














































































Studia grazie alle numerose risorse presenti su Docsity
Guadagna punti aiutando altri studenti oppure acquistali con un piano Premium
Prepara i tuoi esami
Studia grazie alle numerose risorse presenti su Docsity
Prepara i tuoi esami con i documenti condivisi da studenti come te su Docsity
Trova i documenti specifici per gli esami della tua università
Preparati con lezioni e prove svolte basate sui programmi universitari!
Rispondi a reali domande d’esame e scopri la tua preparazione
Riassumi i tuoi documenti, fagli domande, convertili in quiz e mappe concettuali
Studia con prove svolte, tesine e consigli utili
Togliti ogni dubbio leggendo le risposte alle domande fatte da altri studenti come te
Esplora i documenti più scaricati per gli argomenti di studio più popolari
Ottieni i punti per scaricare
Guadagna punti aiutando altri studenti oppure acquistali con un piano Premium
Complete notes: I have integrated the slides with my notes from all the lectures and then organized them to ensure clarity. With these notes, you can aim for the highest grade. CONTENT: Introduction to AI Regulation Digital Society and Its Challenges Introduction to digital constitutionalism EU Approach to Digital Regulation: a) Directive 95/46/EC b) Directive 2000/31/EC c) General Data Protection Regulation (GDPR) d) Digital Services Act (DSA) e) Regulation (EU) 2024/1689 – Artificial Intelligence Act AI Regulation and Disinformation AI Regulation and Discrimination Case Law: a) Cambridge Analytica (2018) b) Amazon algorithmic recruiting (2014–2015) c) COMPAS (2016) d) Delfi v. Estonia (ECtHR, 2015)
Tipologia: Appunti
1 / 86
Questa pagina non è visibile nell’anteprima
Non perderti parti importanti!















































































Prova scritta a domande aperte (3 open questions) 10th April !!! 9th of June probably
In the EU → no big tech companies. So the approach to AI in the EU and US is very different. When did AI emerge? How? We will see a bit of history of AI, and then we will see its transition (especially in last 30years) The EU is the first supranational body to adopt a complete regulation on AI in 2024: the AI Act, the first organic regulation on artificial intelligence. However, this regulation builds on previous EU legislation that was not AI-specific but concerned digital technologies, such as:
For a long time when thinking about AI we thought about sci-fi, about technologies perceived as unrealistic or not yet part of the real world, and about machines replacing humans in everyday activities.
Digital technologies as we know them today are very recent (last 30 years): ● Google and World Wide Web – 1991 → before 1991 no worldwide web !! ● Global Positioning System (GPS) – 2000 ● Facebook – 2004 ● First iPhone, Twitter – 2007 ● Instagram – 2010 ● ChatGPT (OpenAI) – 2022
In everyday life, we constantly interact with data — from communication and collection to classification and utilization — increasingly through AI-connected systems.
In this context, digital is not a tool, it’s an environment. As Floridi said in The Online Manifesto , we live “onlife” because we are not anymore capable to switch on / off the online connections, so there is not anymore a difference between the online and offline life ( The Onlife Manifesto , Floridi, 2014). As a result, it is not anymore a matter of gathering the capability to master and learn how to use technology, but it is about achieving a way to live in it.
➢ It is not something we should learn to master, but to live in.
Onlife can have many pros (opportunities to connect, overcome space and distance…) but also many criticalities.
In the “onlife” there is no territory, no borders, no distinction between public or private, and time and space are limitless, in the sense that at no point the online is shut off.
