
3. Emerging ethical problems of data science ............................................................................................. 98
3.1. Free will and autonomy .................................................................................................................. 98
3.2. Visibility........................................................................................................................................... 98
3.3. Collective impacts in a system based on individual rights ............................................................. 99
3.4. Prediction, profiling and categorisation ......................................................................................... 99
3.5. Experimentation ........................................................................................................................... 100
3.6. Quantification of human life ........................................................................................................ 100
4. Automated decision making: two case studies ...................................................................................... 101
4.1. Suicide Prevention ........................................................................................................................ 101
4.2. Prediction of crimes ...................................................................................................................... 102
5. Data science and/as research ................................................................................................................ 103
5.1. What constitutes human subjects research, and why do we regulate it? ................................... 103
5.2. History of scientific research: how did frameworks for research evolve? ................................... 103
5.3. Assumptions in the Common Rule ............................................................................................... 105
5.4. Why scientific research rules don’t translate well to data science practices .............................. 105
6. New theoretical approaches that can help ............................................................................................ 107
6.1. Theories (philosophical and social frameworks) on how data should be used ........................... 107
6.2. Practical approaches to justice in datafication ............................................................................ 109
3
, CLUSTER 1: INTRODUCTION TO LAW AND DATA SCIENCE
Paul Halliday
1. PRELIMINARY READING
Law, Democracy, and the Rule of Law – by Mireille Hildebrandt
Legal philosopher Gustav Radbruch defined law in terms of three constitutive values:
1) legal certainty,
2) justice,
3) instrumentality.
1.1. SOURCES OF LAW
A source of knowledge refers to where or how we can find the answer to questions such as: what is
the capital of France? In law, the term ‘source of law’ has a very specific meaning. It refers to both
more and less than a source of knowledge about the law, as the sources of law are constitutive of law.
A source of law (1) provides legal norms with authority based on their origin, and (2) makes legal norms
binding in their effect.
1) Specific sources that thereby give authority to legal norms
A newspaper article with information about the law is not a source of law, and neither is a Wikipedia
article or the website of a law firm. To ensure legal certainty, only a limited set of sources ‘count’ as
sources of law: treaties, legislation (including the Constitution), case law, doctrines, fundamental
principles of law, and customary law. Only these sources provide legal norms with authority and make
them binding in a specific jurisdiction (either national, international or supranational).
2) ‘The law’ attributes ‘legal effect’
Sources of law are not merely containers of information ‘about’ the law. Law actually ‘does’ things. A
court sentencing a defendant to 5 years of imprisonment, or a legislature enacting a speed limit; in
these cases, ‘the law’ attributes ‘legal effect’ based on specific conditions being fulfilled. When the law
speaks (by mouth of the administration, the court or the legislature) it actually performs what it says.
4
