MENU
In 2019, the UN published a report on the digitalisation of public administrations, including the increased use of artificial intelligence. In the report, it is, among others, stated that:
"It is argued that big technology companies (frequently referred to as ‘big tech’) operate in an almost human rights-free zone, and that this is especially problematic when the private sector is taking a leading role in designing, constructing and even operating significant parts of the digital welfare state."[1]FN Special Rapporteur, Report of the Special Rapporteur on extreme poverty and human rights, 11. Oktober 2011, available at https://undocs.org/A/74/493
Because of the conclusions in the report, the UN called for increased awareness of the challenges arising from public digitalisation, in particular the risk of inadvertently causing damage to fundamental democratic values, human rights and the principles related to rule of law. The report specifically highlights the growing influence of the tech industry on public administration in the digital welfare states.
This is part of the background for the present pilot project, which aims to identify areas where the Nordic countries may co-operate in order to conduct studies and support research able to contribute to a balanced digital development in the Nordic and Baltic countries. Thereby ensuring that the future digital administrations are based on the common Nordic values of democracy, rule of law, human rights and trust between citizens and authorities.
The majority of the public administrations in the Nordic states already rank among the world’s most digitised. What’s more, it must be anticipated that even more advanced technologies will be taken into use within a wide range of different areas within the next decade. Thus, public digitisation within the Nordic states is characterised by advanced, continuously and ever-increasing development which affects various administrative activities and the connected governance, organisation and working practices of public administrations.
At least based on case law from the Parliamentary ombudsmen in the most digitised of the countries examined, there seems to have been a tendency so far, that legal aspects are (too) often overlooked in the context of developing, using and maintaining digital solutions used in the public sector. The limited data obtained via this pilot project cannot act as a basis for ascertaining with certainty how pronounced this tendency remains. However, it seems highly relevant to proactively promote a focus on compliance with legislation, as well as fundamental legal principles related to rule of law and promote legal certainty, in parallel with the expected increase in the use of more advanced technologies.
A particular area of focus should arise from the fact that a common denominator between Norway, Sweden, Finland and Denmark is that investments are currently being made in developing artificial intelligence in order to streamline and improve the way the public sector works. It is worth noting for these countries that a number of ethical considerations are being debated and highlighted, while the legal issues and questions of legal certainty are primarily being addressed as themes related to data protection, privacy, and surveillance and, to some extent, the risk of discrimination (the latter often referred to as bias in the public debate).
The data provided via the pilot project have furthermore revealed that statutory regulation gradually is affected in order to promote public digitisation. This might be the beginning of a legal development resulting in administrative law being adapted to the increased digitisation. Further, the highly digitised countries are so working more or less strategically on what is known as "digitisation-ready legislation", which is often under the resort of or coordinated by the Ministries of Finance.
Based on the gathered data obtained, the following is recommended:
Firstly, that the Nordic Council of Ministers initiates a dialogue with Nordforsk recommending a call for postdoc projects under Nordforsk, or that the Nordic Council of Ministers initiate cooperation between senior researchers in the Nordic and Baltic countries, with the aim to identify and analyse the constitutional and human rights framework for public sector digitisation, and to evaluate whether present administrative law provide sufficient support for compliance within these parameters. An important aspect should be to address the specific challenges related to artificial intelligence, including assessment of which areas documentation is relevant in order to ensure future respect of common Nordic values.
Secondly, based on the gathered data, it is recommend to initiate dialogue with Nordforsk on a call for one or more postdoc projects, to thoroughly study the effects of digitisation on governance, control and liability structures in the field of public administration, possibly including the court administration. Further, it is recommended to ensure that such projects conduct analyses and evaluations of how and to what extent sufficient control over the influence of private tech-companies can be ensured via either legislative initiatives or strategic contracting – or combinations hereof.
Thirdly, it is recommended to investigate what direction the legislative development is taking within both general and special administrative law, clarifying the underlying considerations and interests, and assess whether this development sufficiently protects legal certainty, future governance and control. Such investigations can be carried out either in collaboration between senior researchers in line with Digi-courts, or as a PhD or postdoc project under Nordforsk.
Fourthly, it is strongly recommended to meet the need to strengthen the sharing of knowledge within the Nordic cooperation, particularly in relation to legal aspects of digital administration. It is suggested to set up a long-term project with the task of continuously gathering and analysing case law from the Nordic and possibly Baltic countries, compiling this in annual reports to be published by the Nordic Council of Ministers.
Fifthly, and finally, it is recommended that the Nordic Council of Ministers consider, in dialogue with NordForsk, to recommend legal research as an integrated element of other projects related to public digitisation within Nordforsk. This seems of particular relevance for the many projects related to recent and more advanced technologies, such as artificial intelligence.
The ultimate aim of the present pilot project has been to assess, based on gathered data from selected Nordic countries, whether there is a need to strengthen knowledge-sharing, studies and research into those legal aspects of public sector digitisation which relate to the fundamental and shared Nordic values of democracy, the Rechtstaat, legal certainty and mutual trust between citizens and the public authorities. The selected states are Iceland, the Faroe Islands, Finland, Norway, Sweden and Denmark. In other words, the purpose is (only) to identify areas and themes where there might be a need for increased knowledge-sharing and research related to constitutional law, human rights and the core principles of administrative law in order to ensure public digitisation strengthens – not undermines – the widely acknowledged and shared Nordic values.
Thus, the background of the project is an underlying agenda; to ensure that both administrative practice as well as legislative development continue to build on the fundamental Nordic values in the future digital administration. Further, the study rest on an underlying assumption, that it is possible as well and advantageous for the Nordic (and Baltic) countries to collaborate on identifying tendencies and challenges, since they will be able to benefit from one another’s experience and research. This assumption is based on the significant organisational and regulatory similarities in the Nordic countries, the fundamental values, and the administrative and ethical standards, which the relationship between citizens and authorities is built upon (good administrative practices).
As part of the pilot project, data has been collected from governmental and other relevant stakeholders in the respective countries to the extent they were able to contribute.[1]Visits were planned to the respective stakeholders in each country. The only one of these which took place was with the Norwegian parliamentary ombudsman institution, as all others were held digitally as a result of COVID-19. In addition, the Nordic Ministries of Justice in particular indicated that they were (quite understandably) under considerable pressure during this time. These stakeholders varied from country to country, but all Ministries of Justice and Parliamentary ombudsman institutions have been contacted. Further, material collected from other stakeholders developing strategies for public digitisation. The latter were primarily authorities under the Ministries of Finance, but communication was also established with central municipal organisations in the Faroe Islands.
Consequently, data was collected on a) digital infrastructure, larger sector-related systems and tendencies in the respective countries; b) case law from the parliamentary ombudsmen and courts c) general legislative initiatives related to public digitisation.
With regards to case law, a common feature of the Nordic countries proved to be that court proceedings are rare. This might be due to the procedural restrictions combined with the expense of law suits against public authorities.[2]See “om prøvelsesspørgsmålet og ombudsmandsinstitutionernes i lyset af den begrænsede domstolsprøvelse i af den digitale forvaltning Folketingets Ombudsmand i Danmark” (on the issue of proceedings and the role of the parliamentary ombudsman institutions in the light of the limited number of legal proceedings in digital public administration), the Danish Parliamentary Ombudsman, Niels Fenger, FOB 2019, Hvordan digitaliserer vi uden at skade vores retssikkerhed? (How do we digitise without damaging legal certainty?)) and the same in “Ombudsmanden – et værn for borgernes retssikkerhed” (the Ombudsman – a bulwark for the legal certainty of citizens), UfR 2020 B, pp. 37 ff. The Nordic parliamentary ombudsman institutions, however, seem to play a key role (especially). In particular the offices of the parliamentary ombudsmen in Denmark, Norway, Sweden and Finland plays a role in ensuring rule of law and citizens legal rights, although the Icelandic parliamentary ombudsman institution also expressed an awareness of the growing importance of the field of public digitalisation.
The data collected was then examined and the relevant parts described. See below, Sections 2–4. Not all the material received has been used in the report, as the task is to focus on constitutional law, human rights and core principles of administrative law. A number of cases, e.g. on the right of access to documents, use of incorrect data from information-systems and the design of self-service solutions, are thus not mentioned in the report.
Within the project’s areas of focus, certain challenges seemed to recur in case law and there were indications of legislative tendencies. Based on this identification, possible models for how the Nordic Council of Ministers may support and promote the Nordic values and legal certainty as a part of future (digital) public administration were drafted. Where relevant, fields in which individual countries stand out have been identified – and is mentioned in the report. The latter is included in order to support the Nordic Council of Ministers deliberations on whether knowledge sharing is particularly relevant if specific insights has been gained by countries with special focus areas.
The status of digitisation in Nordic public administration is outlined in Section 2 below, after which the challenges for the Nordic values and legal certainty which digitisation has so far caused are identified based on the selected parts of the case law received. Section 3 describes the legislative development, and assesses whether more research within this field is needed. The Nordic strategies for future development of digital administration are reviewed in Section 4, in which potential challenges are also identified. Section 5 provides a summary of the areas for which further knowledge sharing and insight is required along with proposals for various models that may be suitable.
In general, the public administrations within selected countries rank among the world’s most digitised according to the UN.[1]E-Government Survey 2020, Digital Government in the Decade of Action for Sustainable Development with addendum on COVID-19 Response, pp. 25 (XXV) ff. The Faroe Islands – which are not covered by the UN’s global reports – states that the development are not as advanced as the other countries. However, investment has been made in developing central digital infrastructure, and a corresponding development must therefore be expected for the Faroe Islands in the near future. For example: the current digital signature MinLykil will be replaced by Samleikin, which is a signature solution similar to the Finnish and Icelandic solutions. Further, the use of digital solutions increases at a municipal level, see further on co-nordic inspiration and technology sharing in Section 2.2.
The status of public digitisation in the selected countries is briefly outlined in Section 2.2, after which Section 2.3 reviews the identified challenges related to constitutional law, human rights law and the core principles of administrative law with respect to digitisation. In the interests of readability, there is a summery in Section 2.4, along with recommendations for further investigations and research, before the legislative development is described and discussed in Section 3.
It is characteristic for all the selected countries, except the Faroe Islands, that the central digital infrastructure has been established and developed over the last 10–15 years, that some areas of taxation and social welfare are fully or partially automated (apparently with simultaneously centralisation), that digitisation of further areas of administration is taking place at a municipal level, and that the automation of both internal and external administrative activities increases.
The central public digital infrastructure includes centralised public portals, which provide an access to the self-service solutions offered by various authorities (self-service and reporting solutions).[1]Borger.dk, Virk.dk from Denmark, Government.no in Norway and specialised portals, such as Altinn.no, are examples of where reporting can be made to state authorities. Data.norge.no presents public data and Anskaffelser.no is intended for public procurement. See also Government.is and Government.se. Finland stands out in this area, having gathered all public services on the same portal under the banner of a “one-stop-shop”.
