CLaw 2018

Fourth International Workshop on 
Legal and Technical Issues in
Cloud and Pervasive Computing (IoT)

8 Oct 2018 - Singapore
Co-located with Ubicomp and ISWC


Web Site Creator

CLaw takes an interdisciplinary approach to explore the 
tech-legal challenges of emerging technologies

We are moving towards realising the broader visions of ubiquitous and pervasive computing, such as smart cities that seamlessly support a vast range of applications. At the same time, we see technology subject to increasing public commentary, political scrutiny and regulatory attention.

As a result, existing (and proposed) regulatory and governance regimes place obligations on those who manage (process, use and collect) data; a high-profile example is the EU General Data Protection Regulation. In many cases, the end-users of applications have certain ‘rights’ that must be respected—and those developing, providing, offering and using technology bear various degrees of responsibility, which must be properly managed.

Managing these rights and responsibilities is becoming increasingly complex, both technically and legally. Many of the challenges stem from the increasingly, composite, automated, dynamic and often opaque nature of technology and its supporting ecosystems. The challenges are set to increase, as computing becomes increasingly pervasive and ubiquitous, and as visions of smart cities and the IoT become a reality.

Building on the successes of the previous workshops, CLaw 2018 aims to facilitate an interdisciplinary exploration of the technical and legal challenges as regards emerging technology, with a particular focus on its increasingly pervasive and ubiquitous nature.

[Previous workshops: CLaw 2017CLaw 2016,  CLaw 2015]


Monday, 8th October

Suntec Convention Centre, Singapore

(For logistics see the Ubicomp page)

[[ Each paper slot will consist of a short presentation, a response by a designated delegate, and discussion/Q&A ]]

12.00 - 13.15 :: Registration and lunch (served 12.00 - 14.00)

13.15 - 13.30 :: Welcome and introductions

13.30 - 14.00 :: Towards Behavioral Privacy: How to Understand AI’s Privacy Threats in Ubiquitous Computing - Eran Toch, Yoni Birman 

14.00 - 14.30 :: How Portable is Portable? Exercising the GDPR's Right to Data Portability - Janis Wong, Tristan Henderson 

14.30 - 15.00 :: Reclaiming Data: Overcoming App Identification Barriers for Exercising Data Protection Rights - Christopher Norval, Jennifer Cobbe, Heleen Janssen, Jatinder Singh

15.00 - 15.30 :: Coffee break

15.30 - 16.00 :: Are We Ready for the Internet of Robotic Things in Public Spaces? - Seng Loke 

16.00 - 16.30 :: IoT App Development: Supporting Data Protection by Design and Default - Tom Lodge, Andy Crabtree, Anthony Brown

16.30 - 16.45 :: Wrap up and next steps

Drinks and dinner (TBC) [optional]

Call for papers

The key goal of this workshop is to stimulate a multidisciplinary discussion and new directions on these important issues. As such, we welcome a wide range of submissions, whether technical, legal or some combination; position papers, thought pieces and extended abstracts to stimulate debate are encouraged. For those technical in nature - fully implemented and evaluated systems are not essential, and application-specific papers are welcome.

Some suggested topics, in no particular order, include:

  • Considerations re the sensing/collection, storage and management of personal data
  • Technical approaches for managing legal obligations (privacy, user rights, SLAs, government access, ...)
  • Accountability, audit and proof of compliance with regulation
  • Transparency in pervasive computing environments
  • Compatibility issues between regulation and technical implementation
  • The interplay of sensors, cloud, privacy and surveillance
  • Privacy and security in ubiquituous and cloud computing environments
  • Forensics and investigation (failures, security breaches)
  • Emerging cloud technologies (decentralised clouds: cloudlets, droplets; containment mechanisms)
  • Implications of fog and edge computing
  • Emerging cloud and infrastructure service models (X as a Service)
  • Issues relating to big data, analytics and machine learning
  • Data localisation: from centralisation to regional data stores (data stays in country X) to personal data stores (data stays at ‘home’) to micro-data stores (per-device). 
  • Liability and safety aspects of automated systems and actuation
  • Encryption, security technologies and responsibility
  • Machine learning, profiling and analytics considerations
  • Distributed analytics and machine learning
  • Usability, interfaces, and the tech-legal implications
  • Fairness, anti-discrimination, human rights, privacy and power issues regarding emerging technology
  • Interaction between cloud and IoT and consumer-facing business models
  • Fairness, anti-discrimination, human rights, privacy and power issues regarding emerging technology
  • Application / sector specific considerations; e.g. wellness, healthcare, finance, law enforcement

Submissions of any length are welcome, up to a max of 10 pages. Papers should be fomatted according to the SIGCHI Extended Abstacts template. Submissions will be peer reviewed, and for each accepted paper, at least one author is required to register and present the paper at the workshop. Accepted papers will be published in the ACM Digital Library. Please submit your papers at:

Important Dates: 

  • Paper submission: 1 Aug 2018 (AoE)
  • Author notification: 17 Aug 2018
  • Workshop date: 8 Oct 2018 



  • Jatinder Singh (University of Cambridge)
  • Julia Powles (Cornell-Tech/NYU)
  • Angela Daly (Chinese University of Hong Kong)


  • Chris Norval (University of Cambridge)

Programme Committee (tentative, TBC):

  • Jean Bacon (Computer Laboratory, University of Cambridge)
  • Nataliia Bielova (INDES, Inria)
  • Reuben Binns (Dept of Computer Science, University of Oxford)
  • Warren Chik (School of Law, Singapore Management University)
  • Jennifer Cobbe (Cambridge Trust & Technology, University of Cambridge)
  • Andrew Cormack (JISC, UK)
  • Nick Doty (UC Berkeley School of Information)
  • Jon Crowcroft (Computer Laboratory, University of Cambridge)
  • Lilian Edwards (Law School, Strathclyde University)
  • David Eyers (Dept of Computer Science, University of Otago)
  • Primavera De Filippi (CNRS, Université Paris II)
  • Yihan Goh (School of Law, Singapore Management University)
  • Hamed Haddadi (EECS, Queen Mary University of London)
  • Tristan Henderson (School of Computer Science, University of St Andrews)
  • Martin Henzie (RWTH Aachen University)
  • Joris van Hoboken (Information Law Institute, NYU)
  • Heleen Janssen (Computer Laboratory, University of Cambridge)
  • Joshua Kroll (School of Information, UC Berkeley)
  • Ryan Ko (Dept Computer Science, University of Waikato)
  • Emily Laidlaw (Faculty of Law, University of Calgary)
  • Chris Marsden (Law School, University of Sussex)
  • Christopher Markou (Faculty of Law, University of Cambridge)
  • Christopher Millard (Centre for Commercial Law Studies, Queen Mary University of London)
  • Frank Pallas (ISE, TU Berlin)
  • Thomas Pasquier (Dept. of Computer Science, University of Bristol)
  • Anna Perini (FBK-CIT - Center for Information Technology, Trento)
  • Marinella Petrocchi (IIT, Consiglio Nazionale Delle Ricerche)
  • Jörg Pohle (Alexander von Humboldt Institute for Internet and Society)
  • Lachlan Urquhart (Horizon, University of Nottingham / Law School, University of Edinburgh)
  • Ian Walden (Centre for Commercial Law Studies, Queen Mary University of London)
  • Lorna Woods (School of Law, University of Essex)