Regulatory challenges of robotics: some guidelines for addressing legal and ethical issues


Ronald Leenes, Erica Palmerini, Bert-Jaap Koops, Andrea Bertolini, Pericle Salvini & Federica Lucivero, Regulatory challenges of robotics: some guidelines for addressing legal and ethical issues, Law, Innovation and Technology, Pages 1-44 | Received 01 Mar 2017, Accepted 07 Mar 2017, Published online: 23 Mar 2017, free download at

Robots are slowly, but certainly, entering people’s professional and private lives. They require the attention of regulators due to the challenges they present to existing legal frameworks and the new legal and ethical questions they raise. This paper discusses four major regulatory dilemmas in the field of robotics: how to keep up with technological advances; how to strike a balance between stimulating innovation and the protection of fundamental rights and values; whether to affirm prevalent social norms or nudge social norms in a different direction; and, how to balance effectiveness versus legitimacy in techno-regulation. The four dilemmas are each treated in the context of a particular modality of regulation: law, market, social norms, and technology as a regulatory tool; and for each, we focus on particular topics – such as liability, privacy, and autonomy – that often feature as the major issues requiring regulatory attention. The paper then highlights the role and potential of the European framework of rights and values, responsible research and innovation, smart regulation and soft law as means of dealing with the dilemmas.

KEYWORDS: Robotics, regulation, regulatory dilemmas, technology regulation, smart regulation, responsible innovation, soft law

Enhancing accountability in the cloud


Martin Gilje Jaatun, Siani Pearson, Frédéric Gittler, Ronald Leenes, Maartje Niezen, Enhancing accountability in the cloud, International Journal of Information Management (2016),

This article focuses on the role of accountability within information management, particularly in cloud computing contexts. Key to this notion is that an accountable Cloud Provider must demonstrate both willingness and capacity for being a responsible steward of other people’s data. More generally, the notion of accountability is defined as it applies to the cloud, and a conceptual model is presented related to the provision of accountability of cloud services. This allows a consideration of accountability at various different levels of abstraction, including the operationalisation of accountability. It is underpinned by fundamental requirements for strong accountability, which in particular are aimed at avoiding risks in the provision and verification of accounts (that include different types of accountability evidence and notifications, that may need to be provided to other cloud actors including data subjects, cloud customers and regulators). In addition, the article sketches what kind of tools, mechanisms and guidelines support this in practice, and discusses these in the light of the upcoming European Data Protection Regulation.

Under Observation: The Interplay Between eHealth and Surveillance


Samantha Adams, Nadezhda Purtova, Ronald Leenes, Under Observation: The Interplay Between eHealth and Surveillance, Dordrecht, etc: Springer, 2017, DOI: 10.1007/978-3-319-48342-9,

The essays in this book clarify the technical, legal, ethical, and social aspects of the interaction between eHealth technologies and surveillance practices. The book starts out by presenting a theoretical framework on eHealth and surveillance, followed by an introduction to the various ideas on eHealth and surveillance explored in the subsequent chapters. Issues addressed in the chapters include privacy and data protection, social acceptance of eHealth, cost-effective and innovative healthcare, as well as the privacy aspects of employee wellness programs using eHealth, the use of mobile health app data by insurance companies, advertising industry and law enforcement, and the ethics of Big Data use in healthcare. A closing chapter draws on the previous content to explore the notion that people are ‘under observation’, bringing together two hitherto unrelated streams of scholarship interested in observation: eHealth and surveillance studies. In short, the book represents a first essential step towards cross-fertilization and offers new insights into the legal, ethical and social significance of being ‘under observation’.

P1-wifi gateway


Wil je slimme meter uitlezen, maar vind je een kabel van meterkast naar PC of Rapsberry Pi onhandig?

Kies dan voor de P1-wifi gateway.

Deze kleine module wordt via een kort kabeltje aan je slimme meter (Landis + Gyr E350 DSMR4, Kamstrup, ISKRA, kafia, enz) gekoppeld.

Power adapter inpluggen en gaan. De meterwaarden worden nu iedere 10 seconden via WiFi verstuurd naar waar je maar wilt. De meterwaarden kunnen ook via een webinterface worden uitgelezen.

Typische toepassing van dit setje is in een Domoticz installatie. Onmisbaar in elk domotica project! Alle slimme meters worden ondersteund.

Zie voor meer informatie.

p1-wifi gateway

The Cookiewars – From regulatory failure to user empowerment?


The European regulator has relatively early on seen the potential privacy harms of cookies as means to facilitate the tracking and tracing of individuals as the browse the internet. The ePrivacy Directive regulates the use of cookies (amongst other mechanisms) in this respect, requiring the affected individual’s informed consent. The regulation has, so far, not been very successful in limiting the amount of tracking and tracing of individuals (primarily for the purpose of personalised, or behavioural advertising). It has been strongly opposed by the relevant industries, has seen a very low level of compliance and where compliance exists has been very slow in the making. Furthermore, ironically, the regulatory benefactors, individuals, have also opposed the regulation.

The battle to stop the unconsented tracking \& tracing of individuals seems particualrly lost now that the implementation of the cookie law’s requirement by and large seems to have moved from requiring the individual’s consent for the placement and use of cookies (thus providing the individual with a choice not to be tracked) to a mere acknowledgement that cookies will be used (and hence individuals will be traced, no matter what they want). The industry has succeeded in completely subverting and undermining the regulation’s aim. The ‘cookie law’ can thus be seen as an example of regulatory failure in the domain of privacy and data protection.

