Framework

What laws will be considered? What theories will be used?

In terms of legal scope, the project will not focus on one jurisdiction in particular, though it will prioritise regulatory structures in the EU and US. Although several domains of law are activated by web-based technologies in the mental health context - including administrative law, criminal law, civil commitment law, and so on - this project will generally focus on Data Protection Law and Human Rights Law.

Human Rights Law

As noted in the Method section, this project uses human rights as an organising frame, with reference to common values articulated in widely ratified human rights instruments. It is premised on the belief that an organised public can create space to express authentic concern for human rights, and that a human rights analysis can effect institutional change, including in response to the rapidly changing world of new and emerging digital technologies. My colleagues refer to the need to adopt a principle of ‘human rights by design and default’:

"The motivating insight for this principle is that human rights ought to inform the design of new technology from the very beginning. This contrasts with an approach that seeks to correct already developed products and services that would otherwise fall short of a human rights standard. This means that human rights-related considerations should be present in the research that leads to new technologies, right through to product and service development and delivery. It also means that the governance and regulatory framework that provides oversight of new technologies develops in parallel to the technology itself, enabling responsible innovation".[i]

There exist valid critiques of human rights as an organising frame, including concerns that it advances an individualistic version of liberalism at the expense of other, more collectivist organising principles. However, given the brief length of this fellowship (10 months), there are pragmatic reasons to defer to human rights. In particular, the justice claims of persons with psychosocial (or mental health-related) disability at the global level have been most comprehensively, and most recently addressed in the Convention on the Rights of Persons with Disabilities ('CRPD'). The CRPD has served as a global instrument for achieving justice for persons with disabilities that is widely endorsed by disabled people's organisations in the global North and South. Persons with psychosocial disabilities and their representative organisations played a key role in the development of the CRPD. The CRPD is also among the fastest and most widely signed and ratified human rights treaties.

The project draws from the spirit and letter of the CRPD, and in particular the provisions of Article 5 (Equality and Non-Discrimination); Article 22 (the Right to Privacy); and other articles apply to specific applications of tech, such as Article 15 (freedom from torture or cruel, inhuman or degrading treatment or punishment) and Article 16 (freedom from violence, abuse and exploitation). The project also draws from the CRPD’s general principles of dignity, individual autonomy, and independence, as well as its provisions for reasonable accommodation, accessibility, the right to the highest attainable health, equal recognition before the law, liberty and security of the person, and freedom from exploitation and abuse (Articles 2, 3, 5, 9, 12, 14, 16 and 25).

Regarding human rights and technology more generally, Giovanni Sartor has written that ‘human rights are a core aspect of regulating such technologies, particularly as human rights provide a unifying purposive perspective for diverse technologies and deployment contexts’. There are precedents in the application of human rights to questions of technology and rights. The European Court of Human Rights warned states that applying tech in the criminal justice spheres, for example, must not compromise the right to respect for private life (S and Marper v UK 2008: para 112).

The disability human rights framework will be linked with digital rights scholarship. The term ‘digital rights’ often implies a classical repertoire of rights to freedom of expression, privacy, and data protection. However, marginalised groups, including people with disabilities, have identified fundamental rights issues that arise beyond this selection, including along lines of class, gender and race. Internet policy scholarship has typically overlooked marginalised groups, with some notable exceptions. To address this disjuncture, this project - borrowing from Monika Zalnieriute's work on LGBTQI communities and digital rights - will seek to use a combined disability and digital rights analytical and conceptual framework.

Data Protection Law and the General Data Protection Regulation

Worldwide, the General Data Protection Regulation ('GDPR') is the most influential data protection law, and will serve as a touchstone for this project. This is not to suggest there are not flaws with the GDPR, or that critiques of it should not be taken seriously. Instead, it is to accept that the GDPR is a potential source of legal solutions under current conditions that complement transparency to ensure fairness, lawfulness and accountability of every system that processes personal data, including in mental health-related systems. For individuals, the GDPR is designed to uphold individuals’ private rights of action and other subjective rights, like access and the right to object. Other countries have proposed similar systems to the GDPR, with varying attention given to algorithmic accountability, risk assessments and different sectoral approaches.

Given the brief length of the Fellowship, I will draw on the GDPR and its categories of regulatory significance. It can be hard to pin down core concepts in this field, so the GDPR provides a useful set of legal concepts. It provides definitions for key terms more generally, such as ‘sensitive personal data’, ‘data concerning health’, and so on, which ensures a shared language. For example, the GDPR defines sensitive data as: ‘data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation (European Parliament and Council, 2018, art. 9.2(c)(j))”. The GDPR also provides special privacy and security safeguards for the personal data of children (European Parliament and Council, 2018, art. 6.1(f)).

US laws, such as the California Consumer Privacy Act (CCPA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, and the 21st Century Cures Act, will also be considered.

[i] University of Melbourne, Human Rights and Technology Response to Australian Human Rights Commission Issues Paper. October 2018.