By ANNA SU
Review of Beyond Data: Reclaiming Human Rights at the Dawn of the Metaverse, by Elizabeth Renieris
Cambridge, MA: MIT Press, 2023
The last decade that culminated in the beginning of a global pandemic was a peak period of the academic critique of human rights. Though not exactly new, this recent literature highlighted the various limitations and deficiencies of human rights, including claims that view human rights itself as fundamentally flawed and perhaps not the best avenue to pursue aspirations of global justice. And yet today as we confront contemporary existential challenges–climate change and new technologies based on artificial intelligence (AI), to name the most prominent two–it might be surprising that many of those who are studying and working in these respective areas find themselves returning to human rights as one rather important tool in the overall effort to mitigate or regulate its effects.
In the realm of AI, Elizabeth Renieris’ Beyond Data: Reclaiming Human Rights at the Dawn of the Metaverse is among the first in an emerging literature that argues for new human rights in light of the novel challenges posed by new technologies. Beyond Data’s main argument is captured best by its title. As Renieris states at the beginning of the first chapter, “For more than fifty years, we have been so busy protecting data that we have largely forgotten to protect people” (13). That protecting data is not the same as protecting people is a point that gets reiterated throughout the book.
By and large, Renieris succeeds in making this argument. The book is divided into three main parts. The first part explores the historical development of our notions of privacy alongside technological developments in the realm of computing. A notable example was the creation of national data protection laws in the 1970s and 80s in Europe as a response to the creation of government databases on its citizens. As technology became more sophisticated (hello, Internet), going beyond the narrow one-to-one context of government-citizen interactions, governments around the world, and really in Europe in particular, undertook several attempts to protect personal data, eventually leading to the adoption of the General Data Protection Regulation (GDPR) in 2016.
The second part of the book casts new light on our contemporary milieu, diagnosing how the predominant individualistic focus on data protection has failed to achieve its goal in protecting people from overly intrusive and overbroad incursions. An interesting chapter details Big Tech’s embrace of privacy as 1) a matter of rhetoric, and 2) as a piece of technology in the form of privacy-enhancing-or privacy-preserving technologies (PETs). Beyond Data states that this embrace nonetheless occurs alongside invasive ad targeting and personalization. More importantly, adopting a narrow understanding of privacy as simply about confidentiality of data allows these tech companies to further consolidate power over their respective “walled gardens” by funneling and enclosing user data within its proprietary ecosystems under the guise of protecting privacy.
This dire diagnosis sets up the final part of the book, which juxtaposes the advent of new technologies, for instance, emotion recognition technologies, neurotechnologies, and so-called “phygital” technologies, with the inadequacy of existing legal frameworks that protect privacy. Rules such as the GDPR, Beyond Data suggests, rely on “an obsolete view of the digital world” (118). Perennial regulatory mechanisms such as notice or consent requirements are especially insufficient since people are now generally less aware of the entities rendering and harvesting data or inferences about us (119). In Renieris’ description, “the postdigital, cyberphysical world is increasingly always on, sentient, observing and capable of influencing or manipulating our individual and collective thoughts and feelings” (133). The resulting datafication of our lives is thus a much bigger and more complex problem than data governance or data protection laws can ever hope to address or even resist. If the recent foray by Apple into the world of augmented reality is any indication, this is indeed a problem that will soon need urgent attention.
Beyond Data’s ultimate proposal to limit datafication is to return to the original human rights-based conceptualizations of privacy and data protection. There is a historical basis for this proposal. In 1975, writing a monograph on the then-novel subject of data protection laws, German academic Frits Hondius wrote that the term “refers to the legal rules and instruments designed to protect the rights freedoms, and interests of individuals whose personal data are stored processed and disseminated by computers against unlawful intrusions, and to protect the information stored against accidental or wilful unauthorized alteration, loss, destruction or disclosure.” It is clear that we have since departed far from that people-centric conception. But how do human rights fit in the technology governance toolkit? For one, the book argues that our understanding of it should go beyond the rights to privacy and freedom of expression, and embrace the whole panoply of human rights contained in the Universal Declaration of Human Rights. Another that is increasingly the subject of scholars’ attention is that we should recalibrate and adapt existing human rights to our new reality, including the creation of new human rights. Freedom of thought and conscience, for example, long relegated to the status of woefully ignored cousins of freedom of speech and religion, respectively, could use some reinvigoration that is going to be important for our new cyber-physical reality.
