In the rapidly developing world of technology, it is unusual to find a book that has a shelf life longer than just a few years, but this anthology has not lost any of its relevance since its first publication in 2013. Its prescience may be due to the depth of knowledge of its contributors, several of whom are leading scholars, such as Mireille Hildebrandt, Helen Nissenbaum and Bert-Jaap Koops. In this slim volume, they cover a vast territory, delving into pressing ethical dilemmas along the way. The volume offers not a detailed investigation into technical rules, but sweeping explorations of possible legal solutions and shortcomings of data protection, privacy and due process that may govern our oncoming smart environments. In so doing, they never lose sight of their original question, set out at the beginning of the preface: “How do we co-exist with the ‘perceptions’ of machines that anticipate, profile, cluster or classify?” At its core, this is a book about the tension between the human being and a computational turn that brings us ever closer to a world of artificial intelligence.
One strength of the anthology is that none of its contributors falls for the temptation to rehash familiar arguments for or against the regulation of new technology. Instead, they delve into the quagmire of often difficult ethical matters, such as Martijn van Otterlo's discussion of the implications of algorithmic data profiling or Antoinette Rouveroy's thoughts on the limitation of critical thinking following a “computational turn” by which individuals no longer will be addressed “through their reflective capabilities”. Reading between the lines, there is a real foreboding that singularity – whereby machines replace the cognitive capabilities of humans – is fast approaching. And some of the consequences may be stark. For Rouvroy, the immediacy of “algorithmic reason” threatens the temporal and mental distance needed for cogitation. In her view, following the computational turn, our future may be fixed by machine-generated predictions rather than the thoughts and actions of people of flesh and blood.
That is not to say that the book ignores familiar terrain. Bert-Jaap Knoops summarises EU data-protection law and Lorenzo Magnani offers a thoughtful overview of the well-known dangers of hidden discrimination from algorithmic analysis. As has already been thoroughly explored in the academic literature, there is a real danger that individuals are no longer assessed from their own data, but from statistical inferences garnered from social networks and other demographic groupings. That said, Magnani's repetition of the argument is welcome, as he pushes its potential consequences further, warning that, with computational profiling, “the risk of infantilising people increases, as does the likelihood of rendering them conformist and conventional, and they are, as a result, faced with a greater potential for being oppressed”. No longer is profiling a subject reserved for special interest discourse on individual fundamental human rights; it has been elevated to a pressing societal and democratic concern.
Underpinning several of the essays is the chilling acknowledgement that machine learning and algorithmic analysis have long been considered neutral, objective and scientific. Ian Kerr carefully draws our attention to how this reliance on “pre-emptive” approaches may fundamentally alter our relationship with the law as machines, not human beings, become the arbiters of justice. Indeed, he notes that this fear is not new: the OECD Data Processing Guidelines’ “fair information practice principles” already attempted to address the potential threats of algorithmic decisions to human autonomy in the early 1980s. However, with the budding computational turn, the law seems woefully inadequate in its approach to automatic processing, and the notion that the code is somehow neutral will not alleviate these concerns.
Yet, this is not a pessimistic book in a Luddite tradition. Thankfully, the volume stretches beyond the analysis of the problem; its authors also offer plenty of ideas of how to address their pressing concerns, ranging from new social behaviour and computer codes in devices. What is so exciting about this volume is that its authors dare peer into the future and propose several novel options to redress the invasion of privacy. For example, Koops promotes greater transparency of data processing while noting the inherent limitations of consent – another device favoured by data-protection regimes. Instead of aiming for unattainable control of data by the individual, laws should be designed to shed light on the decisional outcome of the computational processing. In his chapter, Koops writes that “in the 21st century, with its computational turn, data protection can no longer reside in the exclusive realm of informational privacy and self-determination: rather, it must be approached from the angle of due process and fair treatment in the database age”.
In their chapter, Helen Nissenbaum (who is well known for her advocacy of contextual privacy) and Finn Bruton launch the somewhat controversial idea of obfuscation as a means by which the individual may obtain more privacy control. In their definition, obfuscation, by which “noise” is added to data, may have its disadvantages and even be morally dishonest. Yet, from their perspective, the current power balance between the faceless machine and the human individual justifies this anarchic gaming of the system. It is a call for mild civil disobedience in recognition of the fact that legal regulation and other solutions may not be immediately forthcoming to aid an individual's right to informational self-determination in the age of ubiquitous algorithms. They see it as a David and Goliath battle. As inspiring as this take may be, their proposal nevertheless provides few practical solutions. However, as the title of the volume reminds the reader, this is not a legal textbook, but an exploration of the meeting of the philosophies of law and technology.
One weakness of the volume may be the lack of definition of what exactly is meant by its sweeping subtitle, as neither branch of philosophy is ever explained. That said, while there can be no expectation that the anthology should offer a comprehensive mapping of each of the topics surveyed, its contributors do a fine job of weaving in scholarship relevant to their observations and arguments. Katja de Vries notes in her introductory chapter that all of the contributors refreshingly reject data minimisation as the long preferred panacea to the many problems associated with data processing, recognising that the ambition to control all unforeseen future uses of data may be a legislative fantasy. Instead, the authors point to the uncomfortable truth that, in the fields of technology, privacy and data protection, law and reality often diverge.
The volume could do with slightly fewer nods to the previous work of one of its editors, which make certain sections appear almost as a digest of material published elsewhere. It is perhaps most significant that the contributors do not adopt a unified philosophical view. Instead, they explore a myriad of incremental solutions to the problems they have identified. All of these may be feasible to some extent, but none clearly pave a new direction for the development of data protection and privacy law. The lack of dogmatic faith in one answer is indeed one of the volume's core strengths, as the provocations in the chapters themselves should suffice to stir up debate. Although there is a danger that the technical landscape described may soon be outdated, the authors pose enough fundamental questions that the volume merits being consulted in any future legislative reforms.
