With the advent of the internet, “the screen onto which people project their lives is no longer and not only their pc screen; it has enormously expanded and tends to coincide with the entire network space”^[1], the problem is that the rules governing cyberspace’s structure and content in general, and so-called big data in particular, are increasingly clashing with the principles set out in international human rights law.

The prediction of similar ‘tension axes’ relies upon the assumption that the logic supporting the entire sequence of creation, preservation, transfer and possible elimination of the various contents (data) available online is ‘predictive’, deriving from the assumption that a problem is computable when it can be solved through an algorithm.

This leads to a general issue: while, on the one hand, fundamental human rights normally favour disadvantaged individuals as they naturally support minorities, on the other hand, big data is more inclined to the largest number, strengthening the majority, thus increasing prejudice against the minority (the so-called Dictatorship of Data). Hence, the problem is how to reconcile the regulatory function of law – often expressed in forms of minority protection – with the rationale that increasingly underlies the policies based on data computing, which conversely expresses the direction of the majorities. It is the case of a software like Compas – Correctional Offender Management Profiling for Alternative Sanctions – an algorithm that assess potential recidivism risk through a scale based on prior arrest history, residential stability etc.

More specifically, this raises the question of how to solve the contrast between the predictive function of the algorithm and the prescriptive function of law. The contrast is deeper than this, and lies in the capacity of the law to make a decision and to motivate it. It also lies in the inability of the algorithm to decide and elaborate rational arguments. If the main concern is to preserve the profound nature of human rights – all based on an assumption of dignity: humankind as an end to itself and not in relation to other elements – then the principle of causality upon which the legal reasoning of legal practitioners is built must be kept clearly distinct from the principle of correlation on which algorithms are shaped.

The above issue is indeed complex and is made even more extensive and pressing by two different factors: the transition from ‘web 1’ to ‘web 2’, and the transition from the latter to ‘web 3’. The former refers to the technological advance that allowed for transformation of the so-called free web into the social web (we clearly refer to the rise of the main social networks: Facebook, Twitter, Instagram, LinkedIn, just to mention those that are considered the most important ones at the time of writing). Differently, the transition from ‘web 2’ to ‘web 3’ highlights the technological transformations – proceeding at a dizzying pace – that have gradually permitted the spread of the so-called Internet of Things: an integrated communication system through which devices such as smartphones, GPSs etc. send information by making themselves identifiable through specific technologies, often in order to obtain other data in return (see, for example, the geolocation services).

The issue is made even more sensitive by the fact that we cannot exclude the application of big data in favour of human rights protection, for instance in medical decision-making. 

Nevertheless, on numerous further occasions the logic behind the system of human rights protection, on the one hand, and the logic underlying the massive use of data, on the other, may clash with one another. Therefore, the question arises whether law – and especially international law – provides mechanisms for resolving similar conflicts.

For instance, the so called “Privacy Shield” – an international agreement on transatlantic data flows signed by the European Union and the United States in 2016 in order to replace the former “Safe Harbour” which had been declared invalid by the European Court of Justice in 2015 – because it does not correctly protect European data in the wake of the revelations made by Edward Snowden (Datagate) – could be read under this light. The ultimate goal is to facilitate the transfer of data in accordance with the EU set of principles on privacy and data protection.

Such principles represent useful instruments to correctly balance some interests that may clash with one another. Consider for instance the tension that already exists between the advantages (greater involvement) and the disadvantages (greater manipulation) that big data brings as regards the determination of the political stance and freedom to exercise voting rights, also in light of the general principle of non-interference in the internal affairs of a state. As the scandal of Cambridge Analytica (2018) clearly demonstrates, a consulting firm can illegally exploit an impressive amount of data belonging to social media users without their permission.

In conclusion, the identification of a correct set of principles would mean building a compass capable of guiding us in the difficult navigation of the deep waters of cyberspace.

This image is not a coincidence: the etymology of the word -cyber itself comes from the ancient Greek (kyber) meaning “helm”. Thus, the problem is twofold: how to steer and who is at the helm.

[1] Stefano Rodotà, Il mondo nella rete – Quali diritti, quali vincoli, Bari, 2014 p. 28.