A conceptualisation of a governance model for biobanks in the digital society

Biobanks are key infrastructures in data-driven biomedical research. The counterpoint of this optimistic vision is the reality of biobank governance, which must address various ethical, legal and social issues, especially in terms of open consent, privacy and secondary uses which, if not sufficiently resolved, may undermine participants’ and society’s trust in biobanking. The effect of the digital paradigm on biomedical research has only accentuated these issues by adding new pressure for the data protection of biobank participants against the risks of covert discrimination, abuse of power against individuals and groups, and critical commercial uses. Moreover, the traditional research-ethics framework has been unable to keep pace with the transformative developments of the digital era, and has proven inadequate in protecting biobank participants and providing guidance for ethical practices. To this must be added the challenge of an increased tendency towards exploitation and the commercialisation of personal data in the field of biomedical research, which may undermine the altruistic and solidaristic values associated with biobank participation and risk losing alignment with societal interests in biobanking. My research critically analyses, from a bioethical perspective, the challenges and the goals of biobank governance in data-driven biomedical research in order to understand the conditions for the implementation of a governance model that can foster biomedical research and innovation, while ensuring adequate protection for biobank participants and an alignment of biobank procedures and policies with society’s interests and expectations. The main outcome is a conceptualisation of a socially-oriented and participatory model of biobanks by proposing a new ethical framework that relies on the principles of transparency, data protection and participation to tackle the key challenges of biobanks in the digital age and that is well-suited to foster these goals.

Multi-Principal Agency and the Compliance with Professional Guidelines in Health Systems: Economic and Regulatory Perspectives

Amid the trend of rising health expenditure in developed economies, changing the healthcare delivery models is an important point of action for service regulators to contain this trend. Such a change is mostly induced by either financial incentives or regulatory tools issued by the regulators and targeting service providers and patients. This creates a tripartite interaction between service regulators, professionals, and patients that manifests a multi-principal agent relationship, in which professionals are agents to two principals: regulators and patients. This thesis is concerned with such a multi-principal agent relationship in healthcare and attempts to investigate the determinants of the (non-)compliance to regulatory tools in light of this tripartite relationship. In addition, the thesis provides insights into the different institutional, economic, and regulatory settings, which govern the multi-principal agent relationship in healthcare in different countries. Furthermore, the thesis provides and empirically tests a conceptual framework of the possible determinants of (non-)compliance by physicians to regulatory tools issued by the regulator. The main findings of the thesis are first, in a multi-principal agent setting, the utilization of financial incentives to align the objectives of professionals and the regulator is important but not the only solution. This finding is based on the heterogeneity in the financial incentives provided to professionals in different health markets, which does not provide a one-size-fits-all model of financial incentives to influence clinical decisions. Second, soft law tools as clinical practice guidelines (CPGs) are important tools to mitigate the problems of the multi-principal agent setting in health markets as they reduce information asymmetries while preserving the autonomy of professionals. Third, CPGs are complex and heterogeneous and so are the determinants of (non-)compliance to them. Fourth, CPGs work but under conditions. Factors such as intra-professional competition between service providers or practitioners might lead to non-compliance to CPGs – if CPGs are likely to reduce the professional’s utility. Finally, different degrees of soft law mandate have different effects on providers’ compliance. Generally, the stronger the mandate, the stronger the compliance, however, even with a strong mandate, drivers such as intra-professional competition and co-management of patients by different professionals affected the (non-)compliance.

Big data in health IoE in emergency situations: between the right to privacy and digital health innovation

The chapters of the thesis focus on a limited variety of selected themes in EU privacy and data protection law. Chapter 1 sets out the general introduction on the research topic. Chapter 2 touches upon the methodology used in the research. Chapter 3 conceptualises the basic notions from a legal standpoint. Chapter 4 examines the current regulatory regime applicable to digital health technologies, healthcare emergencies, privacy, and data protection. Chapter 5 provides case studies on the application deployed in the Covid-19 scenario, from the perspective of privacy and data protection. Chapter 6 addresses the post-Covid European regulatory initiatives on the subject matter, and its potential effects on privacy and data protection. Chapter 7 is the outcome of a six-month internship with a company in Italy and focuses on the protection of fundamental rights through common standardisation and certification, demonstrating that such standards can serve as supporting tools to guarantee the right to privacy and data protection in digital health technologies. The thesis concludes with the observation that finding and transposing European privacy and data protection standards into scenarios, such as public healthcare emergencies where digital health technologies are deployed, requires rapid coordination between the European Data Protection Authorities and the Member States guarantee that individual privacy and data protection rights are ensured.