From a constitutional point of view, the focus has always been the relationships between individuals and others in their interaction with public power. Within this framework, constitutionalism focuses on two core elements: the protection of fundamental rights and the limitation of public power. But the onlife is not governed by the public-state power, rather, the bodies and companies holding the power are private! google, amazon… are private bodies.
Moreover, from constitutional point of view the society relationship (between individual and public bodies) have always been regulated by intermediate social bodies like schools, religious bodies, political partes… This is a base of constitutionalism as we know it. But after the technology breakout, we experienced a reintermediation: the new intermediate social bodies are no longer schools, ecc but online platforms. The problem is that online platforms are private, and lack visible status. For this reason they are characterised by opacity rather than transparency, which is undermining the democratic values. The task is therefore to rethink the rules to which these platforms are subject to ensure the usual protection of democratic values, in particular, the focus remains the same: a) Protection of fundamental rights b) Limitation of power
So when studying AI regulation, the questions that we pose are the same. Different context, same questions. So we won't only wonder what AI regulation is, but most of all why we need AI regulation? This is important because we will see that in the first 10 / 15 years in which AI emerged and represented the greatest achievement of technologies… in some places and especially in the US, the first approach was NOT to regulate AI and technology. It was adopted a liberal approach: no rules, because it was functional to create a wider market. In this perspective it is interesting asking not only what AI regulation is but why we need it?
Summarised: → it’s not only a matter of capabilities but of achieving a way to live in it → the onlife is a space with no territory, no borders, neither public nor private, where time and space are limitless → technology breakout lead to the disruption of traditional intermediate social bodies: re-intermediation by online platforms (but they lack visible statutes)
An example of what AI can achieve: ImageNet Challenge (2010–) in visual recognition ● 14 mln images described in their contents ● From 2012 we experienced the so-called “superhuman performance” → machines have surpassed humans in recognizing image contents
From 2010 among many research institutes, was conducted the ImageNet Challenge, about visual recognition. There was a huge database of more or less 14mln images described in their contents. Machines overcame humans in recognizing images’ contents, in both precision, timing ecc. Machines are not perfect but Ai has been trained and has achieved astonishing results. So much so that from 2012 in the ImageNet challenge we experienced the so-called “superhuman performance”.
From a constitutional perspective , the main challenge is that democratic societies are traditionally built on the principle of personalism / personalist perspective. The fact that the human factor is completely missing is challenging for constitutional law. The principle of personalism focuses on the person which is not only an individual but an individual in its relationship with other individuals. In the Italian constitution this vision is embedded in article 2, that gives value to persons, not the individual. This is a characteristic of our European democratic societies. As opposed to the US, where one of the so called foundational myths of US culture is the self made man, the man that does not need any other. So they focus more on the individual. This difference directly affects how AI is regulated:
Digital / AI regulation will be considered mainly from the EU perspective (with a brief overview of other approaches).
We must take into account the non-neutrality of the digital ecosystem , and of AI in particular. It is not something positive or negative; it is simply a technical feature. This means that AI building reflects moral implications and value choices both in design and in databases used for machine learning. These choices affect and shape the output.
Why is digital / AI regulation so important from a constitutional perspective? The core issue is not simply settling (constitutional) rules for digital technologies and their possible disruptive impact, but rather regulating already existing questions reshaped by processes of digitalization. Here we have the same questions we always had as constitutional scholars (how to limit power? How to protect fundamental rights?) but now they have to be reshaped by the process of digitalisation. Digitalisation brings us to reshape the traditional constitutional issues and questions.
When focusing on the interaction between automation technologies and democratic values , we need to take into account that not every legal system prioritizes the same values!! ➢ In the USA constitutionalism , the core value is undoubtedly freedom (especially freedom of expression, according to the First Amendment ). So, in the US many platform regulations imply that freedom of expression prevails on the truth of the news spread / content spread. ➢ The EU is rather built on the values of human dignity and solidarity (and specifically on data protection in the technological framework). This reflects in prioritising the fundamental right protection (and data protection). The approaches are very different. This is why digital regulation is not the same in every legal system and does not pursue the exact same goals everywhere. Therefore, the goal is not only good regulation, but also fostering dialogue between different geopolitical systems : not building fortresses, but bridges.
