Technology and Regulation

A growing body of literature discusses the impact of machine-learning algorithms on regulatory processes. This paper contributes to the predomi- nantly legal and technological literature by using a sociological-institutional perspective to identify nine organisational challenges for using algorithms in regulatory practice. Firstly, this paper identifies three forms of algorithms and regulation: regulation of algorithms, regulation through algorithms, and regulation of algorithms through algorithms. Secondly, we identify nine organisational challenges for regulation of and through algorithms based on literature analysis and empirical examples from Dutch regulatory agencies. Finally, we indicate what kind of institutional work regulatory agencies need to carry out to overcome the challenges and to develop an algorithmic regu- latory practice, which calls for future empirical research.

On 2 February 2022, the Belgian Data Protection Authority handed down a decision concerning IAB Europe and its Transparency and Consent Framework (TCF), a system designed to facilitate compliance of real-time bidding (RTB), a widespread online advertising approach, with the GDPR. Here, we summarise and analyse this large, complex case. We argue that by characterising IAB Europe as a joint controller with RTB actors, this important decision gives DPAs an agreed-upon blueprint to deal with a structurally difficult enforcement challenge. Furthermore, under the DPA’s simple-looking remedial orders are deep technical and organisational tensions. We analyse these “impossible asks”, concluding that absent a fundamental change to RTB, IAB Europe will be unable to adapt the TCF to bring RTB into compliance with the decision.

Wastewater analysis and surveillance are well-established practices whose use has dramatically expanded during the COVID-19 pandemic. In this article, we argue that the extraction of diverse types of data from wastewater is part of the larger phenomenon of ‘datafication’. We explore the evolving technologies and uses of wastewater data and argue that there are insufficient legal and ethical frameworks in place to properly govern them. We begin with an overview of the different pur- poses for wastewater data analyses as well as the location and scale of collection. We then consider legal and ethical principles and oversight frameworks that shape current approaches to wastewater collection. After situating wastewater collection within its particular civic context, we argue in favour of greater engagement with legal and ethical issues and propose doing so through a civic perspective. Our paper concludes with a discussion of the normative shifts that are needed and how we might achieve these.

EU regulatory initiatives on technology-related topics has spiked over the past few years. On the basis of its Priorities Programme 2019-2024, while creating “Europe fit for the Digital Age”, the EU Commission has been busy releasing new texts aimed at regulating a number of technology topics, including, among others, data uses, online platforms, cybersecurity, or artificial intelligence. This paper identifies three basic phenomena common to all, or most, EU new technology-relevant regulatory initiatives, namely (a) “act-ification”, (b) “GDPR mimesis”, and (c) “regulatory brutality”. These phenomena divulge new-found confidence on the part of the EU technology legislator, who has by now asserted for itself the right to form policy options and create new rules in the field for all of Europe. These three phenomena serve as indicators or early signs of a new European technology law-making paradigm that by now seems ready to emerge.

The article addresses human rights requirements for person-based predictive policing. It looks into human rights standards, as elaborated in the selected European Court of Human Rights case law on creating police databases, watchlists and registries, and the police’s use of new technologies. The article argues that in the case of new technologies deployed by law enforcement the availability of evidence on the effectiveness and accuracy of a given method should be essential to assess that an interference with a human right using this technology is ‘necessary in a democratic society’. The article notes that the Court’s unwillingness to assess the claims about the utility of technology critically might suggest that its evaluation of human rights compliance of person-based predictive policing and other experimental technologies would suffer from a severe blind spot.

This paper investigates the practice of algorithmic price discrimination with a view to determining its impact on markets and society and making a possible plea for regulation. Online market players are gradually gaining the capacity to adapt prices dynamically based on knowledge generated through vast amounts of data, so that, theoretically, every individual consumer can be charged the maximum price he or she is willing to pay. The article discusses the downsides of data-driven price discrimination. It considers the extent to which such downsides are mitigated by European Union law, and what role remains for national provisions and consumer-empowering technologies. We find that the existing EU provisions address price discrimination only marginally and that full harmonisation, a goal pursued through many acts regulating consumer markets, restricts the Member States’ margin for independent legislation. Accordingly, consumer protection against algorithmic pricing may rely, in practice, on consumer-empowering technologies and initiatives. We investigate the implications of this state of affairs, arguing that an unbalanced “digital arms race” between the use of algorithms as market devices on the one hand, and their use as consumer protection tools on the other, does not ensure consumer protection. Based on these findings, we advance a claim for regulation which pursues two main goals: first, to make the race more balanced by strengthening the digital tools available to consumer protection actors and, second, to limit the battlefield by clarifying and refining the applicable rules and defining clearer categories of impermissible behaviours.

This special issue tackles the question of whether and how data shapes private law. The development of new technologies enabled the generation, collection and processing of both personal and non-personal data on an unprecedented scale. The implications

of this phenomenon for private law are threefold. One, how does data affect our understanding of technology regulation in private law relationships? Two, how does data affect the way in which private law is applied? Three, what is the role of data in the design of law from a public policy perspective that transcends doctrinal considerations relating to private law?