You are here: Resources > FIDIS Deliverables > Profiling > D7.8: Workshop on Ambient Law > 
workplan D7.9  Title:
 From data minimisation to minimisation of knowledge asymmetry


Relevant literature on Code as Law


Since Lawrence Lessig’s Code and other laws of cyberspace many lawyers, computer scientists and policy makers have embraced the idea that the architecture of ICT have a major impact as regulators of human and non-human interaction. Recognising that computer code both enables and restricts our actions, many have come to believe that code can be equated with law. Such an equation would ignore major difference and has been critised from the perspective of democracy and rule of law, as we don’t want to live under the rule of technology. However, we think it a mistake to ignore the regulatory impact of technological infrastructures and consider a reconceptualisation of the relationship between different types of regulation of foremost importance.  


Clarke, R. (1994). "The Digital Persona and its Application to Data Surveillance." The Information Society 10 (2)


Roger Clarke may be the first to have detected the importance of a digital proxy to enable M2M communication with service providers in an online environment. In an AmI environment such a proxy would be something like a PDA, which would likewise serve as a proxy for an individual person, for a category of persons or for different ‘identities’ or roles of one person (depending on the different contexts in which this person moves around). 


Lessig, L. (1999). Code and other laws of cyberspace. New York, Basic Books


Reidenberg, J. R. (1998). "Lex Informatica: The Formulation of Information Policy Rules Through Technology." Texas Law Review 76 (3): 553-585


Lessig detects four regulatory mechanism: law, market, code and social norms. Though one can argue that in the end law, market and code depend on social norms to be interpreted and applied, his book provides a refreshing approach to regulation. Technologies constrain our actions by both inducing or enforcing specific behaviours and inhibiting or ruling out specific behaviours. General statements about the rule of technological devices or infrastructure therefor make no sense: each infrastructure much be assessed for its potential impact. In the case of AmI such impacts are mostly discussed in terms of privacy or data protection, but this seems to restrict the scope of the debate. Based on FIDIS findings one could argue that the relevant consequences of pervasive profiling will be segmentation and discrimination on the one hand and what Zarsky calls ‘the autonomy trap’ on the other hand. To counter undesirable effects the technologies that produce such consequences should be used to empower citizens.   


Reidenberg takes a more direct approach to the implementation of policy rules by means of technologies; his understanding of law seems very instrumental, implying that legal tools can be replaced by technological tools on the sole basis of their comparative efficiency and effectiveness. His view of both law and technology seems to take for granted that these are just neutral tools, a vision to which we cannot agree and that he subsequently, in ‘States and Internet Enforcement’, seems to have abandoned by acknowledging the controlling power of technologies that enforce rules. Still, Lessig seems more aware of the normative impact of both technological and legal tools.  


Brownsword, R. (2005). "Code, control, and choice: why East is East and West is West." Legal Studies 25 (1): 1-22


Tien, L. (2004). "Architectural Regulation and the Evolution of Social Norms." International Journal of Communications Law & Policy (9)


The criticism in the field of lawyers, legal theorists and legal philosophers seems directed to Reidenberg’s instrumentalism, but they do attack Lessig for his attempt to use code as law. The problem with this type of criticism is that it builds on inadequate ideas about the normative impact of technology (taking for granted a kind of technological determinism) and aims to rule out any attempt to articulate legal norms in technological devices. One of the arguments is the fact that technologies are constructed outside the domain of democratic decision making, while one could easily turn this argument around to insist on new political practices to facilitate democratic decision-making regarding devices that have a major impact on our choices of action. 


Koops, B.-J. and R. Leenes (2005). "’Code’ and the Slow Erosian of Privacy." Michigan Telecommunications and Technology Law Review 12 (1): 115-189


Leenes, R. and B.-J. Koops (2005). "’Code’: Privacy’s Death or Saviour?" International Review of Law Computers & Technology 19 (3): 329-340


FIDIS researchers Koops and Leenes take a more nuanced view. In the first article they discuss software code as a tool for law enforcement (embedding interceptibility and/or privacy protection), while indicating that many of the consequences of software code are unintentional but rather serious side-effects. They argue that PETs may be an adequate answer, rather than the commodification of data. In the second article they discuss why PETs are not widely used. They explain that data protection, based on the idea of data minimisation is not in the ruling paradigm of those in charge of profiling; they plead a paradigm shift from data maximisation to privacy by design. 


Hildebrandt, M. (2007). Technology and the End of Law. The Limits of (the Rule of) Law. E. Claes and B. Keirsbilck



FIDIS researcher Hildebrandt discusses three perspectives on technology: (1) technological determinism, (2) the neutrality thesis and (3) technological pluralism, in counterpoint with (1) legal substantivism, (2) legal instrumentalism and (3) a relational conception of law. Connecting technological pluralism with a relational conception of law she argues (1) that democratic participation is required for the introduction of profiling technologies, and (2) that effective legal regulation of the impact of profiling technologies on human freedom and identity building warrants the technological embodiment of legal norms. This could mean that: (a) mandatory legal norms should be inscribed into the technologies to preclude violation as much as possible and (b) exchange of data and transparency of profiles should be facilitated by personal digital agents.  




workplan D7.9  fidis-wp7-del7.8.workshop_ambient_law_02.sxw  From data minimisation to minimisation of knowledge asymmetry
12 / 15