Postdoctoral researcher Dr Damian Clifford underscores some challenges with the current legal framework in addressing commercial practices such as ‘puffing’. He also recounts a few highlights from the Information Law and Policy Centre’s (ILPC)* annual conference, and offers his advice on how to prepare for a PhD viva. 

Last year you took part in the ILPC’s annual conference, which brought together policymakers, practitioners, civil society and academic experts. What would you say were some of the highlights? And what were some of the key concerns raised regarding the future of AI, smart cities and regulation?

A clear highlight is the opportunity to hear from people across a variety of backgrounds and to gain insights from leading experts in the UK and continental Europe. The annual conference always offers a programme of speakers with diverse backgrounds and the interdisciplinary perspectives really add to the appeal. Last year’s event was no different and I benefitted most from perspectives outside of my discipline.

As someone who has spent a number of years in Belgium the conference is also a wonderful opportunity to mix with people based in the UK who do not regularly travel to the major conferences in mainland Europe. This is particularly true for the non-academic speakers but also for academics whose research only more recently intersects with technology law issues or does so in a more lateral sense. The inclusion of such voices diversifies perspectives and allows for a more realistic discussion regarding the difficulties associated with developing adequate policy responses to the challenges posed by technological advancement.

There were simply too many issues and concerns raised during the conference to go through them in detail. Overall, I think a key concern related to the seemingly inevitable nature of the development and the potential for the “move fast and break stuff” ideology to prevail over a more considered risk-aware and rights-based approach.

With online consumers being faced, and possibly swayed by a plethora of commercial practices such as ‘puffing’, what are some of the challenges with the current legal framework in addressing this issue?

There are a number of challenges, but I’ll restrict myself to four. First, the consumer protections largely focus on the “identification” of advertising content online. However, there is an increasing blurring of the boundaries between editorial and commercial content. Although this has been reflected in literature for some time, from a policy perspective we’re still only at the beginning.

There are complex underlying considerations here, which links into my second concern relating to personalisation. There is nothing new in this challenge and it goes to the commercial motives underlying, for example, the use of recommender systems for content curation and the personalisation of user experiences.

However, one specific issue, which emerged in my research, related to how we are to “localise” harms given the increasing alignment of the data protection and consumer-protection policy agendas. Can we look at the ex post protection of consumers when there may have been a harm ex ante stemming from the processing of personal data which gave rise to the ex post problem in the first place? How do we ensure that the protections afforded by the consumer protection and data protection and privacy frameworks are all pulling in the same direction?

A key connected point here is the commodification of personal data the legitimacy of which seems to have somewhat conflicting understandings across the respective policy agendas.

Underlying this debate is my third challenge, which relates to more precisely determining what we believe should simply not be allowed. For example, although the hyperbolic promises linked to the development of AI should be taken with a pinch of salt, such innovations do present challenges in terms of effective regulation. This is not helped by current debates on AI that constantly circle the frame of “ethics”, but for the most part fail to move beyond pontifications regarding the balance between the “good” and “bad” projections of promised technological developments.

Although there is a value to the ethical analysis of technological developments, this should not be a substitute for regulation. Legal research on AI also needs to be more context-driven and must be based on specific applications rather than remaining within the realms of more abstract debates and the “ethics washing” exercises that have become prevalent. The important role of philosophical research and ethical analyses of developments must be respected as inherently connected but also distinct from the law and legal regulation. I’m a lawyer not an ethicist and I believe that there are certain aspects of technological development which need precise regulatory intervention.

Finally, fourth everything that I have mentioned above really rests on the capacity for robust enforcement. We are still at the beginning of the effects of the GDPRbut it will be interesting to see how far the enforcement of the Regulation can go towards counteracting bad practices.

It will be fascinating to see how data protection authorities and the Court of Justice deal with issues which I believe go to the very core of the legitimacy of the underlying business models of some of the biggest companies in the world. Connected here and to my points regarding the substantive alignment of the data protection and consumer protection policy agendas is the need for more collaboration across enforcement bodies.

The emergence of the Digital Clearinghouse initiativeis an excellent illustration of this, as is the recent decision by the German Federal Cartel Office against Facebook. I believe that these developments however, also point to a need to get our “ducks in a row”. A connected point here is the complexity of the regulatory landscape in certain areas. Although the Clearinghouse is an important step, we should also recognise that in the digital advertising ecosystem for instance there are a plethora of bodies involved from media regulators, consumer and data protection authorities but also self-regulatory initiatives. The diversity of this landscape may leave some issues slip between the cracks and it is important to figure out where responsibility lies.

How do you see the law developing in this area?

There are still key debates to be had across Europe and there are key divergences across members states as illustrated by the ongoing negotiations of the proposed ePrivacy Regulation. I think there is a real need to address underlying differences in understanding but also in figuring out why enforcement action is taken by a consumer protection authority in one member state compared to a data protection authority in another. I believe that there is much work to be done in this area.

There are number of legal frameworks which are fresh and we’re still trying to figure these out so I really see this being how the law will develop of the next few years. We need clarity on the interpretation of key provisions, especially in the GDPR and with this in mind developments will come through the enforcement of the existing frameworks.

As mentioned above, there is a key need for enforcement bodies to sit down and figure out what they want and how their roles and the frameworks overlap (see importance of the Digital Clearinghouse). However, outside the EU bubble I think the global picture also paints an entire ecosystem in flux. But perhaps at an earlier stage of progression.

