Research projects Tilburg Institute for Law, Technology, and Society (TILT)

Places and populations that were previously digitally invisible are now part of a ‘data revolution’ that is being hailed as a transformative tool for human and economic development. Yet this unprecedented expansion of the power to digitally monitor, sort and intervene is not well connected to the idea of social justice, nor is there a clear concept of how broader access to the benefits of data technologies can be achieved without amplifying misrepresentation, discrimination and power asymmetries. We therefore need a new framework for data justice integrating data privacy, nondiscrimination and non-use of data technologies into the same framework as positive freedoms such as representation and access to data. This project will conceptualize data justice along three dimensions of freedom: (in)visibility, autonomy with regard to technology, and combating data-driven discrimination. The framework will then be tested and further shaped by debates held in nine locations worldwide.

More information can be found here.

TILT is leading a study for the Directorate-General for Justice and Consumers on certification mechanisms, seals or marks under Articles 42 and 43 of Regulation (EU) 2016/679. The study aims to analyze existing certifications, provide recommendations for requirements for data protection certification mechanisms, accreditation criteria, and technical standards in the field of data protection certification. The output from the study will support the establishment of data protection certification mechanisms and of data protection seals and marks pursuant to Articles 42 and 43 of the General Data Protection Regulation (EU) 2016/679. Ronald Leenes, Irene Kamara, Eric Lachaud and Kees Stuurman (TILT) are involved in this study together with researchers from TNO and Civic Consulting.

Nadezhda (Nadya) Purtova PhD of the Tilburg Institute for Law, Technology and Society (TILT) has been awarded an ERC Starting Grant of nearly 1.5 million euros by the European Union. The grant will spread over five years and allow her to build her own team and pursue research into legal protection of people against information-induced harm.

Information can harm people, for instance, being denied a mortgage or insurance based on your grocery shopping or online surfing profile. But what exactly is it in information that is harmful, and how can people be protected? The current legal answer is that protection (data protection principles, rights and obligations) is granted when a) there is information b) about or potentially affecting a person c) who is identified or identifiable. This is Personally Identifiable Information (PII). But now that virtually all information is PII, how can law meaningfully protect against information-induced harms?

Given modern data collection and processing techniques and unprecedented amounts of data available for analysis, everything can be personally identifiable information. Therefore, PII-based legal protection will fail, since a law regulating everything is meaningless. Yet, alternatives for structuring legal protection other than through the concept of PII are lacking.

With the research project Understanding information for the legal protection of people against information-induced harms (INFO-LEG), Nadya Purtova plans to look for substitutes for the notion of PII to fundamentally re-organize legal protection. Her project is unique in integrating how law, economics, and information studies conceptualize information. In addition to the data protection law, the results of the project will impact various other areas of law regulating information in digital age: intellectual property (drawing borders of rights in information objects); constitutional law (if data is protected speech); telecommunication and cybercrime.

Contact person: Nadya Purtova

More information can be found here.

MicroMole: Sewage monitoring system for tracking synthetic drug laboratories

TILT was part of a consortium that proposed an h2020 project in which the possibilities and boundaries for sewage monitoring will be explored. Kicking off in September, several members of TILT will be involved in this project.

The threat of synthetic drugs is one of the most significant current drug problems worldwide. Amphetamine-Type Stimulants (ATS) are the second most widely used drugs. Since 1990, ATS manufacturing has been reported from more than 70 countries worldwide and the figure keeps rising. In 2008, 80 % of the amphetamine production facilities dismantled worldwide were located in Europe. Since 2011, the wide availability of pre-precursors (like APAAN, a substance needed to prepare an ingredient of ATS) significantly lowered the price of the controlled precursor BMK and caused severe environmental problems, taking the problem to a greater dimension.

Against this backdrop, the aim of this project is to design, develop and test a prototype of a system for legal recording, retrieving and monitoring operations of ATS and ATS precursor laboratories in urban areas. The sensor system will be installed within the sewage system and will track waste associated to ATS production. Criminal investigators and forensic specialists will use the system in case of:

1. Initial general suspicion of ATS production in a certain area, for locating laboratories by monitoring the sewage system for long time periods; 2. Strong suspicions that in a well confined area ATS is being produced, for collecting material for forensic analysis and potential use in court, and for aiding in the planning of LEA raid operations.

TILT will be part of the development and testing of the μMole prototype by anticipating on- and analyzing of- the systems non-technical boundaries such as privacy law, data protection and social acceptance.

Back to the typewriters? - Rethinking informational self-determination in the era of mass state surveillance

Recent publications on the PRISM and TEMPORA surveillance programs demonstrate that citizen data are being secretly –without their knowledge and consent– collected by the state via private companies, at a massive scale. This blanket and mass citizen surveillance seriously undermines individuals’ informational self-determination and effective legal protection. Building on the theories of informational self-determination and constitutionalization of data protection, Kosta will identify the required systemic revisions in the European data protection framework, in particular in the system of checks and balances to compensate for the loss of citizen control over state access to citizen data via private companies.

The right to the inviolability of the home is the cornerstone of privacy protection. However, now that people are continuously carrying their private lives with them (in their smartphones or in the cloud) and can be followed everywhere in the public space (e.g., through cameras, drones, facial recognition, Google Glass), privacy must be reinvented. An NWO Vici grant will enable Bert-Jaap Koops of Tilburg Law School to set up a research group to do just that.

