Explore the vast range of titles available.

Given the foreseeable pervasiveness of artificial intelligence (AI) in modern societies, it is legitimate and necessary to ask the question how this new technology must be shaped to support the maintenance and strengthening of constitutional democracy. This paper first describes the four core elements of today's digital power concentration, which need to be seen in cumulation and which, seen together, are both a threat to democracy and to functioning markets. It then recalls the experience with the lawless Internet and the relationship between technology and the law as it has developed in the Internet economy and the experience with GDPR before it moves on to the key question for AI in democracy, namely which of the challenges of AI can be safely and with good conscience left to ethics, and which challenges of AI need to be addressed by rules which are enforceable and encompass the legitimacy of democratic process, thus laws. The paper closes with a call for a new culture of incorporating the principles of democracy, rule of law and human rights by design in AI and a three-level technological impact assessment for new technologies like AI as a practical way forward for this purpose. This article is part of a theme issue 'Governing artificial intelligence: ethical, legal, and technical opportunities and challenges'.

A massive amount of sensitive personal data is being collected and used by scientists, businesses, and governments. This has led to unprecedented threats to privacy rights and the security of personal data. There are few solutions that empower individuals to provide systematic consent agreements on distinct personal information and control who can collect, access, and use their data for specific purposes and periods. Individuals should be able to delegate consent rights, access consent-related information, and withdraw their given consent at any time. We propose a smart-contract-based dynamic consent management system, backed by blockchain technology, targeting personal data usage under the general data protection regulation. Our user-centric dynamic consent management system allows users to control their personal data collection and consent to its usage throughout the data lifecycle. Transaction history and logs are recorded in a blockchain that provides trusted tamper-proof data provenance, accountability, and traceability. A prototype of our system was designed and implemented to demonstrate its feasibility. The acceptability and reliability of the system were assessed by experimental testing and validation processes. We also analyzed the security and privacy of the system and evaluated its performance.

There is a significant conceptual gap between legal and mathematical thinking around data privacy. The effect is uncertainty as to which technical offerings meet legal standards. This uncertainty is exacerbated by a litany of successful privacy attacks demonstrating that traditional statistical disclosure limitation techniques often fall short of the privacy envisioned by regulators. We define “predicate singling out,” a type of privacy attack intended to capture the concept of singling out appearing in the General Data Protection Regulation (GDPR). An adversary predicate singles out a dataset x using the output of a data-release mechanism M(x) if it finds a predicate p matching exactly one row in x with probability much better than a statistical baseline. A data-release mechanism that precludes such attacks is “secure against predicate singling out” (PSO secure). We argue that PSO security is a mathematical concept with legal consequences. Any data-release mechanism that purports to “render anonymous” personal data under the GDPR must prevent singling out and, hence, must be PSO secure. We analyze the properties of PSO security, showing that it fails to compose. Namely, a combination of more than logarithmically many exact counts, each individually PSO secure, facilitates predicate singling out. Finally, we ask whether differential privacy and k-anonymity are PSO secure. Leveraging a connection to statistical generalization, we show that differential privacy implies PSO security. However, and in contrast with current legal guidance, k-anonymity does not: There exists a simple predicate singling out attack under mild assumptions on the k-anonymizer and the data distribution.

The protection of personal data and religious freedom represent two fundamental rights that can be potentially in conflict in the European Union legal framework. The purpose of this paper is to critically analyze Articles 91 and 17 of the General Data Protection Regulation (GDPR 2016) in order to examine their implications for the exercise of religious freedom in both the personal and the institutional realms. The research employs a comprehensive legal analysis, examining potential interpretations of the articles in the context of the Catholic Church and of Poland. The findings suggest that while Article 91 introduces data protection requirements for religious associations, it does not inherently threaten religious freedom. However, the study highlights significant risks arising from potential misinterpretations of Article 91, particularly regarding the concepts of “comprehensive rules” and “brought into line with” GDPR standards. The same applies to Article 17 and the “right to be forgotten”, whose absolute application can interfere with freedom of religion. The research concludes that careful, nuanced interpretation of the GDPR is crucial to maintaining both personal data protection and religious freedom. The paper ultimately argues that the articles of the GDPR can be understood as a mechanism for safeguarding religious freedom rather than constraining it, provided it is applied regarding the diverse doctrinal principles of different religious organizations.

Data have become an exceptionally valuable resource. In light of the COVID-19 public health emergency, data sharing and the concept of open science has gathered momentum.1 The advantages and disadvantages of open science notwithstanding, a pressing issue for the scientific community to consider – particularly in relation to health research – relates to the de-identification of data, and the impact of the Protection of Personal Information Act 4 of 2013 (POPIA) on research activities in this context. For the purposes of this Commentary, ‘health research’ refers to scientific research designed to learn more about human health with a view to preventing, curing and treating diseases. This type of research invariably requires the use of personal information as defined in POPI .On 23 September 2020, the Academy of Science of South Africa (ASSAf) announced that it would be embarking on a process to facilitate the development of a Code of Conduct for all scientific research activity with a view to submitting this Code to the Information Regulator for approval in July 2021.2 Accordingly, the purpose of this Commentary is to: (1) discuss data de-identification and related concepts; (2) consider how data de-identification applies in the context of scientific practice in South Africa; and (3) consider relevant data de-identification principles in selected relevant foreign jurisdictions.