Denmark, in particular, makes extensive use of digital self-service solutions for communication between citizens, businesses and authorities. Borger.dk alone offers around 2,000 self-service solutions, related to 775 administrative areas.[2]Statement by the Danish Agency for Digitisation, FOB 2019-22. Furthermore, in Denmark resort ministries are granted the right to issue executive orders imposing mandatory use of the self-service systems for citizens and companies unless a dispensation is granted, e.g. due to a handicap.[3]
Other solutions regarded as public infrastructure are official post boxes (mails), set up for natural person and/or legal bodies (citizens and companies) and the development of digital signatures. Even though digital signatures have been developed in most countries, there is still considerable variation between the Nordic signatures in terms of their design, prevalence and use.[4]Denmark uses a provider (NETS) for NemID, which is a two-factor solution, requiring a username and a password, plus a code taken on a card or via an app. Sweden uses several providers and software-based solutions, along with smartcards, or via smartphones. Norway currently has MinID, BankID on mobile phones, BankID, Buypass, Commfides or Buypass ID on mobile phones and a new e-ID (“MinID”) in development. Finland uses several providers and different solutions, including the citizen’s card (a smartcard with a chip), BankID and eID, provided by mobile network operators. Iceland has Icekey, a two-factor ID solution combined with Multi IceKey Denmark stands out in this area since the digital signature (NemID, henceforth MitID) has been owned by the state from the very beginning, which has probably contributed to its widespread use. Further, possessing a NemID in Denmark is needed in order to be able to use the majority of public digital solutions, including the official e-mail service (Offentlig Digital Post). NemID is also the platform for communication between citizens and the courts in civil proceedings. Consequently, Denmark holds case law related to the digital signature illustration practical and legal implications of handing over powers to (private) suppliers see below in Section 2.3.4.[5]See note 6 on mandatory digital self-service in Denmark.
Payment, refunding and similar solutions are currently being developed, connected to various forms of cross-sectional financial management solutions already implemented – another element of the public digital infrastructure. In addition, large databases and data warehouses are likely to be considered part of the future public digital infrastructure. This is due to the need to access and share data across the administrative areas and public bodies resorts in order to support or automate supervision, decision-making, provide services, and for the development of artificial intelligence to support such activities, see below in Section 4.2. Further, in recent years initiatives has been taken to share public data with the public. This is, among others, for commercial use, and the initiatives might be a part of the preparations for implementing the revised EU PSI Directive.[6]Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re-use of public sector information. See initiatives such as Datafordeler.dk, opnnadata.se, fellesdatakatalog.digdir.no, avoindata.fi, opingogn.is. No portal has yet been developed on the Faroe Islands. Norway, in particular, seems to be highly advanced in this respect. Further, all national strategies of public digitalisation include aspects or initiatives with the aim of improving citizens’ access to information concerning their own cases and data which public authorities processes on them. The UN has named Sweden as a country that has established a high degree of transparency with respect to its citizens.[7]E-Government Survey 2020, Digital Government in the Decade of Action for Sustainable Development with addendum on COVID-19 Response, p. 52.
For a number of reasons, digitisation increased the division of administrative activities into specialist areas (silos) in the 2000s and early 2010s.[8]Fra forvaltningsjurist til udviklingsjurist – introduktion til offentlig digitalisering (from legal clerk to development advisor – an introduction to public digitisation), Djøf forlag, 2000, pp. 32 f. This is likely why the current national strategies of public digitalisation more or less implicitly aims for a higher degree of context in public administration – and consequently to increase the sharing and re-use of data.[9]In Norway for example, there is extensive collaboration across the public authorities on SmartGovernment, intended to ensure interoperability, a greater degree of data sharing, etc. As a result of Finland’s focus on context, citizen-friendliness, the involvement of public groups, researchers and the business, combined with the objective of all services being digitally available by 2023, the Finnish public authorities is likely to have gained considerable insight into this field.
Some of the gathered data indicate tendencies towards greater Nordic-Baltic collaboration within the area of public digitalisation, including the development of shared solutions or reuse of one another’s technology. For example, the tax authorities in Denmark, Norway, Sweden, Finland and Iceland have developed a portal called ‘the Nordisk eTax’. As far as the (re)use of one another’s technology is concerned, an example is that in 2018 the Icelandic government decided to use the Estonian X-Road platform, which also is use in Finland. Dialogues with the Faroe Islands also revealed that municipal bodies at the Faroe Islands find considerable inspiration via Danish municipal communities, especially those developing share solutions as open source, e.g. the OS2 network.[10]See https://os2.eu/
Is might be noted that the DigiCourts project has revealed a similar structure for digital case management is being established by the aforementioned countries as described above, in the form of self-service and reporting solutions for court cases and case management for the Nordic (and Baltic) courts. However, what is characteristic of the countries examined in this investigation is that the digital development in the area of courts has been slower than for public administration. From a legal perspective, it is characteristic that administration of the Nordic courts will typically not be subject to administrative legislation directly, nor will its rules be applied directly to the judicial activities of the courts. However, the rules of administrative law will normally apply analogously to the administrative management of cases by the courts, and it must be expected that the judges themselves may encounter similar constitutional and administrative legal challenges in their judicial activities, in line with digitisation. Whenever this report refers to the challenges facing public administration in the Nordic states, the authors thus also presume that the administration of Nordic courts might face the same problems in the future.
Very comprehensive material of varying relevance has been submitted to this pilot project. The Norwegian parliamentary ombudsman institution, for example, has identified a number of challenges via its supervisory activities relating to citizens’ access to files in digital public administration. The Danish parliamentary ombudsman institution possesses such extensive case law concerning the central rights of the parties that a special section has added to the institutions guide for public bodies. However, this material is not fully relevant for the themes of this report. Thus, following section focuses on the general aspects that fall within the brief of this project; the legal basis related to digitisation and challenges related to government and controls. Ensuring citizens’ legal certainty and basic (human) rights are also considered to be covered by the brief.
The principle of legality is fundamental for the Nordic states, and can be generally regarded as a consequence of the relationship between the legislative and executive powers enshrined in the Nordic constitutions. For public bodies in the Nordic countries, this entails that they must have a legal basis to conduct their activities, and executive orders and decisions directed at citizens must comply with the legislation and other higher-ranking norms.
In Denmark, short references in reports and legal literature assume that digital tools and maybe even some automation can be implemented without statutory legal basis.[1]NOU 2019: 5, subsection 18.3.3.3, and e.g. Nikolaj Aarø-Hansen in Niels Fenger (ed.), Forvaltningsret (Administrative Law), Djøf forlag, 2018, p. 626 and Hanne Marie Motzfeldt, Jøren Ullits and Jens Kjellerup, Fra forvaltningsjurist til udviklingsjurist (From legal clerk to development advisor – an introduction to public digitisation), Djøf forlag, 2020, p. 57. However, parts of the Danish literature do briefly discuss whether the subordinate placement of the executive power might indicate that the democratic legitimised legislator is to be involved in some cases. The latter refers to digitisation projects that might lead to extensive changes in the public sectors organisation, governance and liability structure or the interaction between citizens and authorities.[2]Fra forvaltningsjurist til udviklingsjurist – introduktion til offentlig digitalisering, Djøf forlag, 2000, s. 56 ff. In Sweden, however, the Swedish Public Administration Act (Forvaltningslov) states that automation does not require any specific statutory legal basis.[3]Förvaltningslagen (2017:900), accessible via http://rkrattsbaser.gov.se/sfst?bet=2017:900.
The Finnish parliamentary ombudsman has addressed the theme of a legal basis for automation in the public sector. The Finnish ombudsman have send the pilot project case law related automating systems used by the Finnish tax authorities. The said systems managed reminders, and generated automatically decisions in a large number of tax cases (approx. 300,000 reminders to taxpayers for missing tax returns, and approx. 112,000 decisions without the involvement of a case officer).
The Finnish parliamentary ombudsman and the Finnish constitutional committee are of the opinion that automated decision-making must rely on a clear and precise legal basis. This implies that it must be clear how cases are selected for automatic decision-making and that must be transparency with regards to how the underlying algorithms work. The latter must be in a form that the individual citizen is able to understand. Further, the Finnish Parliamentary ombudsman have stated that, based on the doctrine of fair expectations and the basis of good governance, Finnish citizens have a right to be informed if their case is being automated processed. If not, it is argued, citizens cannot fully protect their interests. Finally, the parliamentary ombudsman’s office pointed out ambiguities related to liability when such systems are used.[4]Mark Suksi. Administrative due process when using automated decision-making in public administration: some notes from a Finnish perspective, Artif Intell Law, 2020 p. 7, accessible via https://doi.org/10.1007/s10506-020-09269-x, p. 7. The Finnish parliamentary ombudsman’s conclusion was that the use of the said systems relied on an inadequate legal basis, and therefore did not fulfil the constitutional prerequisites of “the rule of law over administration, good governance, legal protection and the requirement for regulation by law”.[5]EOAK 3379/2018, EOAK 2898/2018, EOAK 2216/2018. The Finnish parliamentary ombudsman thus deemed that a lack of transparency in the systems is in violation of multiple provisions of the Finnish constitution, including Article 2 on the principle of legality, Article 21 on good administrative practice, and Article 80 on the responsibility of public sector employees.
The above described highlights the fact that as constitutional law might have been irrelevant while it-systems still was used merely as relatively simple tools for the case officers within the public administrations, the constitutions becomes relevant as digitalisation advances. The far more advanced technologies in use today and their effect on administration, organisation and decisions made by public authorities, imply that the lack of clarity concerning the constitutional framework for the digital public administration may become a challenge in the future.
As stated in the introduction, burdens cannot be imposed on citizens without a legal basis, and public bodies are to comply with relevant regulation.
With regards to the imposition of burdens, some challenges show (reveals themselves) in existing case law. These are primarily related to digital communication, as there have been a number of cases in Denmark in which the authorities have imposed digital communication on citizens without the necessary legal basis.[1]Subsection 3 of the Danish parliamentary ombudsman’s guide to the authorities, “Generelle forvaltningsretlige krav til offentlige IT-systemer, overblik #13” (General requirements of public administrative laws for public sector IT systems, an overview), accessible via https://www.Ombudsmanden.dk/myndighedsguiden/specifikke_sagsomraader/generelle_forvaltningsretlige_krav_til_offentlige_it-systemer/.
Concerning the other prerequisite of compliance with the legislation, the expert committee behind the Norwegian white paper, NOU 2019:5, points out the importance of programming to be compliant with applicable legislation when automating systems are taken into use.[2]NOU 2019:5, subsection 18.3.3.3. Further on is white paper, see below in Section 3.2. There are no case law or other data gathered in the present pilot project in which faulty or incomplete programming have been the only – or main – theme. However, the problem does arise as sub-elements in two Danish cases on the EFI system and the system Én skattekonto (FOB 2014-24 and FOB 2019-1).
