IDP Conference 2017

Virt-EU will take part to the 13th IDP Conference with an ad-hoc panel to present its first results

Managing Risk in the Digital Society will be the central theme of the 13th International Conference on Internet, Law & Politics (Barcelona, 29-30 June 2017).

Since the 1990s, the concept of risk society has deeply penetrated many fields of the social sciences and humanities. From law and political science, the Risk Society has been a concept that has channelled the analysis of risks inherent in contemporary society and how they are regulated. With the emergence of the new information and communication technologies there has been a profound change in this risk society. ICT are closely related to risk, as they are both generators of risks and a means of avoiding them. Thus, the challenge facing us is to manage the risks inherent in the digital era.

Virt-EU panel: Privacy, ethical and social impact assessment of risks in data processing

On the basis of the first results of the H2020 VIRT-EU project (Values and ethics in Innovation for Responsible Technology in Europe), the panel considers the adoption of a multiple risk assessment in data processing. In this light, the panelists discuss the different elements of PESIA (Privacy, Ethical, and Social Impact Assessment), which is a new framework for risk assessment that intends to secure a place for societal concerns in the generation of new technologies.

Taking into account the ethical and social dimension of data processing, the PESIA framework goes beyond the traditional privacy impact assessment. This assessment procedure engages the different societal stakeholders and ensures a digital future where innovative devices and services are aligned with the ethical and social values held by EU citizens and communities.

Talks Abstracts

The Privacy, Ethical and Social Impact Assessment (PESIA)
Alessandro ManteleroProfessor of Private Law and Innovation and International Transactions Law – Politecnico di Torino, Moderator

In terms of risk management with regard to data protection, the H2020 Virt-EU project aims to outline a new assessment procedure called PESIA (Privacy, Ethical and Social Impact Assessment). This is a multiple and participatory risk-assessment procedure where the potential negative outcomes of data processing are not only measured in terms of information protection, but also encompass the societal consequences of data uses and their impact on the application of ethical values.

This talk presents a first outline of the constitutive elements of the PESIA model and the challenges that should be addressed in developing an assessment procedure that takes into account ethical and societal values.

Locating Ethics in the Internet of Things
Irina ShklovskiAssociate Professor – IT University of Copenhagen, Co-Editor Big Data & Society Journal

IoT devices promise efficiency and seamless integration of technology into even the most mundane daily practices. What is often overlooked is that these mundane practices are also incredibly intimate and the risk of exposure from poor technological data practices increases exponentially.

The behavior of IoT devices can reflect not only the technical prowess but also the moral reasoning of their creators. As data-intensive sensor-based technologies enter the most intimate of spaces, how are we to ensure that these devices act ethically? After all, ethical reasoning as well as discussions of security and privacy compliance must happen at the point of design and development decisions rather than at the end of the development process. I will offer a discussion of common ethical concerns in IoT products and services. The talk will consider questions such as: At what stage do and should ethical questions arise? What are the sites of discussion for ethics, and what techniques or tools are currently available to facilitate ethical deliberation about IoT

Outsourcing the construction of citizenship: Ethical risks of the “Smart Open Data City”
Alison Powell, Assistant Professor and Programme Director of the MSc in Media and Communication, Data & Society – London School of Economics and Political Science

The data-based smart city has historical antecedents located in state control of populations through the collection of management of information. In the techno-centric vision of the smart city oriented around the transformation of elements of everyday existence into data, collecting data at large scale creates the possibility and necessity for large-scale infrastructures to support its storage and processing. These infrastructures remove the processing of data from the sphere of influence of the state. Even for local governments, moving to a data-enhanced version of the smart city implicates a shift in the nature of administrative power. When we compare this with the shift in power towards privatization of public assets as illustrated by the corporate influence in providing internet access, the power relationships in the data city are different. The separation of influence is no longer between control of infrastructure and access to it in order to share knowledge. Instead, outsourcing data storage and processing separates administrative control and operations. Data intermediaries have administrative control; local governments within such ‘smart cities’ have power that is increasingly funneled into the operation of services. This talk outlines this shift and its ethical consequences, identifying challenges in particular for the notions of privacy both individual and collective, and to the possibility of civic action under these conditions.

Ethics and compliance in European data protection
Javier Ruiz Diaz, Open Rights Group, Policy Director

The General Data Protection Regulation coming into force in 2018 is mainly perceived in terms of compliance. In this sense, the stricter requirements for accountability, such as knowing your data, the bases for processing or the obtention of consent are described as procedural mechanisms to avoid getting into trouble. However, the GDPR also contains many references to processes of consideration, where the data controller must make a judgement call. These range from determining whether data is pseudonymous to the implementation of Data Protection by Design. These exercises require an ethical approach beyond minimal compliance in order to be effective. Unfortunately, the GDPR does not provide enough support for the implementation of these decision processes and requires supplementary methodologies.