Some examples of recent regulation on digital technologies and AI at a global level : ● 2024, EU Artificial Intelligence Act (AIA) → Regulation No. 2024/1689. This is the most recent one. The first general regulation on artificial intelligence. It is very different in its content from what we can expect because it does not give many clear definitions. But it is the approach that is important. We will see that the important part of this regulation is that it analyzes AI according to its risks. So it is one of the risk based-regulations (like the GDPR, which is the antecedent regulation). ● 2024, EU Council of Europe Framework Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law This is another important regulation. It is the first ever binding regulation for all the signature countries. ● 2023 Bletchley Declaration (London) → international cooperation approach in governance strategies. In 2023 there was already an international act, signed in London and it was an act signed by many countries. Yet, this was still a soft law, not binding. The difference is that soft law just fixes some important benchmarks but does not connect transactions to violations. ● 2023, USA Executive Order of President Biden marking the transition from a self-regulation to a co-regulation approach in the AI sector. Until 2023 the US approach to AI and digital technology was letting platforms and private bodies have self regulation, decide themselves which norms to apply to the AI system and digital systems. For the first time in 2023, even in the US the approach to digital technologies shifted from self regulation to a co-regulation approach- so the public and private together set the norms in the AI sector !!!!!!
Back to the roots of AI history : The AI debate starts in the 1950s.
Artificial Intelligence ● 1950 : The famous paper Computing Machinery and Intelligence by Alan Turing was first published. He described the “imitation game” , a test to measure machines’ capability to “think”. According to this paper, if the interlocutor cannot be sure if what is reading / listening is produced by human or machine, the machine has accomplished its task of imitation game. So it is a test to measure machine capability to think. → The first to think about AI was Alan Turing!
In 1955 another important milestone, the publishing of: Dartmouth Summer Research Project on Artificial Intelligence. For the first time, the term “artificial intelligence” was used to identify computer capability to: ○ carry out tasks automatically ○ learn and improve ○ be creative ○ replicate artificial neural networks (replicate how our brain can relate issues and subjects one to another).
This is the first time we see the term artificial intelligence.
To create the most efficient behavior imitation or replication there are two approaches: A. Top-down approach → Symbolic AI ● Explainable / algorithm-based ● Predominant until the late 1980s ● Based on logical-formal representations and deductive rules with predefined data and instructions. ● Possible complexities with this approach : ○ difficulty in constructing complete instruction sets ○ symbol grounding problem → how wide should the dataset be? To give a complete set of instructions? How wide is the set of instructions to be considered complete? B. Bottom-up approach → Sub-symbolic AI (proper AI / black box) ● Connectionist approach, related to statistics and inferential mechanisms ● Extracts rules directly from vast datasets ● This is possible because it is based on neural network architectures. So it infers itself the rules of the task to accomplish. ● Criticalities : ○ black box problem: the opacity !! so the rules underlying data processing and outputs are often obscure to human comprehension. So we do not know how we get the output from the machines! → Paradigm shift: from teaching machines rules to letting machines discover patterns in data. → Example: multi-layered neural networks used to recognize text, images, and sounds (e.g. content moderation).
The shift from symbolic AI to sub-symbolic AI represents a major transformation in how machines operate. Instead of following explicit rules, sub-symbolic AI processes vast amounts of data to identify patterns autonomously. This requires highly complex systems based on multilayered neural networks , rather than simple rule-based models.
Sub-symbolic AI is particularly relevant for content moderation on digital platforms , where systems must decide whether text, images, or audio should be removed or allowed. Such decisions are especially challenging because meaning is often context-dependent : symbols, images, or expressions may be used ironically or to convey meanings opposite to their literal content. As a result, automated moderation systems must be trained to recognize these differences.