EFI was a solution developed by the Danish tax authorities, which was intended to automate large parts of debt collection (collecting debts, which citizens and businesses owe to public bodies). The system was supposed to receive requests from the creditor and assess whether the debtor was able to pay, based on a series of data. In 2014, the lack of documentation of the development process led to criticism from the Danish parliamentary ombudsman.[3]Note 17, subsection 2 and FOB 2014-24, p. 3. Based on the parliamentary ombudsman’s statement and the fact that the implementation process had indicated errors, the tax authorities commissioned a law firm (Kammeradvokaten) to perform a ‘legality analyses of the system.[4]Kammeradvokaten is a private law firm, under contract to the government via the Danish Finance Ministry, to provide legal services to the central administration authorities. The analysis revealed that a number of non-compliant processes had been programmed into the system – and Kammeradvokaten’s opinion was that there was a systematic risk of the solution performing unlawful debt recovery. In other words; systematic administration in violation of relevant regulation. The tax authorities stopped the use of the system. Collection of debt in Denmark is still inefficient, see more on the so-called ‘breakdown’ of the Danish tax administration in Section 2.3.4.
In the case, FOB 2019-17 an undertaking complained about the collection of interest by the tax authorities. According to the Danish Act on the Collection of Direct and Indirect Taxes (Opkrævningslov), it was undeniably the statutory duty of the tax authorities to apply interest to the debts of undertakings daily and to apply it monthly to the total balances with the company. However, this procedure had not been performed due to problems with the solution named ‘Én Skattekonto’. The solution was taken into use on 1 August 2013, but was unable to apply interest until October 2019. This was due, among others, to functional errors. The Danish parliamentary ombudsman stated that it must “...be considered extremely regrettable that an IT-system with such deficiencies have been put into use”.[5]FOB 2019-17, p. 4. The Danish parliamentary ombudsman also criticised the tax authorities for failing to observe their duty under administrative law to provide guidance, as they failed to provide sufficient guidance to the undertakings on the problems with applying interest, and the consequence of such for the undertakings. The parliamentary ombudsman also found that the legal basis for issuing such demands was questionable, and urged the undertaking bring the matter before the courts.
The above described illustrates major challenges to future digitisation, as errors or flaws in automating systems results in systematically violation of the relevant regulation.[6]Highlighted by the parliamentary ombudsman in Denmark, Niels Fenger, FOB 2019, “Hvordan digitaliserer vi uden at skade vores retssikkerhed?” (How can we digitise without damaging legal certainty?) and the same in “Ombudsmanden – et værn for borgernes retssikkerhed” (the Ombudsman – a bulwark for the legal certainty of citizens), UfR 2020 B, p. 37 ff. However, this does not in itself appear to be a matter of legal research. Rather, arising challenges to rule of law and legal certainty seems to be whether errors and flaws subsequently are ‘corrected’ via legislative changes; adapting the legal requirements to the flawed systems. Such retrospective digitisation-ready legislation, which corrects poorly developed solutions to comply with the law by changing the legislation rather than the systems, is not in line with the democratic ideals embedded in the Nordic constitutions.
In the Finnish parliamentary ombudsman’s case, referred to above in Section 2.3.2, the office highlighted ambiguities regarding governance, liability and supervision in automated tax administration in Finland. This was one of several elements, which led to the assessment, that the Finnish digital tax system violated the constitution.
The Finnish case illustrates that digitisation of the public sector may lead to ambiguities concerning liability, and such ambiguity may constitute a serious obstacle to maintaining effective governance within public administration, and to ensure responsible action in the event of errors and omissions. Overall, the data gathered by the pilot project indicates that digitisation has caused new and overlooked problems with regards to liability and governance, specifically in three contexts:
Challenges ensuring good governance within a public body can be illustrated by the process known in Denmark as SKAT’s collapse.[1]“Overmod og afmagt, Historien om det nye SKAT” (Overconfidence and negligence, the story of the new SKAT) by Jørgen Grønnegård Christensen and Peter Bjerre Mortensen, Djøf forlag. See also https://www.skm.dk/aktuelt/presse-nyheder/pressemeddelelsesarkiv/regeringen-klar-med-handlingsplan-for-skat/ A major cause of this collapse, which occurred in the period after 2015, was the aftershock of the faulty EFI system, se above Section 2.3.3.
This so-called collapse, and the difficulties placing any responsibility for the EFI project, is one of the main reasons why an investigative commission has been set up in Denmark. The Commission holds a mandate to access confidential information, interview public officials etc., and is given a thematically wide reaching mandate. One of its key tasks is to investigate and report on the EFI case, and assess whether there are grounds for the public authorities holding public officials responsible – and, if relevant, to make suggestions for legislative changes.[2]See https://kommissionenomskat.dk/kommissorium/justitsministeriets-kommissorium-of-3-juli-2017-for-en-undersoegelseskommission-om-skat.html
In the relationship between public authorities and private suppliers, there seems to be a dawning awareness of the risk of becoming dependant on specific suppliers, with higher costs and poor service as a result. In the Swedish white paper, SOU 2018:25, reference is made to the legal and governance-related problem of suppliers of digital solutions gaining too much influence on the affected public administration. The weakening of the public bodies’ insight and governance is highlighted as well as the risk of hollowing the control of the public sector.[3]SOU 2018:25, p. 184: “An amendment ought to be made in the regulation that ensures opportunities for insight whenever certain automated processes are used. This applies to regulations which ensure opportunities for insight into how the digital administration uses certain algorithms or software for achieving objectives or processing cases, and insight into the grounds for individual objectives or cases. Such adaptation will eliminate any legal uncertainty which is currently preventing or impeding digitisation, and at the same time ensure that the freedom of information principle and legal certainty are strengthened.” Further, in this white paper, see below in Section 3.2. The paper specifically mentions that it “was not always possible for an authority to check for errors in underlying calculations itself because it did not have access to the software used, or had insufficient opportunity to gain insight into the underlying functionality.”[4]Ibid., p. 189.
The Swedish committee’s key point may also be illustrated by the Danish EFI case. When the so-called legality analysis regarding EFI was performed, it only investigated parts of the system.[5]Kammeradvokaten, Rapport om legalitetsanalyse of EFI- delsystemfunctionaliteter, Lønindeholdelse, Tvungne Betalingsordninger, and Betalingsevneberegning Budget (Kammeradvokaten, report on the legality analysis concerning the functionalities of the EFI system, tax at source, compulsory payment orders and calculation of ability to pay, budget), 8 September 2015, 7513085 SFS/PFJ According to the report, the fact that only part of the system was investigated was due to “the complete or significant absence of updated and accurate documentation on how the debt collection system works in practice, and it must be concluded that SKAT has no overall picture of what the system undertakes in terms of making decisions and actions during automatic processing of individual cases.”[6]Ibid., p. 3. In other words, debt collection from citizens in Denmark would, if the system had remained in use, have been determined and controlled by those private undertakings which had developed the system. This may be of increasing significance in terms of constitutional and administrative law in line with the growing automation of public administration in the Nordic states.
However, the case law of the Danish parliamentary ombudsman revels that the challenges faced by the public sectors in the Nordic countries in terms of influence, liability and ability to govern via private suppliers of systems are not limited to digitalisation related to automation. There may also be a risk in other contexts, if exercising of public authority over citizens unintentionally is handed over to the private sector.
In the case FOB 2017-19, the parliamentary ombudsman aware of the lack of legislation related to the Danish digital signature system (NemID). The background was that two elderly citizens needed the signature to report lease-agreements relating to their farms via a self-service solution. Using the said self-service solution was mandatory for the citizens in question, unless dispensation was granted by the authority responsible for the system (which was not their residence municipality). Meanwhile, their municipality had refused to issue a NemID to the farmers. The explanation for the rejection was that the municipality assessed they were incapable of using or understanding a NemID.
The Danish parliamentary ombudsman discovered that the municipality’s legal basis for rejection granting a NemID relied on a so-called RA agreement with the private company, Nets DanID. According to the RA- agreement, the municipality had accepted to issue NemID under the terms set out by the company (Nets DanID) as these terms were described in a set of guidelines for the municipalities. Further, it was clarified during the investigation that Nets DanID operated the Danish NemID-system for the Danish Agency for Digitisation, which is a governmental body under the Ministry of Finance.
The parliamentary ombudsman stated in his consultation letter to the Danish Agency for Digitisation that in legal literature and in case law, it is generally assumed that delegation of decision-making or the exercising of public authority from a governmental body to a private company, or to the independent municipalities, requires a statutory legal basis. This requirement is due, among other things, to the weakening of the control of the administration as functions are handed over to bodies outside of the hierarchy of the ministries. The outcome of the case was that the Danish Agency for Digitisation and the parliamentary ombudsman agreed that the construction ought to be regulated by law. This was due to the fact that NemID, due to the increased digitisation, especially the mandatory self-service solutions, had in practice gone from being an additional service to being vital with regards to whether citizens are able to get an up-to-date service with respect to large parts of the public administration, both in terms of public service and decision-making.[7]Danish Act no. 439 of 8 May 2018 on the issuing of NemID with public digital signature to natural persons, and to employees of legal entities. Thus, in this specific case, the matter was resolved by a retrospective change in the law.
Both the Danish and Norwegian parliamentary ombudsmen’s case law indicates that challenges are also arising with respect to responsibility, liability, rights and control internally between authorities when public bodies share digital solutions. In the cases FOB 2019-11 and 2019-22, the Danish parliamentary ombudsman discussed responsibilities of ensuring guidance to citizens when municipal self-service solutions are made available on the portal, borger.dk. The Ministry of Children and Social Affairs were responsible for the information on the portal and each citizen’s residential municipality for guidance on the use of the municipal self-service system. However, the Danish Agency for Digitisation was the (only) body with the access to change the content on the portal. The outcome was, that it was agreed that the Danish Agency for Digitisation would take the initiative to ensure coordination and appropriate collaboration.[8]FOB 2019-11, p. 21. See also FOB 2019-22, p. 5.
One of the cases gathered by this pilot project from the Norwegian parliamentary ombudsman relates to the right of access to documents when public bodies share digital solutions.[9]Innsyn hos Skattedirektoratet i aksjonærregister af 14.11.2014 (2014/1596) (Right of access to the register of shareholders held by the Norwegian Tax Directorate) The background was a complaint from a journalist stating that the Ministry of Finance had upheld a decision to refuse access to information in a register of shareholders for an undertaking (which the Norwegian Tax Administration had registered as the first instance). The reason given was that the register of shareholders had been submitted to Altinn, an external database in Norway, electronically. (Only) the information in the register of shareholders is automatically transferred from the documents in Altinn to the Norwegian National Collection Agency’s register of shareholders. Therefore – according to the tax authorities – they were not in possession of any document, and was therefore not obliged to grant the right of access according to the Norwegian Freedom of Information Act (Offentlighedslov), as the Act requires the existence of a case document. On the underlying theme of shared responsibilities, it is clarified in the case, that Altinn is a common public collaborative solution for a number of public authorities. These authorities are so-called “service owners” in the Altinn collaboration, and in principle all have to have access to their own service archives in Altinn. As part of the Norwegian National Tax Collection Agency, the Norwegian Tax Directorate has full access to the information gathered on behalf of the Collection Agency through Altinn since the Collection Agency is the service owner.
