Docsity
Docsity

Prepara i tuoi esami
Prepara i tuoi esami

Studia grazie alle numerose risorse presenti su Docsity


Ottieni i punti per scaricare
Ottieni i punti per scaricare

Guadagna punti aiutando altri studenti oppure acquistali con un piano Premium


Guide e consigli
Guide e consigli


AI REGULATION - Prof. Pini, Appunti di Diritto Dell'economia

Complete notes: I have integrated the slides with my notes from all the lectures and then organized them to ensure clarity. With these notes, you can aim for the highest grade. CONTENT: Introduction to AI Regulation Digital Society and Its Challenges Introduction to digital constitutionalism EU Approach to Digital Regulation: a) Directive 95/46/EC b) Directive 2000/31/EC c) General Data Protection Regulation (GDPR) d) Digital Services Act (DSA) e) Regulation (EU) 2024/1689 – Artificial Intelligence Act AI Regulation and Disinformation AI Regulation and Discrimination Case Law: a) Cambridge Analytica (2018) b) Amazon algorithmic recruiting (2014–2015) c) COMPAS (2016) d) Delfi v. Estonia (ECtHR, 2015)

Tipologia: Appunti

2025/2026

In vendita dal 19/03/2026

loovetostudy
loovetostudy 🇮🇹

5

(4)

23 documenti

1 / 86

Toggle sidebar

Questa pagina non è visibile nell’anteprima

Non perderti parti importanti!

bg1
AI REGULATION
Prova scritta a domande aperte (3 open questions)
10th April !!!
9th of June probably
LECTURE 1
In the EU no big tech companies. So the approach to AI in the EU and US is very different.
When did AI emerge? How?
We will see a bit of history of AI, and then we will see its transition (especially in last 30years)
The EU is the first supranational body to adopt a complete regulation on AI in 2024: the AI Act, the first organic
regulation on artificial intelligence. However, this regulation builds on previous EU legislation that was not
AI-specific but concerned digital technologies, such as:
- the GDPR (2016)
- Digital Services Act (DSA) - 2022
- Digital Markets Act (DMA) - 2023
AI REGULATION
For a long time when thinking about AI we thought about sci-fi, about technologies perceived as unrealistic or not
yet part of the real world, and about machines replacing humans in everyday activities.
INTRODUCTION TO AI REGULATION
DIGITAL SOCIETY AND ITS CHALLENGES
Digital technologies as we know them today are very recent (last 30 years):
Google and World Wide Web – 1991 before 1991 no worldwide web !!
Global Positioning System (GPS) – 2000
Facebook – 2004
First iPhone, Twitter – 2007
Instagram – 2010
ChatGPT (OpenAI) – 2022
In everyday life, we constantly interact with data — from communication and collection to classification and
utilization — increasingly through AI-connected systems.
- Constant interaction with data data are always present in everyday activities
- Communication data are produced when we communicate (messages, posts, clicks)
- Gathering data are collected by platforms and systems
- Classification data are sorted, categorized, and analyzed
- Utilization data are used for decisions, services, predictions, governance
- AI-connected these stages are increasingly automated or mediated by AI systems
In this context, digital is not a tool, it’s an environment. As Floridi said in The Online Manifesto, we live onlife”
because we are not anymore capable to switch on / off the online connections, so there is not anymore a
difference between the online and offline life (The Onlife Manifesto, Floridi, 2014).
As a result, it is not anymore a matter of gathering the capability to master and learn how to use technology, but it
is about achieving a way to live in it.
It is not something we should learn to master, but to live in.
1
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56

Anteprima parziale del testo

Scarica AI REGULATION - Prof. Pini e più Appunti in PDF di Diritto Dell'economia solo su Docsity!

AI REGULATION

Prova scritta a domande aperte (3 open questions) 10th April !!! 9th of June probably

LECTURE 1

In the EU → no big tech companies. So the approach to AI in the EU and US is very different. When did AI emerge? How? We will see a bit of history of AI, and then we will see its transition (especially in last 30years) The EU is the first supranational body to adopt a complete regulation on AI in 2024: the AI Act, the first organic regulation on artificial intelligence. However, this regulation builds on previous EU legislation that was not AI-specific but concerned digital technologies, such as:

  • the GDPR (2016)
  • Digital Services Act (DSA) - 2022
  • Digital Markets Act (DMA) - 2023

AI REGULATION

For a long time when thinking about AI we thought about sci-fi, about technologies perceived as unrealistic or not yet part of the real world, and about machines replacing humans in everyday activities.