Art. 3, EU AI Act (Regulation No. 1689/2024) : “AI system” means a machine-based system designed to operate with varying levels of autonomy, that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers from input how to generate outputs such as predictions, content, recommendations, or decisions influencing physical or virtual environments. → Sub-symbolic model !!!
So it is flexible! It infers from inputs how to generate output. Not simply given instructions, but letting it learn from the dataset the rules on which it has to work.
Sub-symbolic AI automatically infers patterns and rules from datasets through machine learning.
Three approaches to machine learning:
Deep learning : is a specialized branch of machine learning that uses multi-layered neural networks especially useful for processing raw data (images, sound, text) at high levels of abstraction, imitating the complexity of human brain structures to solve complex problems.
One type of deep learning is the Natural language processing (NLP) which is used to create AI systems able to analyze and understand human language (fundamental for automathized content moderation governance but also for online support, customer service etc.)
Another important definition is the one of the general-purpose AI
Foundation models Foundation models (also called general-purpose AI systems, GPAI) are AI models trained on very large datasets using self-supervised learning and transfer-learning capabilities among activities. Because of transfer learning, the knowledge acquired during this large-scale training can be reused and adapted for many different activities. As a result, foundation models can be adapted to perform many different tasks. e.g. GPT-3, GPT-4 (OpenAI)
Art. 3 AI Act (63): “‘general-purpose AI model’ means an AI model, including where such an AI model is trained with a large amount of data using self-supervision at scale, that displays significant generality and is capable of competently performing a wide range of distinct tasks regardless of the way the model is placed on the market and that can be integrated into a variety of downstream systems or applications, except AI models that are used for research, development or prototyping activities before they are placed on the market.” → two risk levels → foundational models can be used for Generative AI purposes NB: generative AI is a paradigm shift where AI moves from analyzing data to creating new content , including text, high-resolution images, video, and audio — from foreseeing next word or next pixel not by understanding context/content BUT by calculating its probability (= like the filling-the-gaps exercises). ➢ In generative AI the focus is : content creation
Large Language Models (LLM) These LLM are advanced systems designed to predict and generate human-like natural language by processing vast linguistic contexts and patterns. → here the focus is the creation of a natural language. ➢ Chatgpt is not just accomplishing the task, but is referring to you with emoji… good afternoon… natural language. It is producing as much natural language as possible.
Today we analyze how constitutionalism and democracy reshaped to cope with digital technologies.
Framework of digital technologies and AI – constitutional relevance:
These are the main elements of constitutionalism.
In traditional constitutional theory, sovereignty is linked to a defined physical territory, because state power can be exercised only within clear geographic borders. The Internet, however, is a new realm that has no specific borders. Therefore, it becomes difficult to determine how sovereignty can be defined and applied in the digital environment.
On top of this, digital technology enables new forms of power. Alongside traditional public power (states, institutions), there are transnational private actors (market actors, mostly platform providers or big techs) and technological systems (mediation).
The other question is: if fundamental rights are threatened by private actors, what can we expect from the government? Which responsibility can we put on the government?
Also we need to wonder: what is the interaction between value and digital technology? Is it digital technology shaping the value of a society or also the other way around?
1. Digital sovereignty The first time we found this expression: “digital sovereignty” was in the State of the Union (2020), a paper that the president of the EU, Von der Leyern, addresses to Member States and EU citizens : «it is about Europe’s digital sovereignty, on a small and large scale» ➢ telematic relations are detached from physical territories !! The problem is not only theoretical. From the EU perspective — in both the GDPR and the AI Act — the applicable rules are determined by the effects produced , not by where the service is provided or where the provider is established. In other words, jurisdiction (sovereignty) is based on the impact on individuals and the market. This effect-based approach allows the EU to extend the application of its norms in a borderless realm.
