Our Ideas That Drive the World: My key takeaways

🎭 ✏️ Deceptive designs are everywhere - can you see it? 

The interface of digital architecture shapes its interaction with the users. Even with sufficient research on the nature of dark patterns, the legal protection against dark patterns is still a challenge. With the DSA coming into picture, we have to wait to see how platforms regulate online interfaces. There is however a dire need for awareness where users can detect dark patterns and avoid harm - both individual and collective. 

In light of DSA´s exclusion of matters regulated under consumer and data protection laws, regulatory gaps are yet another challenge for the prohibition of the use of deceptive designs. A collaborative approach between data protection authorities and consumer protection authorities will prove to be helpful for tackling deceptive designs from digital architectures. Differentiating between nudge and sludge, it is also necessary to adopt pro-privacy designs, especially for children who could use some positive directions in the digital world. 

As colin gray explains, the tension here reflects an ¨imbalance in user versus stakeholder or shareholder value¨ and an issue as big as this requires an interdisciplinary solution. 

⚖️💻 The use of tech for legal and by legal - should compliance be automated? 

Advanced Data Protection Control tools were discussed which introduce a new dimension to data subject rights and user empowerment. As emphasized by Soheil Human, the visibility on our data is limited to controllers, which is a challenge for user empowerment - leaving us with very little visibility (and control) on our data and its usage. The use of tech can solve this problem and the same needs a multi stakeholder approach. 

Automated tools for enforcement and compliance with data protection laws were also discussed. noyb.eu presented a very interesting tool which has completely automated the process of scanning websites for unlawful cookie banners and sending out ´warning emails´ to companies for rectification. 

There was however an interesting argument against automating compliance, which is: users do not get the right to consent for each controller of their data. But again, consent is already a big issue in the digital world and automation will rather help users manage their consents ´smartly´. With technology being integrated in almost all fields, legal tech is the synergy that the world needs. 

🕊️ 🤖 Ethical AI - can ethics be taught? 

The growing AI applications and tools lack ethical values but the question is - how to embed ethics into the algorithms? A huge responsibility here lies on the shoulders of developers of technology. The adoption of technology and the patterns of its use have changed in recent years - every household is now using AI in some form or other. 

Developers of AI definitely require training on ethics which will help them perceive long term effects of their creation and prepare for all possible use cases since every user is vulnerable in the digital world. The role of UX designers is also getting more prominence since interface and their designs enable the interaction between users and the machine - this interaction should however not be limited to surfaces only and will also include interaction with IoT devices or robots where users may not see traditional UI surfaces. 

🔒🗝️ Encryption and confidentiality - should we prepare for post quantum crypto? 

Encryption is the tool which enables protection of the confidentiality of our communication in the digital world. End to end encryption allows users to share information, without the risk of third parties snooping in their communication. This is however a challenge for law and enforcement when they require access to communication, for investigative purposes. 

Drawing an analogy from the offline space where interactions cannot be snooped on easily, Namrata Maheshwari from Access Now focused on justifications to treat privacy differently in the online world. For investigative purposes, the attack to this confidentiality must be exercised very carefully, in balance with the privacy rights of users. 

The development of quantum machines will pose another challenge since all conversations archived today will be breakable in the quantum world. Post quantum cryptography will bring changes to both encryption and digital signatures and it will be very interesting to see how we regulate the transition and access to the same. 

🔒🎨 Privacy by design - why is it difficult to implement architecture measures? 

Though the term privacy by design is being thrown around a lot, there seems to be practical challenges for the implementation of the same. Guidelines and standards, including the most recent ISO standard on privacy by design, include measures on minimum data collection, timelines for data retention and timely deletion, data sharing and other practices which are critical for adopting architecture solutions for privacy. Businesses however are facing issues in implementing the same, and those challenges warrant further discussion. For instance, the reversibility of pseudonymized data is a practical concern, particularly in light of other legal requirements with different data retention policies. 

Inspired from architecture and design controls, we are seeing a newer concept of safety by design - which should be another goal for a safer internet.