Mil, J. van, Quintais, J. A Matter of (Joint) control? Virtual assistants and the general data protection regulation In: Computer Law & Security Review, vol. 45, 2022. @article{nokey,
title = {A Matter of (Joint) control? Virtual assistants and the general data protection regulation},
author = {Mil, J. van and Quintais, J.},
doi = {https://doi.org/10.1016/j.clsr.2022.105689},
year = {2022},
date = {2022-06-16},
journal = {Computer Law \& Security Review},
volume = {45},
abstract = {This article provides an overview and critical examination of the rules for determining who qualifies as controller or joint controller under the General Data Protection Regulation. Using Google Assistant \textendash an artificial intelligence-driven virtual assistant \textendash as a case study, we argue that these rules are overreaching and difficult to apply in the present-day information society and Internet of Things environments. First, as a consequence of recent developments in case law and supervisory guidance, these rules lead to a complex and ambiguous test to determine (joint) control. Second, due to advances in technological applications and business models, it is increasingly challenging to apply such rules to contemporary processing operations. In particular, as illustrated by the Google Assistant, individuals will likely be qualified as joint controllers, together with Google and also third-party developers, for at least the collection and possible transmission of other individuals’ personal data via the virtual assistant. Third, we identify follow-on issues relating to the apportionment of responsibilities between joint controllers and the effective and complete protection of data subjects. We conclude by questioning whether the framework for determining who qualifies as controller or joint controller is future-proof and normatively desirable.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This article provides an overview and critical examination of the rules for determining who qualifies as controller or joint controller under the General Data Protection Regulation. Using Google Assistant – an artificial intelligence-driven virtual assistant – as a case study, we argue that these rules are overreaching and difficult to apply in the present-day information society and Internet of Things environments. First, as a consequence of recent developments in case law and supervisory guidance, these rules lead to a complex and ambiguous test to determine (joint) control. Second, due to advances in technological applications and business models, it is increasingly challenging to apply such rules to contemporary processing operations. In particular, as illustrated by the Google Assistant, individuals will likely be qualified as joint controllers, together with Google and also third-party developers, for at least the collection and possible transmission of other individuals’ personal data via the virtual assistant. Third, we identify follow-on issues relating to the apportionment of responsibilities between joint controllers and the effective and complete protection of data subjects. We conclude by questioning whether the framework for determining who qualifies as controller or joint controller is future-proof and normatively desirable. |
Bouchè, G., Eskens, S., Helberger, N., Mil, J. van, Strycharz, J., Toh, J., van Hoboken, J. Conditions for technological solutions in a COVID-19 exit strategy, with particular focus on the legal and societal conditions 2021, (Report for ZonMw, written by N. Helberger, S. Eskens, J. Strycharz, G. Bouchè, J. van Hoboken, J. van Mil, J. Toh, with N. Appelman, J. van Apeldoorn, M. van Eechoud, N. van Doorn, M. Sax & C. de Vreese, September 2021, Amsterdam). @techreport{Helberger2021bb,
title = {Conditions for technological solutions in a COVID-19 exit strategy, with particular focus on the legal and societal conditions},
author = {Helberger, N. and Eskens, S. and Strycharz, J. and Bouch\`{e}, G. and van Hoboken, J. and Mil, J. van and Toh, J. },
url = {https://www.ivir.nl/publicaties/download/covid-report-1.pdf},
year = {2021},
date = {2021-09-13},
urldate = {2021-09-13},
abstract = {Which legal, ethical and societal conditions need to be fulfilled for the use of digital solutions in managing the COVID-19 exit-strategy? This was the central question of this research. Digital technologies can be part of solutions to societal challenges, for example to manage the pandemic and lead the Netherlands out of the COVID-19 crisis. One set of technologies that figured particularly prominently in that debate was the use of contact tracing apps like the CoronaMelder, as well as digital vaccination passports (CoronaCheck app).
In the Netherlands, Europe and worldwide, the introduction of apps such as the CoronaMelder or the CoronaCheck app was met by criticism from experts, politicians, civil society and academics. Concerns range from the lack of evidence for the effectiveness of such apps, uncertainty about the conditions that need to be fulfilled to reach their goal, our growing dependency on technology companies up to worries about the fundamental rights and adverse effects for vulnerable groups, such as elderly or users without a smart phone.
The overall goal of the research was to monitor the societal, ethical and legal implications of implementing apps like the CoronaMelder, and from that draw lessons for the future use of ‘technology-assisted governance solutions’. One important conclusion from the report is that ‘there are no easy technological fixes, and in order for a technological solution to work, it needs to be part of a broader vision on what such a solution needs to function in society, achieve its intended goals and respect the fundamental rights of users as well as non-users.’ The report also offers critical reflections on the need for democratic legitimisation and accountability, the role of big tech and insights on the societal impact of the CoronaMelder and other technological solutions.