Sovereignty is one of the 3 characteristics (together with population and territory) that shape a state. Sovereignty traditionally means the de facto and de jure power of a state over a defined territory , that is, the authority to control a given space, regulate the activities taking place within it, decide who can enter, and exercise public powers (Zeno-Zencovich). This idea of sovereignty does not fit the digital environment, because online spaces are not geographically bounded and no single authority has exclusive control over them. For this reason, sovereignty in the digital age is reinterpreted (as Floridi suggests) not as absolute territorial control, but as a distributed, dynamic and relational form of power, control over digital affairs broadly conceived.
Also, digital affairs deeply affect fundamental rights, so digital sovereignty cannot be considered an isolated concept! It must be read together with digital constitutionalism. The aim of constitutionalism is mainly to protect fundamental rights and to limit power. So, digital sovereignty from a digital constitutionalism perspective is about a new set of fundamental digital rights, a new set of public powers designed to place effective limitations on the exercise of digital power. ➔ In this sense, digital constitutionalism can be understood as a “constellation of initiatives to articulate a set of political rights, governance norms, and limitations on the exercise of power on the internet ” (Gill, Redeker, Gasser).
Digital sovereignty as a plural field Digital sovereignty is a plural field, where political, legal and technological claims intersect and compete for legitimacy. The questions related to digital sovereignty in constitutional perspective are: ● Who sets the rules for the digital environment? ● At what level of governance? (should rules be set by national, supranational authorities…?) ● according to which principles and values? …. If you think about it, at the dawn of the EU the main objective that the treaties were trying to pursue was to have an internal market free of barriers. So it was an EU founded on economic values mostly. Now the perspective changed.
Different approaches to it in different environments:
from the US, and this approach allows empowerment of these technological actors.
2. Extraterritorial projection Digital sovereignty compared to traditional sovereignty presents a new specific feature. It is invoked: ● to ensure defence against external interference (control over natural and digital space) → traditional logic extended to the digital realm. ● to extend rules and fundamental rights beyond national borders so that they continue to apply to its citizens = «extraterritorial projection» Important case law : CJEU Digital Rights Ireland (2006)
Similar questions arise with regard to the extraterritorial effects of the GDPR and the AI Act (the so-called Brussels effect, i.e. the capacity of EU regulation to influence the choices of other legal systems). The EU aims to set regulatory standards that are followed beyond its borders. However, the AI Act — more than data protection law — encounters obstacles in achieving the same extraterritorial impact, due to the existence of alternative global models (notably the US and China). While data protection is a concept more relatable also in other legal orders, in the field of AI it is more difficult to build bridges among different legal orders. For this reason, the EU and the US are more likely to find common ground on AI regulation when the focus is on procedural rules rather than on substantive rules.
With regard to AI, it is important to recall:
Criticalities There is an irreducible tension between territorially bounded laws and borderless architecture of the internet. A paradigmatic example is the Yahoo! case (2000). ➔ In 2000, French courts ordered Yahoo! to prevent users located in France from accessing auctions of Nazi memorabilia hosted on its US-based platform, applying French criminal prohibitions on hate speech and Holocaust denial. So, although the service was lawful in the United States, the French court required the company to comply because the content was accessible from French territory. ➔ A US court later refused to enforce the French judgment, holding that such compliance would violate the First Amendment protection of freedom of expression. This landmark case clearly illustrates both the jurisdictional conflict created by the internet and the underlying clash of constitutional values between different legal systems: ◆ EU: human dignity ◆ US: freedom of expression
Pollicino shaped a new expression talking about digital sovereignty, the so-called: quadrangular geometry of digital powers (Pollicino). The quadrangular geometry of digital powers implies: ● the spatial dimension: cyberspace challenged territorial sovereignty, but states tried to reassert jurisdiction by extending their laws extraterritorially. ● the value dimension: there is no neutral ground because constitutional priorities diverge across legal systems. Digital technologies are never neutral! they always imply a moral choice. This dimension therefore reflects a clash between different legal orders and their underlying values. ● the actor dimension: private platforms now gained so much power that they can exercise para-constitutional functions. Private platforms can shape public thinking, society.. They mediate between legal orders and at the same time they pursue their own commercial interests. ● the remedial dimension: with no effective supranational solutions, courts improvised remedies allowing companies to decide on compliance or producing a normative paralysis. This has strong implications on what we called the balance of powers and the separation power principle, both being foundational parts of the rule of law.
