Mapping Boundaries: Technology-Facilitated Wrongs Against the Person and Criminal Law Theory

Marthe Goudsmit Samaritter  •  Max Planck Institute for the Study of Crime, Security and Law

“Defining Persons, Defining Wrongs: Personhood Theory and Technology-Facilitated Violence in the Realm of Justified Criminalisation“

Abstract: Justified criminalisation in constitutional democracies typically requires that conduct be harmful, wrong­ful, and public. What counts as harm and what counts as wrong depend on how the harmed and wronged subject is defined. For offences against persons, this means the definition of the person. The traditional liberal conception, which confines the person to body and mental capacities, recognises as harms and wrongs against the person only conduct that primarily affects those dimensions. This conception has shaped the criminal law of constitutional democracies for centuries and still operates, implicitly, in much doctrinal thinking about offences against the person.
This paper argues that the atomistic definition of personhood prevalent in the law of constitutional democracies has always been phenomenologically inaccurate, but that technology-facilitated wrongs put this conception under strain. Technology-facilitated violence can produce severe experienced harm without primarily affecting the body or mental capacities of the person affected. On the traditional, atomistic conception, such conduct cannot coherently be recognised as harms and wrongs against the person. In some cases it may still be justifiably criminalised — as a property offence, informational offence, privacy offence, or public order offence — but the theoretical footing for criminalising it as an offence against the person is not readily available. Voice-cloning can be captured as misuse of biometric information, or as unauthorised speech attributed to the cloned person; image-based sexual abuse can be captured as an informational offence, or as a direct violation of the depicted person in their sexual integrity. Which framing is theoretically coherent depends on what the person is taken to be.
Where persons are defined through caring relationships, the representations, communications, and digital presences through which persons are present to others become part of the person. Conduct that affects those representations and presences could be recognised as direct harms and wrongs against the person. When law uses a relational definition of personhood, conduct such as IBSA and voice-cloning can coherently be criminalised as offences against the person.

Jonathan Herring  •  University of Oxford

 “Universal Vulnerability, Relationality and the Criminal Law in the Digital Age”

Abstract: This paper will explore the application of Universal Vulnerability theory to our understanding of criminal law in the digital age. It will start by offering a brief overview of universal vulnerability, explaining how it relates to relational theory and ethics of care. It will then explore three particular themes that are relevant to criminal law. First, the importance of understanding harms relationally. Second, the importance for the criminal law of recognising relational responsibilities. Third, briefly, the role autonomy and consent should play in the criminal law.
The paper will conclude with a discussion of how these themes are particularly relevant in the digital age. This will highlight the particular vulnerabilities and responsibilities that emerge in the online world.

R. A. Duff  •  University of Stirling

“Criminalising Technology-Facilitated Wrongs”

Abstract: I have argued elsewhere that we have reason to criminalise a type of conduct if, and only if, it constitutes a public wrong: a wrong that violates the polity’s civil order, and that therefore concerns the whole polity. Among the questions raised by this principle are the following.
How are we to determine whether a type of conduct violates the polity’s civil order? The idea of the public realm, as delimited by the polity’s understanding of its civic enterprise of living together as citizens, is crucial, and debatable, in this context.
How should we characterise the wrongs that we see reason to criminalise? The character of the wrong matters not just for fair labelling purposes, but because it bears on whether the wrong should count as ‘public’.
Are wrongs properly criminalisable only if they involve harm or the threat of harm? This will involve getting clearer about the relationship between harms and wrongs, and about the way in which some harms count as harms only in virtue of their wrongfulness.
Do we have good reason to criminalise a public wrong rather than responding to it in some other way? There are many ways other than criminal law of responding to public wrongs, including doing nothing formally, non-criminal regulation, and tort law.
I will explore these questions in relation to various kinds of technology-facilitated wrong, in particular kinds of image-based sexual abuse. This will, I hope, both clarify the arguments in favour of criminalising such wrongs and test the utility of a ‘public wrongs’ principle of criminalisation.