Regulating FinTech: The perspectives of law, economics, and technology

FinTech (financial technology, ‘‘FinTech’’) is a double-edged sword as it brings both benefits and risks. This study appraised FinTech’s technological nature that brings changes in complexity in modern financial markets to identify the information deficits and its undesirable outcomes. Besides, as FinTech is still developing, the information regarding, for instance, whether and how to apply regulation may be insufficient for both regulators and those regulated. More one-size-fits-all regulation might accordingly be adopted, thereby resulting in the adverse selection. Through the lens of both law and economics and law and technology, this study suggested AFR (adaptive financial regulation, ‘‘AFR’’) of FinTech to solve the underlying pacing issue. AFR is dynamic, enabling regulatory adjustments and learning. Exploring and collecting information through experiments and learning from experiments are the core of AFR. FinTech regulatory sandboxes epitomize AFR. This study chose Taiwan as a case study. This study found several barriers to adaptive and effective FinTech regulation. Unduly emphasizing consumer protection and the innovation entry criterion by improperly imposing limits on the entry into sandboxes, ignoring post-sandbox mechanisms, and relying on detailed, specific and prescriptive rules to formulate sandboxes are examples. To solve these barriers, this study proposed several solutions by looking into the experiences in other jurisdictions and analyzing. First, striking a balance between encouraging innovation and ensuring financial stability and consumer protection is indispensable. Second, entry to sandboxes should be facilitated by improving the selection criteria. Third, adhering to realizing regulatory adjustment and learning to adapt regulation to technology, this study argued that systematic post-sandbox mechanisms should be established. Fourth, this study recommended “more principles-based sandboxes”. Principles rather than rules should be the base on which sandboxes or FinTech regulation are established. Having principles could provide more flexibility, being easier to adjust and adapt, and better at avoiding.

Incentives, Sustainability, and Law: The relationship between executive pay regulation and corporate social responsibility

What is the relationship between executive pay regulation and corporate social responsibility (CSR)? Currently, CSR is neither sufficiently included in economic research on executive pay, nor is pay regulation considered as a potential instrument in the growing body of CSR legislation. The successful proliferation of CSR in business practice and the attention policymakers and legislators now pay to it, however, have raised the importance of answering these questions. Thus, this blind spot in corporate governance—the relationship between compensation, CSR, and law—is the topic of this thesis. The dissertation approaches these issues in two subsequent research question: first, the role of executive pay regulation as an institutional determinant of CSR engagement is identified. From the results of this, the second research question arises: should legislators promote CSR engagement and—if so—how? Lastly, a case study is conducted to map how the influence of index funds as an important driver of CSR in corporate governance should be accommodated in the design of CSR legislation. The research project shows that pay regulation is part of the institutional determinants of CSR and, depending on its design, can incentivise or discourage different forms of CSR engagement. As a form of private self-regulation, CSR is closely interconnected with legal rules and the result of complex underlying drivers inside and outside the firm. The study develops a differentiation of CSR activities to accommodate this complexity, which is applied in an analysis of pay regulation. Together, these inquiries form a comprehensive picture of the ways in which pay regulation sets incentives for CSR engagement. Finally, the thesis shows how CSR-oriented pay regulation is consistent with the conventional goals of corporate governance and eventually provides a prospect for the integration of CSR and corporate law in general.

Reconciling the Irreconcilable? Sovereign Debt Restructuring and the Principles of International Law. A Law and Economics Perspective

This Thesis focuses on the principles of international law relevant to the resolution of legal disputes arising from sovereign insolvency conflicts. It attempts to contribute to the “incremental” approach literature by identifying principles, justifying their application in litigation and assessing whether they may help to reconcile the trade-offs prevalent in that context. For that purpose, this Thesis distinguishes between two different types of principles. First, it investigates the “Principles of Public International Law” (henceforth, “PIL principles”). Said category refers to norms of the law of nations which can be considered functionally and structurally similar to domestic constitutional principles (i.e., that can be regarded as “optimization” or “prima facie” requirements). This Thesis underscores the PIL principles protecting the interests of the creditors and citizens as well as the “public interest”, arguing that decision makers face a trade-off between these principles in the context of restructurings. Secondly, this Thesis inquires into the “general principles of domestic law” (henceforth, “GPDs”) which can be applied in sovereign debt restructuring. Two GPDs are identified: a “stay” on litigation and a “cram down” on dissenting creditors’ claims. Although both principles have been identified by the prior literature, this work advances a small but significant “twist” in the methodology used for that purpose: it relies exclusively on functional and comparative analysis. Moreover, this work justifies the application of said GPDs for two jurisdictions: New York and Germany. Finally, it posits that those GPDs can help to mitigate the trade-offs between PIL principles, thus reconciling the interests at stake.