Two fundamental aspects of traditional constitutionalism:
Traditional constitutionalism has always expressed the relationship between authority and freedom only in a vertical dimension. In the digital era, the new challenge is designing a new horizontal dimension of that interaction/dialectic. The solution to this challenge implies creating bounds between constitutional law and other branches of law, depending on which type of enforcement is the most efficient and useful in order to limit private powers. Es: It can be an ex ante enforcement, regulating behaviour ex ante, or can be an ex post approach…
It’s not the first ever time that a similar issue emerges: es. sports federations/governing bodies also had big influence in shaping their specific markets.
What is different today different are 2 characteristics of this private power:
high fundamental rights protection. Indeed, the EU in the past was mainly focused on economic interests. Only after the Lisbon Treaty (2009) it has become a more integrated sovranational institution.
The internal market and rule of law have two connected objectives of EU integration. But as a legal basis, all EU digital regulation is based on art 114 TFUE.
Lex informatica and lex mercatoria Until recently, the digital environment was largely shaped by forms of private ordering (=rules are created and enforced by private actors instead of the state) notably lex informatica (Lessig 1997; Reidenberg 1998) and the new lex mercatoria. ● Lex informatica refers to technical rules embedded in technological architecture, which structure and regulate interactions between digital actors by design ● The new lex mercatoria , instead, consists of private law norms developed by economic operators through self-regulatory processes, based on contract and contractual autonomy. Together, these mechanisms allowed digital spaces to be governed primarily by private laws integrated with technical rules rather than by public legislation.
Why initially the States and supranational bodies refrained from adopting rules? Basically to promote online economic development. But also in this case we found different motivation in different legal orders:
From digital liberalism to digital constitutionalism In the late 90s the digital space deeply changed.
In this context, sovereignty comes to mean the need for public authorities to re-appropriate the “new spaces” of the digital environment, shifting the balance from private law to public law and from contracts to legislation. ● private law vs. public law * ○ The tension between these two dimensions clearly emerges when platform decisions based on contractual terms have constitutional implications for fundamental rights (e.g. freedom of expression). ○ Es: In 2021, Biden won the US election, and Trump published on twitter inciting to violence… his profile was blocked by twitter for violation of contractual terms of twitter. So from a contractual law (private law) perspective, twitter was right: Trump violated the contractual term. But from a constitutional law point of view and as later the Supreme Court ruled… blocking Trump’s account was an unfair limitation of his freedom of speech and expression. ● contracts vs. legislation
But toward 2010, the EU approach to digitalization shifted from digital liberalism to digital constitutionalism.
From digital liberalism to digital constitutionalism: Landmark decision: Google Spain vs. AEPD (CJEU/GC, 2014) The landmark decision in the Google Spain case marked the shift in Europe from digital liberalism to digital constitutionalism. This case highlighted for the first time the importance of data protection, including the right to be forgotten. Moreover, it highlighted the need for the public authorities to limit corporate governance, especially after a long phase in which economic development was prioritised over the protection of fundamental rights. To ensure such limitation, a) the EU chose to adopt regulations rather than directives (es: GDPR, DSA, DMA). Regulations are directly applicable in all Member States and create immediate and consistent rights and obligations, whereas directives are binding only as to the result to be achieved, leaving Member States free to decide the form and methods of implementation. b) Moreover, those regulations focused not only on substantial but also procedural safeguards so as to create bridges with other legal orders! While the EU and the US may have different underlying values, the focus on procedures — such as transparency, due process, accountability and risk-assessment mechanisms — makes dialogue and regulatory convergence possible.
