Lee Andrew Bygrave

• Bygrave, Lee Andrew & Tosoni, Luca (2023). Article 3: Definitions. I Kosta, Eleni & Boehm, Franziska (Red.), The EU Law Enforcement Directive (LED): A Commentary. Oxford University Press. ISSN 9780192855220. s. 79–134.
• Bygrave, Lee Andrew (2023). The Predilection for Contract in Governing Digital Networks: Micro-Management’s Face Off with Accountability. I Clifford, Damian; Ho Lau, Kwan & Paterson, Jeannie Marie (Red.), Data and Private Law. Hart Publishing Ltd. ISSN 9781509966028. s. 51–66. Fulltekst i vitenarkiv
• Bygrave, Lee Andrew (2023). Data Protection by Design and by Default. I Garben, Sacha & Gormley, Laurence W. (Red.), Oxford Encyclopedia of EU Law. Oxford University Press. ISSN 9780191877025.
• Bygrave, Lee Andrew (2022). Cyber Resilience versus Cybersecurity as Legal Aspiration. I Jančárková, Tat’ána; Visky, Gabor & Winther, Ingrid (Red.), 2022 14th International Conference on Cyber Conflict: Keep Moving. IEEE (Institute of Electrical and Electronics Engineers). ISSN 978-9916-9789-0-0. s. 27–44.
• Bygrave, Lee Andrew (2022). Machine Learning, Cognitive Sovereignty and Data Protection Rights with Respect to Automated Decisions. I Ienca, Marcello; Pollicino, Oreste; Liguori, Laura; Stefanini, Elisa & Andorno, Roberto (Red.), The Cambridge Handbook of Life Science, Information Technology and Human Rights. Cambridge University Press. ISSN 9781108775038. s. 166–188. doi: 10.1017/9781108775038.016. Fulltekst i vitenarkiv
• Bygrave, Lee Andrew (2021). Security by Design: Aspirations and Realities in a Regulatory Context. Oslo Law Review. ISSN 2387-3299. 8(3), s. 126–177. doi: 10.18261/olr.8.3.2. Fulltekst i vitenarkiv Vis sammendrag

  Recently, ‘security by design’ has surfaced as an aspirational mantra in cybersecurity regulation and policy. It urges those involved in building information systems to consider the systems’ security needs before they are built and integrate these needs in the systems’ subsequent design and construction. The mantra joins a design-focused discourse on the integration of various values into technology development processes. However, critical scholarship on the roots, meaning(s) and regulatory dimensions of ‘security by design’ is scarce. This article aims to fill this gap. It examines the nascent discourse on ‘security by design’ with a view to assessing the mantra’s utility as a regulatory principle in the context of information systems development. An argument advanced in the article is that while the mantra is a valuable addition to cybersecurity law and policy, realising its aspirations is likely to be hindered by its nebulous semantics and particular characteristics of computer engineering culture. The article warns that the legitimacy of ‘security by design’ as a regulatory principle could be weakened if it is used to further authoritarian or corporate interests at the expense of civil liberties or consumer protection.

• Bygrave, Lee Andrew & Yeung, Karen (2021). Demystifying the modernized European data protection regime: Cross-disciplinary insights from legal and regulatory governance scholarship. Regulation & Governance. ISSN 1748-5983. doi: 10.1111/rego.12401. Fulltekst i vitenarkiv Vis sammendrag

  This article critically examines fundamental aspects of the recently reformed European regime for protection of personal data, focusing on the General Data Protection Regulation (GDPR) adopted by the European Union (EU) in 2016. Although the GDPR is now a central concern for many organizations across multiple sectors, many complain that it is arcane, confusing, and complex. By combining knowledge from two disciplinary perspectives – from regulatory governance scholarship, on the one hand, with legal scholarship from the fields of data protection law, constitutional law, and fundamental rights, on the other hand – this article seeks to “demystify” the key elements of the regime's architecture and approach in light of the significant uncertainties concerning the nature of its requirements. In particular, this article examines the tension between the regime's pronounced “risk-based” approach to compliance and its basic objective of safeguarding fundamental rights, and the challenges facing data protection authorities in providing timely clarifications of the regime's norms. We argue that, despite its complex and arcane character and continuing uncertainty about the precise scope of its requirements, the regime is an innovative hybrid with a significant degree of in-built “future-proofing” that should help render it more resistant to being rapidly overtaken or outpaced by organizational–technological developments. The secondary aim of this article is to demonstrate how academic insights from two distinct but related disciplinary perspectives – legal scholarship and regulatory governance studies – offer a potentially fruitful approach to enrich understandings of the European data protection regime in particular, and of the mechanics, efficacy, and legitimacy of regulatory governance regimes more generally.