* * *
The notion that human rights should be considered as part of governance or regulatory measures for emerging technologies, particularly artificial intelligence, faintly surfaced in the 2010s, when “Big Data” was still a shiny buzzword. Fast forward to 2023 as the European Parliament debated the passage of a brand-new Artificial Intelligence Act; a broad coalition of advocacy groups called for putting human rights considerations in the design of regulatory institutions and mechanisms. Whether or not the academic backlash to human rights found receptive ears outside the ivory tower, this backlash discourse nonetheless invites us to reflect upon what the human rights project can offer to the relentlessly digital world in which we are now living. Is the human rights project, and by extension human rights law, the right lens to use as we search for answers to counter the dehumanizing tendencies of an algorithm-mediated society? Alongside Renieris, other scholars seem to think along similar lines. Political scientist Wendy Wong, for instance, argues for a right to data literacy as part of what is required to safeguard and encourage human potential in the face of datafication. Legal scholar Nita Farahany recently argued for the recognition of a right to cognitive liberty in the age of AI-powered neurotechnologies, among the many “phygital” examples mentioned in Beyond Data. Legal scholars Yuval Shany and Dafna Dror-Shpoliansky have also written about digital human rights that call for the development of new rights and concomitantly, new rights and duty holders.
Beyond Data has two main strengths. First, it contains an oft-forgotten history of privacy law that deserves to be retold. It offers an important lesson that many can learn today amidst the seemingly dizzying rate of technological developments. Like the supervillain Thanos’ mistaken proclamation in the movie Avengers: Endgame–“I am inevitable”–technology companies and their products are anything but. This should spur creativity on the part of regulators and those who have a stake in the governance of these technologies to bring about a regulatory framework(s) that does not hinder innovation but also does not let harmful tech run amok. This is closely related to the other strength of the book: Beyond Data clearly illustrates the limitations of current regulatory approaches, including privacy and data protection legislation. So it is up to us to come up with ideas that will form part of what a just society looks like.
While Beyond Data joins an emerging literature in calling for the application of human rights to this domain, it is light on details on what that might look like in practice. That existing human rights law should largely apply to this new domain of our lives is not new or controversial. There is no AI exceptionalism for human rights as there is none for it in other legal regimes. Tort law, contract law, and antitrust legislation all apply to companies and their AI-enabled products in the relevant jurisdictions. Hence, there is no reason to think that human rights treaties such as the International Covenant on Civil and Political Rights (ICCPR) and the International Covenant on Economic, Social and Cultural Rights (ICESCR) will not apply.
One way to read the book productively is to use its proposal as a starting point to clarify how these general existing human rights principles can apply concretely to particular areas where automated decision-making is most salient at this point. For instance, the last report of Philip Alston as the UN Special Rapporteur on Extreme Poverty and Economic Inequality provided an important systematic account of digital technologies in welfare states and called for the regulation of technologies to ensure compliance with human rights. But Beyond Data also shows us that current laws are not adequate in confronting the many challenges posed by these new technological developments. Its proposal to return to human rights, including possibly the creation of entirely new rights, or the reinvigoration of old ones that will sufficiently highlight the new sources of danger in the digital reality, inevitably raises the question of how far the human rights approach can take us to that vision of a just, algorithm-mediated world. After all, even though privacy has become a ubiquitous mantra in recent years, it was also the period which saw the rise of surveillance capitalism. It thus seems unclear how human rights can provide the necessary respite, let alone serve as the main framework through which to discuss the problems associated with new technologies.
An optimist could look at Beyond Data and other recent scholarly works that emphasize the importance of human rights in the digital age and see it as only marking the beginning of the conversation. But it is necessary to have a clear articulation of what rights exist and how they apply. The book conveys a sense of the expectations from technology companies as well as from the government, and it highlights the values and principles that we think are important in the digital domain, such as autonomy, dignity, and equality. It also provides the possible basis of institutional and legislative remedies that are arguably more suited to long-lasting changes.
The next frontier to brave in this literature is clear: Who should own and control these companies and technologies? How should they be governed? Can a different reading of human rights–away from the predominant versions that focus on individual autonomy–sufficiently address the structural inequities built into the political economy of the digital environment? How should a rights-based approach inform the technical design of systems or can it? After all, we have always conceptualized rights as constraints against the exercise of state power. These are the questions that the next generation of literature on technology and human rights should be focusing on, and they require a holistic and interdisciplinary effort. Beginning to answer them is only possible however, once there has been a full reckoning and acknowledgement of human rights’ limitations.
Posted on 5 July 2023
ANNA SU is Associate Professor of Law at the University of Toronto Faculty of Law. She is a Research Lead at the Schwartz Reisman Institute for Technology and Society at the University of Toronto. Her most recent article, “The Promise and Perils of International Human Rights Law in AI Governance,” appeared in the journal Law, Technology and Humans in 2022.
