Merging of man and machine: questions of ethics in dealing with emerging technology

Termine, Datenschutz, Digitalisierung & Netzpolitik, English

Public Hearing hosted by the Green Working Group Robotics

When? 8 September 2016, 09:30-13:00

Where? European Parliament, Brussels, room Altiero Spinelli (ASP) 1G3


Technology has fundamentally altered our lives and will continue to do so. Ethical considerations must remain guiding posts at all times. Undoubtedly, how we approach the regulation of emerging technologies will have wide implications for our definition of human dignity and the equality of individuals.


The Green Working Group Robotics - Jan Philipp Albrecht, Max Andersson, Julia Reda, Michel Reimon and Terry Reintke - would like to invite you to a public hearing on "Merging of man and machine: questions of ethics in dealing with emerging technology". With this and further discussions we would like to develop a position on how society should respond to questions like How will our lives and our society change with the increasing fusion with modern technology? What role have politics and law in this context? Is there a need for regulation and if so, how? How can human rights be addressed?


After short presentations by the speakers we have planned plenty of time for questions and answers. Please join us for the discussion!


Moderator: Jennifer Baker, @BrusselsGeek


Draft Agenda


Welcome and Introduction


9h45 - 10h45

Man & Machine: Examples of how we're going to merge with technology

    Enno Park, Chairman of Cyborgs e.V.

    Dana Lewis, Built an artificial pancreas (#DIYPS). Founder, #OpenAPS. Director, MDigitalLife for W2O Group



    10h45 - 11h45

    Ethics & Society: Examples of how our lives, values and society will change

    Yvonne Hofstetter, Author & director of Teramark Technologies GmbH

    Prof. Dr. Oliver Bendel, Author "Die Moral in der Maschine: Beiträge zu Roboter- und Maschinenethik"

    Constanze Kurz, Author & Spokesperson Chaos Computer Club e.V. (CCC)



    11h45 - 12h00 Coffee break


    12h00 - 13h00

    Politics & Law: Examples of how we do/can debate and regulate this field

    Juho Heikkilä, Head of Unit, Robotics, DG Connect, European Commission

    Prof. Dr. Dr. Eric Hilgendorf, Chairman of the Department of Criminal Law, Criminal Justice, Legal Theory, Information and Computer Science Law, University of Würzburg



    See the bios of the speakers.


    +++ To register please send the following information to Full name, date of birth, nationality,  N° and type of identity document. Deadline for registration is Wednesday, 31 August 4pm. +++







    Jan Philipp Albrecht auf Facebook

    JanAlbrecht Jan Philipp Albrecht

    RT @TorstenBeeck: Guter Satire-Account!

    28. Aug 2016 Antwort Retweeten Favorit
    TermineDatenschutz, Digitalisierung & Netzpolitik

    Freedom not Fear 2016: 14–17 October, Brussels

    Annual meeting for civil rights activists from all across Europe

    Termine, Datenschutz, Digitalisierung & Netzpolitik, English

    Representatives from non-governmental organisations meet in Brussels for four days to work for freedom in the digitised world. We plan action and we take action against increasing surveillance and other attacks on civil rights. We want to live in freedom, not in fear. Join us!

    Everybody is welcome to take part, help organise and support Freedom not Fear 2016!



    When? 14–17 October 2016 (Friday–Monday)

    Where? Mundo B, Rue d’Edimbourg 26, BXL


    Programme & schedule

    Friday, 14 October: (evening) arrival, welcome, keynote with discussion, get-together

    Saturday & Sunday: BarCamp, talks, workshops, networking, outdoor action

    Monday, 17 October: meetings with Members of the European Parliament

    Note: the schedule is work in progress, the latest version can be found in the Freedom not Fear wiki.


    Apply for travel allowances

    Freedom not Fear is self-organized and free, and you do not have to register. But thanks to Julia Reda, Jan Philipp Albrecht and Josef Weidenholzer you can apply for travel allowances. Questions? Check the Freedom not Fear wiki and website or email us: contact [at] freedomnotfear [dot] org.


    Good to know

    You can also ask your Member of Parliament if he or she is willing to fund your travel. In 2014 we made a How-To about contacting them.


