Research projects Tilburg Institute for Law, Technology, and Society (TILT)

Places and populations that were previously digitally invisible are now part of a ‘data revolution’ that is being hailed as a transformative tool for human and economic development. Yet this unprecedented expansion of the power to digitally monitor, sort and intervene is not well connected to the idea of social justice, nor is there a clear concept of how broader access to the benefits of data technologies can be achieved without amplifying misrepresentation, discrimination and power asymmetries. We therefore need a new framework for data justice integrating data privacy, nondiscrimination and non-use of data technologies into the same framework as positive freedoms such as representation and access to data. This project will conceptualize data justice along three dimensions of freedom: (in)visibility, autonomy with regard to technology, and combating data-driven discrimination. The framework will then be tested and further shaped by debates held in nine locations worldwide.

Contact person: Dr. Linnet Taylor

Read more information about this project.

Watch the video about this project.

Nadezhda (Nadya) Purtova PhD of the Tilburg Institute for Law, Technology and Society (TILT) has been awarded an ERC Starting Grant of nearly 1.5 million euros by the European Union. The grant will spread over five years and allow her to build her own team and pursue research into legal protection of people against information-induced harm.

Information can harm people, for instance, being denied a mortgage or insurance based on your grocery shopping or online surfing profile. But what exactly is it in information that is harmful, and how can people be protected? The current legal answer is that protection (data protection principles, rights and obligations) is granted when a) there is information b) about or potentially affecting a person c) who is identified or identifiable. This is Personally Identifiable Information (PII). But now that virtually all information is PII, how can law meaningfully protect against information-induced harms?

Given modern data collection and processing techniques and unprecedented amounts of data available for analysis, everything can be personally identifiable information. Therefore, PII-based legal protection will fail, since a law regulating everything is meaningless. Yet, alternatives for structuring legal protection other than through the concept of PII are lacking.

With the research project Understanding information for the legal protection of people against information-induced harms (INFO-LEG), Nadya Purtova plans to look for substitutes for the notion of PII to fundamentally re-organize legal protection. Her project is unique in integrating how law, economics, and information studies conceptualize information. In addition to the data protection law, the results of the project will impact various other areas of law regulating information in digital age: intellectual property (drawing borders of rights in information objects); constitutional law (if data is protected speech); telecommunication and cybercrime.

Contact person: Dr. Nadya Purtova

Read more information about this project.

The ParTFin project aims at developing and strengthening public-private partnerships (PPPs) in order to enhance information sharing between competent authorities (including regulators) and financial and payment service providers at the national and EU levels and at facilitating the cross-border information exchange between PPPs. To this end, the project will provide best-practice guidance to policy makers at the EU and national levels.

Research activities will include (i) comparative legal analyses of PPP involving eight countries in- and outside the EU in the area of AML/ as well as PPP in other areas of security law; (ii) research spanning security law, data protection law, and public international law; (iii) socio-legal research on PPPs, including interviews with competent authorities and relevant private stakeholders; and (iv) an interdisciplinary investigation into the relationship between law and technology in the context of financial analytics.

In the short term, the project will benefit competent authorities engaged in counter-terrorism investigations in four EU Member States (France, Germany, Italy, and Spain), which form the core of the present pilot project, as well as European agencies. In the mid-term, it will provide guidance for legislators in the four above-mentioned States and for the EU legislator. In the long term, it will contribute to creating or enhancing PPP in other EU Member States and stimulate political action in support of such mechanisms outside the area of terrorism financing.

Contact person: Prof. Eleni Kosta

The right to the inviolability of the home is the cornerstone of privacy protection. However, now that people are continuously carrying their private lives with them (in their smartphones or in the cloud) and can be followed everywhere in the public space (e.g., through cameras, drones, facial recognition, Google Glass), privacy must be reinvented. An NWO Vici grant will enable Bert-Jaap Koops of Tilburg Law School to set up a research group to do just that.

The research will be aimed at finding new paradigms to legally protect citizens in the age of ubiquitous data, without linking the protection to a specific place: ‘Right to Inviolability of the Home 2.0’. Ideas that spring to mind are special protection for certain categories of data or of combinations of data from various sources, or strict limitations on investigation services to only collect data relevant to the context of the specific investigation. The project is not merely aimed at protection through legal rules, but also at possibilities to enforce legal protection through technology itself.

Contact person: Prof. Bert-Jaap Koops

The Dom Jur project build and maintains the largest online database of caselaw about domain name disputes concerning .nl domain names and about responsibility of internet intermediaries. The project is funded by SIDN, the registrar of .nl domain names. The project started in the early 2000s and continues to this day. Maurice Schellekens is head of the editorial board of DomJur. The database can be visited at http://www.domjur.nl

For more information contact: mr. ir. Maurice Schellekens

The joint TILT-TILEC data portability project explores the impact of data portability on individuals, competition and innovation. Data portability is the ability of consumers to move data among different services. The General Data Protection Regulation has introduced data portability as a right of natural persons in EU data protection law, enabling individuals to demand exportation of their personal data from one service in order to take it "with them" and re-import it into another service.

Beyond its role in data protection, the right to data portability will inevitably affect the position of firms on the market, and hence influence the future landscape of data-centered business models. As a remedy to user lock-in and associated switching costs, data portability can have an important impact on competition between market players and profoundly change their business strategies. At the same time, however, it might also influence incentives to innovate.

There is an urgent need to map and study these issues as well as to examine how existing and evolving policies in different fields interact with one another considering that policy makers have started to look at possible portability tools in other fields, such as consumer protection and the free flow of non-personal data, as well.

The project aims to connect academia, industry and policy makers. So far, the project has received funding from Tilburg Law School and Philips Lighting.

