OCommICISSP 2020 Abstracts

Full Papers
Paper Nr: 1

Artificial Intelligence in Legal Decision-making: Bridging the Gap between Technical Questions and the Legal Framework


Giulia Schneider

Abstract: The implementation of artificial intelligence techniques in the legal sector is currently experiencing a renewed attention at both practical and theoretical level. Researchers in Question and Answering, argument mining from texts and information extraction are currently developing new applications and programs working as a support for law firms and legal consulting and advisory companies, as IBM Watson Lawyer and the so-called Debater. It seems that a new market for automated-driven legal programs is emerging, as it is the case of data analytics programs designed for the integration of contractual uncertainties. These programs are intended to be variously support both the parties to a dispute and the decision-makers, as judges or arbitrators. On its side, an increasing strand of legal literature is theoretically enquiring the desirability of the employment of artificial intelligence for the purposes of legal reasoning and decision-making. In this perspective, a first strand of the scholarship celebrates the features of efficiency of these programs in the legal context, whereas another one warns against the risks of a de-humanisation of legal reasoning. Against this backdrop, this paper moves from the acknowledgement that the emerging technical reality of new technologies for automated QA or argument mining from texts and the legal policy debates regarding the opportunity to legitimate such applications are silently developing at a parallel but non-communicating level. Under these premises, the study aims at combining the technical and legal perspective, by addressing some of the technical questions related to the design of these programs through the lenses of the applicable legal framework from a European perspective. For these purposes, after having briefly illustrated the current and near future roles of AI applications for law, this paper will focus on the key issue of information retrieval and the building of cognitive computational models for the prediction of outcomes of legal disputes. In this respect, the complex relevance of the European data protection framework (like the EU General Data Protection Regulation 2016/679, hereinafter “GDPR”) as both facilitator and external limit to the development of these programs in the legal context will be assessed. From the first perspective, it will be shown how the processing of information for the design of artificial intelligence applications for legal decision-making can be considered as statistical research under the GDPR, with the related application of a “special” data protection regime under art. 89 GDPR. From the second perspective, the relevance of data protection by design and default rules is enquired in respect to the objectives of data accuracy and integrity in the context of AI programs for the legal sector. Accordingly, the supervisory role of data protection authorities in the design of such computational models will be investigated. The definition of the relevant legal framework in the design of automated programs for legal decision-making is ultimately considered a precondition of a legally-sound expansion of the correspondent emerging market. At a policy level, it also poses fruitful grounds for the theoretical debates regarding the legitimacy of the employment of such programs in the legal practice.

Paper Nr: 3

GDPR Compliance through Authorization Systems: A Preliminary Report on a GDPR-based Access Control


Said Daoudagh

Abstract: The new General Data Protection Regulation (GDPR) is changing how Personal Data should be processed. It states, in Art. 5.1(f), that “[data] should be processed in a manner that ensures appropriate security of the personal data [..] using appropriate technical or organisational measures (integrity and confidentiality)”. The GDPR then calls for measures to control access and to protect personal data but does not provide technological guidance. The main objective of this PhD research is to investigate whether is possible to encode, in current Access Control (AC) systems, policies that realise the GDPR’s demands, resulting in AC systems that are by-design compliant with the GDPR. Being ‘integrity and confidentiality’ at the heart of traditional security enforcement (e.g., in the CIA triad) we claim that this encoding is indeed plausible. To achieve the PhD's objectives, we developed an Agile Authorization Development Life Cycle (ADLC) to assist who is responsible for the implementation of ACPs in line with the GDPR’s provisions incrementally. Therefore, the conceived Agile process is also used as a reference guideline to conduct the PhD research incrementally.