Ausloos, J., Delacroix, S., Giannopoulou, A., Janssen, H. Intermediating data rights exercises: the role of legal mandates In: International Data Privacy Law, vol. 12, iss. 4, pp. 316-331, 2022. @article{nokey,
title = {Intermediating data rights exercises: the role of legal mandates},
author = {Giannopoulou, A. and Ausloos, J. and Delacroix, S. and Janssen, H.},
doi = {10.1093/idpl/ipac017},
year = {2022},
date = {2022-11-15},
journal = {International Data Privacy Law},
volume = {12},
issue = {4},
pages = {316-331},
abstract = {Data subject rights constitute critical tools for empowerment in the digitized society. There is a growing trend of relying on third parties to facilitate or coordinate the collective exercises of data rights, on behalf of one or more data subjects.
This contribution refers to these parties as ‘Data Rights Intermediaries’ (DRIs), ie where an ‘intermediating’ party facilitates or enables the collective exercise of data rights. The exercise of data rights by these DRIs on behalf of the data subjects can only be effectuated with the help of mandates.
Data rights mandates are not expressly framed in the GDPR their delineation can be ambiguous. It is important to highlight that data rights are mandatable and this without affecting their inalienability in light of their fundamental rights’ nature.
This article argues that contract law and fiduciary duties both have longstanding traditions and robust norms in many jurisdictions, all of which can be explored towards shaping the appropriate environment to regulate data rights mandates in particular.
The article concludes that the key in unlocking the full potential of data rights mandates can already be found in existing civil law constructs, whose diversity reveals the need for solidifying the responsibility and accountability of mandated DRIs. The continued adherence to fundamental contract law principles will have to be complemented by a robust framework of institutional safeguards. The need for such safeguards stems from the vulnerable position of data subjects, both vis-\`{a}-vis DRIs as well as data controllers.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Data subject rights constitute critical tools for empowerment in the digitized society. There is a growing trend of relying on third parties to facilitate or coordinate the collective exercises of data rights, on behalf of one or more data subjects.
This contribution refers to these parties as ‘Data Rights Intermediaries’ (DRIs), ie where an ‘intermediating’ party facilitates or enables the collective exercise of data rights. The exercise of data rights by these DRIs on behalf of the data subjects can only be effectuated with the help of mandates.
Data rights mandates are not expressly framed in the GDPR their delineation can be ambiguous. It is important to highlight that data rights are mandatable and this without affecting their inalienability in light of their fundamental rights’ nature.
This article argues that contract law and fiduciary duties both have longstanding traditions and robust norms in many jurisdictions, all of which can be explored towards shaping the appropriate environment to regulate data rights mandates in particular.
The article concludes that the key in unlocking the full potential of data rights mandates can already be found in existing civil law constructs, whose diversity reveals the need for solidifying the responsibility and accountability of mandated DRIs. The continued adherence to fundamental contract law principles will have to be complemented by a robust framework of institutional safeguards. The need for such safeguards stems from the vulnerable position of data subjects, both vis-à-vis DRIs as well as data controllers. |
Buri, I., Chapman, M., Culloty, E., Drunen, M. van, Fahy, R., Giannopoulou, A., Gil González, E., Heuvelhof, C. ten, Meiring, A., Strycharz, J. New actors and risks in online advertising 2022, ISSN: 2079-1062, (IRIS Special 2022-1, European Audiovisual Observatory, Strasbourg). @techreport{nokey,
title = {New actors and risks in online advertising},
