On the legality of algorithmic decision making
![](https://secure.gravatar.com/avatar/7419151fbc40fb1a29ac9323277b9aa8.jpg?s=120&d=mm&r=g)
Here is an interesting article for anyone here who still thinks that lawful balancing tests can be done by algorithms. https://www.wired.com/story/europe-limits-government-algorithm-us-not-much/ Dr. Milton L Mueller Georgia Institute of Technology School of Public Policy [IGP_logo_gold block]
![](https://secure.gravatar.com/avatar/758d2a2e66d33cf6858c040dd8b5ef23.jpg?s=120&d=mm&r=g)
I think it's an interesting case.
From the article:
On Wednesday, the Hague district court agreed with that [by collating swaths of data on entire neighborhoods, SyRI contravened the right to a private life guaranteed under European Human Rights Law], saying that it was legitimate for the government to use technology to address fraud, but that SyRI was too invasive. There is legal or similarly significant impact, so it's clearly covered by Article 22, but the court still seems to have comfort with some level of automation. It's confusing. From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> On Behalf Of Mueller, Milton L Sent: Saturday, February 15, 2020 3:01 PM To: EPDP <gnso-epdp-team@icann.org> Subject: [EXTERNAL] [Gnso-epdp-team] On the legality of algorithmic decision making Here is an interesting article for anyone here who still thinks that lawful balancing tests can be done by algorithms. https://www.wired.com/story/europe-limits-government-algorithm-us-not-much/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.wired.com%2Fstory%2Feurope-limits-government-algorithm-us-not-much%2F&data=02%7C01%7Cmarksv%40microsoft.com%7C8dd87581a07e4624ecd808d7b26af094%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637174044681731716&sdata=PmcZTtjGgKWHZqUG97t3r3Zozt%2BmOFd6KJuB0voV4%2F8%3D&reserved=0> Dr. Milton L Mueller Georgia Institute of Technology School of Public Policy [IGP_logo_gold block]
![](https://secure.gravatar.com/avatar/02b9ac1b48ccaf9f21412db85c9ed562.jpg?s=120&d=mm&r=g)
Yeah, but this is governments who have a significantly larger ability to take actions that may impact private citizens rights. We are private sector acting without any legal basis other than what GDPR permits. We should not compare what appleas can do to what oranges can. Volker Am 18.02.2020 um 19:36 schrieb Mark Svancarek (CELA) via Gnso-epdp-team:
I think it’s an interesting case.
From the article:
On Wednesday, the Hague district court agreed with that [by collating swaths of data on entire neighborhoods, SyRI contravened the right to a private life guaranteed under European Human Rights Law], saying that it was legitimate for the government to use technology to address fraud, but that SyRI was too invasive.
There is legal or similarly significant impact, so it’s clearly covered by Article 22, but the court still seems to have comfort with some level of automation. It’s confusing.
*From:* Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> *On Behalf Of *Mueller, Milton L *Sent:* Saturday, February 15, 2020 3:01 PM *To:* EPDP <gnso-epdp-team@icann.org> *Subject:* [EXTERNAL] [Gnso-epdp-team] On the legality of algorithmic decision making
Here is an interesting article for anyone here who still thinks that lawful balancing tests can be done by algorithms.
https://www.wired.com/story/europe-limits-government-algorithm-us-not-much/ <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.wired.com%2Fstory%2Feurope-limits-government-algorithm-us-not-much%2F&data=02%7C01%7Cmarksv%40microsoft.com%7C8dd87581a07e4624ecd808d7b26af094%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637174044681731716&sdata=PmcZTtjGgKWHZqUG97t3r3Zozt%2BmOFd6KJuB0voV4%2F8%3D&reserved=0>
Dr. Milton L Mueller
Georgia Institute of Technology
School of Public Policy
IGP_logo_gold block
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-- Volker A. Greimann General Counsel and Policy Manager *KEY-SYSTEMS GMBH* T: +49 6894 9396901 M: +49 6894 9396851 F: +49 6894 9396851 W: www.key-systems.net Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835 CEO: Alexander Siffrin Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.
