This chapter covers civil rights under international human rights law. It includes the right to legal personality, the right to a name, the right to family life, the right to marry, the right to privacy, and the right to respect for home and correspondence. The chapter discusses the legal standards and protections for these rights, the obligations of states to respect and fulfill them, and the role of international bodies in monitoring compliance. It also highlights the challenges in implementing civil rights protections and the importance of adopting comprehensive measures to address violations and ensure effective remedies for victims.

This chapter scrutinizes the operation of public sector privacy and data protection laws in relation to AI data in the United States, the United Kingdom and Australia, to assess the potential for utilizing these laws to challenge automated government decision-making. Government decision-making in individual cases will almost inevitably involve the collection, use, or storage of personal information, and may also involve drawing inferences from data already collected. At the same time increased usage of automated decision-making encourages the large-scale collection and mining of personal data. Privacy and data protection laws provide a useful chokepoint for limiting discrimination and other harms that arise from misuses of personal information.

There is no doubt that AI systems, and the large-scale processing of personal data that often accompanies their development and use, has put a strain on individuals’ fundamental rights and freedoms. Against that background, this chapter aims to walk the reader through a selection of key concerns arising from the application of the GDPR to the training and use of such systems. First, it clarifies the position and role of the GDPR within the broader European data protection regulatory framework. Next, it delineates its scope of application by delving into the pivotal notions of “personal data,” “controller,” and “processor.” Lastly, it highlights some friction points between the characteristics inherent to most AI systems and the general principles outlined in Article 5 GDPR, including lawfulness, transparency, purpose limitation, data minimization, and accountability.

Public administrations are increasingly deploying algorithmic systems to facilitate the application, execution, and enforcement of regulation, a practice that can be denoted as algorithmic regulation. While their reliance on digital technology is not new, both the scale at which they automate administrative acts and the importance of the decisions they delegate to algorithmic tools is on the rise. In this chapter, I contextualize this phenomenon and discuss the implementation of algorithmic regulation across several public sector domains. I then assess some of the ethical and legal conundrums that public administrations face when outsourcing their tasks to such systems and provide an overview of the legal framework that governs this practice, with a particular focus on the European Union. This framework encompasses not only constitutional and administrative law but also data protection law and AI-specific law. Finally, I offer some take-aways for public administrations to consider when seeking to deploy algorithmic regulation.

The actors that are active in the financial world process vast amounts of information, starting from customer data and account movements over market trading data to credit underwriting or money-laundering checks. It is one thing to collect and store these data, yet another challenge to interpret and make sense of them. AI helps with both, for example, by checking databases or crawling the Internet in search of relevant information, by sorting it according to predefined categories or by finding its own sorting parameter. It is hence unsurprising that AI has started to fundamentally change many aspects of finance. This chapter takes AI scoring and creditworthiness assessments as an example for how AI is employed in financial services (Section 16.2), for the ethical challenges this raises (Section 16.3), and for the legal tools that attempt to adequately balance advantages and challenges of this technique (Section 16.4). It closes with a look at scoring beyond the credit situation (Section 16.5).

Chapter 12 analyses Irish law on police access to digital evidence. It outlines the domestic legal framework regarding data retention, interception of communications and access to stored data. It then considers the law governing cross-border requests for data. It assesses the extent to which these rules are adequate for law enforcement purposes and whether these rules are compatible with the European Convention on Human Rights, the Charter of Fundamental Rights and data protection standards.

The Conclusion describes how, while the handbook started with the main technological and legal challenges regarding collection of digital evidence, the research shows that even though the challenges are shared by legal systems across the globe, the answers are not. Legal solutions to similar problems are fragmented, disparate and often unsatisfactory. Even if technology-neutral solutions are preferable to make sure hard-fought EU legislation and international agreements can stand the test of time, the legal reality appears to be quite different. Despite positive recent legal developments at EU and international levels, future approximation of national approaches seems highly desirable to enable LEAs to conduct effective criminal investigations to protect society and its citizens from new criminal phenomena. At the same time, protection of citizens’ fundamental rights should be reinforced, not just at the national level but in a cross-border context, considering that many criminal investigations now reach beyond national borders. Global initiatives are, however, hampered by tensions between democratic and non-democratic states, making a one-size-fits-all solution inadequate.