Contact person: Inge Graef

The Digital Clearinghouse is a project jointly hosted by the Tilburg Institute for Law, Technology, and Society (TILT) at Tilburg University, the Research Centre for Information, Law and Society (CRIDS) at the University of Namur, and the European Policy Centre (EPC) in Brussels. The project aims to create a platform facilitating cooperation, dialogue and exchange of insights and best practices between different stakeholders. Its key mission is to achieve a better and more coherent protection of individuals in an era of big data and artificial intelligence.

The European Data Protection Supervisor launched the initiative of the Digital Clearinghouse in a 2016 Opinion as a voluntary network of regulators involved in the enforcement of legal regimes in digital markets, with a focus on data protection, consumer and competition law. In a 2017 Resolution, the European Parliament endorsed ‘the establishment and further development of the Digital Clearinghouse as a voluntary network of enforcement bodies [that] can contribute to enhancing their work and their respective enforcement activities and can help deepen the synergies and the safeguarding of the rights and interests of individuals’.

The objectives of the Digital Clearinghouse project are twofold: (1) to exchange best practices and novel ideas about how to protect individuals in digital markets across legal regimes, and (2) to bring together different stakeholders involved in this challenge, ranging from regulatory authorities, to policy makers, researchers and other interested parties.

The Digital Clearinghouse project is funded by grants from the Open Society Foundations, the Omidyar Network, and the King Baudouin Foundation.

For more information, please visit our website www.digitalclearinghouse.org or contact Inge Graef at i.graef@tilburguniversity.edu

The INTERSECT project has received funding within the Dutch National Research Agenda (NWA). This is a large-scale interdisciplinary project led by Technical University Eindhoven, with partners from Tilburg University, Technical University Delft, Radboud University Nijmegen, Vrije Universiteit Amsterdam, Twente University and a high number of businesses (e.g. Philips, Bosch, Oracle), NGOs and other parties.

The Internet of Things represents one of the biggest challenges – and, as of today, failures – for cyber-security and cyber-privacy. The INTERSECT project addresses this societal and technical challenge by adopting a new, foundational perspective that brings together security research (e.g. design, defence, attack generation) with legal and criminology approaches. The focus will be on the ability to design, develop and manufacture new types of IoT devices with security-by-design, security-by-default, robustness and resilience in mind. The project also aims to provide industry with incentives and instruments to adopt these new methods and manufacture IoT systems accordingly, so that governments and citizens can adopt them, thereby enabling the birth and the growth of an ‘Internet of Secure Things’.

Contact person: Maša Galič

“The use of face recognition technology by citizens and companies: exploration of privacy risks and regulatory options.”

This research is commissioned by the Scientific Research and Documentation Center (WODC) of the Dutch Ministry of Justice and Security.

Recent breakthroughs in the field of artificial intelligence, computer power, sensors and cameras have contributed to developments in the field of facial recognition technology. The ability to recognize people through images immediately raises the question of what privacy risks facial recognition entails and whether current legal protection is still adequate. The expectation that facial recognition applications will be available on a substantial scale for both citizens and businesses in the near future will require an exploration of regulatory options - legal and otherwise - to address potential negative effects of facial recognition in horizontal relationships (citizen-citizen and corporate citizen) to address.

This research takes a interdisciplinary approach; combining legal analysis and STS methods.

A two-fold research question has been formulated:
1) How are facial recognition technologies used by citizens and businesses and how can the use of facial recognition technologies by citizens and businesses infringe the privacy of citizens (now and in five years)?
2) How can current and potential privacy violations be prevented or limited?

Contact person: Esther Keymolen

In this WODC (Dutch Research and Documentation Centre of the Ministry of Justice and Security) project, we focus on the privacy risks stemming the use of hobby drones and spy products (such as spycams and hidden microphones) between citizens and possibilities for their regulation (through law, technology, self-regulation and social norms). The focus is thus on horizontal privacy concerning relations between citizens.

Contact person: Maša Galič

In the context of worsening humanitarian crisis, aid organizations are facing increased pressure to work more efficiently, often under tightening budgets. That is, to do more with less. One perceived avenue for achieving efficiencies is through innovative uses of digital technology and the leveraging of big data. However, it is a stark reality that most humanitarian organizations lack the necessary resources and expertise to be able to make effective use of the large amounts of data they collect in the pursuit of their mandate. They thus increasingly depend on, and share data with, external actors — usually private sector actors — under the banner of ‘partnership’. While these commercial partners offer the expertise and technological tools and infrastructure needed to help aid agencies mine and analyze mass datasets at scale, their ethos is often at odds with the principles of humanitarianism.

This project, sponsored by the Tilburg Law School, is thus exploring the phenomenon of ‘data partnership’ within the humanitarian sector in order to identify and address the regulatory, ethical and accountability concerns associated with this model of humanitarian aid. To do so, with the International Committee of the Red Cross as our co-convener, we are organizing three expert meetings in different locations globally (Netherlands, Geneva, Nairobi) to bring together key stakeholders to openly reflect on these issues under Chatham House Rule. These frank discussions will help us to better understand actors’ motivations and objectives in undertaking data partnerships, while also providing an opportunity for normative reflection.

Contact person: Aaron Martin

The project started in January 2020. The aim of the Cybersecurity Certification Insights project is to sketch the cybersecurity certification landscape in the Netherlands, following the EU Cybersecurity Act, identify needs and drivers for stakeholders in the Netherlands and provide an outlook for potential roles for the National Cybersecurity Agency in the Netherlands (NCSC).

The research is funded by the National Cybersecurity Centre of the Netherlands, which is part of the Ministry of Justice and Security. Ronald Leenes, Irene Kamara, Kees Stuurman and Jasper van den Boom are working on the project. The outcome will be a Report providing the key findings of the research.

Contact person: Irene Kamara