Tag: artificial intelligence

How to Write a Law and Technology Paper?

This post is for laughs, a piece of a sit-down comedy. Admittedly, it’s making fun of some things I have written in the past. I wrote it a while ago, on a plane from law&tech conference to another. I wanted to pair it with a serious part: a reflection on what is it that we do, what we should do, what’s the point etc. Somehow, however, I never managed. On the same time, I keep showing this to people on my phone during conferences and they laugh. And laughing is good for you! Hence, I thought I’ll share it, so you can smirk, and maybe someone wiser than me will come up with a serious comment on what is behind this. Ready? Let’s go!

How to write a generic law and technology paper

So, you have given a lecture using the speech generator and now they asked you to write a paper. Worried? No need! The instruction below will help you develop a state-of-the-art contribution in ten steps.

  1. Start with a story. Write a couple-paragraph-long horrifying/utopian story about how a technology you are talking about will soon completely change the world, and undermine one of the legally protected values: property, freedom, equality, transparency, non-discrimination, safety, privacy, anything. Don’t explain what you mean by “technology”, but be sure to mention that it is “disruptive”. If you can find some data (numbers are always impressive), cite it; even better if you can find someone (anyone, really) who has published a prediction that in 5 years everyone will be using this. You can also start with some inspirational quote.
  2. Name the technology: robotics, AI, internet of things, big data, blockchain, algorithms, platforms, sharing economy, wearables, again anything. Say that there is no agreed upon definition of it, then define it anyhow, give a few more examples. If you write about IoT, make sure your example is a fridge ordering milk when you are out of it.
  3. Indicate what are some laws that could apply to this technology – cite some statues, some cases, no need to be comprehensive – just have one that would be unclear in application. Alternatively, take some established concept: liability, personality, accountability etc. and show how this new technology makes its application complicated. This will make everyone think that this is a legal paper. Lawyers usually don’t know much about tech, and non-lawyers seldom read cases – this will make you seem like an expert in the other area than the reader comes from.
  4. State that we need to regulate, in a way that will “mitigate the risks, without impeding the benefits”.
  5. Say that obviously there are some benefits, and list them: pay special attention to how this could be used in education, or medicine, or for any type of empowerment (no need to define).
  6. Say that, however, there are of course also some risks/challenges, and list them. No need to indicate what the criteria of distinction was, also don’t worry about explaining your normative theory (just say “criminal law”, or “consumer law”, or “privacy” etc.). Just list the problems.
  7. Now it’s time to solve a problem: throw around one/three/five ideas on what to do. If you are creative here that’s ok, but you can also go for some safe bets: create a new administrative agency (“FDA for algorithms/robots/databases etc.), incentivize self-regulation and creation of codes of conduct, and education – education is the most important.
  8. (Optional: write a couple of paras explaining why your solutions are better than what other people proposed, or what is already in place. This takes more time, because you actually need to read something. But will make you look like an expert. If you treat people nicely, you might even become a member of a #citationCartel).
  9. Mention blockchain. You can just literally put the word “blockchain” in a random place somewhere in the solution section.
  10. Finish by saying that the issue is obviously complex, so more interdisciplinary perspectives are needed, and that you know you might be wrong, but your first ambition was to draw attention to the problem and start a discussion.

There you go! The paper is essentially ready. You just became an expert in something new, congratulations!!!

CLAUDETTE: Automating Legal Evaluation of Terms of Service and Privacy Policies using Machine Learning

It is possible to teach machines to read and evaluate terms of service and privacy politics for you.

Have you ever actually read the privacy policy and terms of service you accept? If so, you’re an exception. Consumers do not read these documents. They are too long, too complex, and there are too many of them. And even if they did the documents, they have no way to change them.

Regulators around the world, acknowledging this problem, put in place rules on what these documents must and must not contain. For example, the EU enacted regulations on unfair contractual terms; and recently the General Data Protection Regulation. The latter, applicable since 25th May 2018, makes clear what information must be presented in privacy policies, and in what form. And yet, our research has shown that, despite substantive and procedural rules in place, online platforms largely do not abide by the norms concerning terms of service and privacy policies. Why? Among other reasons, there is just too much for the enforcers to check. With virtually thousands of platforms and services out there, the task is overwhelming. NGOs and public agencies might have competence to verify the ToS and PPs, but lack the actual capability to do so. Consumers have rights, civil society has its mandate, but no one has time and resources to bring them into application. Battle lost? Not necessarily. We can use AI for this good cause.

The ambition of the CLAUDETTE Project, hosted at the Law Department of the European University Institute in Florence, and supported by engineers from the University of Bologna and the University of Modena and Reggio Emilia, is to automate the legal evaluation of terms of service and privacy policies of online platforms, using machine learning. The project’s philosophy is to empower the consumers and civil society using artificial intelligence. Currently artificial intelligence tools are used mostly by large corporations and the state. However, we believe that with efforts of academia and the civil society AI-powered tools for consumers and NGOs can and should be created. Our most technically advanced tool, described in our recent paper, CLAUDETTE: an Automated Detector of Potentially Unfair Clauses in Online Terms of Service, can detect potentially unfair contractual clauses with 80%-90% accuracy. Such tools can be used both to increase consumers’ autonomy (tell them what they accept), and increase efficiency and effectiveness of the civil society’s work, by automating big parts of their job.

Our most recent work has been an attempt to automate the analysis of privacy policies under the GDPR. This project, funded and supported by the European Consumer Organization, has led to the publication of the report: Claudette Meets GDPR: Automating the Evaluation of Privacy Policies Using Artificial Intelligence. Our findings indicate that the task can indeed be automated once a significantly larger learning dataset is created. This learning process was interrupted by major changes in privacy policies undertaken by the majority of online platforms around 25 May 2018, the date when the GDPR started being applicable. Nevertheless, the project led us to interesting conclusions.

Doctrinally, we have outlined what requirements a GDPR-complaint privacy policy should meet (comprehensive information, clear language, fair processing), as well as the ways in which these documents can be unlawful (if required information is insufficient, language unclear, or potentially unfair processing indicated). Anyone – researchers, policy drafters, journalists – can use these “golden standards” to help them asses existing policies, or draft new ones, compliant with the GDPR.

Empirically, we have analyzed the contents of privacy policies of Google, Facebook (and Instagram), Amazon, Apple, Microsoft, WhatsApp, Twitter, Uber, AirBnB, Booking.com, Skyscanner, Netflix, Steam and Epic Games. Our normative study indicates that none of the analyzed privacy policies meet the requirements of the GDPR. The evaluated corpus, comprising 3658 sentences (80.398 words), contains 401 sentences (11.0%) which we marked as containing unclear language and 1240 sentences (33.9%) that we marked as potentially unlawful clauses, i.e. either a “problematic processing” clause or an “insufficient information” clause (under articles 13 and 14 of the GDPR). Hence, there is significant room for improvement on the side of business, as well as for action on the side of consumer organizations and supervisory authorities.

The post originally appeared at the Machine Lawyering blog of the Centre for Financial Regulation and Economic Development at the Chinese University of Hong Kong