Internet of things: legal liability of IoE devices in the home

This thesis is about the smart home, a connected ambience that will help consumers to live a more environmentally sustainable life and will help vulnerable categories of consumers to live a more autonomous life, thanks to the pervasive use of the Internet of Things (IoT) technology. In particular, civil liability for the malfunctioning of the smart home is the filter through which the research is carried out. I analyse whether the actual legal liability rules are ready or not to adapt to this new connected environment, such as the IoT-powered smart home. Through careful mapping of the technical and legal state of the art, the thesis argues that the EU rules on product liability contained in the Product Liability Directive (PLD) will apply consistently to these objects. This holds true even if at the time of the drafting of the thesis, the proposal on the update of the PLD had not been published yet. Through the analysis of past PLD cases, new American products liability case-law on domestic IoT objects and the latest legal scholarship’s contributions and policy inputs it was possible to anticipate some of the contents of the newly published EU PLD Update proposal.

Surveillance risks in IoT applied to smart cities

Nowadays, cities deal with unprecedented pollution and overpopulation problems, and Internet of Things (IoT) technologies are supporting them in facing these issues and becoming increasingly smart. IoT sensors embedded in public infrastructure can provide granular data on the urban environment, and help public authorities to make their cities more sustainable and efficient. Nonetheless, this pervasive data collection also raises high surveillance risks, jeopardizing privacy and data protection rights. Against this backdrop, this thesis addresses how IoT surveillance technologies can be implemented in a legally compliant and ethically acceptable fashion in smart cities. An interdisciplinary approach is embraced to investigate this question, combining doctrinal legal research (on privacy, data protection, criminal procedure) with insights from philosophy, governance, and urban studies. The fundamental normative argument of this work is that surveillance constitutes a necessary feature of modern information societies. Nonetheless, as the complexity of surveillance phenomena increases, there emerges a need to develop more fine-attuned proportionality assessments to ensure a legitimate implementation of monitoring technologies. This research tackles this gap from different perspectives, analyzing the EU data protection legislation and the United States and European case law on privacy expectations and surveillance. Specifically, a coherent multi-factor test assessing privacy expectations in public IoT environments and a surveillance taxonomy are proposed to inform proportionality assessments of surveillance initiatives in smart cities. These insights are also applied to four use cases: facial recognition technologies, drones, environmental policing, and smart nudging. Lastly, the investigation examines competing data governance models in the digital domain and the smart city, reviewing the EU upcoming data governance framework. It is argued that, despite the stated policy goals, the balance of interests may often favor corporate strategies in data sharing, to the detriment of common good uses of data in the urban context.

Distributed ledger technologies between anonymity and transparency: AML/CFT regulation of cryptocurrency ecosystems in the EU

The advent of Bitcoin suggested a disintermediated economy in which Internet users can take part directly. The conceptual disruption brought about by this Internet of Money (IoM) mirrors the cross-industry impacts of blockchain and distributed ledger technologies (DLTs). While related instances of non-centralisation thwart regulatory efforts to establish accountability, in the financial domain further challenges arise from the presence in the IoM of two seemingly opposing traits: anonymity and transparency. Indeed, DLTs are often described as architecturally transparent, but the perceived level of anonymity of cryptocurrency transfers fuels fears of illicit exploitation. This is a primary concern for the framework to prevent money laundering and the financing of terrorism and proliferation (AML/CFT/CPF), and a top priority both globally and at the EU level. Nevertheless, the anonymous and transparent features of the IoM are far from clear-cut, and the same is true for its levels of disintermediation and non-centralisation. Almost fifteen years after the first Bitcoin transaction, the IoM today comprises a diverse set of socio-technical ecosystems. Building on an analysis of their phenomenology, this dissertation shows how there is more to their traits of anonymity and transparency than it may seem, and how these features range across a spectrum of combinations and degrees. In this context, trade-offs can be evaluated by referring to techno-legal benchmarks, established through socio-technical assessments grounded on teleological interpretation. Against this backdrop, this work provides framework-level recommendations for the EU to respond to the twofold nature of the IoM legitimately and effectively. The methodology cherishes the mutual interaction between regulation and technology when drafting regulation whose compliance can be eased by design. This approach mitigates the risk of overfitting in a fast-changing environment, while acknowledging specificities in compliance with the risk-based approach that sits at the core of the AML/CFT/CPF regime.

