Periodic Reporting for period 2 - PANELFIT (Participatory Approaches to a New Ethical and Legal Framework for ICT)
Reporting period: 2020-02-01 to 2022-04-30
To begin with, the project has significantly improved the data protection materials available to the general public. The development of our Citizens' info pack has enabled us to provide citizens with materials that clearly explain the fundamentals of their rights. We are particularly proud of our ability to tailor them to the needs of vulnerable groups, which did not always have easy access to this type of information. Furthermore, we have created a Code of Conduct to assist the communities of scientists and innovators in processing data in a way that is ethical and legal.
Our findings will also be extremely beneficial to a critical user community. As is well known, journalists play an important role in democracies, which necessitates a significant amount of data processing. Panelfit has significantly improved its preparation to handle its data properly. To accomplish this goal, we created a Handbook for Journalists that contains all of the necessary information on the subject, as well as six informative webinars in which we presented particularly important issues.
Panelfit will also be useful in developing privacy and data protection policies. Our Governance Report contains useful information on how to efficiently monitor data processing for research and innovation. This is especially important because our current structures are not well suited for these purposes. Similarly, our Critical Analysis provides insight into the issues and gaps that exist in the current regulations. It also offers potential solutions that have been introduced in drafts of new regulations such as the AI Act or the Data Act. Panelfit's results include the analysis of new regulations through a mutual support process. To that end, we have developed a Mutual Learning Platform that gives registered users access to a database of current and new European regulations. It also allows for comments and discussions on critical issues at a time when standards are constantly shifting.
To this must be added, of course, the most important outcome of our project: our ELI Guidelines on Data Protection in ICT Research and Innovation. These are interactive tools that function similarly to wiki systems. They aim to facilitate the adaptation processes between new technological advances and legal frameworks by creating a set of editable, openly accessible guidelines, as well as operational standards capable of reducing ethical and legal issues posed by information and communication technologies.
The Guidelines were designed in such a way that different levels of information - more or less detailed - can be accessed depending on the needs of the end user. As a result, each user can graduate to the level of knowledge required to proceed with data processing. Furthermore, the Guidelines include a plethora of questionnaires and checklists that can be used to verify compliance with the substantive aspects of the applicable regulations. This will help us ensure that researchers and innovators are not in serious non-compliance much easier. It should also be emphasized that the texts can be tailored to the needs of users, allowing people with limited abilities or special preferences to satisfy their needs.
It is critical to note that one of the most significant outcomes of Panelfit was one that was not anticipated: strong support for the response strategy to the Covid-19 pandemic. Our researchers published numerous materials in specialized journals and mass media to explore ethical and legal issues related to the processing of personal data in the use of tracking apps, immunity certificates, vaccination certificates, and so on. We also appeared in a number of public debates and audiovisual media appearances. Without a doubt, this is one of the outcomes we are most proud of.
Panelfit's deliverables were created in accordance with the planned methodology. The Code of Conduct, Citizens Info Pack, and Journalist Handbook were all completed on time thanks to ongoing collaboration between the project and stakeholders.
The same can be said for The Guidelines, where we made a special effort to produce an appropriate, well-designed outcome. The Guidelines were intended to be a useful resource for ICT researchers and innovators. However, it was difficult to come up with a design that worked well for this purpose.
Finally, the Guidelines were divided into sections that corresponded to various topics, such as the GDPR's fundamental actions and tools, the main concepts, principles, or actors, or the key rights of data subjects. This general section of The Guidelines was supplemented by thematic sections devoted to some particularly relevant technologies, such as AI, geolocation, biometrics, the Internet of Things, and social media.
Last but not least, our project has made significant efforts to effectively communicate and disseminate its accomplishments. We have written over forty scientific articles and served on several scientific panels. We have also hosted monthly chats with privacy experts and offered nine editions of Mooc courses on the subject. Furthermore, our data protection webinars and final dissemination events (five in total) have piqued the interest of a large number of people.
• First, we contributed to the public debate on the use of data through several publications in mass media, including journals such as El Mundo or Il Corriere de la Sera. We have also intervened in TV reports, and radio programs.
• Second, we fueled the policymaking by promoting public calls for action in terms of defense of data protection, but also by interacting with superlative policy boards, such as the EU Parliament, the European Data Protection Supervisor and the European Data Protection Board, or by the redaction of reports at the request of public authorities, such as the Spanish Ministry of Health
• Third, we contributed to disseminating the knowledge of data protection issues by organizing successive MOC courses on this topic that are attracting the attention of a large number of students
• Four, we organized a huge number of panels in high-impact conferences, such as the CPDP, several workshops, and webinars, and participated in events such as the final conference of the ENERI project.
• Five, our dissemination events gathered impressively positive responses from the data protection community. A huge number of stakeholders and academics (75) participated in our events, including our extensive consultation process and our final conferences (100)
• Furthermore, produced a set of valuable academic papers that have or will be published in high-impact journals. Therefore, we are particularly satisfied with our communication and dissemination activities.