Sandra Marshall  •  Professor Emerita, University of Stirling

“Hearing Voices”

Abstract: Discussion of the wrongful use of ‘deepfake’ images is, by now, familiar; indeed, the UK Government has already (7 January 2025) announced its intention to make creating sexually explicit ‘deepfake’ images a criminal offence. However, rather less, if any, consideration has been given to the possibility of criminalising the wrongful creation of non-intimate images, or to the creation of ‘deepfakes’ which are not visual, i.e. to the manipulation of voices. It is ‘deepfake’ voices with which this presentation will be concerned.
My discussion falls under two headings. (A) The significance of voices and the kind of wrong involved in ‘deep­fakery’ (one might reflect here on the AI-generated video of homicide victim Christopher Pelkey ‘presenting’ a victim personal statement to the sentencing judge, Maricopa County Superior Court, 2025). (B) AI companions, and the therapeutic use of AI-created voices. Here the question is whether such voices have the potential to undermine responsibility: can those who act on what these voices ‘say’ be said to be suffering ‘diminished responsibility’? Are such cases analogous to cases of delusion where someone ‘hears voices’ telling them to act?
The technologies with which voices and images are now being created are certainly new and still developing, but the creation of images and voices is not. The criminal law may already have the conceptual resources to deal with the challenges posed by the new technologies, bearing in mind that it is important not just to criminalise but to label the crimes appropriately. So there may not be much for the criminal law theorist to get excited about. This seems to be the case with the sexually explicit ‘deepfake’ images mentioned above, and may also be the case with the crea­tion of ‘deepfake’ voices as in (A). It might also be argued, at least in some cases, that they are more properly civil law matters rather than criminal. However, it is less clear that the cases in (B) are quite so straightforward — this is where the criminal law theorist might have something to get excited about.

Clare McGlynn  •  Durham University

“Invisible No More: How AI Chatbots are Reshaping Violence Against Women and Girls”

Abstract: This presentation discusses the findings of a recent scoping review and research report on how AI chat­bots are implicated in violence against women and girls (VAWG). The report provides the first comprehensive map­ping of how chatbots are reshaping VAWG, and introduces a novel typology to better understand these emerging forms of abuse, such as chatbot-driven and chatbot-simulated abuse. The scoping review identified a foundational failure of research frameworks to consider VAWG, raising significant concerns about the future evidence base for reform. Overall, the research aims to make visible the very real harms and threats to women’s freedom and safety posed by AI chatbots, and advances a range of recommendations for governments and AI platforms aimed at mitigating and preventing this escalating threat.

Marloes van Noorloos  •  Leiden University

“Criminal Wrongs of Misogynistic Harassment Campaigns Online“

Abstract: Cyber harassment and intimidation campaigns against women(+) have become a pressing issue: digital technologies, including AI tools, have enabled massive virtual misogynistic attacks, including doxing, sharing of manipulated images or videos, insults and hate speech, and incitement to (sexual) violence. This is taking place against the backdrop of an increasingly influential ‘manosphere’ online. In particular, women active in public life — including politicians — have become heavy targets of such practices, resulting in silencing effects. Moreover, women speaking up against sexual violence and harassment that they have experienced (#metoo), and journalists reporting about it, risk becoming targets of misogynistic online smear campaigns. AI bots greatly expand these risks.
Gendered digital smear campaigns and harassment can take a multitude of forms, which can each constitute spe­cific wrongs — against specific persons and/or against broader groups in society; moreover, these processes can harm democratic rights and public participation of women.
The criminalisation of behaviour such as doxing is relatively new to (or still absent in) many domestic criminal justice systems; dealing with expressions such as intimidation and insult through criminal law tends to raise critical questions. Criminal law’s focus on individual responsibility may also sit uneasily with the mass and large-scale, collective and largely anonymous nature of digital smear campaigns. Moreover, the (criminal, civil or administrative) responsibilities of digital platforms and AI developers come into the picture.
In this paper I intend to disentangle the complexities surrounding criminal law’s potential for dealing with cyber harassment campaigns against women, zooming into how the specific parts of this problem may each constitute specific wrongs, while the problem as a whole may constitute a specific type of technology-facilitated wrong that criminal law may not yet have been able to comprehensively address.

