Let the Crawlers Crawl: On Virtual Gatekeepers and the Right to Exclude Indexing

Symposium: Copyright\u27s Balance in an Internet Worl

The By-Design Approach Revisited: Lessons from COVID-19 Contact Tracing Apps

This paper challenges the by-design regulatory approach by exploring the case study of Contact Tracing Apps. It aims to account for the gap between the hopes that were pinned on digital technologies and the rock of reality into which they have crashed. This gap, we argue, results from overestimating the regulatory power of technology and underestimating the co-influence of various regulatory pillars. To address this gap, it is necessary to adopt an ecosystem perspective on sociotechnical systems, where technological design is but one form of regulation. This perspective allows technological design to acquire a social meaning through interaction with other regulatory forces to generate a social outcome

Does Law Matter Online - Empirical Evidence on Privacy Law Compliance

Does law matter in the information environment? What can we learn from the experience of applying a particular legal regime to the online environment? Informational privacy (or to use the European term, data protection) provides an excellent illustration of the challenges faced by regulators who seek to secure user rights and shape online behavior. A comprehensive study of Israeli website compliance with information privacy regulation in 2003 and 2006 provides insights for understanding these challenges. The study examined the information privacy practices of 1360 active websites, determining the extent to which these sites comply with applicable legal requirements related to information privacy and examining other privacy-related practices. Information practices were explored on three levels: first, we examined the legal requirements applicable to each information practice under current Israeli law (legal analysis); second, we analyzed the declared privacy policies posted on each website; and third, we studied the actual information practices of each website. The findings show that only a small minority of websites comply with legal requirements. Most websites do not provide privacy protection to users at the level required by the law. Websites routinely collect personal data from users, although the practice of collecting data is slightly lower among commercial and organization websites than in other categories. Among public and private sector websites, compliance was relatively low, with 16% and 22% of websites that collect personal data giving users some sort of notice. The popular and sensitive websites, generally owned by large corporations, had substantially higher levels of compliance, and the most popular websites had the lowest number of violations. The overall picture that emerges from the findings is one in which the law seems to have only a relatively minor role in shaping users\u27 privacy experiences online, while other forces and factors are clearly at play. The findings further suggest that information privacy regulation is most effective among commercial enterprises, which are better able to acquire legal advice and respond to potential legal liability. It is less effective among small enterprises and individual users who operate websites, because they typically cannot afford the somewhat sophisticated legal counsel that is required for establishing and maintaining a data protection policy. This is a troublesome conclusion, given growing threats to user privacy in the Web 2.0 environment. As a whole, the findings suggest that data protection regulators may be unable to craft a single legal measure that fits the Internet. Regulating the online behavior of various players may require tailored regulatory measures

Black Box Tinkering: Beyond Disclosure in Algorithmic Enforcement

The pervasive growth of algorithmic enforcement magnifies current debates regarding the virtues of transparency. Using codes to conduct robust online enforcement not only amplifies the settled problem of magnitude, or “too-much-information,” often associated with present- day disclosures, but it also imposes practical difficulties on relying on transparency as an adequate check for algorithmic enforcement. Algorithms are non-transparent by nature; their decision-making criteria are concealed behind a veil of code that we cannot easily read and comprehend. Additionally, these algorithms are dynamic in their ability to evolve according to different data patterns. This further makes them unpredictable. Moreover, algorithms that enforce online activity are mostly implemented by private, profit-maximizing entities, operating under minimal transparency obligations. As a result, generating proper accountability through traditional, passive observation of publicly available disclosures becomes impossible. Alternative means must therefore be ready to allow the public a meaningful and active interaction with the hidden algorithms that regulate its behavior. This Essay explores the virtues of “black box” tinkering as means of generating accountability in algorithmic systems of online enforcement. Given the far-reaching implications of algorithmic enforcement of online content for public discourse and fundamental rights, this Essay advocates active public engagement in checking the practices of automatic enforcement systems. Using the test case of algorithmic online enforcement of copyright law, this Essay demonstrates the inadequacy of transparency in generating public oversight. This Essay further establishes the benefits of black box tinkering as a proactive methodology that encourages social activism. Finally, this Essay evaluates the possible legal implications of this methodology and proposes means to address them