It was a great pleasure to discuss about the future of data use and regulation as part of the panel titled “Looking beyond the EU data strategy: where next for data use and regulation?” at CPDP 2023. The panel was organised by Valentina Pavel, a senior researcher at the Ada Lovelace Institute (UK) and featured with Adriana Nugter, Katarzyna Szymielewicz, and Inge Graef three other impressive women in the field.

The aim of this panel was to reflect critically on fundamental questions that are left unaddressed by existing data & AI regulation in the EU, as well as on potential opportunities that can prepare the ground for more ambitious transformations in data-driven systems that benefit people and society (including potential ideas that might inspire the new European Commission). The discussion built on the “Rethinking data and rebalancing digital power” report published by the Ada Lovelace Institute last year.

Some of the input that I gave to the discussion was about two main opportunities and challenges that I see following from the EU digital package of regulation:

First, I see a big opportunity for a paradigm change from “release then evaluate” to “evaluate then release” . What we are currently experiencing with the new generation of generative models is once more all the issues caused when technology companies are free to release their newest product into the world without having to first attest that the potential harms caused by the models are controlable and weighed off by its benefits for society at large. With the new round of regulations there is a chance to change that and move towards a slow release model where new technolgies only become avaialble once we have found the right means to assess their potential risks.

The second opportunity I see is to challenge the assumption that in data-driven technologies everything must be possible and should be done or that more data sharing is always better. Instead, I hope, that when we build the new digital infrastructures envisioned in the re-thinking data report or propose new legislation, we will manage to avoid the mistakes of the past where we often assumed that some technological silver bullet solutions will save us and, for example, resolve any trade-offs between privacy and utility we have to make. Going forward we should be very open and explicit about the trade-offs we have to make and acknowledge when technological safeguards cannot provide any meaningful risk mitigation while also implementing the functionality that we want. I think it’s then up to us to decide whether we accept the risks of relying only on procedural controls or to maybe say no, we do not want that and the trade-off is not worth it.

It was a fun panel to be part of and Valentina did such a great job at moderating it.

Picture by CPDP