Assessing the (severity of) impacts on fundamental rights

IF 3.3 3区社会学 Q1 LAW

Computer Law & Security Review Pub Date : 2025-02-28 DOI:10.1016/j.clsr.2025.106113

Gianclaudio Malgieri , Cristiana Santos

{"title":"Assessing the (severity of) impacts on fundamental rights","authors":"Gianclaudio Malgieri , Cristiana Santos","doi":"10.1016/j.clsr.2025.106113","DOIUrl":null,"url":null,"abstract":"<div><div>\"Risk to fundamental rights,\", \"impact on fundamental rights\", \"harm to fundamental rights\" and \"non-material damages\" are all terms referring to similar problems, though inherently ambiguous and very problematic, especially in the age of AI-based technologies and digital platforms. Traditionally, legal and social sciences have two different approaches to analysing the impacts on fundamental rights: the rights-based approach and the risk of harm-based approach to fundamental rights. The rights-based approach is binary, focusing on whether rights and obligations are respected or violated. In contrast, a harm-based approach focuses on the anticipation of undesired events and measuring their likelihood and severity. However, focusing solely on \"harms'' or \"damages'' is reductionist, while existing impact assessment models often use vague terms like \"gravity\", \"intensity,\" and \"magnitude\", which do not effectively help measure interferences with fundamental rights. Without operational criteria to measure these risks, most EU digital strategies demanding impact and risk assessments fail. Examples include the Data Protection Impact Assessment (DPIA) in the GDPR, Fundamental Rights Impact Assessments (FRIA) in the AI Act, and systemic risk assessments in the Digital Services Act (DSA). We posit that interferences with fundamental rights are seen as a spectrum that ranges from social contacts to violations, and these interferences can and should be measured. Thus, this article proposes a rights-based approach, combining it with elements from the harm approach and proposes an actionable parameter-based framework (also based on social meaning theories and social perception methodologies) to assess impacts on fundamental rights. The proposed multi-metric approach ensures a comprehensive assessment of the <em>severity</em> of impacts on fundamental rights within EU law, particularly in GDPR, DSA, and AI Act. This approach aims to inform policymaking, prioritise high-risk scenarios and propose mitigation measures in digital markets. This is especially important for detecting and addressing human vulnerabilities in interactions with digital technologies.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106113"},"PeriodicalIF":3.3000,"publicationDate":"2025-02-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Law & Security Review","FirstCategoryId":"90","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0267364925000081","RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"LAW","Score":null,"Total":0}

引用次数: 0

Abstract

"Risk to fundamental rights,", "impact on fundamental rights", "harm to fundamental rights" and "non-material damages" are all terms referring to similar problems, though inherently ambiguous and very problematic, especially in the age of AI-based technologies and digital platforms. Traditionally, legal and social sciences have two different approaches to analysing the impacts on fundamental rights: the rights-based approach and the risk of harm-based approach to fundamental rights. The rights-based approach is binary, focusing on whether rights and obligations are respected or violated. In contrast, a harm-based approach focuses on the anticipation of undesired events and measuring their likelihood and severity. However, focusing solely on "harms'' or "damages'' is reductionist, while existing impact assessment models often use vague terms like "gravity", "intensity," and "magnitude", which do not effectively help measure interferences with fundamental rights. Without operational criteria to measure these risks, most EU digital strategies demanding impact and risk assessments fail. Examples include the Data Protection Impact Assessment (DPIA) in the GDPR, Fundamental Rights Impact Assessments (FRIA) in the AI Act, and systemic risk assessments in the Digital Services Act (DSA). We posit that interferences with fundamental rights are seen as a spectrum that ranges from social contacts to violations, and these interferences can and should be measured. Thus, this article proposes a rights-based approach, combining it with elements from the harm approach and proposes an actionable parameter-based framework (also based on social meaning theories and social perception methodologies) to assess impacts on fundamental rights. The proposed multi-metric approach ensures a comprehensive assessment of the severity of impacts on fundamental rights within EU law, particularly in GDPR, DSA, and AI Act. This approach aims to inform policymaking, prioritise high-risk scenarios and propose mitigation measures in digital markets. This is especially important for detecting and addressing human vulnerabilities in interactions with digital technologies.

查看原文本刊更多论文

评估对基本权利的（严重）影响

“对基本权利的风险”、“对基本权利的影响”、“对基本权利的损害”和“非物质损害”都是指类似问题的术语，尽管本质上是模糊的，而且非常有问题，特别是在基于人工智能的技术和数字平台的时代。传统上，法律和社会科学有两种不同的方法来分析对基本权利的影响：基于权利的方法和基于损害风险的方法来分析基本权利。基于权利的方法是二元的，侧重于权利和义务是否得到尊重或违反。相反，基于伤害的方法侧重于预期不希望发生的事件，并衡量其可能性和严重性。然而，仅仅关注“危害”或“损害”是一种简化主义，而现有的影响评估模型往往使用“重力”、“强度”、“幅度”等模糊的术语，无法有效衡量对基本权利的干扰。如果没有衡量这些风险的操作标准，大多数要求影响和风险评估的欧盟数字战略都会失败。例子包括GDPR中的数据保护影响评估（DPIA），人工智能法案中的基本权利影响评估（FRIA）以及数字服务法案（DSA）中的系统风险评估。我们认为，对基本权利的干预被视为一个范围，从社会接触到侵犯，这些干预可以而且应该被衡量。因此，本文提出了一种基于权利的方法，将其与伤害方法的要素相结合，并提出了一个可操作的基于参数的框架（也基于社会意义理论和社会感知方法）来评估对基本权利的影响。拟议的多指标方法确保全面评估欧盟法律中对基本权利的影响严重程度，特别是在GDPR， DSA和AI法案中。该方法旨在为政策制定提供信息，优先考虑数字市场中的高风险情景，并提出缓解措施。这对于发现和解决人类在与数字技术互动中的脆弱性尤为重要。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Law & Security Review LAW-

CiteScore

5.60

自引率

10.30%

发文量

审稿时长

67 days

期刊介绍： CLSR publishes refereed academic and practitioner papers on topics such as Web 2.0, IT security, Identity management, ID cards, RFID, interference with privacy, Internet law, telecoms regulation, online broadcasting, intellectual property, software law, e-commerce, outsourcing, data protection, EU policy, freedom of information, computer security and many other topics. In addition it provides a regular update on European Union developments, national news from more than 20 jurisdictions in both Europe and the Pacific Rim. It is looking for papers within the subject area that display good quality legal analysis and new lines of legal thought or policy development that go beyond mere description of the subject area, however accurate that may be.