At the 2018 edition of the SEEDIG Fellowship Programme, fellows had an unconference session in which they established their own agenda and decided on the topics for discussions. The following topics were chosen for in-depth discussions, in working groups: cybersecurity, privacy and the EU General Data Protection Regulation (GDPR), freedom of expression and hate speech, the Internet of Things, digital literacy, and artificial intelligence. Each working group concluded its debate with several key messages. These messages are presented below.
- Cybersecurity culture in South Eastern Europe can be established through continuous and coordinated efforts on raising awareness among different stakeholders, that leads to a recognised need for redesigning educational programmes.
- Big data and open data have to be minimised, anonymised and processed in order to protect users’ identity.
- Nothing is going to change after the 25 May, companies will continue to prepare for the GDPR. Large Internet companies will be the first to be under scrutiny. But also data protection agencies (DPAs), law enforcement, parliaments are still preparing too.
- The GDPR causes a lot of issues for companies outside of the EU, because the Internet is borderless and, due to globalisation, EU users are everywhere. So, in principle, each company (website) should be compliant (the long arm of the law).
- The GDPR leads to direct expenses if companies choose to comply with its provisions. If they choose not to, then they should stop targeting EU citizens (or block them technically); this would, in turn, mean indirect financial losses.
Freedom of expression and hate speech
- Freedom of expression is not absolute. It has its limits in the offline world and the same limits should apply in the online world. Hate speech should not be an exception to this principle.
- Governments should play a more important role in combating hate speech, especially in the context of the SEE region, where hate speech online is often dismissed.
- Regulation is important, but we should not forget about the importance of education in tackling hate speech and promoting human rights.
- Governments should play a bigger role in raising awareness about the importance of digital literacy, but academia and civil society should facilitate building this awareness.
- Awareness should be raised in understanding not only the importance of digital literacy but also what it means. In the context of South Eastern Europe, people should understand what it is digital literacy, how it is different to computer literacy, and what it adds to normal literacy.
Internet of Things (IoT)
- The IoT will never be secure until we make it secure; we need to apply the security by design principle, which means to incorporate security in how the products are built, in the entire development and life cycle of products.
- A related problem is that developers are not trained to think about security (same as other potential legal issues, such as liability or privacy). There are best practices for both hardware and software, but developers are not aware of them and of the need to use them. The solution that we see is to incorporate security training in their education, make them understand its importance and the technological options they have. Of course, this does not guarantee incident-proof products, but it is a start; as with every technological application, it also depends on users.
- For the IoT to work optimally, companies need to upgrade their devices (phone, laptops, tablets, other electronic devices) to make them compatible with one another and adequate for ever-changing threats. Any discrepancy in the operating standards of connected devices can lead to security incidents, amongst other issues (privacy, consumer protection, abuses of rights, and so on).
Artificial intelligence (AI) and jobs
- AI will transform the quality and quantity of jobs (not solely repetitive work), but it is difficult to speculate how exactly this will happen.
- AI is already employed in recruitment agencies that harvest and analyse online data on job applicants. An important issue in this area is the ignorance of laypersons, who might not be aware of the data gathering practices and its effects on their employability. Another issue is the inability of persons to get a second chance or appeal to decisions taken by algorithms (which might be based on inaccurate or false data).