In the said case, the parliamentary ombudsman gave two alternative explanations for why the tax authorities were obliged to grant the right of access to the information transferred to them from Altinn. However, in this context, the case illustrates that digitisation affects a number of organisational aspects within public administration – the significance of which ought to be clarified with regards to the various collaborative constructions in use. This also applies to instances where errors, omissions or other aspects of a lead public authority’s digital solutions have consequences for other authorities.
The latter can be illustrated by the Danish parliamentary ombudsman’s case FOB 2018-1 which was brought before the office by a citizen, who not received a response to an enquiry he had send to Arbejdsmarkedets Feriefond (AFF) via the official public mail system (Offentlig Digtal Post). See above for references to Public Digital Post in Section 2. According to the Danish Act on Public Digital Post (Lov om Offentlig Digital Post), the complainant had the right to contact AFF via Digital Post. However, according to the contract between the Danish Agency for Digitisation and the private supplier of the system, AFF was not entitled to be connected to Digital Post. AFF had attempted to develop a “workaround” solution that would make it possible to receive enquiries sent via Digital Post. However, this was complicated technologically speaking and the solution was therefore unable to handle if a citizen did not provide contact details. The Danish parliamentary ombudsman stated that it had: “... he understood that the legal and technical framework for connecting to the Digital Post had proven difficult for the AFF. (...) Nevertheless, it is the public body’s responsibility to ensure that any solutions it uses comply with the requirements of administrative law. As such, it is the AFF’s responsibility to ensure that it can receive and respond to any enquiries via Digital Post”.
There is no unambiguous tendencies in the data collected in this pilot project, but it cannot be ruled out that the above illustrates generic problems in relation to responsibility, liability and governance that may occur when the digitisation of public administration advances to a high level. Therefore, it is assessed to be appropriate to initiate legal research in this area, which can identify the problems in details, and contribute to establishing appropriate legal safeguards via analyses, models and recommendations.
One of the key prerequisites for liability and governance in public administration (but also for realising a number of shared Nordic values, such as openness and thereby trust in public administration) is that the activity of the authorities is documented. In addition, documentation is considered a significant factor with regards to creating an overview, insight and thus reasonable grounds for decision-making etc. in public administration.[1]Jørgen Steen Sørensen, “Tørre regler giver kvalitet i forvaltningen” (Dry rules offer quality in public administration), FOB 2018.
In Nordic public administration, the applicable legal provisions and non-statutory principles related to documentation are focused on keeping records of documents that are part of administrative cases, or e.g. related to finances. Naturally, this is also relevant in digital public administration – however the data obtained for the pilot project indicate that other issues related to documentation also arise. The requirement for documentation seems to arise in relation to:
With regards to documentation of development and use of digital solutions, challenges can be observed in the aforementioned Danish parliamentary ombudsman’s cases on EFI and Én skattekonto (FOB 2014-24 and FOB 2019-1).
In the EFI case, the Danish parliamentary ombudsman stated, with respect to the development process, that on “the more general level, the process of EFI illustrates, in my opinion, how complex developing new IT systems for the public sector can be, and what requirements may be imposed on the manner in which the process is managed [...]. In my opinion good governance requires, that, among other things, that the types of cases and processes which the new system will affect, are mapped from the beginning. Further, relevant formal and material regulation must be identified, and that considerable care exercised when deciding the design and architecture of the new system.” Furthermore, the ombudsman found the lack of on-going documentation of the system’s compliance with administrative law it highly regrettable.
In the case of Én skattekonto, documentation of the development process (including test procedures) was absent – causing the Danish parliamentary ombudsman to state that he had been unable to determine whether the process had been in accordance with good governance. He was only able to uncover that the errors in the system were acknowledged shortly after the system was taken into use. This illustrates in the arguments regarding legal certainty and law enforcement, and governance-related and economic interests as stated in SOU 2018:25. See more below in Section 3.
With regard to ensuring that processes and decisions handled via digital solutions are based on correct data, the overall impression is that it would be natural if digital solutions could improve the quality of public administration. However, in practice, it seems that challenges arises, when combination of manually entered data and automated processes is used. This can be illustrated with a case from the Swedish ombudsman, in which a citizen complained about the administration conducted by the Swedish Employment Service (AF).
The citizen was dissatisfied with repeatedly receiving notices of forthcoming sanctions for not submitting mandatory activity reports, and for failing to attend a meeting. The complainant was able to prove that the reports had been submitted in good time. Further, it was uncovered that it was not the citizen but the case officer who had failed to attend the meeting due to illness. The parliamentary ombudsman’s investigation revealed that AF had registered the citizen’s submission of the reports too late, and had not registered that the citizen had attended the meeting at AF, most likely due to an error. The notice was sent because the AF used an automated system to send notifications concerning, among others, forthcoming sanctions if the system registers, for example, that citizens have failed to submit the aforementioned activity reports or have failed to attend meetings. As such, these notices was sent to citizens without the involvement or approval of case officers. The ombudsman found this practice to be in violation of the principle of good administration, stating, “A public authority must – of course – not notify a citizen that a sanction may be imposed without grounds for doing so. Such a procedure undermines trust in the public authorities, and is in violation of the requirement for authorities to act in a sound manner, and to only provide correct information.” The parliamentary ombudsman requested that the AF ensured regular checks automatically issued notifications, changed the work routines ensuring approval of a case officer before sending of such notifications to citizens.[2]Journal no. 5700-2015, report 2017/2018, pp. 42ff.
With regards to documentation for programming of public digital solutions, the Norwegian white paper NOU 2019:5 and the Swedish white paper SOU 2018:25 both put forth suggestions on certain systems having to provide documentation. See more below in Section 3.2. According to Sec. 1(2) Danish Freedom of Information Act, authorities etc., which are covered by the Act, shall generally ensure that due consideration for openness is observed to the greatest extent possible in its choice, implementation and development of new IT solutions – which naturally presupposes a certain degree of documentation. However, it is not clear from the recitals of the Act whether the provision concerns the building of databases only. However, the Danish parliamentary ombudsman has seemingly followed the wording and purpose as a key to interpretation, and has therefore, among other things, referred to the provision in relation to a financial model called ADAM. In this case, the ombudsman’s office brought it to the attention of the Ministry of Finance that Ministry should incorporate Sec. 1(2) Danish Freedom of Information Act into its development of the model, i.e. it should establish openness regarding how the model calculated the consequences of political initiatives and reforms.[3]The model must be used for economic projections and to calculate the consequences of political measures. The case is referred to in the Danish parliamentary ombudsman’s newsletter of 3 May 2017.
However, from a legal perspective the issue of documentation extends beyond the Nordic public administration law, since documentation may be a prerequisite for being able (in an objectively and subjectively correct) to explain the logic embedded in algorithms. Such clarity must be regarded both as a prerequisite for retaining a degree of control and supervision, and as of crucial importance in terms of legal certainty for those citizens who are affected by decisions formed by such algorithms. In addition, the obligations of the Nordic states under international and EU law are relevant as part of the legal framework for digital public administration.
One of the many NGOs in the digital field is currently pursuing a case, in which a Dutch lower court have ruled a (first) judgement on the use by a system called SyRi on 5 February 2020. SyRi is based on profiling algorithms, which “rates” the risk of citizens committing fraud towards social welfare services. The risk is calculated based on a large set of data. According to the relevant legislation, SyRi’s analyses use data from 17 different, but very broadly defined categories of information. This may, for example, be data on “work”, “residence”, or “debt” (or any other type of data, which the Dutch court objected).[4]The Hague District court. Case number/cause list number: C/09/550982/HA ZA 18-388.- https://uitspraken.rechtspraak.nl/inziendocument?id=ECLI:NL:RBDHA:2020:1878 Details on the judgement, e.g.: Blackbox welfare fraud detection system breaches human rights, Dutch court rules by Natasha Lomas, TechCrunch 6, 2020. Accessible via https://techcrunch.com/2020/02/06/blackbox-welfare-fraud-detection-system-breaches-human-rights-dutch-court-rules/ The workflow within the Dutch administration is that the system calculates the risk of fraud, after which an employee of the Ministry of Social Affairs is notified if likelihood is calculated as high. The employees then investigate the cases further and draft a risk report whether an investigation are to be initiated.
Controversially, the Dutch court ruled that even though the use of SyRi by the Dutch state did fulfil a legitimate aim (the detection of fraud regarding social welfare services) the use violated Article 8 of the European Convention on Human Rights, on the right to respect for private and family life, as it involved disproportional measures.
Besides its interpretation of Article 8 of the European Convention on Human Rights, the court also referred to the Charter of Fundamental Rights of the European Union and the General Data Protection Regulation.[5]Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Viewed in light of these legal sources, the court found that the legal basis for SyRi did not fulfil the requirement for transparency and clarity, since Dutch legislation did not take sufficient account of the data to be used and how the system’s algorithms work. Among the aspects considered was the lack of a description of the construction and model of the system, and what weighting was applied to the various data input into the algorithms for profiling citizens.
The court highlighted that in terms of legal certainty, citizens are not to be prevented from knowing the grounds for the assessments made by public authorities – and thus how their behaviour affects the profiling of them. This lack of transparency hindered citizens’ possibility to defend themselves against SyRi’s “assessments”. The court therefore prioritised the classic Rechtstaat value of predictability over the Dutch state’s objection that public knowledge of the logic used would able citizens to avoid control by changing their behaviour.
Furthermore, the court noted that the state had predominantly used SyRi to profile the residents of deprived areas. The risk of discrimination, combined with the fact that many vulnerable groups lived in such areas, led to a stricter proportionality requirement in the opinion of the court.[6]Para. 6.69 of the SyRi judgement.
On the one hand, it is evident that the SyRi ruling does have precedence in the Nordic states. On the other, it is in line with the Swedish white paper SOU 2018: 25 and the Norwegian white paper NOU 2019:5, as well as the Finnish parliamentary ombudsman’s case referred to in Section 2.3.2 on a number of fundamental considerations of legal certainty. These are at the same time a key element of the shared Nordic values. The ruling furthermore indicates that human rights may be of increasing significance as a framework for the digital administration in the Nordic countries. Such issues are all to some degree linked to the theme of documentation, at least for some systems, since documentation can prove to be a prerequisite for both openness and effective control of the activities of public administration.
Despite not being within the aim of the pilot project, it is highlighted that the data obtained indicate that vulnerable citizens might be a valid consideration when digitising public administration.