author = {Drunen, M. van and Buri, I. and Chapman, M. and Culloty, E. and Fahy, R. and Giannopoulou, A. and Gil Gonz\'{a}lez, E. and Meiring, A. and Strycharz, J. and Heuvelhof, C. ten},
url = {https://www.ivir.nl/iris_special_1_2022/
https://rm.coe.int/iris-special-1-2022en-online-advertising/1680a744d7?c=199\&traversed=1},
issn = {2079-1062},
year = {2022},
date = {2022-09-01},
note = {IRIS Special 2022-1, European Audiovisual Observatory, Strasbourg},
keywords = {},
pubstate = {published},
tppubtype = {techreport}
}
|
Giannopoulou, A. Allocating Control in Decentralised Identity Management In: European Review of Digital Administration & Law - Erdal, vol. 2021, iss. 2, pp. 75-87, 2022. @article{nokey,
title = {Allocating Control in Decentralised Identity Management},
author = {Giannopoulou, A.},
url = {https://www.ivir.nl/erdal_2021_2/},
doi = {10.53136/97912599475299},
year = {2022},
date = {2022-07-21},
urldate = {2022-07-21},
journal = {European Review of Digital Administration \& Law - Erdal},
volume = {2021},
issue = {2},
pages = {75-87},
abstract = {Creating legal identity in the digital space involves the challenging task of addressing the datarelated responsibilities and obligations for data governance and data protection (by design and by default) to name a few. Substantially, it also requires the datafication of legal identity which means transposing all its properties and foundational traits inits corresponding data expressions and relations. As (digital) legal identity evolves from the fringes of purely technology-related challenges towards the legal and socio-technical, state institutions \textendashsovereignly responsible for delivering digital legal identities to citizens\textendash are acknowledging the polyvalent, non-monolithic, and relational characters of identitiesand they explore appropriate architectures. This paper sets out to explore the institutional turn towards decentralized digital identities. The claims surrounding these digital identities raise high hopes for the cross border digital identity provisioning being data protection and privacy compliant, technologically secure, and user-centric. This paper attempts to explore how the relevant accountable actors \textendashas recognized through the data protection normative framework\textendash are formed around the technological identity infrastructure.We highlight and examine the conflict between the European proposals on the provision of digital identity infrastructures through decentralized architectures and the concepts of data controllership in the GDPR.
},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Creating legal identity in the digital space involves the challenging task of addressing the datarelated responsibilities and obligations for data governance and data protection (by design and by default) to name a few. Substantially, it also requires the datafication of legal identity which means transposing all its properties and foundational traits inits corresponding data expressions and relations. As (digital) legal identity evolves from the fringes of purely technology-related challenges towards the legal and socio-technical, state institutions –sovereignly responsible for delivering digital legal identities to citizens– are acknowledging the polyvalent, non-monolithic, and relational characters of identitiesand they explore appropriate architectures. This paper sets out to explore the institutional turn towards decentralized digital identities. The claims surrounding these digital identities raise high hopes for the cross border digital identity provisioning being data protection and privacy compliant, technologically secure, and user-centric. This paper attempts to explore how the relevant accountable actors –as recognized through the data protection normative framework– are formed around the technological identity infrastructure.We highlight and examine the conflict between the European proposals on the provision of digital identity infrastructures through decentralized architectures and the concepts of data controllership in the GDPR.