• Bygrave, Lee Andrew (2021). The ‘Strasbourg Effect’ on data protection in light of the ‘Brussels Effect’: Logic, mechanics and prospects. Computer Law and Security Review. ISSN 0267-3649. 40. doi: 10.1016/j.clsr.2020.105460. Fulltekst i vitenarkiv
• Bygrave, Lee Andrew (2020). Article 25: Data protection by design and by default. I Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Red.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. s. 571–581.
• Bygrave, Lee Andrew (2020). Article 22: Automated individual decision-making, including profiling. I Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Red.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. s. 522–542.
• Bygrave, Lee Andrew & Tosoni, Luca (2020). Article 4(26): International organisation. I Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Red.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. s. 303–308.
• Bygrave, Lee Andrew (2020). Article 4(21): Supervisory authority. I Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Red.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. s. 265–271.
• Bygrave, Lee Andrew & Tosoni, Luca (2020). Article 4(18): Enterprise. I Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Red.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. s. 246–252.
• Bygrave, Lee Andrew & Tosoni, Luca (2020). Article 4(15): Data concerning health. I Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Red.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. s. 217–224.
• Bygrave, Lee Andrew & Tosoni, Luca (2020). Article 4(14): Biometric data. I Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Red.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. s. 207–216.
• Bygrave, Lee Andrew & Tosoni, Luca (2020). Article 4(13): Genetic data. I Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Red.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. s. 196–206.
• Bygrave, Lee Andrew & Tosoni, Luca (2020). Article 4(11): Consent. I Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Red.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. s. 174–187.
• Bygrave, Lee Andrew & Tosoni, Luca (2020). Article 4(8): Processor. I Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Red.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. s. 157–162.
• Bygrave, Lee Andrew & Tosoni, Luca (2020). Article 4(7): Controller. I Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Red.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. s. 145–156.
• Bygrave, Lee Andrew (2020). Article 4(4): Profiling. I Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Red.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. s. 127–131.
• Tosoni, Luca & Bygrave, Lee Andrew (2020). Article 4(2): Processing. I Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Red.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. s. 116–122.
• Bygrave, Lee Andrew & Tosoni, Luca (2020). Article 4(1): Personal Data. I Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Red.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. s. 103–115.
• Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (2020). Background and Evolution of the EU General Data Protection Regulation (GDPR). I Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Red.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. s. 1–47.
• Bygrave, Lee Andrew (2019). Minding the Machine v2.0: The EU General Data Protection Regulation and Automated Decision Making. I Yeung, Karen & Lodge, Martin (Red.), Algorithmic Regulation. Oxford University Press. ISSN 9780198838494. s. 246–260. doi: 10.1093/oso/9780198838494.003.0011.
• Mascalzoni, Deborah; Bentzen, Heidi Beate; Ljøsne, Isabelle Sylvie Budin; Bygrave, Lee Andrew; Bell, Jessica & Dove, Edward S. [Vis alle 21 forfattere av denne artikkelen] (2019). Are Requirements to Deposit Data in Research Repositories Compatible With the European Union's General Data Protection Regulation? Annals of Internal Medicine. ISSN 0003-4819. 170(5), s. 332–334. doi: 10.7326/M18-2854. Fulltekst i vitenarkiv
• Bygrave, Lee Andrew (2018). Legal Scholarship on Data Protection: Future Challenges and Directions. I Degrave, Élise; de Terwangne, Cécile; Dusollier, Séverine & Queck, Robert (Red.), Law, norms and freedoms in cyberspace / Droit, normes et libertés dans le cybermonde: Liber Amicorum Yves Poullet. Larcier. ISSN 978-2-8079-0346-3. s. 493–504.

Se alle arbeider i Cristin

• Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (2020). The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISBN 9780198826491. 1393 s.

Se alle arbeider i Cristin

• Bygrave, Lee Andrew (2024). AI and Cognitive Sovereignty.
• Bygrave, Lee Andrew (2024). EU Regulation of Smart Robotics: Too Much, Too Soon?
• Bygrave, Lee Andrew (2024). Utviklingstrekk ved EUs datasikkerhetsrett.
• Bygrave, Lee Andrew (2024). Legal Challenges of AI and Security.
• Bygrave, Lee Andrew (2024). Social Media and Human Rights: Is the Rule of Law Failing?
• Bygrave, Lee Andrew (2024). Low-Risk AI and the AI Act.
• Bygrave, Lee Andrew (2023). EU Legislative Initiatives on Data Sharing.
• Bygrave, Lee Andrew & Davis, Peter Alexander Earls (2023). Fairness in EU Law: GDPR, DMA, DSA, AIA.
• Bygrave, Lee Andrew (2023). Norges handlingsrom i møte med overfloden av tek-relaterte reguleringer i EU.
• Østli Jakobsen, Hanne & Bygrave, Lee Andrew (2023). Dette er en type teknologi som ikke bør finnes. [Avis]. Morgenbladet.
• Bygrave, Lee Andrew (2023). Core Principles of the General Data Protection Regulation in Light of Artificial Intelligence.
• Holter, Katrine; Bygrave, Lee Andrew & Judin, Tobias (2023). Rett og Slett #59: Datatilsynet i strupen på Facebook: Hvem vinner personvernkampen? [Radio]. Alle podkastspillere.
• Bygrave, Lee Andrew (2023). Regulatoriske utfordringer knyttet til manglende ansvarlighet ved tverrnasjonale private styringsformer for internett-baserte tjenester.
• Bygrave, Lee Andrew (2023). Utfordringer knyttet til EUs datalovgivning.
• Bygrave, Lee Andrew (2023). Accountability in Transnational Private Regulation: The Case of Meta's Oversight Board.
• Bygrave, Lee Andrew (2022). Cognitive Sovereignty, Machine Learning and Data Protection Rights.
• Bygrave, Lee Andrew (2022). Security by Design or Disaster? [Internett]. Tech Mirror podcast series.
• Bygrave, Lee Andrew (2022). The Design Turn in Law: A Sensible Answer to Regulatory Failure? Vis sammendrag

  In recent years, the concept of design has become increasingly prominent in law and public policy discourse. This trend is particularly pronounced in European legislative instruments which flag various 'by design' mantras, including 'data protection by design', 'privacy by design' and 'security by design". In Australia, we see regulatory agencies flagging similar mantras, such as 'safety by design' and 'open by design'. However, authoritative guidance on the meaning and weight of these norms remains scant, and critical legal scholarship on point is still in its infancy. What are the catalysts of the design turn in law? What is its agenda? Is it just a passing fad or a more permanent development? These are some of the questions that the lecture seeks to answer. It pays special attention to the new European rules on 'security by design' which, in the wake of the Optus data breach, ought to have a heightened resonance in Australia. The central argument advanced in the lecture is that the design turn is an intuitively sensible response to the frequent failure of 'law in books' to gain widespread practical traction, particularly in technology development. Yet, the rollout of design-focused rules in law and public policy discourse ought not to be regarded as a 'silver bullet' solution to regulatory failure: real-world design processes are complicated and frequently dogged by conflict and poor communication between the involved actors. These challenges ought to be kept in mind when law makers and others invoke 'by design' mantras.