INTRODUCTION TO AI REGULATION

DIGITAL SOCIETY AND ITS CHALLENGES

Digital technologies as we know them today are very recent (last 30 years): ● Google and World Wide Web – 1991 → before 1991 no worldwide web !! ● Global Positioning System (GPS) – 2000 ● Facebook – 2004 ● First iPhone, Twitter – 2007 ● Instagram – 2010 ● ChatGPT (OpenAI) – 2022

In everyday life, we constantly interact with data — from communication and collection to classification and utilization — increasingly through AI-connected systems.

  • Constant interaction with data → data are always present in everyday activities
  • Communication → data are produced when we communicate (messages, posts, clicks)
  • Gathering → data are collected by platforms and systems
  • Classification → data are sorted, categorized, and analyzed
  • Utilization → data are used for decisions, services, predictions, governance
  • AI-connected → these stages are increasingly automated or mediated by AI systems

In this context, digital is not a tool, it’s an environment. As Floridi said in The Online Manifesto , we live “onlife” because we are not anymore capable to switch on / off the online connections, so there is not anymore a difference between the online and offline life ( The Onlife Manifesto , Floridi, 2014). As a result, it is not anymore a matter of gathering the capability to master and learn how to use technology, but it is about achieving a way to live in it.

It is not something we should learn to master, but to live in.

Onlife can have many pros (opportunities to connect, overcome space and distance…) but also many criticalities.

In the “onlife” there is no territory, no borders, no distinction between public or private, and time and space are limitless, in the sense that at no point the online is shut off.

From a constitutional point of view, the focus has always been the relationships between individuals and others in their interaction with public power. Within this framework, constitutionalism focuses on two core elements: the protection of fundamental rights and the limitation of public power. But the onlife is not governed by the public-state power, rather, the bodies and companies holding the power are private! google, amazon… are private bodies.

Moreover, from constitutional point of view the society relationship (between individual and public bodies) have always been regulated by intermediate social bodies like schools, religious bodies, political partes… This is a base of constitutionalism as we know it. But after the technology breakout, we experienced a reintermediation: the new intermediate social bodies are no longer schools, ecc but online platforms. The problem is that online platforms are private, and lack visible status. For this reason they are characterised by opacity rather than transparency, which is undermining the democratic values. The task is therefore to rethink the rules to which these platforms are subject to ensure the usual protection of democratic values, in particular, the focus remains the same: a) Protection of fundamental rights b) Limitation of power

So when studying AI regulation, the questions that we pose are the same. Different context, same questions. So we won't only wonder what AI regulation is, but most of all why we need AI regulation? This is important because we will see that in the first 10 / 15 years in which AI emerged and represented the greatest achievement of technologies… in some places and especially in the US, the first approach was NOT to regulate AI and technology. It was adopted a liberal approach: no rules, because it was functional to create a wider market. In this perspective it is interesting asking not only what AI regulation is but why we need it?

Summarised: → it’s not only a matter of capabilities but of achieving a way to live in it → the onlife is a space with no territory, no borders, neither public nor private, where time and space are limitless → technology breakout lead to the disruption of traditional intermediate social bodies: re-intermediation by online platforms (but they lack visible statutes)

An example of what AI can achieve: ImageNet Challenge (2010–) in visual recognition ● 14 mln images described in their contents ● From 2012 we experienced the so-called “superhuman performance” → machines have surpassed humans in recognizing image contents

From 2010 among many research institutes, was conducted the ImageNet Challenge, about visual recognition. There was a huge database of more or less 14mln images described in their contents. Machines overcame humans in recognizing images’ contents, in both precision, timing ecc. Machines are not perfect but Ai has been trained and has achieved astonishing results. So much so that from 2012 in the ImageNet challenge we experienced the so-called “superhuman performance”.

From a constitutional perspective , the main challenge is that democratic societies are traditionally built on the principle of personalism / personalist perspective. The fact that the human factor is completely missing is challenging for constitutional law. The principle of personalism focuses on the person which is not only an individual but an individual in its relationship with other individuals. In the Italian constitution this vision is embedded in article 2, that gives value to persons, not the individual. This is a characteristic of our European democratic societies. As opposed to the US, where one of the so called foundational myths of US culture is the self made man, the man that does not need any other. So they focus more on the individual. This difference directly affects how AI is regulated:

  • while US regulation of AI focuses on freedom, to drive market and economic development
  • EU AI regulation focuses on dignity and solidarity and rule of law. The fact that the human / relationship factor is missing in building the digital environment is really difficult for constitutionalism. So the EU AI Act is purposely human-centred (anthropocentric). It is designed to put people at the centre, and to ensure that the AI systems do not operate as “black boxes”. Humans must be able to understand, monitor, and verify how AI systems operate. This is meant to prevent situations where decisions affecting individuals are made solely and opaquely by machines.

Digital / AI regulation will be considered mainly from the EU perspective (with a brief overview of other approaches).

We must take into account the non-neutrality of the digital ecosystem , and of AI in particular. It is not something positive or negative; it is simply a technical feature. This means that AI building reflects moral implications and value choices both in design and in databases used for machine learning. These choices affect and shape the output.

Why is digital / AI regulation so important from a constitutional perspective? The core issue is not simply settling (constitutional) rules for digital technologies and their possible disruptive impact, but rather regulating already existing questions reshaped by processes of digitalization. Here we have the same questions we always had as constitutional scholars (how to limit power? How to protect fundamental rights?) but now they have to be reshaped by the process of digitalisation. Digitalisation brings us to reshape the traditional constitutional issues and questions.

When focusing on the interaction between automation technologies and democratic values , we need to take into account that not every legal system prioritizes the same values!! ➢ In the USA constitutionalism , the core value is undoubtedly freedom (especially freedom of expression, according to the First Amendment ). So, in the US many platform regulations imply that freedom of expression prevails on the truth of the news spread / content spread. ➢ The EU is rather built on the values of human dignity and solidarity (and specifically on data protection in the technological framework). This reflects in prioritising the fundamental right protection (and data protection). The approaches are very different. This is why digital regulation is not the same in every legal system and does not pursue the exact same goals everywhere. Therefore, the goal is not only good regulation, but also fostering dialogue between different geopolitical systems : not building fortresses, but bridges.

Some examples of recent regulation on digital technologies and AI at a global level : ● 2024, EU Artificial Intelligence Act (AIA) → Regulation No. 2024/1689. This is the most recent one. The first general regulation on artificial intelligence. It is very different in its content from what we can expect because it does not give many clear definitions. But it is the approach that is important. We will see that the important part of this regulation is that it analyzes AI according to its risks. So it is one of the risk based-regulations (like the GDPR, which is the antecedent regulation). ● 2024, EU Council of Europe Framework Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law This is another important regulation. It is the first ever binding regulation for all the signature countries. ● 2023 Bletchley Declaration (London) → international cooperation approach in governance strategies. In 2023 there was already an international act, signed in London and it was an act signed by many countries. Yet, this was still a soft law, not binding. The difference is that soft law just fixes some important benchmarks but does not connect transactions to violations. ● 2023, USA Executive Order of President Biden marking the transition from a self-regulation to a co-regulation approach in the AI sector. Until 2023 the US approach to AI and digital technology was letting platforms and private bodies have self regulation, decide themselves which norms to apply to the AI system and digital systems. For the first time in 2023, even in the US the approach to digital technologies shifted from self regulation to a co-regulation approach- so the public and private together set the norms in the AI sector !!!!!!

Back to the roots of AI history : The AI debate starts in the 1950s.

Artificial Intelligence1950 : The famous paper Computing Machinery and Intelligence by Alan Turing was first published. He described the “imitation game” , a test to measure machines’ capability to “think”. According to this paper, if the interlocutor cannot be sure if what is reading / listening is produced by human or machine, the machine has accomplished its task of imitation game. So it is a test to measure machine capability to think. → The first to think about AI was Alan Turing!

In 1955 another important milestone, the publishing of: Dartmouth Summer Research Project on Artificial Intelligence. For the first time, the term “artificial intelligence” was used to identify computer capability to: ○ carry out tasks automatically ○ learn and improve ○ be creative ○ replicate artificial neural networks (replicate how our brain can relate issues and subjects one to another).

This is the first time we see the term artificial intelligence.

TECHNICAL PROFILE AND STRATEGIES - LOGIC VS. STATISTICS

To create the most efficient behavior imitation or replication there are two approaches: A. Top-down approach → Symbolic AI ● Explainable / algorithm-based ● Predominant until the late 1980s ● Based on logical-formal representations and deductive rules with predefined data and instructions. ● Possible complexities with this approach : ○ difficulty in constructing complete instruction sets ○ symbol grounding problem → how wide should the dataset be? To give a complete set of instructions? How wide is the set of instructions to be considered complete? B. Bottom-up approach → Sub-symbolic AI (proper AI / black box) ● Connectionist approach, related to statistics and inferential mechanisms ● Extracts rules directly from vast datasets ● This is possible because it is based on neural network architectures. So it infers itself the rules of the task to accomplish. ● Criticalities : ○ black box problem: the opacity !! so the rules underlying data processing and outputs are often obscure to human comprehension. So we do not know how we get the output from the machines! → Paradigm shift: from teaching machines rules to letting machines discover patterns in data. → Example: multi-layered neural networks used to recognize text, images, and sounds (e.g. content moderation).