|
Bodó, B., Giannopoulou, A., Mezei, P., Quintais, J. The rise of NFTs: These aren't the droids you're looking for In: European Intellectual Property Review, 2022. @article{nokey,
title = {The rise of NFTs: These aren't the droids you're looking for},
author = {Bod\'{o}, B. and Giannopoulou, A. and Quintais, J. and Mezei, P.},
url = {https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4000423},
year = {2022},
date = {2022-01-04},
journal = {European Intellectual Property Review},
abstract = {Non-fungible tokens (NFTs) are hailed as revolutionary tools that will empower artists and revolutionize copyright management and remuneration. This article explores their copyright relevance, and it describes how copyright might apply in relation to NFT creation and trading. In doing so, it provides an overview of the ecosystem of actors built around NFTs, and it analyzes the role of these actors according to the European copyright normative framework.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Non-fungible tokens (NFTs) are hailed as revolutionary tools that will empower artists and revolutionize copyright management and remuneration. This article explores their copyright relevance, and it describes how copyright might apply in relation to NFT creation and trading. In doing so, it provides an overview of the ecosystem of actors built around NFTs, and it analyzes the role of these actors according to the European copyright normative framework. |
Giannopoulou, A. Putting Data Protection by Design on the Blockchain In: European Data Protection Law Review, vol. 7, no. 3, pp. 388-399, 2021. @article{Giannopoulou2021,
title = {Putting Data Protection by Design on the Blockchain},
author = {Giannopoulou, A.},
doi = {10.21552/edpl/2021/3/7},
year = {2021},
date = {2021-10-22},
urldate = {2021-10-22},
journal = {European Data Protection Law Review},
volume = {7},
number = {3},
pages = {388-399},
abstract = {The principle of data protection by design, as it is enshrined in article 25 of the GDPR, is difficult to apply in blockchains. This article will assess how the reliance on asymmetric encryption and other privacy enhancing technological architectures -necessary in a blockchain-based system- approach both user control and data protection by design compliance from the single scope of anonymization and unlinkability. Data subjects’ rights, accountability, and the potential shortcomings of applied technological constraints are thus sidelined. Ultimately, this limited understanding of technological privacy, acts as a misguiding set of principles for technological co-regulation through standardisation in blockchains. The standardization of these choices without a holistic analysis of data protection by design imperatives could ultimately weaken the position of data subjects, whose trust in the technological protections of personal data might prove to be relatively misplaced.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The principle of data protection by design, as it is enshrined in article 25 of the GDPR, is difficult to apply in blockchains. This article will assess how the reliance on asymmetric encryption and other privacy enhancing technological architectures -necessary in a blockchain-based system- approach both user control and data protection by design compliance from the single scope of anonymization and unlinkability. Data subjects’ rights, accountability, and the potential shortcomings of applied technological constraints are thus sidelined. Ultimately, this limited understanding of technological privacy, acts as a misguiding set of principles for technological co-regulation through standardisation in blockchains. The standardization of these choices without a holistic analysis of data protection by design imperatives could ultimately weaken the position of data subjects, whose trust in the technological protections of personal data might prove to be relatively misplaced. |
Bodó, B., Giannopoulou, A., Irion, K., Janssen, H. Personal data ordering in context: the interaction of meso-level data governance regimes with macro frameworks In: Internet Policy Review, vol. 10, no. 3, 2021. @article{Bod\'{o}2021b,
title = {Personal data ordering in context: the interaction of meso-level data governance regimes with macro frameworks},
author = {Bod\'{o}, B. and Irion, K. and Janssen, H. and Giannopoulou, A.},
url = {https://policyreview.info/articles/analysis/personal-data-ordering-context-interaction-meso-level-data-governance-regimes},
doi = {10.14763/2021.3.1581},
year = {2021},
date = {2021-10-11},
urldate = {2021-10-11},
journal = {Internet Policy Review},
volume = {10},
number = {3},