Chapter 3 explores how EU data protection law relates to public–private direct cooperation on digital evidence in criminal investigations. It asks if a neat prima facie separation of the GDPR and the LED matches the realities of private-to-public data transfers for criminal investigations, and if that legal framework is harmonious enough to warrant description as an EU data protection acquis. It distinguishes scenarios of formal (and informal) direct cooperation, viewed through the conceptual prism of data controllership. It applies that frame to the European Commission’s 2018 ‘e-Evidence package’, along with co-legislators’ competing visions, before looking at the final 2023 compromise text from a data protection perspective. It discusses how far CJEU case law illuminates theoretical blind spots and if the ongoing strengthening of enforcement powers is likely to herald not only greater legal certainty on the supply of digital evidence but also meaningful, workable data subject rights. Last, it reflects on the future place of EU data protection standards within the Council of Europe’s own new direct cooperation mechanism – the Second Additional Protocol to the Budapest Convention.

As other chapters in this volume show, the EU remedies system is difficult to employ when it comes to EU fundamental right violations. When discussing (im)possibilities of procedural rules and how these encourage or discourage litigation, socio-legal scholars have referred to the concept of legal opportunity structures. In relation to this concept, the EU is a system with closed procedural legal opportunities: rules on directly accessing the CJEU severely limit the possibilities to pursue strategic litigation. At the same time, the EU has opened up legal opportunities as well, by bringing litigants a new catalogue of rights to invoke. In the context of fundamental rights accountability, strategic litigation is used extensively. This begs the question: how are actors (NGOs, lawyers, individuals) making use of the (partially) closed EU system and what lessons can be drawn therefrom? This chapter delves into several cases of mobilisation of the EU remedies system and describes the way in which the actors involved worked with or around EU legal opportunity structures, both inside and outside the context of formal legal procedures. The lessons drawn from these actions can inform future action in this field.

This contribution examines the possibilities for individuals to access remedies against potential violations of their fundamental rights by EU actors, specifically EU agencies’ deployment of artificial intelligence (AI). Presenting the intricate landscape of the EU’s border surveillance, the chapter sheds light on the prominent role of Frontex in developing and managing AI systems, including automated risk assessments and drone-based aerial surveillance. These two examples are used to illustrate how the EU?s AI-powered conduct endangers fundamental rights protected under the EU Charter of Fundamental Rights. Risks emerge for privacy and data protection rights, non-discrimination, and other substantive rights, such as the right to asylum. In light of these concerns, the chapter then examines the possibilities to access remedies by first considering the impact of AI uses on the procedural rights to good administration and effective judicial protection, before clarifying the emerging remedial system under the AI Act in its interplay with the EU’s existing data protection framework. Lastly, the chapter sketches the evolving role of the European Data Protection Supervisor, pointing out the key areas demanding further clarifications in order to fill the remedial gaps.

Society needs to influence and mould our expectations so AI is used for the collective good. we should be reluctant to throw away hard (and recently) won consumer rights and values on the altar of technological developments.

Non-fungible tokens (NFTs) introduce unique concerns related to the privacy of personal data. To create an NFT, users upload data to publicly accessible and searchable databases. This data can encompass information essential for the creation, transfer, and storage of the NFT, as well as personal details pertaining to the creator. Additionally, users might inadvertently engage with technology crafted to gather personal data. Traditional paradigms of privacy have not evolved in tandem with advancements in NFT and blockchain technology. To pinpoint where current privacy paradigms falter, this chapter delves into an introduction of NFTs, elucidating their foundational technical mechanisms and processes. Subsequently, the chapter juxtaposes current and historical privacy frameworks with NFTs, underscoring how these models may be either overly expansive or excessively restrictive for this emerging technology. This chapter suggests that Helen Nissenbaum’s concept of “contextual integrity” might offer the requisite flexibility to cater to the distinct attributes of NFTs. In conclusion, while there is a pronounced societal drive to safeguard citizen data and privacy, the overarching aim remains the enhancement of the collective good. Balancing this objective, governments should be afforded the latitude to equate society’s privacy interests with its imperative for transparency.