    Take part in Freedom not Fear 2016

    Freedom not Fear 2016 is looking forward to your ideas, your campaign, yourworkshop: Tell us what you or your NGO have been doing on a certain topic. Join us in Brussels, it’s easy and we also try to help you with accommodation and such.





    EU-US Privacy Shield: Blankoscheck für Datenweitergabe in die USA



    PRESSEMITTEILUNG – Brüssel, 12. Juli 2016


    Die Europäische Kommission hat heute die neue Regelung zu Datentransfers in die USA („EU-US Privacy Shield“) angenommen. Das EU-US Privacy Shield setzt Regeln für die erleichterte Weitergabe personenbezogener Daten in die USA, etwa bei der Nutzung von Online-Diensten wie Suchmaschinen oder sozialen Netzwerken. Dazu erklärt Jan Philipp Albrecht, innen- und justizpolitischer Sprecher der Grünen/EFA-Fraktion im Europäischen Parlament: 


    „Die Europäische Kommission erteilt den USA einen Blankoscheck für den Transfer personenbezogener Daten aus der EU in die USA und missachtet damit Forderungen aus dem Urteil des Europäischen Gerichtshofs zur Vorgängerregelung Safe Harbor. Die USA bieten bei den individuellen Rechten gegenüber Unternehmen und beim Schutz vor unverhältnismäßiger Überwachung durch Sicherheitsbehörden keinen Datenschutz, der den Standards in der EU gleichwertig ist. Es ist daher ein Fehler, dass die EU-Kommission die jetzigen Zusicherungen akzeptiert, ohne auf Nachbesserungen zu bestehen. 


    Bereits bei der Verabschiedung von Safe Harbor im Jahr 2000 hatte das Europäische Parlament moniert, dass es in den USA kein generelles Datenschutzgesetz gibt. Noch immer fehlen unabhängige Datenschutzbehörden. EU-Justizkommissarin Vera Jourová muss unmissverständlich klarmachen, dass mit der Anwendung der neuen Datenschutz-Grundverordnung ab dem Jahr 2018 auch Nachbesserungen bei den Regeln für die Datenweitergabe in die USA erforderlich sein werden.“

    EU-US "Privacy Shield"

    Background and Frequently Asked Questions (FAQ)

    Datenschutz, Digitalisierung & Netzpolitik, English

    (Update: The European Commission has formally adopted its implementing decision on 12th July 2016. The related documents and an FAQ with the Commission's spin are available here.)

    The so-called "Privacy Shield" arrangement between the EU and the US is supposed to provide a legal basis for the transfer of personal data from the European Union to the United States. It has been subject to heavy debates. Here is background information, a list of frequently asked questions and the answers to them.


    Background and Timeline

    The first iteration of the “Privacy Shield” arrangement was adopted by the European Commission on 29th February 2016. It consisted of a draft implementing decision and a series of annexes, including the “Privacy Shield” principles jointly negotiated with the US Department of Commerce and a series of letters from different branches of the US administration.


    It followed the revelations by Edward Snowden in June 2013 on large-scale mass surveillance by US intelligence services, and a judgement of the European Court of Justice in October 2015 (Schrems case), which invalidated the “Safe Harbor” arrangement that had been used as a legal basis for the transfer of personal data from the EU to the US since 2000. The Court especially pointed to the mass collection of communication content, which touched upon the essence of the fundamental right to privacy.


    The European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) held a hearing on 17th March 2016 to assess the “Privacy Shield” arrangement, and adopted a resolution on 26th May 2016, asking the Commission to continue negotiations with the US. The Greens/EFA motion for resolution, which had been authored by Jan Philipp Albrecht, called for a sunset period of two years, but did not find a majority.


    The Article 29 Data Protection Working Party - the body of all EU data protection authorities - issued an opinion on 13th April 2016. The European Data Protection Supervisor issued an opinion on 30th May 2016.


    The new version of the “Privacy Shield” arrangement was officially transmitted to the European Parliament by the European Commission on 28th June 2016, after the Member States had already received it and the Chair of the EP’s Committee on Civil Liberties, Justice and Home Affairs had complained to justice commissioner Vera Jourova about this. So far, it has not been officially published.

    The Article 31 Committee of the EU’s Member States approved the draft implementing decision - i.e. the new “Privacy Shield” adequacy finding - on 8th July 2016.