Currently, I am based at Melbourne Law School as an honorary fellow, and the time spent in Australia has exposed me to the development of regulatory responses outside of the highly developed EU bubble and the global regulatory landscape. I am fascinated as to how law and policy will develop in Australia especially given the recent publication of the Australian Competition and Consumer Commission’s report on digital platforms.

The development of law in jurisdictions like Australia and the US (at least at the state level in the US for now) presents brilliant opportunities for comparative research but also for practically assessing the impacts of different regulatory approaches (even if these are largely inspired by EU approaches) and the challenges posed by technological change. As my research largely focuses on global operators it makes sense to look beyond the EU legislative patchwork, its influence globally (the so-called “Brussels effect”) and to how the large tech companies navigate the diversity.

You recently defended your PhD, “The legal limits to the monetisation of online emotions”, which explores the theme of AI, decision-making and rational choice theory. What advice would you give to doctoral researchers leading up to the preparation of their defence?

The best piece of advice is not to panic – the hard work is done. The final write-up is the most difficult part of the process without question and I think it’s very important to let other people going through this know how difficult it is for everyone. It took far more than I could have anticipated to get the thesis text over the line.

In saying that, the preparation for the defence is still important just from a practical perspective. At the KU Leuven we have both a private pre-defence at which the jury discuss the thesis manuscript without the candidate (although the candidate may be called upon) and a public defence which is treated as a special occasion (ie family, friends and colleagues attend). At this, you are required to present the thesis in a 20-minute timeslot followed by a maximum of 15 minutes of Q&A per jury member (juries are generally five or six people plus a chairperson).

Trying to fit four years of work into a 20-minute presentation was extremely challenging. I would certainly recommend doing a dry run in a professional environment (eg invited seminar), to have an accurate indication of:

  • what you want to emphasise in order to give a coherent overview
  • what you should omit keeping in mind the audience (ie the “public”) and
  • generally the detail that is feasible to give the key outcomes in the time

I was lucky in that, just prior to my defence I gave a presentation at the Australian National University College of Law. It went on for almost an hour and I barely scratched the surface of the thesis. This experience led me to change tactics for the defence, and I would certainly recommend people proactively plan such an opportunity.

Another piece of advice would be to ensure that you present a story “arc”. During my dry run, I focused largely on the problems with the alignment of the data protection and consumer protection policy agendas. Although there are a series of novel considerations and underlying theoretical/moral debates associated with these policy developments, I discovered that this approach failed to give the audience an accurate indication of my theoretical framing, and key substantial conclusions. When redesigning my approach for the defence I focused far less on the specifics and much more on my story, leaving the specific nuances for the questions.

Again, from a practical perspective, having attended several public defences I decided that for mine I would only note down the questions and sub-questions in short form. I was afraid of using the pen and paper too much and missing the key point of the question, which generally comes at the end of a sometimes elaborate introductory remark. This plan allowed me to listen to the remarks and reflect upon them while waiting for the questions which, without the “scene setting” distraction, I was able to address more directly.

A key thing to keep in mind is that often the questions are not ones that can be answered properly in the defence format. Listening rather than writing allowed me to reflect and frame a response and not be overwhelmed by a need to answer with specifics. Although there can be questions about specific parts of the thesis that may require clarification, you should be comfortable with these as you’ve written the text. The rest of the questions are often high-level ones that use your work as the platform to make broader observations. As preparation, I spent some time thinking about the broader positioning of my thesis and my topic and reflected upon the emerging policy debates.

From policy in practice to academia, what are your next steps?

I’ve spent the past few years focused entirely on the EU landscape but I’m eager to explore how this EU level analysis fits within the broader global setting. More specifically, my research has approached regulation from the point of view of exploring the legal limits imposed by risk, rights and principle-based frameworks in EU law, how they map with reality (ie law on the books versus law on the ground), and where the current gaps and significant challenges lie.

My vision for the future involves focusing on how the regulatory framework should be constructed in a global context so that these challenges can be overcome practically in a responsive manner thus moving the debate beyond the abstract cost/benefit discussions evident, for instance, in current AI policy literature. This must be viewed with the contrast between the European fundamental rights approach and the more market-based approach evident in US/Australian in mind. This contrast provides an opportunity to explore alternative legal and social approaches to these issues.

In the context of the emergence of AI, much of the technological development will occur outside these jurisdictions therefore presenting similar but distinct challenges which are not nearly as well explored in the literature. Effective regulation in a globalised digital economy presents important practical questions.

However, the cross-jurisdictional push of legislative standards presents an interesting debate regarding the regulatory autonomy of (1) states negotiating trade deals with the EU (see recent negotiations between the EU and Australia, New Zealand and Japan); (2) the US (given for example the recent Consumer Privacy Acts in States such as California); and (3) the post-Brexit UK and its relationship with the EU in the context of the regulation of AI. I want to explore these issues and provide insights through academic research.

*(ILPC) is based at the Institute of AdvancedLegal Studies, School of Advanced Study, University of London.

Dr Damian Clifford is a postdoctoral researcher at the KU Leuven Centre for IT & IP Law, funded by Fonds Wetenschappelijk Onderzoek – Vlaanderen (FWO). He has published in a range of international journals and presented at several international conferences.

This is an edited extract from an interview first published by ILPC.