Co-regulation Approach for Governing Big Data: Thoughts on Data Protection Law
Pages 59 - 63
Abstract
Co-regulatory solutions are considered a promising opportunity to involve both public and private stakeholders in the rule-making process. Recent developments in technologies based on big data analytics, such as AI, increased the need for laws able to adapt in specific contexts and ensure a certain degree of flexibility. Data protection law adopts a risk-based approach, establishing general principles that are then supposed to be implemented in different ways according to a case-by-case analysis. The paper argues that the introduction of the new European Commission's data strategies will generate new interplays with data protection law, generating new legal uncertainties that could be partially solved using meta-level rules, such as co-regulatory instruments. After an overview of co-regulation taxonomies, the main criteria for evaluating benefits and shortcomings of co-regulatory instruments will be introduced. In conclusion the paper tries to speculate the impacts that these instruments could have on the building of the recently issued proposal for a European Health Data Space.
References
[1]
Ugo Pagallo, Pompeu Casanovas and Robert Madelin. 2019. The middle-out approach: assessing models of legal governance in data protection, artificial intelligence, and the Web of Data. Theory and Practice of Legislation. 7, 1, 1-25.
[2]
Christopher T. Marsden. 2012. Internet co-regulation and constitutionalism: Towards European judicial review. International Review of Law, Computers and Technology. 26, 2-3, 211-228.
[3]
Hans J. Kleinsteuber. 2004. The Internet between Regulation and Governance. In Christian Möller and Arnaud Amouroux (Eds). The Media Freedom Internet Cookbook. Organization for Security and Co-operation in Europe (OSCE), Vienna
[4]
European Commission. 2020. Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, A European strategy for data. COM(2020) 66 final
[5]
John Yasuda. 2022. Regulatory governance. In Christopher Ansell and Jacob Torfing (Eds). Handbook on Theories of Governance. Elgar, Cheltenham.
[6]
OECD. 2015. Data-Driven Innovation: Big Data for Growth and Well-Being. OECD Publishing, Paris.
[7]
Frank Pasquale. 2015. The Black Box Society: The Secret Algorithms That Control Money and Information. Harvard University Press, Cambridge
[8]
Christopher T. Marsden. 2004. Co- and Self-regulation in European Media and Internet Sectors: The Results of Oxford University's Study. In Christian Möller and Arnaud Amouroux (Eds). The Media Freedom Internet Cookbook. Organization for Security and Co-operation in Europe (OSCE), Vienna
[9]
Julia Black. 1996. Constitutionalising Self-Regulation. Modern Law Review. 59, 1, 24-55.
[10]
Luc Huyse and Stephan Paramentier. 1990. Decoding Codes: The Dialogue Between Consumers and Suppliers: Journal of Consumer Policy. Journal of Consumer Policy. 13, 3; 253-272.
[11]
Jodi L. Short. 2012. The Paranoid Style in Regulatory Reform, Hastings L.J. 63, 633-694 Available at: http://repository.uchastings.edu/faculty_scholarship/74
[12]
European Commission. 2001. European Governance – a White Paper. COM(2001) 428 final
[13]
European Commission. 2002. Communication from the Commission. European Governance: Better Lawmaking. COM(2002) 275 final
[14]
European Parliament, Council, Commission. 2003. Interinstitutional Agreement on better law-making
[15]
See https://ec.europa.eu/growth/single-market/goods/new-legislative-framework_en (last time accessed: May 2022).
[16]
The EDPB keeps a register listing all the GDPR CoC adopted so far at: https://edpb.europa.eu/our-work-tools/accountability-tools/register-codes-conduct-amendments-and-extensions-art-4011_en. The page includes a total of four CoC (accessed: May 2022). However, two additional CoC, not included in the list, have been adopted by the Italian and the Spanish DPA. They both deal with health-related data: 1) Codice di condotta per l'utilizzo di dati sulla salute a fini didattici e di pubblicazione scientifica at: https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/9535354 and 2) Código de Conducta regulador del tratamiento de datos personales en el ámbito de los ensayos clínicos y otras investigaciones clínicas y de la farmacovigilancia, at: https://www.aepd.es/es/prensa-y-comunicacion/notas-de-prensa/aepd-aprueba-primer-codigo-conducta-sectorial-desde-entrada-vigor-rgpd.
