What changes does the new Swiss data protection law bring? When is cloud computing legally compliant? What should be considered when using AI and who may be liable to prosecution? The 16th Conference on Information Technology and Law answered these questions to the extent that answers are already available today

The theme of the 16th Computer Science and Law Conference at Bern City Hall (on 29 August 2023) was “BETWEEN INNOVATION AND SECURITY – DIGITAL WORKING IN THE LAW OF THE 21ST CENTURY”. The lectures in German, French and English presented the basic professional model conception, among others on AI use, cloud use and ethical guard rails. Based on this, they gave practically applicable answers to current legal questions on digital transformation. Even the concluding lecture on ethical navigation aids was practical in that it specifically named critical perspectives and illustrated them with well-known practical examples

After this perspective-rich, multi-layered event, 5 aspects in particular remain in the memory

1. The need for professionalisation in dealing with the danger of cyber attacks, in the use of artificial intelligence and in digital use in general – you don’t have to be a genius, but you need more knowledge, cognitive understanding and a sense of responsibility than before
2. Concrete practical insights into good practices and identification of the currently controversial legal issues – hardware-supported confidential computing is currently the silver bullet (all other solutions have at least performance problems), the permissibility of using American cloud offerings whose servers are located in Switzerland is fundamentally controversial
3. High complexity of questions – design questions and narratives are just as critical as mathematical, technical and organisational aspects of quality
4. Basic questions in the sense of to be or not to be: final control by man or machine, examination of the legal situation by parliament or the courts – there are many romantic notions here and a great need to catch up in communicating the state of science
5. Unresolved open questions – as simple and clear as many things are, there are enough topics with a foreseeable need for political action – for example, with regard to transparency – that should be clarified before legislation becomes necessary due to an occasion

As in football training

What is actually astonishing is that most of the issues are clear, they can be named and acting in a technically correct and risk-related sensible way is no great art, BUT firstly, there is a strongly pronounced ignorance towards critical aspects of the digital transformation in many organisations and secondly, there are important fundamentally unresolved issues. Accordingly, the discussions during the breaks were often very engaged and intense

You could also put it this way: because we have made so much progress in terms of knowledge, the unprofessionalism that still exists is so (dis)disturbing and the lines of conflict of legal interpretations and the legal questions that are still open are so clearly visible. This is not a bad situation. Switzerland is well prepared to make great progress in dealing with digital data in the coming years. But this progress needs measures and investments. Much is already in the making, but a similar amount is yet to come. The decisive factor will be whether politics and administration stay on top of the issues and build up specific knowledge

It is a bit like football training: it takes fun (in the case of professional action), intensity (in the actual doing) and repetition (in the imparting and application of knowledge) to become or remain successful. The digital transformation is a huge opportunity for Switzerland / Central Europe, but at the same time also a threat, because we are competing against digital pioneer democracies as well as against very consistently acting non-democracies. More strategic thinking than is usual in Switzerland is therefore necessary to seize this opportunity and avoid becoming a laggard behind digitally advanced dictatorships. The new Swiss cybersecurity strategy is therefore a good step forward, but this step must be repeated in all fields

Transparency at the centre

A very broad open regulatory topic is “How much transparency do we want?”. More precisely: what standards for declaring and verifying transparency do we want to create? Plus: what form of transparency should be made mandatory? The first question is a current topic for applied research, while the second question will soon become a topic for politics. However, politics can only meaningfully discuss the second question when there is fundamental clarification of the first question. Only when it has been clarified which information about a concrete AI-based application is useful for the users, does it make sense to discuss declaration obligations politically. So far, however, this is largely unknown

The Bern Conference on Informatics and Law made it clear what we understand well, where we argue among legal informaticists and where we have little idea. We don’t have to draw any conclusions from this, but we could. For example, we could invest more in cybersecurity and applied research. Why not: Why not, as they say elsewhere. There is no compulsion to start thinking only after Rome or Brussels has spoken. Because knowledge is available and there is a lot of interest.