Big data analysis systems in IoE environments for managing privacy and data protection: pseudonymity, de-anonymization and the right to be forgotten

The thesis represents the conclusive outcome of the European Joint Doctorate programmein Law, Science & Technology funded by the European Commission with the instrument Marie Skłodowska-Curie Innovative Training Networks actions inside of the H2020, grantagreement n. 814177. The tension between data protection and privacy from one side, and the need of granting further uses of processed personal datails is investigated, drawing the lines of the technological development of the de-anonymization/re-identification risk with an explorative survey. After acknowledging its span, it is questioned whether a certain degree of anonymity can still be granted focusing on a double perspective: an objective and a subjective perspective. The objective perspective focuses on the data processing models per se, while the subjective perspective investigates whether the distribution of roles and responsibilities among stakeholders can ensure data anonymity.

Governing algorithms in the big data era for balancing new digital rights - designing GDPR compliant and trustworthy XAI systems

This thesis investigates the legal, ethical, technical, and psychological issues of general data processing and artificial intelligence practices and the explainability of AI systems. It consists of two main parts. In the initial section, we provide a comprehensive overview of the big data processing ecosystem and the main challenges we face today. We then evaluate the GDPR’s data privacy framework in the European Union. The Trustworthy AI Framework proposed by the EU’s High-Level Expert Group on AI (AI HLEG) is examined in detail. The ethical principles for the foundation and realization of Trustworthy AI are analyzed along with the assessment list prepared by the AI HLEG. Then, we list the main big data challenges the European researchers and institutions identified and provide a literature review on the technical and organizational measures to address these challenges. A quantitative analysis is conducted on the identified big data challenges and the measures to address them, which leads to practical recommendations for better data processing and AI practices in the EU. In the subsequent part, we concentrate on the explainability of AI systems. We clarify the terminology and list the goals aimed at the explainability of AI systems. We identify the reasons for the explainability-accuracy trade-off and how we can address it. We conduct a comparative cognitive analysis between human reasoning and machine-generated explanations with the aim of understanding how explainable AI can contribute to human reasoning. We then focus on the technical and legal responses to remedy the explainability problem. In this part, GDPR’s right to explanation framework and safeguards are analyzed in-depth with their contribution to the realization of Trustworthy AI. Then, we analyze the explanation techniques applicable at different stages of machine learning and propose several recommendations in chronological order to develop GDPR-compliant and Trustworthy XAI systems.

Influencable autonomy and predictable freedom in the IoE

This thesis investigates how individuals can develop, exercise, and maintain autonomy and freedom in the presence of information technology. It is particularly interested in how information technology can impose autonomy constraints. The first part identifies a problem with current autonomy discourse: There is no agreed upon object of reference when bemoaning loss of or risk to an individual’s autonomy. Here, thesis introduces a pragmatic conceptual framework to classify autonomy constraints. In essence, the proposed framework divides autonomy in three categories: intrinsic autonomy, relational autonomy and informational autonomy. The second part of the thesis investigates the role of information technology in enabling and facilitating autonomy constraints. The analysis identifies eleven characteristics of information technology, as it is embedded in society, so-called vectors of influence, that constitute risk to an individual’s autonomy in a substantial way. These vectors are assigned to three sets that correspond to the general sphere of the information transfer process to which they can be attributed to, namely domain-specific vectors, agent-specific vectors and information recipient-specific vectors. The third part of the thesis investigates selected ethical and legal implications of autonomy constraints imposed by information technology. It shows the utility of the theoretical frameworks introduced earlier in the thesis when conducting an ethical analysis of autonomy-constraining technology. It also traces the concept of autonomy in the European Data Lawsand investigates the impact of cultural embeddings of individuals on efforts to safeguard autonomy, showing intercultural flashpoints of autonomy differences. In view of this, the thesis approaches the exercise and constraint of autonomy in presence of information technology systems holistically. It contributes to establish a common understanding of (intuitive) terminology and concepts, connects this to current phenomena arising out of ever-increasing interconnectivity and computational power and helps operationalize the protection of autonomy through application of the proposed frameworks.