This is illustrated by, among others, a Norwegian parliamentary ombudsman’s statement of 14 October 2016 concerning the duty of the Norwegian Labour and Welfare Administration (NAV) to provide guidance to users with special communication needs (2016/689). The parliamentary ombudsman had contacted NAV to get NAVs views on how they ensured fulfilment of the duty to provide guidance to citizens with special needs. The enquiry was made not in on the occasion of a single, specific case but rather, according to the statement, because “[e]nquiries received illustrate that users with special communication needs might need individualised guidance, e.g. due to a hearing disability, combined with poor or no knowledge of Norwegian law, are particularly vulnerable when NAV’s guidance fails.”
By using the phrase “special communication needs”, the ombudsman’s office was, according to its statement, referring to citizens who for various reasons do not fully benefit from the information provided by NAV over the phone, text or e-mail, especially due to physical impairments or linguistic difficulties.
After a discussions with NAV, the parliamentary ombudsman emphasised that NAV ought to make it clear to all its staff that fulfilment of the duty under administrative law to provide guidance implies a duty to provide such guidance in a form that has been adapted to the needs of individual citizen.
The case law received within the pilot project also indicate that ensuring comprehensible and user-friendly guidance for citizens ought to have a greater impact on the design of public digital solutions. The Norwegian parliamentary ombudsman’s case on flaws in the Norwegian Directorate of Immigration’s guidance on how to request priority processing of 10/04/2018 (2017/2622) is an example. The background was a complaint from a refugee family who had applied for a residence permit in Norway, with reference to their fear of reprisals from the Taliban. Due to the imminent danger, the family wanted priority processing, so that a decision could be reached faster.
The digital self-service system was based on a schematic guide with the heading “Can your application go to the front of the queue?” In the guide, the applicant was asked to explain why their case should be prioritised. This was done by checking one of 11 boxes with various reasons suggested by the guide. If none of the 11 suggestions suited the applicant’s situation, the applicant could check the option “other reasons”. However, if the applicant checked “other reasons” plus seven of the other 11 other options, they were shown an automatic message stating that unfortunately they could not move up the queue.
However, the automatic response was incorrect since prioritisation of a case by the authorities was always based on an individual assessment of the circumstances of each case. According to the Norwegian parliamentary ombudsman, it was therefore regrettable that a negative response was automatically given when checking “other reasons” “... which could easily be suspected of containing special circumstances that would justify prioritising the application.”
One of the other key citizens rights that may be of significance for vulnerable citizens is the right to a representative – a right which has led to a number of cases before the Danish parliamentary ombudsman institution as a result of the opportunity to acquire representation not being incorporated into digital self-service systems.[1]The Danish parliamentary ombudsman’s guide to public authorities, the rights of parties and public IT systems, overview # 12, foreword and subsection 5, https://www.ombudsmanden.dk/myndighedsguiden/specifikke_sagsomraader/partsrettigheder_og_offentlige_it-systemer_/. However, based on the data provided, ensuring the right to have a representative in digital public administration is also important for citizens with no special needs. A Norwegian parliamentary ombudsman’s statement of 13 June 2017 concerned digital communication with a lawyer as a representative in a dispute concerning an easement, in which the lawyer claimed to not have received the boards messages (2017/334).
The above is solely an addition to the reporting conducted by the pilot project. Further research within this area is not recommended. This is because the Web Accessibility Directive has come into effect in those Nordic states, which are members of the EU or EEA. This may increase the interest in designing digital solutions (and supplementary analogue services) in such a way that vulnerable citizens can also be incorporated into increasingly digitised public administration – and thus this may also have a knock-on effect on the interest in user-friendliness in general.[2]Directive (EU) 2016/2102 of the European Parliament and of the Council of 26 October 2016 on the accessibility of the websites and mobile applications of public sector bodies.
As described in Section 2.2, far more advanced technologies are being used in public administration today than was the case just 10 years ago – and the effects of case management, organisation and even the content of decisions made by the authorities concerning the public are also much more noticeable than before. It seem that there is a need for jurisprudence-based research, especially regarding automated processes, within the parameters of constitutional and human rights law for public sector digitisation.
Such research should address the challenges posed by traditional control and responsibility structures in public administration, as described above in Section 2.3.4.[1]SOU 2018:25, p. 184: “An amendment ought to be made in the regulation that ensures opportunities for insight whenever certain automated processes are used. This applies to regulations which ensure opportunities for insight into how the digital administration uses certain algorithms or software for achieving objectives or processing cases, and insight into the grounds for individual objectives or cases. Such adaptation will eliminate any legal uncertainty which is currently preventing or impeding digitisation, and at the same time ensure that the freedom of information principle and legal certainty are strengthened.” It is recommended that applicable law is mapped and clarified as well as structured. Further analyses are to be conducted from practical angles, e.g. evaluations of how and to what extent sufficient control over the influence of private suppliers on future – highly digitised – public administration can be ensured via legislative measures or strategic contracting.
As a necessary prerequisite for such research to be future-proofed, research into legal aspect related to artificial intelligence must be included. Regarding artificial intelligence, see below in Section 4, and regarding the recommendations gathered, see Section 5.
Nordic administrative law was essentially developed on the basis of case law of the parliamentary ombudsmen and courts, which, in connection with legal researchers, developed in line with the rise of the welfare state, and the increasing regulation of all sectors of society.[1]Hanne Marie Motzfeldt, Towards a Legislative Reform in Denmark? Naveiñ Reet: Nordic Journal of Law and Social Research 2020. Public administration acts constitute a kind of milestone, which, through process-oriented requirements for authorities, reinforce responsible administration, whilst at the same time ensuring key rights for citizens about the executive powers who are granted power over them.
The Nordic public administration acts are based on a paradigm of a paper-based administration, thus naturally challenged by the digital reality in the present public administration. Reforms and adjustments thus seem to be both natural and necessary. Section 3.2 provides details of the data collected concerning changes and current work on changes in public administration acts related to public sector digitisation. Section 3.3 contains a number of supplementary thoughts on possible tendencies, and recommendations are given in Section 3.4.[2]It has not been possible, within the scope of the pilot project, to obtain data on changes to special administrative laws such as those within health care, the environment, employment, taxation etc.
The Danish Public Administration Act (Forvaltningslov) of 1987 was amended in 2004 to provide a legal basis for the administrative issuing of regulations that citizens have the right to contact the public administration digitally, and that format requirements can be waived, cf. Sec. 32a Public Administration Act. The unwritten requirement for a personal signature on decisions and other important communications addressed to citizens were adapted by the insertion of Sec. 32b in 2013. Sec. 32b establishes firstly that it is possible to replace a signature with another unambiguous identifier of the public sender, which at the same time ensures that the document is final, cf. Sec. 32b Public Administration Act.[1]See Act no. 215 of 22 April 2004 and Act no. 1624 of 26 December 2013 respectively. Secondly, the signature requirement is waived when automatic decisions are made.
An ombudsman committee is currently investigating whether the rules in Denmark in the Public Administration Act and certain non-statutory principles constitute unnecessary hindrances to continued public sector digitisation.[2]Enkle regler, mindre bureaukrati – legislation i en digital virkelighed, Finansministeriet (Simple rules, less bureaucracy – legislation in a digital reality), Ministry of Finance, October 2017 p. 19. This investigation is concerned, among other things, with the official principle, the duty to provide guidance and the rules on party consultation. In practical terms, the committee submitted a proposal to amend the Danish Public Administration Act in December 2018 during consultation under the heading ‘Clear legal parameters for effective digital public administration’. The proposal was prepared in a purely administrative fashion, and thus no expert committee has been set up.
The draft law on clear legal parameters for effective digital public administration aims to establish a broad legal basis such that the relevant minister may require that citizens use digital self-service in specific areas (where such powers are currently spread across the many underlying acts within the different areas). In addition, the draft law is intended to establish the legal basis for administratively – following negotiations with the Ministry of Justice – replacing the party consultation procedure established in the Act from the 1980s with so-called letters of intent, whereby authorities can consult the parties and notify a decision in a single round of postal correspondence.[3]See https://hoeringsportalen.dk/Hearing/Details/62638 However, the draft law was not brought before the Danish parliament, since it was subject to massive criticism during the consultation phase for, among others, its legal quality and for failing to take full consideration for misgivings related to letters of intent, especially with regards to underprivileged citizens. It furthermore arose from the criticism – partly by way of extension of an otherwise on-going debate on the displacement of legislative power to the administration in Denmark – that a requirement to use digital self-service should not be enforced through ministerial powers, but rather under direct parliamentary control.[4]See, among others, Justitia, Bemærkninger til forslag til lov om ændring af forvaltningsloven (klare juridiske rammer for effektiv digital forvaltning) (Justitia, comments on the draft law amending the Public Administration Act (clear legal parameters for effective digital public administration)), 18 January 2019, or Retspolitisk Forening’s consultation letter of 21 December 2018. The Ministry of Justice withdrew the draft law in order to work further on, among other things, the legal quality. An Advisory Board for the Danish Agency for Digitisation has since been set up under the Ministry of Finance to advice on the legal parameters for digital public administration, including supporting the legal quality.[5]https://digst.dk/forenkling/advisory-board/
The Swedish authorities sent details to this pilot project on the passing of a new Public Administration Act by the Swedish parliament in 2017, which superseded the Act from 1986 on 1 July 2018. Among a number of other amendments, the government wanted to adapt the law to technological developments; hence, a general legal basis was introduced for the use of automated decisions under Sec. 28 of the Act. The background of the provision is set out in the recitals where it is stated, among other things that it was found necessary to “establish in the Act that a decision can be made automatically [and to] emphasise that no regulation in a special wording is required for an authority to be able to use this form of decision. The regulation thereby also creates better conditions for continued development of digital public administration”[6]The government’s proposition 2016/17:180, En modern och rättssäker förvaltning – ny förvaltningslag (A modern public administration safeguarding legal rights – new Public Administration Act), pp. 179-180.. It is worth noting that while the majority of the amendments were wholly or partially based on a preceding committee white paper[7]SOU 2010:29 – a new Public Administration Act. Report by the Swedish Public Administration Committee, Stockholm 2010., this amendment had not been previously considered by such a committee. There is nothing in the recitals concerning possible constitutional or human rights law frameworks for application of Sec. 28 of the new Public Administration Acts, see more details on this in Section 2.3.2 above.