• Bygrave, Lee Andrew (2022). What is a 'legimate interest' for processing personal data pursuant to Article 6(1)(f) GDPR?
• Bygrave, Lee Andrew (2022). Google, Amazon, Facebook ... Har personvernet på nettet en sjanse?
• Bygrave, Lee Andrew (2022). The Legal Regulation of Automated Decision Making.
• Bygrave, Lee Andrew (2022). Data Protection by Design and Security by Design: A Tale of Two Siblings.
• Bygrave, Lee Andrew (2022). 'By Design' as Regulatory Mantra.
• Bygrave, Lee Andrew (2022). Challenges of human rights in the digital domain: critical queries.
• Bygrave, Lee Andrew (2022). Methodological Challenges in Research on the Interaction of Technology and Human Rights .
• Bygrave, Lee Andrew (2022). Grunnleggende innføring i "common law".
• Bygrave, Lee Andrew (2022). Vulnerability in the Robot Society (VIROS) -- and some remarks about silos, law and "regulatory conversations" .
• Bygrave, Lee Andrew; Mahler, Tobias & Lintvedt, Mona Naomi (2022). AI Act og Norges handlingsrom .
• Bygrave, Lee Andrew (2022). When Privacy and Data Protection Rule, What and Who loses Out?
• Bygrave, Lee Andrew (2022). Cyber Resilience versus Cybersecurity as Regulatory Aspiration: A Case of the Hare and the Tortoise?
• Bygrave, Lee Andrew (2022). EU Regulatory Policy on "Smart Devices" and the "Internet of Things".
• Bygrave, Lee Andrew & Saplacan, Diana (2022). Webinar: Towards a New Legal Framework for AI: Human Rights, Ethical and Social Impact Assessment in AI. Guest: Assoc. Prof. Alessandro Mantelero, a Council of Europe Scientific Expert on Artificial Intelligence, data protection and human rights.
• Bygrave, Lee Andrew (2021). Cognitive Sovereignty and Machine Learning: Challenges for Society and the Law.
• Bygrave, Lee Andrew (2021). Contract as Regulatory Mechanism in Internet Governance: A Critical Assessment.
• Bygrave, Lee Andrew (2021). The Role of Human Oversight under the EU's Proposal for an Act on Artificial Intelligence .
• Bygrave, Lee Andrew (2021). Security Theatre? The Law and Politics of "Security by Design".
• Bygrave, Lee Andrew (2021). Biometri til besvær?
• Gundersen, Martin & Bygrave, Lee Andrew (2021). Helsenorge lot innbyggere dele sensitive helseopplysninger via facebook. [Internett]. NRK.
• Bygrave, Lee Andrew (2021). Rettslige rammer for sikkerhet på Internett.
• Bygrave, Lee Andrew (2021). Automatiserte avgjørelser.
• Bygrave, Lee Andrew & Langved, Åshild (2021). Telenor svarer etter Myanmar-kritikk. [Avis]. Dagens Næringsliv.
• Bygrave, Lee Andrew (2021). Data Protection Authorities: Multi-Taskers Under Pressure.
• Bygrave, Lee Andrew (2021). Cognitive Sovereignty in the Era of Machine Learning and 'Big Data'. Vis sammendrag

  We live in a world where automated decisional systems based on machine learning (ML) and 'Big Data' increasingly govern our behaviour. These systems promise a range of benefits, yet they also throw up a congeries of challenges, not least for our ability as humans to understand their logic and ramifications. This presentation considers such challenges through the prism of 'cognitive sovereignty' – a notion coined by Ulrich Beck in his famous work 'Risikogesellschaft' (1986). For the purposes of the presentation, cognitive sovereignty essentially denotes our moral and legal interest in being able to comprehend our environs and ourselves. The presentation argues that focus on cognitive sovereignty fills a blind spot in scholarship and policy discourse on the challenges arising from increasing use of ML-enhanced decisional systems. Not only is the notion an important constituent for an overarching conceptual framing of these challenges, it is also vital for grounding normative claims for greater explicability of machine processes. Further, the presentation assesses briefly the role of law, focusing on the provisions of data protection law that specifically concern automated decision-making. It shows that data protection law provides considerable but limited support for our cognitive sovereignty. At the same time, the application of legal norms operating with broad-brush criteria of proportionality, balance, and fairness carries a danger of 'grey-box' decision-making whereby the 'black boxes' of ML-enhanced decisional systems are assessed according to woolly, relatively subjective notions of propriety that are also rather opaque.