New perspectives on A.I. in sentencing. Human decision-making between risk assessment tools and protection of humans rights.

The aim of this thesis is to investigate a field that until a few years ago was foreign to and distant from the penal system. The purpose of this undertaking is to account for the role that technology could plays in the Italian Criminal Law system. More specifically, this thesis attempts to scrutinize a very intricate phase of adjudication. After deciding on the type of an individual's liability, a judge must decide on the severity of the penalty. This type of decision implies a prognostic assessment that looks to the future. It is precisely in this field and in prognostic assessments that, as has already been anticipated in the United, instruments and processes are inserted in the pre-trial but also in the decision-making phase. In this contribution, we attempt to describe the current state of this field, trying, as a matter of method, to select the most relevant or most used tools. Using comparative and qualitative methods, the uses of some of these instruments in the supranational legal system are analyzed. Focusing attention on the Italian system, an attempt was made to investigate the nature of the element of an individual's ‘social dangerousness’ (pericolosità sociale) and capacity to commit offences, types of assessments that are fundamental in our system because they are part of various types of decisions, including the choice of the best sanctioning treatment. It was decided to turn our attention to this latter field because it is believed that the judge does not always have the time, the means and the ability to assess all the elements of a subject and identify the best 'individualizing' treatment in order to fully realize the function of Article 27, paragraph 3 of the Constitution.

Big data and AI applications for health and research. Co-regulation mechanisms as a prosed solution for data protection law issues

Big data and AI are paving the way to promising scenarios in clinical practice and research. However, the use of such technologies might clash with GDPR requirements. Today, two forces are driving the EU policies in this domain. The first is the necessity to protect individuals’ safety and fundamental rights. The second is to incentivize the deployment of innovative technologies. The first objective is pursued by legislative acts such as the GDPR or the AIA, the second is supported by the new data strategy recently launched by the European Commission. Against this background, the thesis analyses the issue of GDPR compliance when big data and AI systems are implemented in the health domain. The thesis focuses on the use of co-regulatory tools for compliance with the GDPR. This work argues that there are two level of co-regulation in the EU legal system. The first, more general, is the approach pursued by the EU legislator when shaping legislative measures that deal with fast-evolving technologies. The GDPR can be deemed a co-regulatory solution since it mainly introduces general requirements, which implementation shall then be interpretated by the addressee of the law following a risk-based approach. This approach, although useful is costly and sometimes burdensome for organisations. The second co-regulatory level is represented by specific co-regulatory tools, such as code of conduct and certification mechanisms. These tools are meant to guide and support the interpretation effort of the addressee of the law. The thesis argues that the lack of co-regulatory tools which are supposed to implement data protection law in specific situations could be an obstacle to the deployment of innovative solutions in complex scenario such as the health ecosystem. The thesis advances hypothesis on theoretical level about the reasons of such a lack of co-regulatory solutions.

Ex ante contracts to arbitrate tort claims - A law and economics perspective

This research addresses the use of ex ante contracts to arbitrate tort claims in domestic settings using law and economics research methodologies. Potential economic benefits from using arbitration, particularly between informed and knowledgeable parties and in international business transactions, are not guaranteed in domestic disputes. Arbitration can potentially be used to manipulate the adjudication process. This research has several findings. There is a lack of information available concerning the use of arbitration to adjudicate tort claims. Proxy measurements concerning the demand for third party adjudication and other legal indicators are a poor substitute for the information hidden behind the veil of arbitration. There is the potential for the strategic use of ex ante contracts to arbitrate tort claims by repeat player tortfeasors to domestic tort claims, both individually and in concert with other repeat player firms. These strategic efforts aim to: manipulate enforcement errors for tort claims, avoid procedural rules which have the effect of lowering enforcement errors, enable a unique type of domestic forum arbitrage, shirk from taking due care, capture the economic benefit of using arbitration, manipulate the stock of precedents and production of public goods from courts, collude in these underlying efforts, restrain competition, indirectly fix prices, and other aims which increase the repeat player tortfeasor’s or their industries economic gains related to their underlying contracts and tort disputes. This research also demonstrates how this subject is appropriate for further academic research and why states should be cautious of giving carte blanche to arbitrate all domestic tort claims.