A Tale of a Legal Engineer

A Tale of a Legal Engineer

CDT- NGCM Seminar with Prof. Sophie Stalla-Bourdillon

On Monday 2nd December, Sophie Stalla-Bourdillon delivered a seminar entitled “A Tale of a Legal Engineer”. As well as holding a professorship within the Law School at the University of Southampton, Sophie also holds the position of “Legal Engineer” at Immuta. In the same way that civil engineers build physical bridges, Sophie explained that the aim of legal engineers is to bridge the chasm that exists between the legal guidance surrounding data privacy, and the technical capabilities of data scientists. Current legal frameworks surrounding data governance are complex to state and difficult to enforce, leading to widespread ignorance of guidance – this consequently leads to failures to comply with legal regulations, and ultimately, the potential for harm to individuals.

Sophie argued that the solution to these problems is socio-technical – technology can and must be leveraged to facilitate compliance with the law, but companies must also ensure that their working practices are designed from the ground up to understand and mitigate the risks of mishandling the data they are using. This guidance has been documented in a whitepaper for businesses on how to develop a data-governance framework which is both compliant with privacy regulations and is practical to implement.

Written by Dan Wallace

In this talk, Sophie explained why data governance is a challenge that every data-driven organisation is or should be facing and offered insight into the key components of successful data science initiatives from a governance, risk and compliance perspective.

Too much legal complexity surrounding data usage means that in data-driven organisations of all sizes, the compliance burden is de facto shifting to those in technical roles, who must navigate the legal landscape mostly on their own. Lawyers aren’t trained to translate high-level legal norms of which remit is not well defined into concrete recommendations for operationalizing compliance strategies. As a result, lawyers tend to step back.

However, technical roles such as Chief Information Security Officers and Chief Information Officers need legal help. This means that lawyers’ advice needs to be formulated in a way that is useful for decision-making. Lawyers must step into the shoes of technical roles and craft legal guidance that can be easily put into use. In other words, lawyers should become “legal engineers” too, helping to engineer legal requirements directly into software systems and processes. This evolution is key to the success of data regulations such as the General Data Protection Regulation (GDPR).

Prof. Sophie Stalla-Bourdillon

Sophie is Professor of Information Technology Law at the University of Southampton and Senior Privacy Counsel and Legal Engineer with Immuta, a data governance platform, where she works on tackling the ethical challenges of AI. Sophie is responsible for examining current data protection and model risk frameworks, helping customers to embed aspects of these frameworks within the Immuta platform, and framing these practices into digestible, easy-to-scale methods to help customers control risk across their data science programs.


The seminar took place in the Mountbatten Seminar Room, Highfield Campus, on 02 December 2019.