Title: HOW TO ACHIEVE AML: THE ARCHITECTURE OF THE RULE OF LAW

The need for a paradigm shift

Core principles of the legal data-protection framework, notably data minimisation, purpose specification, and goal binding, are entirely at odds with the vision of Ambient Intelligence. AmI cannot develop at all if the current framework is applied. It is questionable, however, whether the legal framework is powerful enough and can be enforced in practice to stop the development of AmI. More importantly, it must be questioned whether the development of new emerging technologies and AmI applications systems should be hindered by legal provisions based on a world view that is becoming increasingly outdated. The vision of AmI requires a revision of the legal data-protection framework as it currently exists. Nissenbaum’s concept of contextual integrity (see section ), for instance, seems more apt to protect citizens against violations of their privacy than more ‘traditional’ conceptions of privacy, which depend on a strict separation of public and private spheres.

At the same time, the core values behind privacy and data protection also imply that AmI should not be allowed to develop in a legal vacuum. The values that privacy and data protection aim to ensure, such as autonomy, self-development, and human dignity, must in one way or another be safeguarded in the development of the AmI world. Value-embedded design is a key notion in this process (see section ). Where current guiding principles of the legal framework like data minimisation and purpose specification increasingly fall short, other mechanisms must be established to maintain some form of balance between users (consumers, citizens) and providers (businesses, government).

Moreover, while preventative, ex ante data-protection measures slowly give way to more restorative, ex post fair information-processing measures, also non-discrimination will become more important when AmI applications seamlessly and invisibly make customised decisions about people. A first prerequisite for non-discrimination in an AmI world is transparency, since challenging unfair autonomic decisions is only possible if it is known that an autonomic decision was made and on what grounds this was done. Such transparency will not emerge by itself, and it is unlikely that mere legislative or self-regulatory measures will entice AmI providers to create sufficient transparency for users, as long as the legislator sticks to the printed script to articulate its legal enactments. This is why Transparency-Enhancing Technologies (TETs) are a crucial element of the AmI infrastructure, as part of the legal infrastructure enacted by the democratic legislator.

The failure of the current data-protection framework in the face of today’s profiling and tomorrow’s Ambient Intelligence implies that a paradigm shift is needed. Both privacy- and data-protection-related values and non-discrimination require new norms when AmI is being developed, and they require rearticulation in new technologies. Because of the particularities of AmI, with its massive, real-time, self-learning, and ubiquitous profiling and decision-making, the future of these norms lies in technology itself rather than in law as we know it today. AmI norms should not – or at the very least not only – be laid down in text-based legal provisions, but they should also be embodied in the technology itself that they aim to regulate. Here, the vision of Ambient Law enters the picture.