The shift from symbolic AI to sub-symbolic AI represents a major transformation in how machines operate. Instead of following explicit rules, sub-symbolic AI processes vast amounts of data to identify patterns autonomously. This requires highly complex systems based on multilayered neural networks , rather than simple rule-based models.

Sub-symbolic AI is particularly relevant for content moderation on digital platforms , where systems must decide whether text, images, or audio should be removed or allowed. Such decisions are especially challenging because meaning is often context-dependent : symbols, images, or expressions may be used ironically or to convey meanings opposite to their literal content. As a result, automated moderation systems must be trained to recognize these differences.

Art. 3, EU AI Act (Regulation No. 1689/2024) : “AI system” means a machine-based system designed to operate with varying levels of autonomy, that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers from input how to generate outputs such as predictions, content, recommendations, or decisions influencing physical or virtual environments. → Sub-symbolic model !!!

So it is flexible! It infers from inputs how to generate output. Not simply given instructions, but letting it learn from the dataset the rules on which it has to work.

HOW AI LEARNS

Sub-symbolic AI automatically infers patterns and rules from datasets through machine learning.

Three approaches to machine learning:

  1. Supervised learning : learning from labeled data – the system identifies patterns based on predefined categories (e.g., identifying «cat» vs «dog» images)
  2. Unsupervised learning from unlabeled data : the system discovers hidden structures or clusters within the data without discovers hidden structures or clusters within the data without prior guidance (useful for clustering activities) prior guidance (useful for clustering activities)
  3. Reinforcement learning : learning through trial and error with rewards and penalties

Deep learning : is a specialized branch of machine learning that uses multi-layered neural networks especially useful for processing raw data (images, sound, text) at high levels of abstraction, imitating the complexity of human brain structures to solve complex problems.

One type of deep learning is the Natural language processing (NLP) which is used to create AI systems able to analyze and understand human language (fundamental for automathized content moderation governance but also for online support, customer service etc.)

GENERAL-PURPOSE AI

Another important definition is the one of the general-purpose AI

Foundation models Foundation models (also called general-purpose AI systems, GPAI) are AI models trained on very large datasets using self-supervised learning and transfer-learning capabilities among activities. Because of transfer learning, the knowledge acquired during this large-scale training can be reused and adapted for many different activities. As a result, foundation models can be adapted to perform many different tasks. e.g. GPT-3, GPT-4 (OpenAI)

Art. 3 AI Act (63): “‘general-purpose AI model’ means an AI model, including where such an AI model is trained with a large amount of data using self-supervision at scale, that displays significant generality and is capable of competently performing a wide range of distinct tasks regardless of the way the model is placed on the market and that can be integrated into a variety of downstream systems or applications, except AI models that are used for research, development or prototyping activities before they are placed on the market.” → two risk levels → foundational models can be used for Generative AI purposes NB: generative AI is a paradigm shift where AI moves from analyzing data to creating new content , including text, high-resolution images, video, and audio — from foreseeing next word or next pixel not by understanding context/content BUT by calculating its probability (= like the filling-the-gaps exercises). ➢ In generative AI the focus is : content creation

Large Language Models (LLM) These LLM are advanced systems designed to predict and generate human-like natural language by processing vast linguistic contexts and patterns. → here the focus is the creation of a natural language. ➢ Chatgpt is not just accomplishing the task, but is referring to you with emoji… good afternoon… natural language. It is producing as much natural language as possible.

LECTURE 2

Today we analyze how constitutionalism and democracy reshaped to cope with digital technologies.

INTRODUCTION TO DIGITAL CONSTITUTIONALISM

Framework of digital technologies and AI – constitutional relevance:

  1. sovereignty
  2. territorial element realm?
  3. power limits
  4. separation of powers
  5. sources of law

} is internet an alternative?

These are the main elements of constitutionalism.

In traditional constitutional theory, sovereignty is linked to a defined physical territory, because state power can be exercised only within clear geographic borders. The Internet, however, is a new realm that has no specific borders. Therefore, it becomes difficult to determine how sovereignty can be defined and applied in the digital environment.