abstract = {The technological infrastructures enabling the collection, processing, and trading of data have fuelled a rapid innovation of data governance models. We differentiate between macro, meso, and micro level models, which correspond to major political blocks; societal-, industry-, or community level systems, and individual approaches, respectively. We focus on meso-level models, which coalesce around: (1) organisations prioritising their own interests over interests of other stakeholders; (2) organisations offering technological and legal tools aiming to empower individuals; (3) community-based data intermediaries fostering collective rights and interests. In this article we assess these meso-level models, and discuss their interaction with the macro-level legal frameworks that have evolved in the US, the EU, and China. The legal landscape has largely remained inconsistent and fragmented, with enforcement struggling to keep up with the latest developments. We argue, first, that the success of meso-logics is largely defined by global economic competition, and, second, that these meso-logics may potentially put the EU’s macro-level framework with its mixed internal market and fundamental rights-oriented model under pressure. We conclude that, given the relative absence of a strong macro level-framework and an intensive competition of governance models at meso-level, it may be challenging to avoid compromises to the European macro framework. },
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The technological infrastructures enabling the collection, processing, and trading of data have fuelled a rapid innovation of data governance models. We differentiate between macro, meso, and micro level models, which correspond to major political blocks; societal-, industry-, or community level systems, and individual approaches, respectively. We focus on meso-level models, which coalesce around: (1) organisations prioritising their own interests over interests of other stakeholders; (2) organisations offering technological and legal tools aiming to empower individuals; (3) community-based data intermediaries fostering collective rights and interests. In this article we assess these meso-level models, and discuss their interaction with the macro-level legal frameworks that have evolved in the US, the EU, and China. The legal landscape has largely remained inconsistent and fragmented, with enforcement struggling to keep up with the latest developments. We argue, first, that the success of meso-logics is largely defined by global economic competition, and, second, that these meso-logics may potentially put the EU’s macro-level framework with its mixed internal market and fundamental rights-oriented model under pressure. We conclude that, given the relative absence of a strong macro level-framework and an intensive competition of governance models at meso-level, it may be challenging to avoid compromises to the European macro framework. |
Bodó, B., Giannopoulou, A., Mezei, P., Quintais, J. The Rise of Non-Fungible Tokens (NFTs) and the Role of Copyright Law – Part II Kluwer Copyright Blog 2021. @online{Quintais2021c,
title = {The Rise of Non-Fungible Tokens (NFTs) and the Role of Copyright Law \textendash Part II},
author = {Quintais, J. and Bod\'{o}, B. and Giannopoulou, A. and Mezei, P.},
url = {http://copyrightblog.kluweriplaw.com/2021/04/22/the-rise-of-non-fungible-tokens-nfts-and-the-role-of-copyright-law-part-ii/},
year = {2021},
date = {2021-04-22},
organization = {Kluwer Copyright Blog},
keywords = {},
pubstate = {published},
tppubtype = {online}
}
|
Bodó, B., Giannopoulou, A., Mezei, P., Quintais, J. The Rise of Non-Fungible Tokens (NFTs) and the Role of Copyright Law – Part I Kluwer Copyright Blog 2021. @online{QuintaisetalNFTPartI,
title = {The Rise of Non-Fungible Tokens (NFTs) and the Role of Copyright Law \textendash Part I},
author = {Quintais, J. and Bod\'{o}, B. and Giannopoulou, A. and Mezei, P.},
url = {http://copyrightblog.kluweriplaw.com/2021/04/14/the-rise-of-non-fungible-tokens-nfts-and-the-role-of-copyright-law-part-i/},
year = {2021},
date = {2021-04-14},
organization = {Kluwer Copyright Blog},
keywords = {},
pubstate = {published},
tppubtype = {online}
}
|
Giannopoulou, A. Algorithmic systems: the consent is in the detail? In: Internet Policy Review, vol. 9, no. 1, 2020. @article{Giannopoulou2020,
title = {Algorithmic systems: the consent is in the detail?},
author = {Giannopoulou, A.},
url = {https://policyreview.info/node/1452/pdf},
doi = {10.14763/2020.1.1452},
year = {2020},
date = {2020-03-24},
journal = {Internet Policy Review},
volume = {9},
number = {1},
abstract = {Applications of algorithmically informed decisions are becoming entrenched in society, with data processing being their main process and ingredient. While these applications are progressively gaining momentum, established data protection and privacy rules have struggled to incorporate the particularities of data-intensive information societies. It is a truism to point out the resulting misalignment between algorithmic processing of personal data and the data protection regulatory frameworks that strive for meaningful control over personal data. However, the challenges to the (traditional) role and concept of consent are particularly manifest. This article examines the transformation of consent models in order to assess how the concept and the applied models of consent can be reconciled in order to correspond not only to the current regulatory landscapes but also to the exponential growth of algorithmic processing technologies. This particularly pressing area of safeguarding a basic aspect of individual control over personal data in the algorithmic era is interlinked with practical implementations of consent in the technology used and with adopted interpretations of the concept of consent, the scope of application of personal data, as well as the obligations enshrined in them. What makes consent effective as a data protection tool and how can we maintain its previous glory within the current technological challenges?