The Swedish authorities also submitted the aforementioned report SOU 2018:25: Jurisprudence as support for digitisation of public administration.[8]SOU 2018:25 - Juridik som stöd för förvaltningens digitalisering (Jurisprudence as support for the digitisation of public administration), report by the Digitisation Committee, Stockholm 2018. The white paper identifies and analyses to what extent the current legislation is frustrating digital development and collaboration in public administration, but also focuses on how the legal framework can support the Swedish administrative values, i.e. openness and trust in the authorities. The white paper proposes a number of amendments to the general administrative laws, including:
The proposal to amend Sec. 3 is particularly noteworthy, along with the insertion of a Sec. 3a into the Freedom of Information and Secrecy Act (Offentlighets- och sekretesslagen),[9]The proposals read as follows: “Sec. 3. If an authority uses a document in a database or other digital source for processing a case or matter, that document shall be added to the documentation related to the case or matter in a readable format. An authority does not need to add the document to the documentation in the case or matter according to the first clause if there exist special reasons for not doing so. When an authority applies a different meaning of the first clause, it shall ensure that information can be provided on which databases or other digital sources contain a document used for processing the case or matter” and “Sec. 3 a. An authority shall ensure that information can be provided on how the authority uses algorithms or computer programs to process a case or matter that wholly or partially affect the outcome or decision in the event of automated selection or decision-making.” according to which the authorities must undertake to provide opportunity to access both the data (information) and the system logic used for fully and partially automated decision-making.[10]SOU 2018:25 - Juridik som stöd för förvaltningens digitalisering (Jurisprudence as support for the digitisation of public administration), report by the Digitisation Committee, Stockholm 2018, p. 184. The white paper shows that the proposal must observe several considerations, with trust in public administration seemingly the most important. A number of further considerations and interests are also mentioned, e.g. the public administration’s lack of knowledge regarding how the solutions are constructed etc. can make a change of supplier difficult, and therefore costly from a purely financial point of view. In addition, it states that the ability to identify any errors or faults in the systems must be strengthened by considerations of the work of the supervisory authorities, for example.[11]Ibid., p. 185. By way of extension, the committee recommends that the GDPR[12]Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). be clarified in connection with automated decisions since, according to the committee; this regulation is unclear in several areas.[13]Ibid., p. 169.
The material received from Norway stated that the Norwegian Public Administration Act of 2000 was revised to eliminate hindrances to the use of digital solutions in case management. A number of definitions were amended with the intention of making the Public Administration Act technology-neutral.[14]NOU 2019: 5, p. 255. According to Sec. 15a of the current Public Administration Act, the administrative authorities may thus in principle use digital communication in their communication to the public. However, Sec. 9 Electronic Public Administration Regulation (eForvaltningsforskriften)[15]Regulation no. 988 of 25 June 2004 on electronic communication with and within public administration. provides a number of exceptions to this principle. Thus, citizens may reserve the right to refuse to receive digital mail, including if an e-mail contains a decision or other information, which is of significance for a citizen’s legal position.[16]In addition, citizens may reserve the right to refuse to receive digital mail if such communication is of significance for the legal position of the respective citizen or for the processing of a case, and if for other reasons it is of particular importance that the citizen receive the communication. However, in principle, undertakings cannot reserve the right to refuse to receive digital mail.[17]With the exception of undertakings which are not registered in the Central Coordinating Register for Legal Entities, cf. Sec. 9, para. 1 Electronic Public Administration Regulation. Sec. 15a, para. 3, lit. f, also includes a power for the government to set out rules for technical and organisational standards, which must be observed by the authorities.
Just as in Sweden, Norway has recently published a white paper from an expert committee: NOU 2019:5[18]NOU 2019: 5, New Public Administration Act — Act on case management in public administration (Public Administration Act).. The white paper contains a special section on digital public administration. The committee made a proposal very similar to the Swedish Sec. 3a discussed above. The proposal stated, “The administrative organ shall document the legal content in automated case management systems. The documentation shall be published unless otherwise stated by law or special considerations argue against such.” The committee indicated a number of considerations that support such system documentation, including the ability to conduct a legality check, ensuring the correct motivations with respect to citizens, and better opportunities for modifying the systems.
The Norwegian committee also recommended clarifying the provisions under Art. 22 GDPR concerning automated decisions.[19]NOU 2019:5, p. 262.
The Finnish Public Administration Act contains no special regulation on digital case management, but Sec. 5 refers to the Act on electronic communication in the public sector[20]Act on Electronic Communication in the Public Sector, 24/01/2003/13., which applies “in the event of referral and processing of administrative matters or notification of a decision”. Sec. 1 of this Act on electronic communication in public administration sets out the rights and obligations of the authorities and the public in connection with electronic communication. This includes, for example, the responsibility of the authorities to inform citizens of the address to be used for electronic communication with the authorities (Sec. 7), the time of arrival of an electronic communication (Sec. 10), and electronic signing of decisions (Sec. 16). The aim of the Act on common support services from public administration for electronic services[21]Act on common support services from public administration for electronic services, 29/06/2016/571. is to improve the accessibility and quality of public digital services, their data security and interoperability, and the management of the same. The Act sets out rules on the responsible stakeholders and management of the common digital infrastructure, stipulating that it is mandatory for the public authorities to use the services. The Act on data processing within the public sector[22]Act on data processing within the public sector, RP 284/2018 rd. contains a number of requirements for public administration when it is processing information concerning citizens. These provisions are intended to ensure that the data fulfil standardised requirements for data security and at the same time to enhance interoperability between systems (being able to “talk to each other”) and data exchange within public administration.
A chapter was added to the Icelandic Public Administration Act in 2003, which was intended to eliminate hindrances to the use of electronic case management in public administration.[23]Lög nr. 51 20. mars 2003 um breytingu á stjórnsýslulögum, nr. 37/1993 (rofræn stjórnsýsla). (Act no. 51 of 20 March 2003 on amendment of the Public Administration Act (e-administration)). Sec. 35 Public Administration Act provides public administration with a legal basis for authorities to be able to process cases wholly or partially electronically. However, the provision does not provide a legal basis for requiring citizens to communicate with public administration electronically.[24]Páll Hreinsson, Electronic Administration in Iceland in Scandinavian studies in law, ISSN 0085-5944, Nº 47, 2004, pp. 225-244, 2004, pp. 231-232. Sec. 36 and Sec. 37 Icelandic Public Administration Act state that electronic documents, which can be accessed by the recipient, are regarded under certain prerequisites as fulfilling the requirements of the Act on written form and originality. The requirements for providing an electronic signature, which is equally binding as an ordinary signature, is set out under Sec. 38 of the Act – and is based on the EU Directive on electronic signatures in force at such time.[25]Act No 28/2001 on electronic signatures, implementing DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 13 December 1999 on a Community framework for electronic signatures. Given that the legal effect of an action often depends on the time of the action, Sec. 39 Public Administration Act establishes that applications and other documents are considered received by the authorities at such time as it is possible for the authority to familiarise itself with the communication. The provision also establishes that the authorities must confirm receipt of the communication where possible
There seems to have been a trend towards implementing amendments to Nordic public administration acts with a view to eliminating hindrances to the digitisation of public administration.. With the exception of Finland, it is only in recent years that the approach has changed to set up requirements for digital public administration in order to ensure good governance. However, one can add to this that the EU for some time has been issuing legal acts, in which the aforementioned approach is applied, e.g. the Web Accessibility Directive, the PSI Directive, the General Data Protection Regulation, and to some extent the NIS Directive.[1]See notes 4, 40 and 69. Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/9, and Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union.
It is not clear from the data obtained whether the Nordic legal trend is a manifestation of deprioritising consideration for soundness, legal certainty and citizens, along with other common Nordic values while prioritising considerations for efficiency and systemisation, and possibly commercial interests. Nor is it clear whether this constitutes move away from those common Nordic values that have previously been widely acknowledged, or a challenge for the Nordic democracies and constitutionally enshrined system of checks and balances. However, it seems expedient and constructive for the interplay between legislative practice and academic legal research to examine in more detail the direction which this legal development is taking within both general and special public administration law, what considerations it is based on, and whether the foundation of this development, in light of actual conditions, is a sound one which protects legal certainty.
It must be expected that artificial intelligence will be used to an increasing extent in Nordic public administration – and that this development will occur quickly due to the current level of digitisation (the presence of considerable volumes of digital data). It is therefore noteworthy that the aforementioned Swedish and Norwegian white papers concluded that it is too early to propose special regulation of public systems using artificial intelligence (AI).[1]See SOU 2018:25, pp. 207 f. and NOU 2019:5, p. 268.
Section 5.2 below gives a rough description of what artificial intelligence is, with a number of examples from Denmark of the use of artificial intelligence within public administration. Nordic strategies for future developments are reviewed in Section 4.3 with a view to providing an overall picture of the investments being made in such by the selected countries. Section 4.4 then highlights key issues of legal certainty arising from the use of artificial intelligence – and the authors recommend that the Nordic Council of Ministers proactively initiate academic legal research with the aim that this research can support both procedural practice and legislative development with the overall intention that the Nordic development will be based on the common Nordic values.
There is little agreement between “technical” experts on how to define artificial intelligence. The authors therefore refrain from using any definition in the following, but do provide a description of the key characteristics of machine learning technologies, which are being developed for and used by Nordic public administration to an ever-greater extent.
Machine learning is essentially a range of different techniques, in which algorithms infer connections and logical patterns through “learning”. Based on the patterns identified, a new algorithm, which can be used in actual administrative activities or case management, for example, is developed in that new data are presented, after which the algorithm developed can form predictions based on these new data. The prediction with the highest probability can act as “output”.
There are several ways of developing machine learning-based solutions. These can be divided into guided learning, unguided learning and enhanced learning. In guided learning, the algorithms are trained using a dataset, in which both input and output data are already known, i.e. the task and the means to form a logical pattern are presented during development. From here, patterns can be created which are able to recognize characteristics in new input data whenever they resemble input data from the training. Output data can then be created even though the result is not known in advance. Development can also take place as unguided learning, in which only input data is used for learning. In this instance, the algorithm is designed to search for patterns in the dataset by itself, and a new algorithm is generated based on the patterns identified. The algorithm developed can then be used to make assessments based on new data. Unguided learning is often supplemented by enhanced learning, in which output data can be added manually, so to speak. For example, a user or operator might register in the system whether an assessment made is correct or not, i.e. feedback to the system acts as training data.[1]For a more detailed description, see note 9 or Ministry of Local Government and Regional Development, Nasjonal strategi for kunstig intelligens (National strategy for artificial intelligence) of 14 January 2020, para. 1.1, accessible via https://www.regjeringen.no/no/dokumenter/nasjonal-strategi-for-kunstig-intelligens/id2685594/?ch=1
Development on the basis of identified patterns in the dataset involves certain risks. If the training data contain errors, the incorrect data can lead to similarly incorrect patterns. The Norwegian Data Protection Authority has described this risk in quite strong terms as “Garbage in, garbage out”.[2]Norwegian Data Protection Authority, Kunstig intelligens og personvern (Artificial intelligence and data protection) 2018, p. 10, accessible via https://www.datatilsynet.no/regelverk-og-verktoy/rapporter-og-utredninger/kunstig-intelligens/ Other factors besides objective errors in the historical data used can also affect the quality of the logics (patterns) developed. There might be patterns that are unwanted and that lead to algorithms that will discriminate directly or indirectly based on gender, race, age, etc. A simple lack of attention about omissions (incompleteness) in the dataset, including metadata, or an inappropriate learning strategy can also affect the algorithms developed.