• Wagner, Eva; Møretrø, Trond; Moen, Birgitte; Heir, Even; Langsrud, Solveig & Kober-Rychli, Katrin [Vis alle 9 forfattere av denne artikkelen] (2020). PathoSeq: A multidisciplinary project aiming to materialize the benefits of whole genome sequencing in the food processing industry.
• Wagner, Eva; Møretrø, Trond; Moen, Birgitte; Heir, Even; Langsrud, Solveig & Rychli, Kathrin [Vis alle 9 forfattere av denne artikkelen] (2020). PathoSeq: A multidisciplinary project aiming to materialize the benefits of whole genome sequencing in the food processing industry.
• Bygrave, Lee Andrew (2020). Jussen rundt ansiktsgjenkjenning i korte trekk.
• Bygrave, Lee Andrew (2020). Hvordan styrer internettet deg? Jussens rolle.
• Bygrave, Lee Andrew (2020). European Data Protection: Is it Fit for Purpose in an Age of Algorithmic Regulation?
• Bygrave, Lee Andrew (2020). The Schrems II judgment of the EU Court of Justice in Historical Perspective.
• Bygrave, Lee Andrew (2020). GDPR etter ett år: hvilke betydning har den faktisk hatt for private aktørers atferd? .
• Bygrave, Lee Andrew (2019). The Emergence of Security by Design as EU Regulatory Principle.
• Bygrave, Lee Andrew (2019). Security by Design: Its Meaning and Utility as Regulatory Principle.
• Bygrave, Lee Andrew (2019). The Strasbourg Effect: The Potential Impact of the Council of Europe’s Modernised Convention on Data Protection outside Europe.
• Bygrave, Lee Andrew (2019). IKT regulering av/ved avtale mekanismer.
• Bygrave, Lee Andrew (2019). EU Data Privacy Law and Algorithmic Regulation: Critical Reflections.
• Mahler, Tobias; Bygrave, Lee Andrew & Tørresen, Jim (2019). The VIROS Project: Vulnerability in the Robot Society.
• Bygrave, Lee Andrew (2019). EU Data Protection Law vs. Algorithmic Regulation: Tilting at Windmills?
• Bygrave, Lee Andrew (2019). A Flawed Crusade? The EU General Data Protection Regulation in the Age of Artificial Intelligence.
• Bygrave, Lee Andrew (2019). Muligheter og utfordringer ved økende bruk av kunstig intelligens.
• Bygrave, Lee Andrew (2019). Transparency by Design.
• Bygrave, Lee Andrew (2019). DP:=PDF.
• Bygrave, Lee Andrew (2018). Taming Algorithms: The Probable Impact of EU Data Privacy Law on Automated Decision Making.
• Bygrave, Lee Andrew (2018). Security by Design: The Emperor's New Clothes in the Cybersecurity Space?
• Bygrave, Lee Andrew (2018). Security by Design: Semantics and Regulatory Operationalisation.
• Bygrave, Lee Andrew (2018). Public Administration as Regulatory Object in Data Protection Law.
• Bygrave, Lee Andrew (2018). Cyberspace, Security and Fundamental Rights.
• Bygrave, Lee Andrew (2018). The Public Interest in Decision Making of Standards Development Organisations in Internet Governance.
• Bygrave, Lee Andrew (2018). The EU General Data Protection Regulation and its Rules on Data Protection by Design: A Reason to Panic?
• Bygrave, Lee Andrew (2018). Obscure Intelligence, Due Process and Data Protection.
• Banet, Catherine & Bygrave, Lee Andrew (2018). Blockchain i energibransjen: Et juridisk perspektiv.
• Bygrave, Lee Andrew (2018). Data Protection by Design and by Default: Understanding GDPR Article 25 .
• Bygrave, Lee Andrew (2018). Data Protection by Design and by Default: Semantics, Rules and Prospects.
• Hunsbedt, Christiane; Bygrave, Lee Andrew; Fagerlund, Annette & Langsrud, Solveig (2024). Legal Regulation of Whole Genome Sequencing of Listeria monocytogenes in the Food Industry: Challenges, Attitudes, Possibilities. University of Oslo, Faculty of Law. Vis sammendrag

  This report presents the outcome of legal research conducted under the aegis of the project ‘Food Safety with High Precision—Pathogenomics for the Food Industry’ (short title: PathoSeq). A central objective of the PathoSeq project has been to prepare the Norwegian food industry for challenges accompanying the introduction of whole genome sequencing (WGS) of foodborne bacteria. The report elucidates the legal rules that may affect the implementation of WGS of bacterial pathogens in the food industry, using Listeria monocytogenes (Lm) as a case study. While the report focuses predominantly on the Norwegian context, account is also taken of the experiences and practices of certain other European states, particularly Austria, in light of EU food safety rules. Three key issues are canvassed: (i) the role of WGS data in assessing the safety of food; (ii) access by food safety authorities to WGS data, or to isolates on which to perform WGS, from the food industry; and (iii) food business operators’ ability to receive Lm isolates and sequences held by the authorities. A special feature of the report is that it builds on, and presents, an extensive mapping of stakeholder perspectives on these issues and, more generally, on potentials, hindrances and needs in respect of mitigating Lm-related risk through WGS technology.

Se alle arbeider i Cristin