},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Applications of algorithmically informed decisions are becoming entrenched in society, with data processing being their main process and ingredient. While these applications are progressively gaining momentum, established data protection and privacy rules have struggled to incorporate the particularities of data-intensive information societies. It is a truism to point out the resulting misalignment between algorithmic processing of personal data and the data protection regulatory frameworks that strive for meaningful control over personal data. However, the challenges to the (traditional) role and concept of consent are particularly manifest. This article examines the transformation of consent models in order to assess how the concept and the applied models of consent can be reconciled in order to correspond not only to the current regulatory landscapes but also to the exponential growth of algorithmic processing technologies. This particularly pressing area of safeguarding a basic aspect of individual control over personal data in the algorithmic era is interlinked with practical implementations of consent in the technology used and with adopted interpretations of the concept of consent, the scope of application of personal data, as well as the obligations enshrined in them. What makes consent effective as a data protection tool and how can we maintain its previous glory within the current technological challenges? |
Giannopoulou, A. Access and Reuse of Machine-Generated Data for Scientific Research In: Erasmus Law Review, no. 2, pp. 155-165, 2019. @article{Giannopoulou2019bb,
title = {Access and Reuse of Machine-Generated Data for Scientific Research},
author = {Giannopoulou, A.},
url = {https://www.ivir.nl/publicaties/download/Erasmus_Law_Review_2019.pdf},
doi = {10.5553/ELR.000136},
year = {2019},
date = {2019-12-20},
journal = {Erasmus Law Review},
number = {2},
pages = {155-165},
abstract = {Data driven innovation holds the potential in transforming current business and knowledge discovery models. For this reason, data sharing has become one of the central points of interest for the European Commission towards the creation of a Digital Single Market. The value of automatically generated data, which are collected by Internet-connected objects (IoT), is increasing: from smart houses to wearables, machine-generated data hold significant potential for growth, learning, and problem solving. Facilitating researchers in order to provide access to these types of data implies not only the articulation of existing legal obstacles and of proposed legal solutions but also the understanding of the incentives that motivate the sharing of the data in question. What are the legal tools that researchers can use to gain
access and reuse rights in the context of their research?},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Data driven innovation holds the potential in transforming current business and knowledge discovery models. For this reason, data sharing has become one of the central points of interest for the European Commission towards the creation of a Digital Single Market. The value of automatically generated data, which are collected by Internet-connected objects (IoT), is increasing: from smart houses to wearables, machine-generated data hold significant potential for growth, learning, and problem solving. Facilitating researchers in order to provide access to these types of data implies not only the articulation of existing legal obstacles and of proposed legal solutions but also the understanding of the incentives that motivate the sharing of the data in question. What are the legal tools that researchers can use to gain
access and reuse rights in the context of their research? |
Giannopoulou, A. The New Copyright Directive: Article 14 or when the Public Domain Enters the New Copyright Directive In: Kluwer Copyright Blog, 2019. @article{Giannopoulou2019b,
title = {The New Copyright Directive: Article 14 or when the Public Domain Enters the New Copyright Directive },
author = {Giannopoulou, A.},
url = {http://copyrightblog.kluweriplaw.com/2019/06/27/the-new-copyright-directive-article-14-or-when-the-public-domain-enters-the-new-copyright-directive/},
year = {2019},
date = {2019-06-28},
journal = {Kluwer Copyright Blog},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
|
Bodó, B., Ferrari, V., Giannopoulou, A., Quintais, J. Blockchain and the Law: A Critical Evaluation In: Stanford Journal of Blockchain Law & Policy, vol. 2, no. 1, 2019. @article{Quintais2019b,
title = {Blockchain and the Law: A Critical Evaluation},
author = {Quintais, J. and Bod\'{o}, B. and Giannopoulou, A. and Ferrari, V.},
url = {https://stanford-jblp.pubpub.org/pub/blockchain-and-law-evaluation},
year = {2019},
date = {2019-01-16},
journal = {Stanford Journal of Blockchain Law \& Policy},
volume = {2},
number = {1},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
|