The research will be aimed at finding new paradigms to legally protect citizens in the age of ubiquitous data, without linking the protection to a specific place: ‘Right to Inviolability of the Home 2.0’. Ideas that spring to mind are special protection for certain categories of data or of combinations of data from various sources, or strict limitations on investigation services to only collect data relevant to the context of the specific investigation. The project is not merely aimed at protection through legal rules, but also at possibilities to enforce legal protection through technology itself.

The Dom Jur project build and maintains the largest online database of caselaw about domain name disputes concerning .nl domain names and about responsibility of internet intermediaries. The project is funded by SIDN, the registrar of .nl domain names. The project started in the early 2000s and continues to this day. Maurice Schellekens is head of the editorial board of DomJur. The database can be visited at http://www.domjur.nl

For more information contact: mr. ir. Maurice Schellekens

The project ‘judicial review of Big Data: a comparative analysis’ builds on the Big Data research of The  Netherlands Scientific Council for Government Policy, where one of the conclusions was that the current legislation is primarily focused on protecting individual rights and individual interests, while Big Data impacts groups of people or interests that transcend the individual.

In the era of Big Data a lot of data gathering, analysis and use, has an impact that transcends individual interests. At the same time most rights such as the right to privacy, the protection of personal data and rights such as the right to fair trial have traditionally a strong focus on the individual and their interests. An additional complication with the use of Big Data is that it often concerns opaque processes where those affected are not aware that their interests might be harmed. Therefore the project researches possibilities to offer redress for collective interests or at least non-individual interest, with specific attention to the use of data and data analysis by governmental actors. The project maps the possibilities under current Dutch law for group litigation and collective procedures in domains of administrative law, civil law, and criminal law. The other component of the project is comparative analysis, examining jurisdictions such as Germany, France, Belgium, the United Kingdom, Canada, the EU and the Council of Europe. From each of these jurisdictions examples are taken of possible ways of redress that might be of interest for the Dutch system. The main focus is on standing of groups, the requirements connected to immaterial harm or damage, and claims that deal with legislation or in abstracto cases.

Project coordinator: Bart van der Sloot

Project members: Bert-Jaap Koops & Sascha van Schendel

The Digital Clearinghouse is a project jointly hosted by the Tilburg Institute for Law, Technology, and Society (TILT) at Tilburg University, the Research Centre for Information, Law and Society (CRIDS) at the University of Namur, and the European Policy Centre (EPC) in Brussels. The project aims to create a platform facilitating cooperation, dialogue and exchange of insights and best practices between different stakeholders. Its key mission is to achieve a better and more coherent protection of individuals in an era of big data and artificial intelligence.

The European Data Protection Supervisor launched the initiative of the Digital Clearinghouse in a 2016 Opinion as a voluntary network of regulators involved in the enforcement of legal regimes in digital markets, with a focus on data protection, consumer and competition law. In a 2017 Resolution, the European Parliament endorsed ‘the establishment and further development of the Digital Clearinghouse as a voluntary network of enforcement bodies [that] can contribute to enhancing their work and their respective enforcement activities and can help deepen the synergies and the safeguarding of the rights and interests of individuals’.

The objectives of the Digital Clearinghouse project are twofold: (1) to exchange best practices and novel ideas about how to protect individuals in digital markets across legal regimes, and (2) to bring together different stakeholders involved in this challenge, ranging from regulatory authorities, to policy makers, researchers and other interested parties.

The Digital Clearinghouse project is funded by grants from the Open Society Foundations, the Omidyar Network, and the King Baudouin Foundation.

For more information, please visit our website www.digitalclearinghouse.org or contact Inge Graef at i.graef@uvt.nl

The joint TILT-TILEC data portability project explores the impact of data portability on individuals, competition and innovation. Data portability is the ability of consumers to move data among different services. The General Data Protection Regulation has introduced data portability as a right of natural persons in EU data protection law, enabling individuals to demand exportation of their personal data from one service in order to take it "with them" and re-import it into another service.

Beyond its role in data protection, the right to data portability will inevitably affect the position of firms on the market, and hence influence the future landscape of data-centered business models. As a remedy to user lock-in and associated switching costs, data portability can have an important impact on competition between market players and profoundly change their business strategies. At the same time, however, it might also influence incentives to innovate.

There is an urgent need to map and study these issues as well as to examine how existing and evolving policies in different fields interact with one another considering that policy makers have started to look at possible portability tools in other fields, such as consumer protection and the free flow of non-personal data, as well.

The project aims to connect academia, industry and policy makers. So far, the project has received funding from Tilburg Law School and Philips Lighting.

More information: Inge Graef

Combatting botnets is a key challenge in cybersecurity. The classic crime-fighting approach of prosecuting perpetrators and confiscating crime tools fails here: botnets cannot be simply 'confiscated', and law-enforcement's reactive focus on prosecuting offenders is ill-suited to deal effectively with botnet threats. A wider set of anti-botnet strategies, including pro-active strategies and public-private co-operation, is needed to detect and dismantle botnets. Public-private anti-botnet operations, however, raise significant legal questions: can data about (possibly) infected computers be shared among private parties and public authorities? How far can private and public actors go in anti-botnet activities? And how legitimate are public-private partnerships in which private actors partly take up the intrinsically public task of crime-fighting? These questions will be addressed in the BotLeg project on the legal boundaries of public-private actions against botnets.

The BotLeg project is a consortium between TiU (TILT), SURFNet, SIDN, Abuse Information Exchange, and NHTCU. While the main focus of the research is the Netherlands, the project will develop a comparative analysis to include other EU countries. The project is financed via NWO and will last for 48 months. Among the expected legal research results, the BotLeg project will deliver sectorial guidelines and codes of conduct on anti-botnet operations.