Ma thèse en 180 secondes est un concours dont le but est de présenter les propos d’une thèse de doctorat au grand public. Les doctorants ont 3 minutes pour convaincre leur auditoire et lui faire comprendre en termes simples et clairs le thème de leur projet de recherche.Dans la version blogdroiteuropeen d’aujourd’hui, Simona Demková nous explique en quoi consiste sa thèse de doctorat qu’elle a recemment soutenu. Vous n’aurez besoin que de 3 minutes pour parcourir ce post et comprendre le sujet et l’objectif de sa thèse intitulée « Effective Review in the Age of Information: The Case-study of Semi-automated Decision-making based on Schengen Information System». Prêt(e) ?
In the highly digitalised and data-driving legal environment, people are increasingly being treated as data in ways that decisions about human lives are being reduced to automated “hits”. At the same time, individuals face the challenge of enforcing their rights against multilevel European decision-making that come with their degree of complexity and legal challenges. Against this background, the EU legislative framework, which promises effective legal protection to individuals, needs to be tested.
The thesis brings four contributions to the academic discussion on effective remedies in the age of information.
First, the increasing automation in the EU informational cooperation has decisive effects on the nature of European multilevel decision-making. The thesis defines such decision-making as semi-automated to highlight that while legislation ensures that a human decision-maker remains responsible for exercising the final discretion, the impact of automatically-generated information on the adopted decisions fundamentally undermines the exercise of decision-making discretion. This is problematic because the decisional effects of the underlying information-processing on the decision-making are not recognised as legal effects, which would subject the preliminary information-processing conduct to effective review.
Second, semi-automated decision-making exacerbates the challenges of multilevel European legal order and creates new obstacles to effective account-giving. Such decision-making suffers from inherent intransparency, concerning the clarity in allocating responsibilities of different actors involved. Concretely, the fast access to and use of the vast amounts of available information leads to cross-sectoral and cross-jurisdictional integration of actors’ responsibilities. Such integration occurs for the EU agencies’ involvement in decision-making, the responsibility for which remains attributed to the national authorities. Similarly, the integration of responsibilities also happens for the Member States’ authorities that act in both border control and law enforcement and that are often located within the same office or agency. At the same time, different stages of information-processing are characterised by an inherent margin of error. Data quality issues occur in all stages of processing. The data quality issues are difficult to address globally due to the fragmented practices and experiences across the Member States that often employ different tools, each having its specific algorithm, without relying on a common set of quality and security standards. Likewise, data quality issues occur when authorities should act based on the retrieved information. ‘Hits’ often show missing data, errors, or other data quality problems, leading to incorrect individual identification. These intransparencies undermine effective ex-post review.
Third, the thesis reveals the weaknesses in individuals’ direct enforcement of their rights against the preliminary information processing conduct. Instead, the final review of the decision-making based on such data processing does not extend to the data-processing conduct due to the territorial limits on jurisdiction arising from the legislative separation of such conduct from the subsequent decision-making. Accordingly, there is a need to explicitly recognise the legal effects of hit-executing actions as a specific form of public interference with the rights of persons. Considering that the entry of an alert represents a specific form of legal request, which creates obligations upon the hit-finding authorities, it should also be considered initiation of decision-making procedure that ends with the alert’s execution.
Lastly, given that this is a difficult suggestion to accept under the current operation of EU law, we need to consider the existing approaches to the effective review of semi-automated decision-making. One way is looking at whether the general EU law principle of duty of care can be applied to mitigate the challenges arising from the decisive value of information in semi-automated decision-making. The duty of care is a principle that reflects the wider trend of integration in EU law implementation and the need for more procedurally oriented review. It is a versatile principle that allows for a higher intensity of procedural scrutiny, including assessing the reasoning and proportionality of public conduct. By verifying compliance with duty of care, the courts, on the one hand, confirm that the informational basis of the decisions is correct and meaningful. On the other hand, the duty-of-care-based review also respects the prerogatives of security-related cooperation without undermining the principle of mutual trust.
Nevertheless, verifying compliance with the duty of care may be insufficient. The higher the degree of automation in the processing of information, and hence the higher the margin of error of the information that is the source for decision-making, the lower the potential for the decision-maker to meaningfully intervene, i.e., dutifully examine the lawfulness, correctness and completeness of the info relied on. Accordingly, the balancing based on the duty of care should take into account: the nature of the information relied on in decision-making; the degree of automation and the corresponding margin of error in the processing of that information; in addition to the usual appraisal of the nature of decision-making, the scope of the authorities’ discretion therein, and the interests to be weighted.
Such balancing of information-related elements is essential to arrive at a realistic expectation of legal protection. When considering these elements gives the competent judge a reason to conclude that a meaningful human intervention is questionable, the review should consider ex-ante safeguards applied that would predispose the decision-making authority to comply with the duty of care.
Ultimately, the thesis suggests that European policy leaders calling for European digital sovereignty must address as an absolute priority three aspects pertaining to semi-automated decision-making:
- Adapt the legal framework so that it reflects the decisional value of automatically processed information on the decision-making discretion;
- Design efficient ways ensuring that automation applications enable the decision-making authorities to meaningfully verify the information relied on and enable the supervisory authorities to effectively supervise the authorities’ compliance with their duty of care.
- Strengthen the legal mandate and resources of the supervisory authorities to review conduct of cross-border character, especially through improving the system of network supervision;
Without addressing the limits of ex-post review mechanisms, the legal position of individuals in the EU will remain seriously at risk. Technological progress is by no means tolerable when it significantly undermines what is ‘of the essence of the Rule of Law’ to quote the Court of Justice itself.
…3, 2, 1, le temps de ce post est écoulé.