However, the cavalry might be around the corner. Although ad-blockers, which by and large also block tracking-cookies from being installed on the user equipment, have been around for some years, their use was until recently confined to techies and nerds. In the last couple of years this has been changing. Ironically, the popularity of Google Chrome goes hand in hand with the rise of ad-blockers on desktops (and laptops). Until recently, ad-blockers did not exist on one of the most important platforms for advertising revenues, iOS. This has changed with the launch of iOS 9 in mid September 2015. Suddenly ad-blockers are clearly on everyones agenda, either as threat or blessing. The adoption rate of both iOS 9 and Safari ad-blockers is stunning and might represent a significant factor to change the ad and tracing game altogether.

This contribution explores the ongoing cookie-wars by discussing the move from regulation to the market and code as modalities for the regulation of human behaviour.

Ronald Leenes (2015), The Cookiewars – From regulatory failure to user empowerment?, in: Marc van Lieshout & Jaap-Henk Hoepman (eds), The Privacy & Identity Lab; 4 years later, Nijmegen: The Privacy & Identity Lab, pp. 31-49, ISBN: 978-90-824835-0-5. available here:

The Governance of Cybersecurity


The Governance of Cybersecurity: A comparative quick scan of approaches in Canada, Estonia, Germany, the Netherlands and the UK, Adams, S., Brokx, M., Dalla Corte, L., Savic, M., Kala, K., Koops, B. J., Leenes, R., Schellekens, M., E Silva, K. & Skorvánek, I. Nov 2015 Tilburg University. 166 p.

Limesurvey on a Raspberry Pi (3b)


TILT’s application server, Vortex, might give up after years of trusty service. So, I thought it an interesting experiment to if we could move our stuff to a Raspberry PI.
It took some effort, but I’ve managed to get it up and running. Amazingly cool.

Here are the rough instructions. I have just installed on a brand new Raspberry Pi 3b. Works like a charm.

start with NOOBS on a new SD card
Boot up the Raspberry and have it install NOOBS.

Once up and running start up the terminal

sudo apt-get install apache2 -y —force-yes
cd /var/www/html
sudo chmod 777

sudo apt-get install php5 libapache2-mod-php5 -y —force-yes
sudo apt-get install mysql-server php5-mysql php5-gd —force-yes

create MySQL root passwd when asked for by the installer
(you will need this when installing Limesurvey)

sudo apt-get install php5-mysqlnd -y —force-yes

download limesurvey from
(My version is Replace by whatever you actually download)
mv /home/pi/Downloads/ /var/www/html

cd /var/www/html
chmod -R 755 /limesurvey/tmp/
sudo chown -R www-data /limesurvey/tmp/
chmod -R 755 /limesurvey/upload/
sudo chown -R www-data /limesurvey/upload/
chmod -R 755 /limesurvey/application/config/
sudo chown -R www-data /limesurvey/application/config/

cd /var/www/limesurvey/application/commands
php console.php install limeadmin pwd123 Admin

replace pwd123 and mailaddress with your own data

In a browser window goto

The Limesurvey installer should now run

Presto. Enjoy!

Raspberry Pi Zero


I’ve neglected the site for a while. That will change, starting now.

Raspberry org dropped the bomb 2 days ago, it’s called the Raspberry Pi Zero. I have ordered one immediately. The price indeed is 4 pounds sterling! (Including cable set (required only for the my first one) and shipping to the Netherlands, it cost me 19 Eur).

Start of the real computer revolution? Maybe. Computers sure are coming down in size.

Schermafbeelding 2015-11-28 om 18.01.47

Taming the Cookie Monster with Dutch Law – A Tale of Regulatory Failure


Ronald Leenes & Eleni Kosta, Taming the Cookie Monster with Dutch Law – A Tale of Regulatory Failure, CSLR 31 (2015), pp. 317-335

Profiling the online behaviour of Internet users has become a defining feature of the Internet. Individual surfing behaviour is tracked by many enterprises for statistical purposes, but also for behavioural advertising and other personalisation services. Profiling implies the processing of personal data often facilitated by cookies and other markers placed on the terminal equipment of Internet users. The European rules for the regulation of cookies and similar technologies were modified in 2009 requiring prior consent of the user, in order to guarantee that the user has some control over the processing of their information. In 2013 the Netherlands introduced probably the strictest implementation of the European rules concerning the installation of cookies. However, in practice the new legal requirements resulted in neglect of the obligations regarding user information on the one hand and in the widespread deployment of annoying banners, popup screens and ‘cookie walls’ on the other. Not only the advertising industry, but also web publishers and even ordinary Internet users opposed the regulation. Furthermore, the regulation, certainly initially, did not lead to increased user control. These and other factors support the conclusion that the Dutch cookie regulation is a case of regulatory failure. This paper discusses the practices that were deployed in the Netherlands and assesses them based on a multi-site study that examined the practices of 100 Dutch websites with regard to the installation of cookies. It further reflects on the response of the Dutch regulator, who – under the pressure of industry and consumers outcry – amended the relevant provisions of the Dutch Telecommunications Act in 2014.

Leenes, Ronald E. and Kosta, Eleni, Taming the Cookie Monster with Dutch Law – A Tale of Regulatory Failure (March 10, 2015). Forthcoming in CLSR, Vol. 31.2; Tilburg Law School Research Paper. Available at SSRN: