Barry Schwartz’s seminal work “The Paradox of Choice” has received substantial attention since its publication nearly 20 years ago. In it, Schwartz argued that, faced with an ever-increasing plethora of products to choose from, consumers often feel overwhelmed and seek to limit the number of choices they must make.

Read the full piece here.

The Federal Trade Commission (FTC) is at it again, threatening new sorts of regulatory interventions in the legitimate welfare-enhancing activities of businesses—this time in the realm of data collection by firms.

Read the full piece here.

Abstract

Medical devices are increasingly connected, both to cyber networks and to sensors collecting data from physical stimuli. These cyber-physical systems pose a new host of deadly security risks that traditional notions of cybersecurity struggle to take into account. Previously, we could predict how algorithms would function as they drew on defined inputs. But cyber-physical systems draw on unbounded inputs from the real world. Moreover, with wide networks of cyber-physical medical devices, a single cybersecurity breach could pose lethal dangers to masses of patients.

The U.S. Food and Drug Administration (FDA) is tasked with regulating medical devices to ensure safety and effectiveness, but its regulatory approach—designed decades ago to regulate traditional medical hardware—is ill-suited to the unique problems of cybersecurity. Because perfect cybersecurity is impossible and every cybersecurity improvement entails costs to affordability and health, designers need standards that balance costs and benefits to inform the optimal level of risk. FDA, however, conducts limited cost-benefit analyses, believing that its authorizing statute forbids consideration of economic costs.

We draw on statutory text and case law to show that this belief is mistaken and that FDA can and should conduct cost-benefit analyses to ensure safety and effectiveness, especially in the context of cybersecurity. We describe three approaches FDA could take to implement this analysis as a practical matter. Of these three, we recommend an approach modeled after the Federal Trade Commission’s cost-benefit test. Regardless of the specific approach FDA chooses, however, the critical point is that the agency must weigh costs and benefits to ensure the right level of cybersecurity. Until then, medical device designers will face continued uncertainty as cybersecurity threats become increasingly dangerous.

ICLE Senior Scholar Miko?aj Barczentewicz joined the Warsaw Enterprise Institute to discuss  cyber-security threats arising from the Russia-Ukraine conflict. The full video (in Polish) is embedded below.

In their zeal to intervene, regulators have lost all sense of proportion and context. They are willing to sacrifice the immense economic and social benefits from technological exchange on the altar of privacy absolutism, potentially denying Europeans access to online services offered by US businesses. However, there is still hope that the courts and public officials will act responsibly and undo the impending damage.

Read the full piece here.

INTRODUCTION

European Union (EU) legislators are considering legislation— the Artificial Intelligence Act (AIA), the original draft of which was published by the European Commission in April 2021[1]—that aims to ensure the safety of AI systems in uses designated as “high risk”. As originally drafted, however, the AIA’s scope was not at all limited to AI; it would instead cover virtually all software. EU governments seem to have realized this problem and are trying to fix the proposal, while some pressure groups have pushed to move the draft in the opposite direction.

The AIA proposal is currently under consideration by specialized committees of the European Parliament. The parliamentary stage began with a long disagreement among the various committees regarding who should have decisive influence over the Parliament’s position on the bill. With that disagreement now resolved, discussions on the legislation’s merits are ongoing.

The purpose of this brief is to inform debate on the proposal’s fundamental features: its scope and the key provisions setting out prohibited AI practices (related to so-called “subliminal techniques” and “social scoring”).

Read the full issue brief here.

[1] Proposal for a Regulation of the European Parliament and of the Council Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Acts, European Commission, (Apr. 21, 2021), available at https://perma.cc/RWT9-9D97.

State legislatures are now tackling consumers’ digital privacy. Given the Internet’s inherently international character, a federal bill setting a national standard for digital privacy would be ideal. Yet, in the absence of federal legislation, state governments are seeking to address consumer privacy. Unfortunately, overly broad and burdensome regulatory obligations pose a real and immediate risk to digital innovation. Ensuring a globally robust market requires balancing consumer privacy and legitimate information exchange between consumers and digital-services companies.

The attached guiding principles and legislative checklist from the Reason Foundation and the International Center for Law & Economics seeks to help legislators and stakeholders narrowly tailor state consumer-privacy policy to address concrete consumer harms while preventing disproportionately punitive responses that obstruct market performance.

Read the full checklist here.

In their zeal to curb big tech through the Digital Markets Act, the European legislators are risking the privacy and security of all Europeans. It is time to accept the reality that the measures meant to force big platforms to be more open, will force them to lower their defences and to open the data of Europeans to bad actors. No amount of wishful thinking will change the fact that forced openness is in a tug of war with security. The DMA’s privacy and security provisions do not come close to taking the problem seriously and unreasonably expect the tech companies to solve a new class of risks that the DMA will create.

Read the full piece here.

European Union (EU) legislators are now considering an Artificial Intelligence Act (AIA)—the original draft of which was published by the European Commission in April 2021—that aims to ensure AI systems are safe in a number of uses designated as “high risk.” One of the big problems with the AIA is that, as originally drafted, it is not at all limited to AI, but would be sweeping legislation covering virtually all software. The EU governments seem to have realized this and are trying to fix the proposal. However, some pressure groups are pushing in the opposite direction.

Read the full piece here.