On top of this, digital technology enables new forms of power. Alongside traditional public power (states, institutions), there are transnational private actors (market actors, mostly platform providers or big techs) and technological systems (mediation).

  • Indeed, transnational private actors were initially merely economic operators but have acquired such influence that they are now capable of shaping the political debate. This creates further challenges, particularly with regard to the limitation of power and the separation of powers. Therefore, a reframing of rights and powers in the digital age is necessary to deal with the complex interplay of powers. ➔ It means that the traditional way in which we define rights and limit power — which was designed mainly for the relationship between the individual and the state — is no longer sufficient in the digital environment. Because today power is exercised not only by public authorities but also by private platforms, transnational companies and technological systems, we need to rethink how rights are protected, and who is subject to constitutional limits. The main objective is to develop a form of governance capable of mediating between all these actors and users. Traditional constitutionalism was based on mediation, intermediaries and personalistic principles; today, however, digital spaces are shaped by a pluralistic system of governance in which corporations and technological infrastructures actively influence the relationships between the public and private spheres. This means that intermediation itself must be rethought, taking into account the role played by platforms and technical systems in the exercise of power and in the protection of rights.

The other question is: if fundamental rights are threatened by private actors, what can we expect from the government? Which responsibility can we put on the government?

Also we need to wonder: what is the interaction between value and digital technology? Is it digital technology shaping the value of a society or also the other way around?

1. Digital sovereignty The first time we found this expression: “digital sovereignty” was in the State of the Union (2020), a paper that the president of the EU, Von der Leyern, addresses to Member States and EU citizens : «it is about Europe’s digital sovereignty, on a small and large scale» ➢ telematic relations are detached from physical territories !! The problem is not only theoretical. From the EU perspective — in both the GDPR and the AI Act — the applicable rules are determined by the effects produced , not by where the service is provided or where the provider is established. In other words, jurisdiction (sovereignty) is based on the impact on individuals and the market. This effect-based approach allows the EU to extend the application of its norms in a borderless realm.

Sovereignty is one of the 3 characteristics (together with population and territory) that shape a state. Sovereignty traditionally means the de facto and de jure power of a state over a defined territory , that is, the authority to control a given space, regulate the activities taking place within it, decide who can enter, and exercise public powers (Zeno-Zencovich). This idea of sovereignty does not fit the digital environment, because online spaces are not geographically bounded and no single authority has exclusive control over them. For this reason, sovereignty in the digital age is reinterpreted (as Floridi suggests) not as absolute territorial control, but as a distributed, dynamic and relational form of power, control over digital affairs broadly conceived.

Also, digital affairs deeply affect fundamental rights, so digital sovereignty cannot be considered an isolated concept! It must be read together with digital constitutionalism. The aim of constitutionalism is mainly to protect fundamental rights and to limit power. So, digital sovereignty from a digital constitutionalism perspective is about a new set of fundamental digital rights, a new set of public powers designed to place effective limitations on the exercise of digital power. ➔ In this sense, digital constitutionalism can be understood as a “constellation of initiatives to articulate a set of political rights, governance norms, and limitations on the exercise of power on the internet ” (Gill, Redeker, Gasser).

Digital sovereignty as a plural field Digital sovereignty is a plural field, where political, legal and technological claims intersect and compete for legitimacy. The questions related to digital sovereignty in constitutional perspective are: ● Who sets the rules for the digital environment? ● At what level of governance? (should rules be set by national, supranational authorities…?) ● according to which principles and values? …. If you think about it, at the dawn of the EU the main objective that the treaties were trying to pursue was to have an internal market free of barriers. So it was an EU founded on economic values mostly. Now the perspective changed.

Different approaches to it in different environments:

  • USA : Traditionally the US refuses regulation of the digital market. So digital regulation has for a long time been largely absent. Digital governance is shaped by market driven logics and innovation imperatives. They chose to let providers self regulate themselves.

➢ Innovation imperative. This probably relates to the fact that the largest number of big techs is

from the US, and this approach allows empowerment of these technological actors.