This work deals with the maintenance of information systems—specifically, with the maintenance of information systems that have a focus on teaching and learning. Depending on the context of an information system, there are different influencing factors for the maintenance of these systems. This work clarifies how the maintenance activities and their influencing factors differ in an information system for teaching and learning from other information systems, or why some influencing factors are particularly more important. The first step is to understand what maintenance means, why there is a need for maintenance, and which maintenance strategies can be used. Finally, the defined factors of influencing the maintenance of information systems for teaching and learning are evaluated during interviews with experts in order to be able to determine their relevance. A further part of this document is the influence of the General Data Protection Regulation (GDPR) guidelines on information systems maintenance, which came into force on May 25, 2018. These guidelines of the GDPR affect a large part of all information systems that process data—in particular, the processing of personal data. The GDPR regulates, among other things, the rights and obligations of data processing.

Information-intensive transformation is vital to realize the Industry 4.0 paradigm, where processes, systems, and people are in a connected environment. Current factories must combine different sources of knowledge with different technological layers. Taking into account data interconnection and information transparency, it is necessary to enhance the existing frameworks. This paper proposes an extension to an existing framework, which enables access to knowledge about the different data sources available, including data from operators. To develop the interoperability principle, a specific proposal to provide a (public and encrypted) data management solution to ensure information transparency is presented, which enables semantic data treatment and provides an appropriate context to allow data fusion. This proposal is designed also considering the Privacy by Design option. As a proof of application case, an implementation was carried out regarding the logistics of the delivery of industrial components in the construction sector, where different stakeholders may benefit from shared knowledge under the proposed architecture.

Since the purchase of Siri by Apple, and its release with the iPhone 4S in 2011, virtual assistants (VAs) have grown in number and popularity. The sophisticated natural language processing and speech recognition employed by VAs enables users to interact with them conversationally, almost as they would with another human. To service user voice requests, VAs transmit large amounts of data to their vendors; these data are processed and stored in the Cloud. The potential data security and privacy issues involved in this process provided the motivation to examine the current state of the art in VA research. In this study, we identify peer-reviewed literature that focuses on security and privacy concerns surrounding these assistants, including current trends in addressing how voice assistants are vulnerable to malicious attacks and worries that the VA is recording without the user’s knowledge or consent. The findings show that not only are these worries manifold, but there is a gap in the current state of the art, and no current literature reviews on the topic exist. This review sheds light on future research directions, such as providing solutions to perform voice authentication without an external device, and the compliance of VAs with privacy regulations.

The collection, storage, and analysis of large data sets are relevant in many sectors. Especially in the medical field, the processing of patient data promises great progress in personalized health care. However, it is strictly regulated, such as by the General Data Protection Regulation (GDPR). These regulations mandate strict data security and data protection and, thus, create major challenges for collecting and using large data sets. Technologies such as federated learning (FL), especially paired with differential privacy (DP) and secure multiparty computation (SMPC), aim to solve these challenges. This scoping review aimed to summarize the current discussion on the legal questions and concerns related to FL systems in medical research. We were particularly interested in whether and to what extent FL applications and training processes are compliant with the GDPR data protection law and whether the use of the aforementioned privacy-enhancing technologies (DP and SMPC) affects this legal compliance. We placed special emphasis on the consequences for medical research and development. We performed a scoping review according to the PRISMA-ScR (Preferred Reporting Items for Systematic Reviews and Meta-Analyses extension for Scoping Reviews). We reviewed articles on Beck-Online, SSRN, ScienceDirect, arXiv, and Google Scholar published in German or English between 2016 and 2022. We examined 4 questions: whether local and global models are \"personal data\" as per the GDPR; what the \"roles\" as defined by the GDPR of various parties in FL are; who controls the data at various stages of the training process; and how, if at all, the use of privacy-enhancing technologies affects these findings. We identified and summarized the findings of 56 relevant publications on FL. Local and likely also global models constitute personal data according to the GDPR. FL strengthens data protection but is still vulnerable to a number of attacks and the possibility of data leakage. These concerns can be successfully addressed through the privacy-enhancing technologies SMPC and DP. Combining FL with SMPC and DP is necessary to fulfill the legal data protection requirements (GDPR) in medical research dealing with personal data. Even though some technical and legal challenges remain, for example, the possibility of successful attacks on the system, combining FL with SMPC and DP creates enough security to satisfy the legal requirements of the GDPR. This combination thereby provides an attractive technical solution for health institutions willing to collaborate without exposing their data to risk. From a legal perspective, the combination provides enough built-in security measures to satisfy data protection requirements, and from a technical perspective, the combination provides secure systems with comparable performance with centralized machine learning applications.

The main objective of this paper is to clarify the importance of explainability in the crop recommendation process and provide insights on how Explainable Artificial Intelligence (XAI) can be incorporated into existing models successfully. The objective is to increase the definition and transparency of the recommendations implemented by AI in smart agriculture, leading to a detailed analysis of the synchronization between crop recommendation systems and XAI that informs decisions as it has sustainable knowledge and practices in modern agriculture. It reviews state-of-the-art XAI techniques such as local interpretable model-agnostic interpretation (LIME), SHapley interpretation additive approach (SHAP), integrated gradients (IG), and level-wise relevance propagation (LRP). It focuses on interpretable models and critical features analysis, and XAI methods are discussed in terms of their applications, critical features, and definitions. The paper found that XAI methods such as LIME and SHAP can make AI-driven crop recommendation systems more transparent and reliable. Graphical techniques such as dependency plots, summary plots, waterfall graphs, and decision plots effectively analyze feature importance. The paper includes counterfactual explanations using dice ml and hearing with advanced techniques combining IG and LRP to provide in-depth narrative model behavior. The novelty of this study lies in a detailed investigation of how XAI can be incorporated into crop recommendation systems to address the “black box” nature of AI models. It uses a unique XAI technique and model approach to make AI-driven recommendations more meaningful and practical for farmers. The proposed systems and techniques are designed to consume agriculture, addressing the specific needs of intelligent systems, making this research a significant contribution to agricultural AI.