![](https://secure.gravatar.com/avatar/9d023fc2938178806d947269e2cdf94d.jpg?s=120&d=mm&r=g)
What Volker said. To add another layer - I'm not sure that "confusing" is where I land on this however - if anything it's rather convincing as to the seriousness of ensuring balance. An EU or member state law may impart a specific permission or authorization for such processing - or alternatively make it a legal obligation for controllers in that jurisdiction to process data in such instances, but the key point is that even where you make it the 'law' to automate - if that automation is not in line with the principles of proportionality, i.e. balance of the goal vs the impact to the rights of those impacted and transparency (with many shades of Art 25), then even that "legal basis" will fall. All comes down to the fact that data privacy is part of a basic human right, emanating specifically from Art 8 of the ECHR, and can't be legislated away; it's good (not to mention of some relief) to see the Courts are absolutely willing to censure governments who overstep their powers vis a vis data privacy. I think we continue to be prudent in our own considerations to remember that our policy will be built on considerably less stable foundations than actual 'legislative' prerogative. Alan [image: Donuts Inc.] <http://donuts.domains> Alan Woods Senior Compliance & Policy Manager, Donuts Inc. ------------------------------ Suite 1-31, Block D, Iveagh Court Harcourt Road Dublin 2, County Dublin Ireland <https://www.facebook.com/donutstlds> <https://twitter.com/DonutsInc> <https://www.linkedin.com/company/donuts-inc> Please NOTE: This electronic message, including any attachments, may include privileged, confidential and/or inside information owned by Donuts Inc. . Any distribution or use of this communication by anyone other than the intended recipient(s) is strictly prohibited and may be unlawful. If you are not the intended recipient, please notify the sender by replying to this message and then delete it from your system. Thank you. On Wed, Feb 19, 2020 at 9:26 AM Volker Greimann <vgreimann@key-systems.net> wrote:
Yeah, but this is governments who have a significantly larger ability to take actions that may impact private citizens rights. We are private sector acting without any legal basis other than what GDPR permits. We should not compare what appleas can do to what oranges can.
Volker
Am 18.02.2020 um 19:36 schrieb Mark Svancarek (CELA) via Gnso-epdp-team:
I think it’s an interesting case.
From the article:
On Wednesday, the Hague district court agreed with that [by collating swaths of data on entire neighborhoods, SyRI contravened the right to a private life guaranteed under European Human Rights Law], saying that it was legitimate for the government to use technology to address fraud, but that SyRI was too invasive.
There is legal or similarly significant impact, so it’s clearly covered by Article 22, but the court still seems to have comfort with some level of automation. It’s confusing.
*From:* Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> <gnso-epdp-team-bounces@icann.org> *On Behalf Of *Mueller, Milton L *Sent:* Saturday, February 15, 2020 3:01 PM *To:* EPDP <gnso-epdp-team@icann.org> <gnso-epdp-team@icann.org> *Subject:* [EXTERNAL] [Gnso-epdp-team] On the legality of algorithmic decision making
Here is an interesting article for anyone here who still thinks that lawful balancing tests can be done by algorithms.