  • China : in China the state is the central authority that regulates every aspect of society. Recently China has opened up to the concept of cyber sovereignty (and issued some general regulations on AI as well), to justify (legitimize) direct state control over digital infrastructure, platforms, data…

2. Extraterritorial projection Digital sovereignty compared to traditional sovereignty presents a new specific feature. It is invoked: ● to ensure defence against external interference (control over natural and digital space) → traditional logic extended to the digital realm. ● to extend rules and fundamental rights beyond national borders so that they continue to apply to its citizens = «extraterritorial projection» Important case law : CJEU Digital Rights Ireland (2006)

Similar questions arise with regard to the extraterritorial effects of the GDPR and the AI Act (the so-called Brussels effect, i.e. the capacity of EU regulation to influence the choices of other legal systems). The EU aims to set regulatory standards that are followed beyond its borders. However, the AI Act — more than data protection law — encounters obstacles in achieving the same extraterritorial impact, due to the existence of alternative global models (notably the US and China). While data protection is a concept more relatable also in other legal orders, in the field of AI it is more difficult to build bridges among different legal orders. For this reason, the EU and the US are more likely to find common ground on AI regulation when the focus is on procedural rules rather than on substantive rules.

With regard to AI, it is important to recall:

  • 2024 – Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law : an international instrument adopted within the Council of Europe, just before the AI Act, aimed at establishing common principles.
  • 2023 – Declaration of Bletchley (accountable, secure and transparent AI, focus on operators’ liability, public-private shared strategies). This declaration was signed in London and for the first time was signed by different states from different legal orders, so with different values… the declaration settled some common principles in the use of AI, mostly related to its accountability, transparency, security and focusing on operator liability. The approach was mainly settling a co-regulation between private and public actors.

Criticalities There is an irreducible tension between territorially bounded laws and borderless architecture of the internet. A paradigmatic example is the Yahoo! case (2000). ➔ In 2000, French courts ordered Yahoo! to prevent users located in France from accessing auctions of Nazi memorabilia hosted on its US-based platform, applying French criminal prohibitions on hate speech and Holocaust denial. So, although the service was lawful in the United States, the French court required the company to comply because the content was accessible from French territory. ➔ A US court later refused to enforce the French judgment, holding that such compliance would violate the First Amendment protection of freedom of expression. This landmark case clearly illustrates both the jurisdictional conflict created by the internet and the underlying clash of constitutional values between different legal systems: ◆ EU: human dignity ◆ US: freedom of expression

Pollicino shaped a new expression talking about digital sovereignty, the so-called: quadrangular geometry of digital powers (Pollicino). The quadrangular geometry of digital powers implies: ● the spatial dimension: cyberspace challenged territorial sovereignty, but states tried to reassert jurisdiction by extending their laws extraterritorially. ● the value dimension: there is no neutral ground because constitutional priorities diverge across legal systems. Digital technologies are never neutral! they always imply a moral choice. This dimension therefore reflects a clash between different legal orders and their underlying values. ● the actor dimension: private platforms now gained so much power that they can exercise para-constitutional functions. Private platforms can shape public thinking, society.. They mediate between legal orders and at the same time they pursue their own commercial interests. ● the remedial dimension: with no effective supranational solutions, courts improvised remedies allowing companies to decide on compliance or producing a normative paralysis. This has strong implications on what we called the balance of powers and the separation power principle, both being foundational parts of the rule of law.

Two fundamental aspects of traditional constitutionalism:

  • Powers limitation
  • Separation of powers 3. Limiting the power – private digital powers The limitation of power is particularly challenged in the digital dimension because digital platforms have undergone a deep transformation: from simple economic actors to real private powers. They have progressively acquired the capacity to shape society and influence public debate, so their power today is not only economic but also political and social, often comparable to — and sometimes competing with — public authority. The core problem is that public and private actors pursue different objectives: public power is oriented towards the general interest, while private actors are driven by private interests, which may conflict with it. This creates a structural tension that constitutional law must address.

Traditional constitutionalism has always expressed the relationship between authority and freedom only in a vertical dimension. In the digital era, the new challenge is designing a new horizontal dimension of that interaction/dialectic. The solution to this challenge implies creating bounds between constitutional law and other branches of law, depending on which type of enforcement is the most efficient and useful in order to limit private powers. Es: It can be an ex ante enforcement, regulating behaviour ex ante, or can be an ex post approach…

It’s not the first ever time that a similar issue emerges: es. sports federations/governing bodies also had big influence in shaping their specific markets.

What is different today different are 2 characteristics of this private power:

  1. In a quantitative perspective , digitalisation is characterised by a huge and unprecedented pervasiveness (capillarisation): : the global influence of companies has no historical comparison. Although similar forms of private power existed in the past, we have never experienced such a wide diffusion and structural presence in everyday life.
  2. In a qualitative perspective , for the first time private actors are dominating a peculiar market: the «market of ideas». This implies that they have the capability to shape public debate, to shape what people currently think… According to Poiares Maduro – F. De Abreu Duarte in 2021: «fostering a large community – similar to a public sphere – is key to the business model».

high fundamental rights protection. Indeed, the EU in the past was mainly focused on economic interests. Only after the Lisbon Treaty (2009) it has become a more integrated sovranational institution.