    Frequently Asked Questions to Jan Philipp Albrecht

    What do you think about this new version? Is there any improvement?

    There are a few improvements, the most obvious being on the purpose limitation and the duration of data retention by private companies. But even here, the EU standard that data can only be stored as long as this is "necessary" is watered down to "relevant". Of course, any data can be relevant for the company, but that does not mean it meets the necessity test.

    Do you think this new version should be approved?

    No. At the very least, it should get a sunset clause and expire in two years, when the new EU data protection rules have to be applied. The negotiations should in the meantime continue with the next US administration, which also should amend its laws in the next two years. I know this is difficult given the current situation on Capitol Hill in Washington, but we can't give US companies such privileged access to EU data transfers market if they don't follow our standards.

    Do you think there is a chance that it will be approved?

    After it has been approved by the Member States on 8th July, it looks like the Commission is going to approve it this week – ignoring all the reservations voiced by the European Parliament, the data protection authorities, and several experts. This is very unfortunate especially in the post-Brexit situation and will not lead to more confidence of our citizens in the EU Commission and the EU as a whole. It will also leave companies in legal limbo, because it is clear that it will end up in front of the European Court of Justice again.

    What do you think about the way the European Commission asks Member States to review this new version in only a few days?

    This rush right before the summer break is unnecessary and raises a lot of eyebrows. It's not just the Member States. The European Parliament should have had an opportunity to express its assessments before adoption, but our next plenary session is only in September.

    Who is supposed to be protected by the Privacy Shield? The text is referring to “EU data subjects” and “EU individuals”. Are these European citizens, or anyone in Europe?

    The latest version of Privacy Shield now clarifies that everybody in the EU is covered, not just EU citizens, as required by the EU Charter of Fundamental Rights. But that basically means the non-EU citizens in Europe have the same weak protection as EU citizens.

    According to the opinion of the data protection authorities (DPAs) in the Article 29 Working Party in April, the previous text allowed a very broad use of Europeans’ personal data. Is there any change about that?

    See the first question on improvements.

    Companies like Google or Facebook only have to make a self-assessment of their own compliance to the Privacy Shield principles. What do you think about this self-certification approach?

    This approach has been one of the problems of "Safe Harbor" since the year 2000. It has not improved with the "Privacy Shield".

    Under the complaints procedure, an EU data subject can bring a data protection issue before its national data protection authority (DPA), but only if the company in question has allowed that. Does this mean that the European DPAs cannot investigate in all the cases?

    The Privacy Shield Principles are at least unclear in this regard, as far as I read them. The chapter on the role of Data Protection Authorities (DPAs) in arbitration indeed sounds like mandatory cooperation with them is only required for human resources data. However, the chapter on dispute resolution and enforcement requires companies to respond expeditiously to complaints referred by DPAs through the Department of Commerce. This needs more clarity.

    Similarly, the Privacy shield is referring to an "independent dispute resolution body" in the US or in Europe, designated by the company. Who can this be?

    These dispute resolution bodies have already been used under the "Safe Harbor" arrangement. They are traditionally set up by self-regulatory organisations such as Better Business Bureau or TrustE, which have a track record of being soft towards industry.

    If, after complaints have been brought forward and a notification has been issued, a company still doesn’t comply with the “Privacy Shield” principles, the Department of Commerce or the Federal Trade Commission (FTC) can take over the case, right?

    Yes. However, the FTC is not obliged to investigate and enforce all individual cases brought before it, but has to see if they are relevant for the functioning of a competitive market. This is not the same as a European DPA. The Department of Commerce in turn is not an independent oversight body as required for data protection enforcement by the EU treaties, but a branch of the US government.

    Does this mean that European data protection authorities can’t enforce the “Privacy Shield Principles in the United States? If an issue occurred between a European data subject and a US company, the case can only be reviewed and decided in the US?

    That seems to be the case within the "Privacy Shield" arrangement. The Commission's adequacy decision however thankfully clarifies that under EU law, DPAs always have the competence and powers to suspend data transfers to a third country if they see a violation of EU law. This follows the judgement of the European Court of Justice in the Schrems case last October.

    About the mass surveillance: In its opinion issued in April 2016, the Article 29 Working Party of EU data protection authorities stated that the bulk collection of communications data was not "acceptable”. Have you seen any new guarantees in the new text?