Definition and aim of digital constitutionalism Digital constitutionalism is a strand of scholarship that studies the impact of digital technologies on the rights of individuals in relation to both public and private power (State, public authorities, private companies, tech giants etc.). It was defined by Suzor (2010) as “the work of articulating limits on the exercise of power in a networked society.” Its main aim is to restrain the power of states and tech companies in digital spaces and to integrate constitutional principles — democracy, rule of law and due process — into the technological environment. In this sense, it implies a new social contract between citizens, public authorities and private platforms, since constitutionalism no longer concerns only the vertical relationship between individuals and the state, but also the horizontal dimension involving private power.
From the EU perspective: what changed regarding the approach to AI regulation?
First approach to cyberspace regulation → J.P. Barlow, Declaration of the Independence of Cyberspace (Davos, 8 February 1996): regulation is absent, innovation is disruptive – freedom from state control. (disruptive = radically changes an existing system, breaking the old rules and structures and creating a new way of doing things) ➔ This declaration was presented at the world economic forum in 1996. It opens like this: “Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather. We have no elected government, nor are we likely to have one, so I address you with no greater authority than that with which liberty itself always speaks. I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear. Governments derive their just powers from the consent of the governed. You have neither solicited nor received ours. We did not invite you. You do not know us, nor do you know our world. Cyberspace does not lie within your borders. Do not think that you can build it, as though it were a public construction project. You cannot. It is an act of nature and it grows itself through our collective actions…..”
In this Declaration we can summarise the great expectations that were put in this new digital era, this cyberspace. So the first approach to cyberspace regulation was an approach in which regulation is completely absent, not even based on very general principles. This means that cyberspace was thought to be completely free from state control. The states and “ government of the industrial world” , have no power in cyberspace, no legitimation there.
This initial approach aimed at fostering economic interest and development. Yet today, the EU perspective has completely changed, from this regulation-free approach to digital constitutionalism. What caused this shift? The shift to digital constitutionalism reflects a broader transformation of the Union itself. ● At the time of the DIRECTIVE 95/46/CE the EU was still strongly focused on economic integration, growth and the internal market; accordingly, data protection was framed mainly in economic terms ● In the GDPR, data protection is no longer framed mainly as an economic tool for the internal market, but as a core fundamental right with a constitutional dimension. with the GDPR the focus shifts from free movement of data → to protection of personal data as a fundamental right.
Let’s briefly summarise the EU approach to digital regulation
1) FIRST PHASE: DIGITAL LIBERALISM, around year 2000 During this first phase, EU legislation on digital technologies was marked by a strong liberal approach. The EU goal was fostering economic interest of the member states and the aim was to create an internal market with no borders (internal market, four fundamental freedoms: free movement of goods, persons, workers, and capitals). At that time, the primary concern was the risk that regulation could undermine the development of a solid digital market (adverse effects both on economy and technology).
A) The First Directive regarding digital technologies: DIRECTIVE 95/46/CE DIRECTIVE 95/46/CE protected personal data introducing the importance of consent to data processing and the requirement of legitimate purposes. HOWEVER, at this time personal data was mainly protected in light of its economic value with the goal was to enable the free movement of such data within the internal market. Already at the end of the 90s it was clear that data had a huge economic value! So DIRECTIVE 95/46/CE did not yet consider the protection of personal data as a core fundamental right linked to democracy and constitutional values.
● art. 1 – Object of the directive «1. In accordance with this Directive, Member States shall protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of personal data.
DIRECTIVE 95/46/CE was the first step toward harmonising national data-protection laws, and it preceded the Charter of Fundamental Rights of the European Union (2000), so its logic was still primarily economic rather than rights-based.
NB: Today in the AI era the data processed are huge! and consent is not enough anymore. So the consent-base today is inadequate, but at that time it was important for legitimation for data procession.
Charter of Fundamental Rights of the European Union (2000): ● article 7 of the Charter : Respect for private and family life Everyone has the right to respect for his or her private and family life, home and communications ● article 8 of the Charter : Protection of personal data