The internal market and rule of law have two connected objectives of EU integration. But as a legal basis, all EU digital regulation is based on art 114 TFUE.

Lex informatica and lex mercatoria Until recently, the digital environment was largely shaped by forms of private ordering (=rules are created and enforced by private actors instead of the state) notably lex informatica (Lessig 1997; Reidenberg 1998) and the new lex mercatoria. ● Lex informatica refers to technical rules embedded in technological architecture, which structure and regulate interactions between digital actors by design ● The new lex mercatoria , instead, consists of private law norms developed by economic operators through self-regulatory processes, based on contract and contractual autonomy. Together, these mechanisms allowed digital spaces to be governed primarily by private laws integrated with technical rules rather than by public legislation.

Why initially the States and supranational bodies refrained from adopting rules? Basically to promote online economic development. But also in this case we found different motivation in different legal orders:

  • USA wanted to prioritize the dissemination of rules dropped by national corporations (to protect their tech giants)
  • The EU focused on fostering a European digital market as part of the internal market, where the free circulation of data was originally framed as an expression of the fundamental economic freedoms. In this early phase, both the EU and the US introduced substantial exemptions from liability for providers , especially for content moderation(Communications Decency Act; E-commerce directive). So under this model, providers were generally not held responsible for illegal content uploaded by users. The E-commerce Directive is one of the clearest examples of the EU’s initial liberal approach to digital regulation. This regulatory choice significantly empowered private platforms, which progressively came to exercise functions comparable to those of public authorities, leading to their recognition as factual sovereign actors in the digital environment.

From digital liberalism to digital constitutionalism In the late 90s the digital space deeply changed.

  • the crises of globalization,
  • the fragility of an international order based on open markets and self-regulation,
  • global shocks such as pandemics and new wars, and
  • the growing awareness of states’ dependence on private infrastructures and platforms… …all revealed the limits of the liberal model. As a consequence, forms of private ordering such as lex mercatoria and lex informatica — i.e. self-regulatory rules and technical standards — increasingly appeared inadequate to guarantee public accountability, security and democratic legitimacy.

In this context, sovereignty comes to mean the need for public authorities to re-appropriate the “new spaces” of the digital environment, shifting the balance from private law to public law and from contracts to legislation. ● private law vs. public law * ○ The tension between these two dimensions clearly emerges when platform decisions based on contractual terms have constitutional implications for fundamental rights (e.g. freedom of expression). ○ Es: In 2021, Biden won the US election, and Trump published on twitter inciting to violence… his profile was blocked by twitter for violation of contractual terms of twitter. So from a contractual law (private law) perspective, twitter was right: Trump violated the contractual term. But from a constitutional law point of view and as later the Supreme Court ruled… blocking Trump’s account was an unfair limitation of his freedom of speech and expression. ● contracts vs. legislation

But toward 2010, the EU approach to digitalization shifted from digital liberalism to digital constitutionalism.

From digital liberalism to digital constitutionalism: Landmark decision: Google Spain vs. AEPD (CJEU/GC, 2014) The landmark decision in the Google Spain case marked the shift in Europe from digital liberalism to digital constitutionalism. This case highlighted for the first time the importance of data protection, including the right to be forgotten. Moreover, it highlighted the need for the public authorities to limit corporate governance, especially after a long phase in which economic development was prioritised over the protection of fundamental rights. To ensure such limitation, a) the EU chose to adopt regulations rather than directives (es: GDPR, DSA, DMA). Regulations are directly applicable in all Member States and create immediate and consistent rights and obligations, whereas directives are binding only as to the result to be achieved, leaving Member States free to decide the form and methods of implementation. b) Moreover, those regulations focused not only on substantial but also procedural safeguards so as to create bridges with other legal orders! While the EU and the US may have different underlying values, the focus on procedures — such as transparency, due process, accountability and risk-assessment mechanisms — makes dialogue and regulatory convergence possible.

Definition and aim of digital constitutionalism Digital constitutionalism is a strand of scholarship that studies the impact of digital technologies on the rights of individuals in relation to both public and private power (State, public authorities, private companies, tech giants etc.). It was defined by Suzor (2010) as “the work of articulating limits on the exercise of power in a networked society.” Its main aim is to restrain the power of states and tech companies in digital spaces and to integrate constitutional principles — democracy, rule of law and due process — into the technological environment. In this sense, it implies a new social contract between citizens, public authorities and private platforms, since constitutionalism no longer concerns only the vertical relationship between individuals and the state, but also the horizontal dimension involving private power.