Mark Dsouza  •  UCL

“Offences Against the (Online) Person“

Abstract: In this paper, I outline a theoretical argument for the criminalisation, as offences against the person, of certain wrongs perpetrated against a person’s avatar (or curated online persona/profile). The argument relies on two complementary sets of claims.
First: we already accept that the state may appropriately criminalise conduct that wrongfully harms one’s person as an offence against the person. With technological advancements, a (corporeal) person’s relationship with their online avatar (or curated profile/persona) can now transcend the subject-object relationship of a person with their property, such that the avatar becomes an extension of the corporeal person’s agential personhood. Therefore, we should also accept that conduct that wrongfully harms one’s technologically extended person can be an offence against the person.
Second: the online world is a valuable common resource, access to which is worthy of state protection. Since access to this resource, or at least to some valuable parts thereof, requires the use of an avatar, a person’s (not unduly fettered) access to their avatar is also worthy of state protection. That protection can take the form of not treating an unwillingness to disengage with one’s avatar (and thereby, the online world) as legally valid acceptance of the risk of harm.

Tatjana Hörnle  •  Max Planck Institute for the Study of Crime, Security and Law

“Sexual Autonomy in the Digital Age“

Abstract: I will first sketch the historical development of the protected right. The invention of sexual autonomy is a rather new phenomenon (second half of the 20th century). In earlier periods, sexual behaviour was regulated for functional reasons (mainly to enhance security regarding fatherhood in patrilineal societies) and then to protect “female honour” as a more abstract notion. Accordingly, typical wrongful acts initially were those that could lead to the birth of children, but with further steps of referring to morality and honour, the notion of indecent acts was extended to all kinds of sexualised bodily contact.
Today, one could ask how far the right to sexual autonomy should be extended beyond the right to bodily integrity and beyond the right not to be involved in unwanted direct-interpersonal interactions. Two developments need to be mentioned: not only the digital production of images and digital communication, but also the (constitutional) exten­sion of individuals’ rights — privacy rights and particularly the right to decide about the use of images of oneself (Recht am eigenen Bild). On the level of thinking about rights, it makes sense to acknowledge multidimensional rights that relate to both sexual autonomy and the more general right to control the use of images that depict persons. However, we should pay more attention to the question at which point criminal law is overextended. It is not self-evident that the conclusion “violations of sexual autonomy always warrant criminalisation” still holds once sexual autonomy is combined with control rights regarding images.

Carlotta Rigotti  •  Leiden University

“Beyond Directive (EU) 2024/1385: Mapping a Legal Ecosystem for Technology-Facilitated Violence Against Women in the EU“

Abstract: In May 2024, the European Union adopted Directive (EU) 2024/1385, the first binding legislative instrument aimed at harmonising responses to violence against women and domestic violence across Member States. The Directive criminalises various forms of sexualised and gendered harm, including online manifestations (Chapter 2), while build­ing on the existing EU victims’ rights framework to enhance support and assistance for survivors (Chapters 3–4). It further addresses prevention (Chapter 5), as well as coordination and cooperation (Chapter 6), reflecting a recognition that combating gender-based violence, including its technology-facilitated dimension, demands a holistic approach.
However, the Directive’s holistic ambitions are only partially realised. While Article 46 acknowledges interactions with adjacent instruments such as the Digital Services Act, these connections are not comprehensively elaborated, nor does the Directive nudge towards a gender-sensitive and responsive interpretation of broader EU law, leaving significant gaps in the overall protective framework. Addressing these gaps therefore requires mapping the broader ecosystem of EU legal instruments capable of responding to online gender-based harms from multiple, comple­men­tary angles. Scholars and civil society organisations have begun identifying adjacent legislation, most notably the AI Act, as potentially instrumental in this regard, yet the contribution of these instruments remains largely understudied. Other frameworks, including product safety, similarly deserve examination.
Against this background, this contribution undertakes a legal mapping of relevant EU instruments, identifying pro­vi­sions that could be repurposed, reinterpreted, or better coordinated to support a coherent and victim-centred re­sponse to technology-facilitated violence. In doing so, it exposes gaps, inconsistencies, and structural short­com­ings in the current legal ecosystem, and contributes to broader efforts to ensure adequate protection for women online.