https://www.wired.com/story/europe-limits-government-algorithm-us-not-much/ <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.wired.com%2Fstory%2Feurope-limits-government-algorithm-us-not-much%2F&data=02%7C01%7Cmarksv%40microsoft.com%7C8dd87581a07e4624ecd808d7b26af094%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637174044681731716&sdata=PmcZTtjGgKWHZqUG97t3r3Zozt%2BmOFd6KJuB0voV4%2F8%3D&reserved=0>
Dr. Milton L Mueller
Georgia Institute of Technology
School of Public Policy
[image: IGP_logo_gold block]
_______________________________________________ Gnso-epdp-team mailing listGnso-epdp-team@icann.orghttps://mm.icann.org/mailman/listinfo/gnso-epdp-team _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-- Volker A. Greimann General Counsel and Policy Manager *KEY-SYSTEMS GMBH*
T: +49 6894 9396901 M: +49 6894 9396851 F: +49 6894 9396851 W: www.key-systems.net
Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835 CEO: Alexander Siffrin
Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358. _______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
![](https://secure.gravatar.com/avatar/758d2a2e66d33cf6858c040dd8b5ef23.jpg?s=120&d=mm&r=g)
This seemed to me to as much about profiling in general as data privacy. If such profiling just performed by humans (blocklisting entire neighborhood from social benefits) that would probably have would have been judged unlawful as well under EHRL. From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> On Behalf Of Alan Woods Sent: Wednesday, February 19, 2020 3:03 AM To: Volker Greimann <vgreimann@key-systems.net> Cc: GNSO EPDP <gnso-epdp-team@icann.org> Subject: [EXTERNAL] Re: [Gnso-epdp-team] On the legality of algorithmic decision making What Volker said. To add another layer - I'm not sure that "confusing" is where I land on this however - if anything it's rather convincing as to the seriousness of ensuring balance. An EU or member state law may impart a specific permission or authorization for such processing - or alternatively make it a legal obligation for controllers in that jurisdiction to process data in such instances, but the key point is that even where you make it the 'law' to automate - if that automation is not in line with the principles of proportionality, i.e. balance of the goal vs the impact to the rights of those impacted and transparency (with many shades of Art 25), then even that "legal basis" will fall. All comes down to the fact that data privacy is part of a basic human right, emanating specifically from Art 8 of the ECHR, and can't be legislated away; it's good (not to mention of some relief) to see the Courts are absolutely willing to censure governments who overstep their powers vis a vis data privacy. I think we continue to be prudent in our own considerations to remember that our policy will be built on considerably less stable foundations than actual 'legislative' prerogative. Alan [Donuts Inc.]<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains%2F&data=02%7C01%7Cmarksv%40microsoft.com%7C11e53d3d02974760ec8808d7b52b755c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637177070570161176&sdata=kGH1Wfh9dtLOgBAIhWymEjx5L2VZZp%2Bpwmr8%2BwWuHVw%3D&reserved=0> Alan Woods Senior Compliance & Policy Manager, Donuts Inc. ________________________________ Suite 1-31, Block D, Iveagh Court Harcourt Road Dublin 2, County Dublin Ireland [http://storage.googleapis.com/signaturesatori/icons/facebook.png]<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2Fdonutstlds&data=02%7C01%7Cmarksv%40microsoft.com%7C11e53d3d02974760ec8808d7b52b755c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637177070570161176&sdata=khX33uVlXk0WGEEjjHGpxXIC6bvG3jGSziYTo60mtOY%3D&reserved=0> [http://storage.googleapis.com/signaturesatori/icons/twitter.png] <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FDonutsInc&data=02%7C01%7Cmarksv%40microsoft.com%7C11e53d3d02974760ec8808d7b52b755c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637177070570171122&sdata=huDjt7WGbWpogwA90m%2FhNzq%2BEo9WypgvRIj1ELT26i4%3D&reserved=0> [http://storage.googleapis.com/signaturesatori/icons/linkedin.png] <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fdonuts-inc&data=02%7C01%7Cmarksv%40microsoft.com%7C11e53d3d02974760ec8808d7b52b755c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637177070570171122&sdata=u%2Fn0UuTwV8%2FYGzog6bI24A8vJFr67u0afoETgKdX8e0%3D&reserved=0> Please NOTE: This electronic message, including any attachments, may include privileged, confidential and/or inside information owned by Donuts Inc. . Any distribution or use of this communication by anyone other than the intended recipient(s) is strictly prohibited and may be unlawful. If you are not the intended recipient, please notify the sender by replying to this message and then delete it from your system. Thank you. On Wed, Feb 19, 2020 at 9:26 AM Volker Greimann <vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>> wrote: Yeah, but this is governments who have a significantly larger ability to take actions that may impact private citizens rights. We are private sector acting without any legal basis other than what GDPR permits. We should not compare what appleas can do to what oranges can. Volker Am 18.02.2020 um 19:36 schrieb Mark Svancarek (CELA) via Gnso-epdp-team: I think it’s an interesting case. From the article: On Wednesday, the Hague district court agreed with that [by collating swaths of data on entire neighborhoods, SyRI contravened the right to a private life guaranteed under European Human Rights Law], saying that it was legitimate for the government to use technology to address fraud, but that SyRI was too invasive. There is legal or similarly significant impact, so it’s clearly covered by Article 22, but the court still seems to have comfort with some level of automation. It’s confusing. From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org><mailto:gnso-epdp-team-bounces@icann.org> On Behalf Of Mueller, Milton L Sent: Saturday, February 15, 2020 3:01 PM To: EPDP <gnso-epdp-team@icann.org><mailto:gnso-epdp-team@icann.org> Subject: [EXTERNAL] [Gnso-epdp-team] On the legality of algorithmic decision making Here is an interesting article for anyone here who still thinks that lawful balancing tests can be done by algorithms. https://www.wired.com/story/europe-limits-government-algorithm-us-not-much/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.wired.com%2Fstory%2Feurope-limits-government-algorithm-us-not-much%2F&data=02%7C01%7Cmarksv%40microsoft.com%7C11e53d3d02974760ec8808d7b52b755c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637177070570181078&sdata=hE89j6B%2F4xJSXxxVEB978MEAafSjsnd6esTTMrO1TFc%3D&reserved=0> Dr. Milton L Mueller Georgia Institute of Technology School of Public Policy [IGP_logo_gold block] _______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org<mailto:Gnso-epdp-team@icann.org> https://mm.icann.org/mailman/listinfo/gnso-epdp-team<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmm.icann.org%2Fmailman%2Flistinfo%2Fgnso-epdp-team&data=02%7C01%7Cmarksv%40microsoft.com%7C11e53d3d02974760ec8808d7b52b755c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637177070570181078&sdata=PlyMrV%2Bf6%2BFxjn9hW3yEol5noSOy9th1EKbRiaxzIPY%3D&reserved=0> _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.icann.org%2Fprivacy%2Fpolicy&data=02%7C01%7Cmarksv%40microsoft.com%7C11e53d3d02974760ec8808d7b52b755c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637177070570181078&sdata=UDVGIN0nTDRltoc7E5QrWFi2PfhJ874AgW29R0N77XM%3D&reserved=0>) and the website Terms of Service (https://www.icann.org/privacy/tos<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.icann.org%2Fprivacy%2Ftos&data=02%7C01%7Cmarksv%40microsoft.com%7C11e53d3d02974760ec8808d7b52b755c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637177070570191036&sdata=bHcarWOhxAlPhIxtqkk%2Bn5T9Rk7srk1eiBstGjY2XkQ%3D&reserved=0>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. -- Volker A. Greimann General Counsel and Policy Manager KEY-SYSTEMS GMBH T: +49 6894 9396901 M: +49 6894 9396851 F: +49 6894 9396851 W: www.key-systems.net<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.key-systems.net%2F&data=02%7C01%7Cmarksv%40microsoft.com%7C11e53d3d02974760ec8808d7b52b755c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637177070570191036&sdata=TUgRcRLlyeSpd1AnEIZ5rKZqiHjiZQyb6U52%2BJzfT6A%3D&reserved=0> Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835 CEO: Alexander Siffrin Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358. _______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org<mailto:Gnso-epdp-team@icann.org> https://mm.icann.org/mailman/listinfo/gnso-epdp-team<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmm.icann.org%2Fmailman%2Flistinfo%2Fgnso-epdp-team&data=02%7C01%7Cmarksv%40microsoft.com%7C11e53d3d02974760ec8808d7b52b755c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637177070570200996&sdata=wCwWpFij959%2FZPX%2BVNpWvAC6HX6%2F33SmbHnbAx3kPHk%3D&reserved=0> _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.icann.org%2Fprivacy%2Fpolicy&data=02%7C01%7Cmarksv%40microsoft.com%7C11e53d3d02974760ec8808d7b52b755c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637177070570200996&sdata=ZXWfPn5X%2F3CDKriToREuPkGeAdUPmGvOhXjCajBv7V0%3D&reserved=0>) and the website Terms of Service (https://www.icann.org/privacy/tos<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.icann.org%2Fprivacy%2Ftos&data=02%7C01%7Cmarksv%40microsoft.com%7C11e53d3d02974760ec8808d7b52b755c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637177070570200996&sdata=b9Z%2BRERYltaFtoDAanYbgQ3phbWZrobWyMppsvGRANs%3D&reserved=0>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
participants (4)
-
Alan Woods
-
Mark Svancarek (CELA)
-
Mueller, Milton L
-
Volker Greimann