    All I have seen is a funny attempt to define "bulk collection" as not being "mass surveillance". The US government is still allowed to do bulk data collection in at least six cases, including gathering "foreign intelligence information", which can be information on anything from illicit arms trade to legitimate trade agreement protests.

    The US is distinguishing between "bulk collection" and “massive and indiscriminate" surveillance of personal data and communications. How can bulk collection not be massive?

    I am afraid you will have to ask the US administration to explain on this. I think it's a very obvious attempt to define away the situation of ongoing mass-surveillance outside of the United States. The US government tries to tell us that it is only surveillance if someone actually looks at the collected data. The EU courts however have repeatedly made clear that already the automated access to and collection of data and communications affects the fundamental rights to data protection and privacy.

    In April, the European data protection authorities stated that the status of the new ombudsperson in the US Department of State was not good enough. Has anything changed about that?

    The problem persists. The ombudsperson will be independent from the US intelligence community, but as an Under-Secretary of State, she ultimately reports to the US Secretary of State. This by no means satisfies the independence criteria for data protection authorities in the EU, as required by Article 16 of the Treaty on the Functioning of the European Union. The EU Court of Justice has made this crystal clear in several judgements.

    The new version of the “Privacy Shield” has a subsection about “automated processing of personal data to take decisions affecting the individual”, also known as algorithmic treatment. Do you know why?

    I am not sure, but I assume this was added because the new EU data protection rules entered into force in the meantime, and they contain such a provision. However, US law protects against algorithmic decision-making only in three specific cases (the Equal Credit Opportunity Act, the Fair Credit Reporting Act, the Fair Housing Act). This is not comparable to EU rules. The Privacy Shield itself does not contain any specific rules prohibiting algorithmic treatment, and it is regrettable that instead of doing so, the EU Commission and the US administration only agreed to start a "dialogue".



    IT-Sicherheit: EU beschließt überfällige Sicherheitsstandards

    Pressemitteilungen, Datenschutz, Digitalisierung & Netzpolitik

    PRESSEMITTEILUNG – Straßburg, 6. Juli 2016


    Die heutige Annahme der EU-Richtlinie über die Netzwerk- und Informationssicherheit (NIS-Richtlinie) durch das Plenum des Europäischen Parlaments kommentiert Jan Philipp Albrecht, innen- und netzpolitischer Sprecher der Grünen im Europäischen Parlament:


    „IT-Sicherheit betrifft die gesamte Gesellschaft. Eine Sicherheitslücke kann verehrende Folgen haben, insbesondere bei kritischen Infrastrukturen. Daher ist es zu begrüßen, dass die EU nun verbindliche IT-Sicherheitsstandards für kritische Infrastrukturen wie Wasserversorgung, Flughäfen und Atomkraftwerken setzt. Dies ist ein längst überfälliger Schritt, der allerdings noch immer nur ein verspäteter Anfang beim Thema IT-Sicherheit sein kann.


    Es ist zu begrüßen, dass die Richtlinie auch Anbieter digitaler Dienste sowie Google und Amazon erfasst und diese verpflichtet schwere Hackerangriffe zu melden. Um wirklich eine Veränderung zu erreichen, hätten strengere Sicherheitsstandards für diese Anbieter festgelegt werden müssen. So besteht weiterhin die Gefahr, dass ein Anbieter große Sicherheitslücken nicht behebt. Zudem fehlt es an einer umfassenden Haftung für daraus entstandene Schäden.


    Nicht nur bei kritischen Infrastrukturen brauchen wir Mindeststandards für die Sicherheit auch bei Soft- und Hardware benötigen wir diese, sowie die Haftung bei fehlerhaften oder gar gänzlich fehlenden Sicherheitsstandards. Die EU-Kommission muss jetzt zügig nachliefern und generelle gesetzliche Rahmenbedingungen auf den Weg bringen, die für alle IT-Produkte und Dienstleistungen gelten. Auch bei den Regeln zum einheitlichen digitalen Binnenmarkt müssen diese Standards eingefordert werden."

    Treffer 1 bis 4 von 548
    << Erste < Vorherige 1-4 5-8 9-12 13-16 17-20 21-24 25-28 Nächste > Letzte >>