A classic – and illustrative – example of the latter involves the development of image recognition for wolves and dogs. In a dataset consisting of images of dogs and wolves, there will be a number of characteristics that a pattern-seeking solution can identify, e.g. build, coat structure, head shape and snout shape. These characteristics can be used to develop a solution that can automatically differentiate between images of wolves and dogs for monitoring packs of wolves in a given area. However, there can also be other elements in the training images that logically form a pattern. There might be snow in the background of most images of wolves. Unless care is taken during development, therefore, the algorithm developed might well identify animals on the basis of snow in the background – meaning that the authorities will receive incorrect data on wolf packs in their area. In other words, great care is required to ensure that artificial intelligence applies and weights the relevant criteria correctly.[3]Marco Tulio Ribeiro, Sameer Singh, Carlos Guestrin, “Why Should I Trust You?”: Explaining the Predictions of Any Classifier, Cornell, Computer science, accessible via https://arxiv.orgtemanord2021-502.pdf1602.04938.pdf. See also, for example, European Union Agency for Fundamental Rights: Data quality and artificial intelligence – mitigating bias and error to protect fundamental rights, accessible via https://fra.europa.eu/sites/default/files/fra_uploads/fra-2019-data-quality-and-ai_en.pdf.
The risk of errors, omissions and inappropriate learning strategies leading to faulty underlying logics (patterns) is a major challenge with regards to the variant of machine learning called deep learning. The reason is that some forms of deep learning make it difficult (or even impossible) to verify the logic created. It is thus impossible to identify or document what criteria are involved and how they are weighted against one another. This is popularly known as the black box problem. Over time, ensuring and checking that the solutions used in the public sector meet the requirements set out in the legislation – be they professional standards, basic legal principles or other requirements applied to public administration activities – can prove challenging.
Machine learning-based solutions can be developed and used to support different tasks in Nordic public administration. Within the healthcare sector, for example, diagnostics technologies and solutions capable of proposing individualized treatment programs for patients can be developed. Welfare technologies for the care sector can be developed, such as digital physiotherapists or intelligent homes capable of reminding their occupants to take their medicine, detecting a fall via sensors in the floors or registering changes in movement patterns, toilet habits etc. to predict weakness and initiate preventive treatment or training.[4]For examples of diagnostic technologies for acute patients and prostate cancer respectively, see https://www.regionsyddanmark.dk/wm517550 and for talking cups as an example of welfare technology, see for example https://zibocare.dk/den-talende-kop/ Within education, artificial intelligence can be used to check for plagiarism by pupils and students, and to provide individualized tutoring to boost learning outcomes for individuals.
Artificial intelligence is also an element in post-sorting and record management robots.[5]https://www.kl.dk/okonomi-og-administration/digitalisering-og-teknologi/kommunernes-arbejde-med-kunstig-intelligens/intelligent-fordeling-og-journalisering-af-mails-kan-give-borgere-hurtigere-sagsbehandling/. See also https://digst.dk/strategier/kunstig-intelligens/signaturprojekter/. Post-sorting and record management robots combine algorithmic analysis of text and identification of case numbers or fields to ‘read’ communications received by the authorities. When this is supplemented by simple RPA programming, incoming post can be sorted, recorded and distributed to relevant internal postboxes and/or members of staff.[6]The Danish Minister of Finance’s response of 30 October 2019 to question no. 3 from the Finance Committee of 24 October, concerning document no. 15, accessible via https://www.ft.dk/samling/20191/aktstykke/aktstk.15/spm/3/svar/1602319/2096955/index.htm
Artificial intelligence can also be used for so-called decision-making support, i.e. to establish facts. This could be a case of making property valuations for calculating property tax, for example.[7]Draft law no. 211 of 3 May 2017 on the Property Valuation Act, general remarks, subsection 2.13.2.4 and Expert Committee on Property Valuation and Preparation of Property Valuation, results and recommendations from the government’s external expert committee, 2014, p. 70, accessible via https://www.skm.dk/skattetal/analyser-og-rapporter/rapporter/2014/september/forbedring-af-ejendomsvurderingen-resultater-og-anbefalinger-fra-regeringens-eksterne-ekspertudvalg/ekspertudvalg-om-ejendomsvurdering/prm . Evaluations of how geographic areas should be categorized according to nature and environmental protection legislation using image recognition from drone recordings is another example.[8]https://mst.dk/service/om-miljoestyrelsen/jump/billedgenkendelse-af-natur/. Forecasts of the employment prospects for unemployed citizens (profiling) using artificial intelligence can also be counted as such digitally-formed facts, as they contribute to social service estimates in specific employment cases.[9]Knowledge across the board: The Asta robot supports employment consultants prepare interviews, accessible via https://vpt.dk/jobcenter/robotten-asta-hjaelper-jobkonsulenten-med-forberede-borgersamtalen.
However, some are also looking to develop artificial intelligence to support judicial assessments. One example comes from the Municipality of Frederiksberg in Denmark, which is developing a solution to “support its staff in evaluating whether the failure of an unemployed person to attend an interview or reskilling programme should incur a sanction in terms of their benefits. The algorithm supports staff in making a decision based on training from thousands of cases with a view to supporting uniform evaluation practice across the board.”[10]Described on the website of KL - Local Government Denmark, https://www.kl.dk/tema/kommunale-projekter-med-kunstig-intelligens/#. See also https://digst.dk/strategier/kunstig-intelligens/signaturprojekter/ According to the description of the solution, the objective is to support the evaluation of whether a citizen has ‘reasonable’ grounds for failing to attend interviews or reskilling programmes.
Artificial intelligence – if correctly developed – is also technically speaking well-suited to searching within large volumes of data (information and documents) for indications of different kinds of illegal activity, e.g. money laundering, corruption, VAT fraud, social welfare fraud, accounting errors, etc.
As can clearly be seen from the above, artificial intelligence can be used for just about all areas of administration, for almost all kinds of tasks which Nordic public administration bodies are charged with performing.
A common theme for Denmark, Norway, Sweden and Finland is that strategies have been decided on and launched with regards to using technologies that are more advanced.[1]https://www.regeringen.dk/media/6537/ai-strategi_web.pdf This interest is focused in particular on artificial intelligence, with special strategies developed to increase its use. A review of such strategies shows a lot of commonality, but also special characteristics in the individual countries.
Development of language technology for the national languages, including minority languages, is found in all national strategies. This is presumably due to language technology being a prerequisite for further developing the many portals and self-service solutions to guide users via chatbots, and for further automating a number of case areas and administrative functions. More, and individual-based (individualised), procedures for dealing with citizens in the public sector also seem to be a common objective for the future application of artificial intelligence within the field of social services and healthcare. Moreover, artificial intelligence is increasingly being seen as a tool that can be applied within efforts to fight climate change – sometimes even outside of the national strategies.
Beyond these commonalities, however, it seems that the way, in which the different national strategies weight and balance the different values and social considerations, varies. The Norwegian strategy for artificial intelligence differs from the other countries in its very strong focus on creating (free) access to data from both the public and the private sector (open data). In common with the Swedish strategy, there is also focus on ethics, data protection and international cooperation for promoting responsible and reliable use of artificial intelligence.[2]https://www.regjeringen.no/no/tema/statlig-forvaltning/ikt-politikk/KI-strategi/id2639883/ The Swedish strategy also includes the same issues, but seems to have a greater degree of focus on the robustness of the system and data security than the other countries. This may be a knock-on effect of the broader Swedish digitisation strategy, which has five main areas: digital skills, digital innovation, information security, digital leadership and digital infrastructure.[3]The Swedish general digitisation strategy.
Within the area of ethical application of data and artificial intelligence, Finland’s weighting of this area is particularly striking. Finland has also launched a holistic approach, alongside its strategy for the spread of artificial intelligence, in which information policy is regarded as a separate field of policy.[4]https://valtioneuvosto.fi/sv/-/10623/tietopolitiikasta-uusi-politikka-alue-suomeen However, experience with respect to the public sector in this very field might be limited since Finland in particular sees potential in developing artificial intelligence business-to-business.[5]https://tem.fi/en/-/raportti-suomi-ponnistaa-tekoalyajan-karkimaaksi
What makes the Danish strategy in this field special is its experimental approach, in that a number of signature projects have been launched within the various branches of administration with a view to gaining experience with artificial intelligence, especially within the areas of healthcare, social services and employment. In addition, a number of national reports give the impression that Denmark has a great deal of experience in the use of various forms of data analytics in supervision, profiling and enforcement functions, while at government level, work is systematic carried out to increase data use through deviations from the EU General Data Protection Regulation (GDPR). The latter is being implemented through both administrative Executive Orders and special legislation within the special fields of administration.[6]https://oes.dk/media/36453/erfaringskatalog-for-advanced-analytics-i-staten.pdf
In 2017, the World Economic Forum published the Global Risk Report 2017, which recommended regular discussions on how to ensure that the development and application of artificial intelligence is undertaken in a responsible manner.[1]World Economic Forum, The Global Risks Report 2017, 12th edition, pp. 48 ff., accessible via https://www.weforum.org/reports/the-global-risks-report-2017. The above and subsequent links were last accessed 20 April 2020. The OECD has published a number of reports, and issued a recommendation in May 2019.[2]OECD Council, Recommendation on Artificial Intelligence (AI), 22 May 2019, accessible via https://www.oecd.org/going-digital/ai/principles/. Based on its Coordinated Plan on Artificial Intelligence, and to satisfy a desire for regulation from the European Parliament,[3]The EU Commission, Coordinated Plan on Artificial Intelligence (COM(2018) 795 final, accessible via https://ec.europa.eu/digital-single-market/en/news/coordinated-plan-artificial-intelligence. the EU has set up several working groups, which have discussed the need and opportunities for placing ethical and legal requirements on artificial intelligence and its application.[4]The European Parliament, decision of 16 February 2017 with recommendations to the Commission on Civil Law Rules on Robotics, accessible via https://www.europarl.europa.eu/doceo/document/TA-8-2017-0051_EN.html. For the sake of good order, please note that the author of this article was a member of the New Technologies Formation which published the Liability for Artificial Intelligence and other emerging digital technologies report, accessible via https://ec.europa.eu/transparency/regexpert/index.cfm?do=groupDetail.groupMeetingDoc&docid=36608. A number of recommendations, reports and analyses have been produced.[5]The High Level Expert Group on Artificial Intelligence, Ethics Guidelines for Trustworthy Artificial Intelligence, 2019, accessible via https://ec.europa.eu/futurium/en/ai-alliance-consultation. In light of such reports, and as part of its recently launched strategy, Shaping Europe’s Digital Future, it must be expected that the EU Commission will make proposals for legal regulation in 2021.[6]The EU Commission, White Paper on Artificial Intelligence: a European approach to excellence and trust, accessible via https://ec.europa.eu/info/files/white-paper-artificial-intelligence-european-approach-excellence-and-trust_en, and strategy paper Shaping Europe’s digital future, accessible via https://ec.europa.eu/info/strategy/priorities-2019-2024/europe-fit-digital-age/shaping-europe-digital-future_en. Such legal regulation, including regulation of the question of compensation, will presumably be focused on the private sector, however. In other words, there is no immediate prospect of the challenges surrounding legal certainty and the constitutional and human rights-law parameters for public administration being addressed by the EU Commission through legislation.