Domenico Rosani  •  Utrecht University

“Fully Synthetic CSAM and the Limits of Criminalisation Theory“

Abstract: Fully synthetic content depicting child sexual abuse, once relegated to a fleeting mention in criminal law textbooks, has rapidly emerged as a pressing concern. The advent of generative AI enables the relatively easy production of highly realistic images of children, and reports indicate that such material is increasingly widespread on the dark web. This development has prompted renewed calls at the European Union level to criminalise fully synthetic child sexual abuse material (CSAM) alongside ‘real’ CSAM. Under the current EU legal framework, Member States may choose not to criminalise fully synthetic material provided that three cumulative conditions are met: no real children are involved, the material is intended for private use, and there is no risk of dissemination. The European Com­mis­sion has proposed removing this exception, thereby extending the definition of CSAM to encompass AI-generated content as such.
There appears to be very broad social consensus in favour of prohibiting fully AI-generated CSAM, reflecting a heightened awareness of and aversion to child sexual abuse over the past three decades. Indeed, most EU Member States already criminalise such material, with Italy being a notable exception.
However, the normative justifications advanced for extending criminalisation to fully synthetic content remain un­convincing. A range of arguments is typically invoked: in particular, the potential indirect harm to children (on the assumption that consumers may eventually seek to act on their fantasies), the violation of abstract or immaterial legal goods such as children’s dignity, and the practical difficulties for law enforcement in distinguishing between real and synthetic material. While each of these considerations carries some weight, they are difficult to reconcile coherently with established theories of legitimate criminalisation in continental European criminal law. The prohibition of synthetic content is most plausibly explained by a desire to suppress morally objectionable content — yet criminal law in the European tradition is not, at least in principle, designed to enforce morality as such.
I contend that an adapted theoretical foundation is needed to justify the criminalisation of AI-generated CSAM, one capable of mediating between traditional European doctrines of legitimate criminalisation and the clear societal and (increasingly) normative demand to prohibit this type of content. Such a framework should pragmatically reconcile the core focus of (sexual) criminal law on the protection of legal goods with the extension of criminalisation to fully AI-generated CSAM, while ensuring proportionality and overall fairness, particularly in light of the different types of harm that characterise AI-generated and ‘real’ CSAM.

Anna Montgomery  •  Ulster University, Belfast

“The Smart Home as a Site of Coercive Control“

Abstract: Smart devices are increasingly embedded within domestic environments, transforming how relationships are organised and experienced. When smart devices enter the home, they generate continuous streams of data about individuals’ routines and behaviours. In abusive relationships, these technologies may be maliciously repurposed to monitor, interpret and regulate the behaviour of victim-survivors. Control is therefore exercised through both physical presence and direct commands, as well as through the strategic use of personal data collected by smart home devices.
Whilst a growing body of scholarship examines technology-facilitated domestic abuse (tech abuse), less attention is paid to how data-generating smart home devices (smart doorbells, thermostats, cameras, etc.) reshape how coercive control occurs. Victim-survivors frequently describe feeling like ‘prisoners’ and ‘hostages’ within their own home, aware that their actions may be watched or later scrutinised through device activity logs. This awareness often produces behavioural modification as individuals attempt to anticipate how their actions may be interpreted by their abusive partner.
To explain these dynamics, I introduce the concept and term ‘Intimate Digital Hostage Taking’ to describe digitally facilitated coercive control that arises when homes become entangled with smart devices. Drawing on digital-self scholarship, I show how smart home data can function as a vector of abuse, enabling surveillance and control of the embodied ‘datafied’ individual. Although mediated through data and devices, these harms ultimately have lasting effects on the physical person.
I examine these dynamics through UK and Irish domestic abuse law and relevant statutory guidance. By concep­tu­al­ising how personal data can be weaponised within intimate relationships and spaces, I contribute to scholarship on gender-based violence, tech abuse and the digital self, whilst also providing language that may assist victim-survivors, support organisations and practitioners in articulating these emerging forms of coercive control.

Kim Barker  •  Lincoln Law School

“Preventing Intangible Violations: A Comparative Account of Technology-Facilitated Violence Against Women and Girls as Wrongs Against the Person“