[17]
The EDPB should keep a register also for GDPR certification mechanisms, however to date (May 2022) no register for certification mechanisms is available on EDPB's website.
[18]
European Commission. 2021. Proposal for a regulation of the European parliament and of the Council laying down harmonised rules on artificial intelligence (artificial intelligence act) and amending certain union legislative acts. COM(2021) 206 final
[19]
European Commission. 2020(b). Proposal for a regulation of the European parliament and of the Council on European data governance (Data Governance Act). COM(2020) 767 final
[20]
European Commission. 2022. Proposal for a regulation of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act). COM(2022) 68 final
[21]
European Commission, DG Health and Food Safety. 2021(b). Assessment of the EU Member States’ rules on health data in the light of GDPR.
[22]
EDPB-EDPS. 2021. Joint Opinion 03/2021 on the Proposal for a regulation of the European Parliament and of the Council on European data governance (Data Governance Act)
[23]
European Commission. 2022(b). Proposal for a regulation of the European Parliament and of the Council on the European Health Data Space. COM(2022) 197 final
[24]
EDPS. 2020. Preliminary Opinion 8/2020 on the European Health Data Space
[25]
Michal Koščík and Matěj Myška. 2018. Data protection and codes of conduct in collaborative research. International Review of Law, Computers & Technology. 32, 1, 141-154.
[26]
Max Von Grafenstein. 2022. Co-Regulation and the Competitive Advantage in the GDPR: Data protection certification mechanisms, codes of conduct and the “state of the art” of data protection-by-design. In Gloria González, Rosamunde Van Brakel, and Paul De Hert (Eds). 2022. Research Handbook on Privacy and Data Protection Law. Elgar Publishing, Cheltenham.
[27]
Rob Guay and Kean Birch. 2022. A comparative analysis of data governance: Socio-technical imaginaries of digital personal data in the USA and EU (2008–2016). Big Data & Society. 1, 13.
[28]
EDPB. 2019. Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679
[29]
Irene Kamara. 2020. Article 40. Codes of Conduct. In Christopher Kuner, Lee A. Bygrave and Christopher Docksey (Eds). The EU General Data Protection Regulation (GDPR). Oxford University Press, Oxford.
[30]
Ronald Leenes. 2020 Article 42 Certification. In Christopher Kuner, Lee A. Bygrave and Christopher Docksey (Eds). The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press, Oxford. 2021.
[31]
Kira J.M. Matus and Michael Veale. 2021. Certification systems for machine learning: Lessons from sustainability. Regulation & Governance. 16,1, 177-196.
Recommendations
Internet co-regulation and constitutionalism: Towards European judicial review
Current Developments in Cyberlaw SLS Cyberlaw Section 2011This article analyzes co-regulation, by defining and exploring its recent institutional history in the Internet environment. It then assesses the legal definitions and taxonomies of co-regulation before constructing a 12-point scale of self-and co-...
General Data Protection Regulation: new ethical and constitutional aspects, along with new challenges to information law
The EU 'General Data Protection Regulation' (GDPR) marked the most important step towards reforming data privacy regulation in recent years, as it has brought about significant changes in data process in various sectors, ranging from healthcare to banking ...
Cross-border issues under EU data protection law with regards to personal data protection
We are living in an inter-connected, global digital society where the services of different operating systems are universal in nature, but many Internet activities are still being tackled by national laws and regulations. A long-existing question is ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
October 2022
623 pages
ISBN:9781450396356
DOI:10.1145/3560107
Copyright © 2022 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 18 November 2022
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ICEGOV 2022
ICEGOV 2022: 15th International Conference on Theory and Practice of Electronic Governance
October 4 - 7, 2022
Guimarães, Portugal
Acceptance Rates
Overall Acceptance Rate 350 of 865 submissions, 40%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 977Total Downloads
- Downloads (Last 12 months)510
- Downloads (Last 6 weeks)54
Reflects downloads up to 18 Feb 2025
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatLogin options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in