LECTURE 3

From the EU perspective: what changed regarding the approach to AI regulation?

DIGITAL TECHNOLOGIES AND AI REGULATION

First approach to cyberspace regulation → J.P. Barlow, Declaration of the Independence of Cyberspace (Davos, 8 February 1996): regulation is absent, innovation is disruptive – freedom from state control. (disruptive = radically changes an existing system, breaking the old rules and structures and creating a new way of doing things) ➔ This declaration was presented at the world economic forum in 1996. It opens like this: “Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather. We have no elected government, nor are we likely to have one, so I address you with no greater authority than that with which liberty itself always speaks. I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear. Governments derive their just powers from the consent of the governed. You have neither solicited nor received ours. We did not invite you. You do not know us, nor do you know our world. Cyberspace does not lie within your borders. Do not think that you can build it, as though it were a public construction project. You cannot. It is an act of nature and it grows itself through our collective actions…..”

In this Declaration we can summarise the great expectations that were put in this new digital era, this cyberspace. So the first approach to cyberspace regulation was an approach in which regulation is completely absent, not even based on very general principles. This means that cyberspace was thought to be completely free from state control. The states and “ government of the industrial world” , have no power in cyberspace, no legitimation there.

This initial approach aimed at fostering economic interest and development. Yet today, the EU perspective has completely changed, from this regulation-free approach to digital constitutionalism. What caused this shift? The shift to digital constitutionalism reflects a broader transformation of the Union itself. ● At the time of the DIRECTIVE 95/46/CE the EU was still strongly focused on economic integration, growth and the internal market; accordingly, data protection was framed mainly in economic terms ● In the GDPR, data protection is no longer framed mainly as an economic tool for the internal market, but as a core fundamental right with a constitutional dimension. with the GDPR the focus shifts from free movement of data → to protection of personal data as a fundamental right.

Let’s briefly summarise the EU approach to digital regulation

1) FIRST PHASE: DIGITAL LIBERALISM, around year 2000 During this first phase, EU legislation on digital technologies was marked by a strong liberal approach. The EU goal was fostering economic interest of the member states and the aim was to create an internal market with no borders (internal market, four fundamental freedoms: free movement of goods, persons, workers, and capitals). At that time, the primary concern was the risk that regulation could undermine the development of a solid digital market (adverse effects both on economy and technology).

A) The First Directive regarding digital technologies: DIRECTIVE 95/46/CE DIRECTIVE 95/46/CE protected personal data introducing the importance of consent to data processing and the requirement of legitimate purposes. HOWEVER, at this time personal data was mainly protected in light of its economic value with the goal was to enable the free movement of such data within the internal market. Already at the end of the 90s it was clear that data had a huge economic value! So DIRECTIVE 95/46/CE did not yet consider the protection of personal data as a core fundamental right linked to democracy and constitutional values.

● art. 1 – Object of the directive «1. In accordance with this Directive, Member States shall protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of personal data.

  1. Member States shall neither restrict nor prohibit the free flow of personal data between Member States for reasons connected with the protection afforded under paragraph 1» ➢ The aim of measures adopted by member States was not the protection itself but the widest data mobility !!!!!!!!!! ● recital 7 confirms this perspective: «[...]the difference in levels of protection of the rights and freedoms of individuals, notably the right to privacy, with regard to the processing of personal data afforded in the Member States may prevent the transmission of such data from the territory of one Member State to that of another Member State; [...]this difference may therefore constitute an obstacle to the pursuit of a number of economic activities at Community level, distort competition and impede authorities in the discharge of their responsibilities under Community law; [...]this difference in levels of protection is due to the existence of a wide variety of national laws, regulations and administrative provisions»

DIRECTIVE 95/46/CE was the first step toward harmonising national data-protection laws, and it preceded the Charter of Fundamental Rights of the European Union (2000), so its logic was still primarily economic rather than rights-based.

NB: Today in the AI era the data processed are huge! and consent is not enough anymore. So the consent-base today is inadequate, but at that time it was important for legitimation for data procession.

Charter of Fundamental Rights of the European Union (2000): ● article 7 of the Charter : Respect for private and family life Everyone has the right to respect for his or her private and family life, home and communications ● article 8 of the Charter : Protection of personal data

  1. Everyone has the right to the protection of personal data concerning him or her.
  2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
  3. Compliance with these rules shall be subject to control by an independent authority.