Abstract: Technology-facilitated violence against women and girls (TFVAWG) exposes a persistent disjunction between lived harms and the conceptual architecture of criminal law. Across jurisdictions, digital abuses — such as non-consensual image sharing, deepfake pornography, cyberstalking, and platform-enabled coercive control — are unevenly recognised, often fragmented across offences, or excluded from the category of “wrongs against the person” due to their non-physical character. This paper argues that these divergences reflect not only doctrinal contingency but a shared theoretical limitation: an overly corporeal conception of personhood within criminal law.
Drawing on vulnerability theory, the paper reconceptualises TFVAWG as constituting direct wrongs against the person by targeting identity, agency, and the social conditions of autonomy in digitally mediated environments. It develops a comparative analysis of selected jurisdictions (for example, England and Wales, Germany, and selected common law systems) to demonstrate how different legal frameworks variously expand or constrain the boundaries of protected legal ‘goods’ in response to such harms. This comparison highlights both convergence — such as the growing recognition of image-based abuse — and persistent conceptual gaps, particularly regarding emerging forms like synthetic media and data-driven harassment.
The paper further interrogates the harm/wrong distinction in comparative perspective, arguing that many TFVAWG practices are wrongful irrespective of demonstrable harm, given their violation of normative interests in personhood and self-determination. Building on this, it shifts the focus from reactive criminalisation to prevention, examining how different jurisdictions integrate (or fail to integrate) preventive approaches, including platform regulation, duties of care, and design-based interventions.
By embedding prevention within a comparative criminal law framework, the paper advances a theoretically grounded account of TFVAWG that supports both principled criminalisation and legitimate anticipatory regulation, contributing to broader debates on the boundaries of wrongs against the person in the digital age.

Beatriz Seabra de Brito  •  NOVA School of Law

“Risk-Based Crimes in Online Environments: A Case Against Excessive Punishment“

Abstract: Risk-based offences are often said to stand against a minimalist conception of criminal law. Minimalist conceptions impose limits both on criminalisation and on punishment. For some, to know what a crime should be is to know when the State should punish, making the permissibility of punishment coincide with the reasons to criminalise. Yet there can be reasons to criminalise without reasons to punish: while a defence renders punishment unjustified, it does not defeat the reasons for criminalisation.
This paper uses the features of online environments to challenge the common assumption that risk-based crimes are an instance of too much criminal law. It is true that risk-based offences expand the scope of criminal norms. Yet, if properly designed, risk-based offences are means of restraint: the broader scope of criminalisation is offset by a reduction in penal severity.
I claim that the appropriate use of criminal law not only allows, but often requires, the enactment of risk-based crimes in online environments. I suggest there are at least two groups of cases in which harm-based offences in online environments are inadequate. First, where the harmful outcome is not the principal wrong. Second, where harm is not measurable, or can be measured only imprecisely. In these cases, the enactment of risk-based offences is necessary for effective deterrence. Of course, this is only the case where the justification for proscribing risk is met. If the scope of proscribed conduct is extended to encompass risk, this can be justified only, and exceptionally, where maintaining a harm-based prohibition is inadequate.

Christina Pasvanti Gkioka & Simone van der Hof  •   Leiden University

“Protecting Children from Avatar-Mediated Child Sexual Abuse and Exploitation: Assessing the Boundaries of European Criminal Law“

Abstract: Incidents of sexual abuse and exploitation involving children in avatar-mediated environments are in­creas­ingly reported. Immersive digital spaces have introduced new contexts in which abusive conduct against children may occur, stretching the boundaries of European criminal law addressing child sexual abuse and exploitation (CSAE).
The abusive practices themselves are not new, given that avatar-mediated CSAE includes, e.g., grooming, CSAM and sexual extortion; however, what has changed is the environment in which they occur. Behaviours that once took place completely offline and later on digital platforms are now enacted through avatars in immersive environments. This persistence across contexts supports understanding CSAE as a continuum and situating avatar-mediated CSAE within it. However, it remains unclear whether European criminal law adequately addresses these new forms of CSAE.
One reason is that avatar-mediated CSAE poses distinct challenges for criminal law. First, abusive conduct is di­rected at the child through their avatar, inserting an additional layer between offender and victim and complicating understandings of what constitutes a wrong against the person. Second, conduct may occur entirely within the digital environment and often takes the form of non-contact abuse. Third, harm may be primarily psychological rather than physical. Together, these characteristics challenge assumptions about victimhood, harm, and criminalisation, raising questions about the boundaries of criminal law protection against technology-facilitated wrongs.
Using doctrinal legal research, the paper addresses the following question: to what extent does the European criminal framework safeguard the child’s right to protection from avatar-mediated child sexual abuse and exploitation? It evaluates key Council of Europe and European Union instruments and shows that, while provisions can cover aspects of avatar-mediated CSAE, conceptual gaps remain where CSAE is fully avatar-mediated and harms children through digital embodiment.