From Law to Code: Translating Legal Principles into Digital Rules
-
Upload
ronan-kennedy -
Category
Law
-
view
285 -
download
0
Transcript of From Law to Code: Translating Legal Principles into Digital Rules
![Page 1: From Law to Code: Translating Legal Principles into Digital Rules](https://reader031.fdocuments.us/reader031/viewer/2022022414/587d8e2a1a28abcd648b6d6b/html5/thumbnails/1.jpg)
From Law to Code:Translating Legal Principles into Digital Rules
Michael Lang and Rónán KennedyNational University of Ireland, Galway
[email protected] [email protected]
Image: Karl-Ludwig Poggemann, https://www.flickr.com/photos/hinkelstone/
![Page 2: From Law to Code: Translating Legal Principles into Digital Rules](https://reader031.fdocuments.us/reader031/viewer/2022022414/587d8e2a1a28abcd648b6d6b/html5/thumbnails/2.jpg)
Privacy: Gathering Insights from Lawyers and Technologists Maynooth University, July 1, 2015
Overview• Public perceptions of the ‘Right to be
Forgotten’• Implementation challenges• Privacy in security policy implementation• Privacy in requirements analysis and design
2
![Page 3: From Law to Code: Translating Legal Principles into Digital Rules](https://reader031.fdocuments.us/reader031/viewer/2022022414/587d8e2a1a28abcd648b6d6b/html5/thumbnails/3.jpg)
Privacy: Gathering Insights from Lawyers and Technologists Maynooth University, July 1, 2015
Public Perceptions of the ‘Right to be Forgotten’
• Survey conducted by Clare Doherty & Michael Lang (NUIG), Autumn 2013 Objective: obtain a sense of how people feel
about the proposed right to be forgotten and how it might be implemented
• Respondent profile 260 respondents Ranged in age from 17 to 61, mean of 29 years 14 different counties (Ireland 82%, Others 18%) Employed persons 74%, Students 17%, Others 9%
3
![Page 4: From Law to Code: Translating Legal Principles into Digital Rules](https://reader031.fdocuments.us/reader031/viewer/2022022414/587d8e2a1a28abcd648b6d6b/html5/thumbnails/4.jpg)
Privacy: Gathering Insights from Lawyers and Technologists Maynooth University, July 1, 2015
Do you know what your privacy rights are?
![Page 5: From Law to Code: Translating Legal Principles into Digital Rules](https://reader031.fdocuments.us/reader031/viewer/2022022414/587d8e2a1a28abcd648b6d6b/html5/thumbnails/5.jpg)
Privacy: Gathering Insights from Lawyers and Technologists Maynooth University, July 1, 2015
Are existing controls effective against on-line reputational damage?
![Page 6: From Law to Code: Translating Legal Principles into Digital Rules](https://reader031.fdocuments.us/reader031/viewer/2022022414/587d8e2a1a28abcd648b6d6b/html5/thumbnails/6.jpg)
Privacy: Gathering Insights from Lawyers and Technologists Maynooth University, July 1, 2015
Are you in favour of “right to be forgotten” becoming law?
![Page 7: From Law to Code: Translating Legal Principles into Digital Rules](https://reader031.fdocuments.us/reader031/viewer/2022022414/587d8e2a1a28abcd648b6d6b/html5/thumbnails/7.jpg)
Privacy: Gathering Insights from Lawyers and Technologists Maynooth University, July 1, 2015
What type of information should you have right to erase?