},
note = {Report for ZonMw, written by N. Helberger, S. Eskens, J. Strycharz, G. Bouch\`{e}, J. van Hoboken, J. van Mil, J. Toh, with N. Appelman, J. van Apeldoorn, M. van Eechoud, N. van Doorn, M. Sax \& C. de Vreese, September 2021, Amsterdam},
keywords = {},
pubstate = {published},
tppubtype = {techreport}
}
Which legal, ethical and societal conditions need to be fulfilled for the use of digital solutions in managing the COVID-19 exit-strategy? This was the central question of this research. Digital technologies can be part of solutions to societal challenges, for example to manage the pandemic and lead the Netherlands out of the COVID-19 crisis. One set of technologies that figured particularly prominently in that debate was the use of contact tracing apps like the CoronaMelder, as well as digital vaccination passports (CoronaCheck app).
In the Netherlands, Europe and worldwide, the introduction of apps such as the CoronaMelder or the CoronaCheck app was met by criticism from experts, politicians, civil society and academics. Concerns range from the lack of evidence for the effectiveness of such apps, uncertainty about the conditions that need to be fulfilled to reach their goal, our growing dependency on technology companies up to worries about the fundamental rights and adverse effects for vulnerable groups, such as elderly or users without a smart phone.
The overall goal of the research was to monitor the societal, ethical and legal implications of implementing apps like the CoronaMelder, and from that draw lessons for the future use of ‘technology-assisted governance solutions’. One important conclusion from the report is that ‘there are no easy technological fixes, and in order for a technological solution to work, it needs to be part of a broader vision on what such a solution needs to function in society, achieve its intended goals and respect the fundamental rights of users as well as non-users.’ The report also offers critical reflections on the need for democratic legitimisation and accountability, the role of big tech and insights on the societal impact of the CoronaMelder and other technological solutions.
|
Eskens, S., Mil, J. van Opinie: Doorsturen telecomdata naar RIVM vereist een beter verhaal In: Het Financieele Dagblad, 2020. @article{Eskens2020c,
title = {Opinie: Doorsturen telecomdata naar RIVM vereist een beter verhaal},
author = {Eskens, S. and Mil, J. van},
url = {https://fd.nl/opinie/1356879/doorsturen-telecomdata-naar-rivm-vereist-een-beter-verhaal},
year = {2020},
date = {2020-09-12},
journal = {Het Financieele Dagblad},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
|
Mil, J. van Annotatie bij Rb. Noord-Holland 23 mei 2019 In: Computerrecht, vol. 2019, no. 4, pp. 267-273, 2019. @article{Mil2019c,
title = {Annotatie bij Rb. Noord-Holland 23 mei 2019 },
author = {Mil, J. van},
url = {https://www.ivir.nl/publicaties/download/Annotatie_CR_2019_4.pdf},
year = {2019},
date = {2019-09-19},
journal = {Computerrecht},
volume = {2019},
number = {4},
pages = {267-273},
abstract = {De rechtbank bakent de omvang van het inzagerecht af in overeenstemming met eerdere jurisprudentie, waarmee zij verwerkingsverantwoordelijke handvatten biedt voor die gevallen waarin zij zich geconfronteerd ziet met inzageverzoeken.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
De rechtbank bakent de omvang van het inzagerecht af in overeenstemming met eerdere jurisprudentie, waarmee zij verwerkingsverantwoordelijke handvatten biedt voor die gevallen waarin zij zich geconfronteerd ziet met inzageverzoeken. |
Mil, J. van German Federal Court of Justice asks CJEU if YouTube is directly liable for user-uploaded content In: Journal of Intellectual Property Law & Practice , vol. 14, no. 5, pp. 355-356, 2019. @article{Mil2019b,
title = {German Federal Court of Justice asks CJEU if YouTube is directly liable for user-uploaded content},
author = {Mil, J. van},
url = {https://doi.org/10.1093/jiplp/jpz034},
year = {2019},
date = {2019-05-07},
journal = {Journal of Intellectual Property Law \& Practice },
volume = {14},
number = {5},
pages = {355-356},
abstract = {On 13 September 2018, the German Federal Court of Justice referred preliminary questions to the Court of Justice of the European Union, including the question whether YouTube performs acts of communication to the public when its users upload unauthorized content onto this platform.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
On 13 September 2018, the German Federal Court of Justice referred preliminary questions to the Court of Justice of the European Union, including the question whether YouTube performs acts of communication to the public when its users upload unauthorized content onto this platform. |
Mil, J. van German BGH – Does YouTube Perform Acts of Communication to the Public? In: Kluwer Copyright Blog, vol. 2018, 2019. @article{Mil2019,
title = {German BGH \textendash Does YouTube Perform Acts of Communication to the Public?},
author = {Mil, J. van},
url = {http://copyrightblog.kluweriplaw.com/2019/01/27/german-bgh-does-youtube-perform-acts-of-communication-to-the-public/},
year = {2019},
date = {2019-01-29},
journal = {Kluwer Copyright Blog},
volume = {2018},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
|