The UN, on the other hand, published the initially mentioned report in October 2019, which focused to a greater degree on public administration bodies. The summary of the UN report states, among other things:
“The digital welfare state is either already a reality or emerging in many countries across the globe. In these states, systems of social protection and assistance are increasingly driven by digital data and technologies that are used to automate, predict, identify, surveil, detect, target and punish. In the present report, the irresistible attractions for Governments to move in this direction are acknowledged, but the grave risk of stumbling, zombie-like, into a digital welfare dystopia is highlighted.”[7]UN Special Rapporteur, Report of the Special Rapporteur on extreme poverty and human rights, 11 October 2011, accessible via https://undocs.org/A/74/493.
The European data protection rules are referred to in the above reports and investigations as a key legal bulwark against any harmful effect which it is feared the future use of artificial intelligence within public administration might cause. Regulation through administrative law, on the other hand, is rarely mentioned. On the Nordic level, case managements rules, provisions on legal basis, and good administrative practices will be of significant interest, since these are precisely what ensure public administration that is sound and complies with the law, that acts in accordance with good administrative practice, and that can be controlled by the legislative body and supervised by the parliamentary ombudsman institutions and courts.
In light of the serious warnings from the UN, it seems obvious that jurisprudence can and should investigate whether the common Nordic values of democracy, the Rechtstaat, legal certainty and trust between citizens and authorities are sufficiently protected by the existing legal frameworks.[8]The Ministry of Justice, Administrative Law Requirements for Public Sector IT Solutions, p. 21. Among others, it ought to be investigated whether the rules of key administrative laws will continue to protect against an upsetting of the balance of power between the highest state organs and against the undermining of the legal certainty of citizens with respect the authorities and the actions of their IT suppliers when artificial intelligence is used. The contents of Sections 2.3.2 and 2.3.4 ought to be incorporate in this regard, i.e. which constitutional and human rights law parameters have been set out for digital public administration, how sound responsibility constructions can be established, and whether the current regulations support the control of in particular the courts and the parliamentary ombudsman over public administration sufficiently.
With regards to the latter, the dominant issue is documentation of the digital solutions, see above in Section 3.2.5. This issue is discussed in terms of data ethics under the rubrics of clarity and transparency. Clarity concerns firstly public administration’s own insight into the programming of the solution developed, and secondly insight into the use of data. The Danish national strategy for artificial intelligence, for example, states that clarity entails that one “can describe, control and restore data, underlying logics and consequences of the application of artificial intelligence, e.g. by being able to trace and explain decisions and decision-making support”.[9]Ibid, p. 28. Transparency, on the other hand, concerns whether and to what extent clarity must also be extended to cover all parties involved, i.e. the parties in a case, the public etc.
The question of whether, and if so, in which areas documentation, clarity/transparency are a prerequisite (necessary regulations) for ensuring the opportunity to manage and control future digital public administration, seems to be a highly relevant one which ought to be addressed with regards to the above.
Section 5 summarises in which areas and in relation to which themes the collected data indicates a need for initiatives in order to start – or strengthen – the interplay between administration, legislators, supervisory bodies and jurisprudence, which historically led to balanced development until the drawing up of the Nordic Public Administration Acts between the 1960s and 1980s.
The Nordic development of a public digital infrastructure combined with increased use of self-service systems and full or partial automated decision-making seems to have led to extensive, but largely unnoticed legal challenges in the respective countries. Consequently, there have been a number of cases, especially before the Danish, Norwegian and Finnish parliamentary ombudsmen institutions, in which citizens’ rights, the core principles of administrative law and even the constitutional frameworks have been challenged or even violated.
The gathered data relevels significant similarities between the digital infrastructure already established in the selected countries, and their future strategies for further digitisation, including increased use of artificial intelligence. This implies plenty of opportunities to conduct in-depth – and relevant – studies of how public sector digitisation will affect, for example, the democratic functions and constitutional law, the principles of the Rechtstaat, and trust between citizens and authorities. On the basis of such studies, recommendations can to be given on how the common Nordic values can be carried further into the digital era.
As described in Section 2.2, far more advanced technologies are in use – or being taken into use – today than just 10 years ago – and the impact on organisations, governance and decisions made by public authorities are far more comprehensive and direct than before. For automated processes in particular, there seems to be a need for legal research related to the constitutional and human rights law aspects of public sector digitisation. This may also revitalise the historical interplay between research, case law and legislative initiatives, hence such studies should be combined with evaluations of whether current administrative law provide sufficient support for compliance with the said legal framework. A necessary prerequisite for such research to be future-proofed is inclusion of how the shared Nordic values may be guarded as artificial intelligence is taken into use at different administrative areas.
In a classic academic context, the above would typically be established as one or more postdoc positions. However, the authors of this pilot project is unsure whether such theoretical work is the most appropriate, since this work ought to be aimed at the (actual) conditions in the public administrations. This might be incorporated as a requirement or a prerequisite in calls. Alternatively, the Nordic Council of Ministers could take the initiative to fund a project in line with DigiCourts, in which relevant senior researchers in the field contribute to a joint report, book or similar. This could presumably be carried out under the same financial framework as DigiCourts.
As described above, research related to governance, liability and supervision in public administration seems to be of importance. Thus, it is recommended that applicable law is studied, mapped and analysed, combined with studies of the actual state of the public administrations in this relation. Further, evaluations of how and to what extent sufficient control over the influence of private suppliers on future – highly digitised – public administration can be exercised by drawing up contracts might be of vital importance. It should be considered whether recommendations on strategic contracting are sufficient for ensuring good governance, liability and supervision, or whether supplementary legislative initiatives are recommendable. This could, among others, be carried out as one or more postdoc projects in partnership with a university via Nordforsk, and under the same financial framework as otherwise used for Nordforsk projects.
As mentioned in Section 3, it is not clear from the gathered data whether there is legislative tendencies deprioritising legal certainty along with other common Nordic values for the benefit of e.g. efficiency and possibly commercial interests. However, it seems relevant to examine the direction which legislative development is taking within both general and special public administration law, what considerations and balances such developments are based on, and this may be considered sound in the light of the shared Nordic values. This can be conducted either in collaboration between senior researchers in line with Digi-courts, or as a PhD or postdoc project under Nordforsk. In both scenarios, an extensive investigation should be conducted into statutory amendments already passed as well as pending proposals and white papers in order to identify the considerations and interests served, along with the underlying balancing. Selected elements of administrative law applicable only in special areas of administration should be included in order to present a full data-supported picture of the development, i.e. the development within healthcare, social services, taxation, etc.
In addition (and as a particularly important finding within this pilot project), all parlimentary ombusmen institutions bodies showed a strong interest in and a benevolence in relation to strengthening knowledge-sharing during the conducted interwiews. This is highly interesting, since Nordic public bodies are subject to regulation with considerable commonalities, and are to a large extent organised in much the same way. Further, although the speed may vary, all countries are undergoing more or less the same development – and this trend will problebaly continue as the execution of the strategies of artificial intelligence is carried out.
Under the current circumstances, the parliamentary ombudsman institutions in particular are addressing the legal challenges they uncover via their supervisory activities. During the pilot project, the impression was that an increase in shared , structured and easy-to-communicate knowledge on the respective ombudsmen institutions reports, opinions and/or initiatives related to public digitalisation would be a highly valued contribution in order to accelerate a balanced development within Nordic administrative law. Such action e might also be a constructive and resource-efficient initiative for other supervisory bodies, administative bodies and others who require knowledge on the legal framework and developments within case law of the ombudsmen institutions.
On the basis of the above, it is strongly recommend to set up a long-term project, in which case law and legislative initiatves continuously are collected. The data collected should be structured and made available in annual reports from the Nordic Council of Ministers. It is recommend that such reports also include a list of literature, articles and reports related to legal aspects of public digitisation. The authors believe that the above could be implemented within a budget of under DKK 300,000 per year.
Finally, the authors recommend that in general the Nordic Council of Ministers consider recommending legal research as an integrated element of other projects related to public sector digitisation within Nordforsk. This seems of particular relevance for the many projects related to more advanced technologies, such as artificial intelligence.
– pilot project
Hanne Marie Motzfeldt and Frederik Waage
ISBN 978-92-893-6884-1 (PDF)
ISBN 978-92-893-6885-8 (ONLINE)
http://dx.doi.org/10.6027/temanord2021-502
TemaNord 2021:502
ISSN 0908-6692
Cover photo: Glenn Carstens-Peters / Unsplash
© Nordic Council of Ministers 2021
This publication was funded by the Nordic Council of Ministers. However, the content does not necessarily reflect the Nordic Council of Ministers’ views, opinions, attitudes or recommendations.
This work is made available under the Creative Commons Attribution 4.0 International license (CC BY 4.0) https://creativecommons.org/licenses/by/4.0.
Translations: If you translate this work, please include the following disclaimer: This translation was not produced by the Nordic Council of Ministers and should not be construed as official. The Nordic Council of Ministers cannot be held responsible for the translation or any errors in it.
Adaptations: If you adapt this work, please include the following disclaimer along with the attribution: This is an adaptation of an original work by the Nordic Council of Ministers. Responsibility for the views and opinions expressed in the adaptation rests solely with its author(s). The views and opinions in this adaptation have not been approved by the Nordic Council of Ministers.
Third-party content: The Nordic Council of Ministers does not necessarily own every single part of this work. The Nordic Council of Ministers cannot, therefore, guarantee that the reuse of third-party content does not infringe the copyright of the third party. If you wish to reuse any third-party content, you bear the risks associated with any such rights violations. You are responsible for determining whether there is a need to obtain permission for the use of third-party content, and if so, for obtaining the relevant permission from the copyright holder. Examples of third-party content may include, but are not limited to, tables, figures or images.
Photo rights (further permission required for reuse):
Any queries regarding rights and licences should be addressed to:
Nordic Council of Ministers/Publication Unit
Ved Stranden 18
DK-1061 Copenhagen
Denmark
pub@norden.org
Nordic co-operation is one of the world’s most extensive forms of regional collaboration, involving Denmark, Finland, Iceland, Norway, Sweden, and the Faroe Islands, Greenland and Åland.
Nordic co-operation has firm traditions in politics, economics and culture and plays an important role in European and international forums. The Nordic community strives for a strong Nordic Region in a strong Europe.
Nordic co-operation promotes regional interests and values in a global world. The values shared by the Nordic countries help make the region one of the most innovative and competitive in the world.
The Nordic Council of Ministers
Nordens Hus
Ved Stranden 18
DK-1061 Copenhagen
pub@norden.org
Read more Nordic publications on www.norden.org/publications