![Page 8: From Law to Code: Translating Legal Principles into Digital Rules](https://reader031.fdocuments.us/reader031/viewer/2022022414/587d8e2a1a28abcd648b6d6b/html5/thumbnails/8.jpg)
Privacy: Gathering Insights from Lawyers and Technologists Maynooth University, July 1, 2015
Implementation Challenges
• Legal rules:• Flexible, deliberately unclear, contested,
malleable• Digital:
• Rigid, clearly defined in advance, strictly operationalised, difficult to change
8
![Page 9: From Law to Code: Translating Legal Principles into Digital Rules](https://reader031.fdocuments.us/reader031/viewer/2022022414/587d8e2a1a28abcd648b6d6b/html5/thumbnails/9.jpg)
Privacy: Gathering Insights from Lawyers and Technologists Maynooth University, July 1, 2015
ICT and Legal ProcessesLegal processes neither simple nor linearNot easily modelled by logic or expert systemsRisk of destructive feedback cycleICT as embedded and entrenched infrastructure
9
![Page 10: From Law to Code: Translating Legal Principles into Digital Rules](https://reader031.fdocuments.us/reader031/viewer/2022022414/587d8e2a1a28abcd648b6d6b/html5/thumbnails/10.jpg)
Privacy: Gathering Insights from Lawyers and Technologists Maynooth University, July 1, 2015
Translating Legal Principles into Digital Rules
Dangers of digital decision-making Closed, inflexible, unaccountable systems Containing assumptions, biases, mistakes
Formalising practices and knowledge is difficult
Need to ‘Get It Right First Time’
10
![Page 11: From Law to Code: Translating Legal Principles into Digital Rules](https://reader031.fdocuments.us/reader031/viewer/2022022414/587d8e2a1a28abcd648b6d6b/html5/thumbnails/11.jpg)
Privacy: Gathering Insights from Lawyers and Technologists Maynooth University, July 1, 2015
“Privacy” in IS Security Risk Management
• Information systems risk management strategies are based on rational process:
What is likelihood of something going wrong? What is the severity: loss of life? loss of
money? loss of reputation? Cost-benefit analysis
• So, … do organisations really care about safeguarding privacy? Or is it worth taking a risk?
11
![Page 12: From Law to Code: Translating Legal Principles into Digital Rules](https://reader031.fdocuments.us/reader031/viewer/2022022414/587d8e2a1a28abcd648b6d6b/html5/thumbnails/12.jpg)
Privacy: Gathering Insights from Lawyers and Technologists Maynooth University, July 1, 2015
Information Systems Development:
The Importance of “Clear” Requirements• ISD Project Management: time / cost / quality challenge
(“software crisis” conundrum)
• “In nearly every software project that fails to meet performance and cost goals, requirements inadequacies play a major and expensive role in project failure” (Alford & Lawson, 1979)
• “The hardest single part of building a software system is deciding precisely what to build. No other part of the conceptual work is as difficult as establishing the detailed technical requirements ... No other part of the work so cripples the resulting system if done wrong.” (Brooks, 1987)
12
![Page 13: From Law to Code: Translating Legal Principles into Digital Rules](https://reader031.fdocuments.us/reader031/viewer/2022022414/587d8e2a1a28abcd648b6d6b/html5/thumbnails/13.jpg)
Privacy: Gathering Insights from Lawyers and Technologists Maynooth University, July 1, 2015 13
Getting the Requirements “Right”
![Page 14: From Law to Code: Translating Legal Principles into Digital Rules](https://reader031.fdocuments.us/reader031/viewer/2022022414/587d8e2a1a28abcd648b6d6b/html5/thumbnails/14.jpg)
Privacy: Gathering Insights from Lawyers and Technologists Maynooth University, July 1, 2015
Getting the Requirements Right:What Does “Privacy” Mean ?
14
![Page 15: From Law to Code: Translating Legal Principles into Digital Rules](https://reader031.fdocuments.us/reader031/viewer/2022022414/587d8e2a1a28abcd648b6d6b/html5/thumbnails/15.jpg)
Privacy: Gathering Insights from Lawyers and Technologists Maynooth University, July 1, 2015
Privacy as a “Requirement”
• Information systems developers don’t deal with laws, principles, rights, etc.
• They deal with “requirements”: clear, complete, consistent specifications of the behaviour of a system
Requirements definition: procedural logic, data attributes
Requirements prioritisation: feasibility, cost, “must have” versus “nice-to-have”
15
![Page 16: From Law to Code: Translating Legal Principles into Digital Rules](https://reader031.fdocuments.us/reader031/viewer/2022022414/587d8e2a1a28abcd648b6d6b/html5/thumbnails/16.jpg)
Privacy: Gathering Insights from Lawyers and Technologists Maynooth University, July 1, 2015
“Privacy by Design”• Privacy by Design: vague set of principles
No methodological guidance: how do systems developers build privacy into design process?
• Privacy by Re-Design: retro-fitting existing systems Very expensive Computers are designed to share, retain, index,
and analyse information … They are not designed to “forget”. Even “erasure” is not straightforward.
![Page 17: From Law to Code: Translating Legal Principles into Digital Rules](https://reader031.fdocuments.us/reader031/viewer/2022022414/587d8e2a1a28abcd648b6d6b/html5/thumbnails/17.jpg)
Privacy: Gathering Insights from Lawyers and Technologists Maynooth University, July 1, 2015
Over to you …• Michael Lang1 & Rónán Kennedy2, NUI
Galway• 1. School of Business & Economics, NUI Galway
• 2. School of Law, NUI Galway [email protected]
17