Ph.D. research Tilburg Institute for Law, Technology, and Society (TILT)

Paulan Korenhof

The inducement of Paulan Korenhof her research is the development of the so-called "Right to be Forgotten and Erasure" as part of the General Data Protection Regulation. The right to be forgotten should be(come) a means to battle problems that are caused by the presumably "everlasting" memory of the internet. In current literature there is no consensus on the exact content or meaning of "the right to be forgotten" and it remains unclear how such a right should be put into practice. One of the underlying major issues is that it is not sufficiently clear what the exact outline of the problems is that are the result of the presumably "everlasting digital memory". By taking on a meta-perspective and consulting different disciplinary sources like philosophies of technology, sociology and law, Paulan aims to identify the different types of problems and to construct a problem taxonomy that can form a base on which effective solutions can be build.

Supervisors: Prof. Bert Jaap Koops and Prof. Ronald Leenes.

* exploring the adequacy of the accountability framework for cloud computing and other future internet services

Dimitra Stefanatou

Building on the case of cloud computing technology, the research explores if -and to what extent- the principle of accountability, as provided in the field of the European data protection law, manages to address successfully the emerging data protection challenges. Following a discussion on the gradual development of the accountability principle in Europe, the research approaches accountability based on the main components identified with respect to data protection. The project will address accountability under the Data Protection Directive, while taking into account the proposed amendments in the context of the ongoing data protection reform. The research will provide a timely analysis at a turning point for the European legislation by capturing the transition from the current to the revised data protection framework relating to the framing of the accountability principle. The PhD research aims at examining whether the accountability under the European data protection framework is adequate for promoting legal certainty and trust for online services.

Supervisor: Prof. R.E. Leenes

Daily mentor: Dr. Eleni Kosta

Maša Savič

This research is about privacy and big data-based security in public spaces. It is connected to the ongoing Living Lab "Stratumseind 2.0" project on the prominent Stratumseind nightlife street in Eindhoven. The Stratumseind project is a public-private partnership in principle established to increase security so as to renovate the public area, bars and restaurants. Innovative solutions such as lighting, social media and gaming technologies are being deployed and tested in order to meet the goals. Through these solutions a great amount of data will become available for mining, leading to serious privacy concerns beyond data protection (eg. discrimination when used for decision making, unfair treatment, exclusion, stigmatization, de-individualization, loss of autonomy and confrontation with unwanted information). These issues are further complicated by the fact that this is happening in public space, since the need for privacy protection in public spaces is likely not adequately covered by existing legal frameworks. Masha’s research will delve into such and similar issues, emphasizing which actions and acts pose an actual threat to and harm human rights and freedoms (and people's lives in general) and consequently develop a more adequate normative framework in this context.

Main supervisor: Prof. R. Leenes

Daily supervisors: Dr. E. Kosta and Dr. T. Timan

Second supervisor: Prof. B.J. Koops

Karine e Silva

PhD research investigating the legal grounds and constraints of anti-botnet operations and information sharing in public and private sector. It aims to define the lawful limits and opportunities for botnet mitigation in the Netherlands and at EU level, drawing an international comparative analysis of selected countries.

Supervisor: Prof. B.J. Koops

Finding a new paradigm to protect citizens in the age of ubiquitous data

Ivan Skorvanek

The research takes place within the VICI project of Bert-Jaap Koops. The VICI project is aimed at reinventing physical-space privacy in light of developments in mobile devices, cloud computing, and surveillance, which will be done in a large part by comparative legal analyses of eight legal systems. Within the comparative legal analyses, Ivan will study the legal systems of Germany, Poland and Czech Republic.

Supervisor: Prof. B-J. Koops

in the standard context

Jingze Li

The research explores the existing and potential conflicts between open source software and software patent in the standard field. Recognizing that the information technology standards represent a new and unique challenge with respect to both time and the need for interoperability, it has become a common view that network and network components in the ICT sector must be interoperable and open for connection. However, including software in software related standards may hinder interoperability that excludes the open source software from the market, due to fundamentally different license policy of the two paradigms. By analyzing the difference of the license agreements of both sides, this research aims at finding solutions to overcome the conflicts and ways for potential cooperation between open source software and proprietary software with patents embedded.

Supervisor: Prof. C. Stuurman; co-supervisors: Dr. M. Schellekens; Dr. M. Husovec

processing under the relevant legal frameworks

Emre Bayamlioglu

Major research question and the research framework

What are the transparency needs engendered by data-driven decision-making practices, whether this ‘transparency desiderata’ is properly addressed in the current EU data protection regime, and to what extent IP rights stand as an impediment?

The study proceeds with the unfolding and elaborating of the major research question through sub-questions under the below framework.

• A legal framework of transparency which goes beyond the conventional understanding –of certain access rights and disclosure requirements- to ensure the intelligibility of algorithmic processes and their possible discriminatory and privacy invasive outcome.
• Whether the EU data protection regime is compatible with the extent, forms and mechanisms of the transparency desiderata prescribed within the study.
• Taking into account Recital 51 of the GDPR -which provides that transparency allowances of the data protection regime should not adversely affect the rights and freedoms of others- to what extent IP rights stand as an impediment for the transparency framework.

Supervisor: Prof. Ronald Leenes

personal data processing. Is the risk-based approach of the General Data Protection Regulation compatible with the aim to achieve fundamental rights protection?

Claudia Quelle

This research project concerns the risk-based approach of the General Data Protection Regulation, and in particular its relation to the objective to protect fundamental rights. The risk-based approach is understood as a starting point in compliance and enforcement practices which entails that the applicable legal obligations are or should be regarded as more or less stringent, in accordance with the level of risk posed by the processing operation to the rights and freedoms at stake. The focus is not only on the letter of the law, but also on the underlying duty to prevent adverse effects on the individuals concerned. The DPIA and the prior consultation together play a pivotal role in the articulation, assessment and subsequent mitigation of risk.

 The risk-based approach can be seen as a meaningful supplement or alternative to user empowerment, embodied in data protection law through consent and data subject rights. This is because the onus of bringing about proper rights protection is placed first and foremost on controllers and the supervisory authorities which are to hold them to account. It is also a flexible instrument, able to cope with societal and technological change.

 However, its suitability as a regulatory instrument to bring about the protection of fundamental rights can be questioned. I am researching a number of facets to this main concern. Will the data protection impact assessment be taken seriously by controllers – and what would that require? If low risk situations are neglected, can we still speak of full-fledged fundamental rights protection? Lastly, can we speak of such protection if its content and scope is determined, first and foremost, by the controller and its supervisory authority, rather than by the (ideally: empowered) data subjects concerned?

Supervisors:

How citizen sensing may transform the governance of environmental risk to public health

Anna Berti Suman

‘Citizen Sensing’, framed as grassroots-driven monitoring initiatives based on sensor technology, is increasingly influencing the governance of environmental risk to public health. When lay people distrust official information or just want to fill data gaps, they may resort to sensors and data infrastructures to visualize, monitor, and report risks caused by environmental factors to public health. Although through an initial conflict, Citizen Sensing may ultimately converge with and actually strengthen institutional risk governance. This PhD project aims at investigating under which conditions community-led Citizen Sensing, responding to a risk and eventually generated from distrust, can complement institutional risk governance and which interventions are needed for the practice to result in this contributory outcome. The practice of Citizen Sensing is legitimized on the basis of individual rights: the right to live in a healthy environment and the right to access environmental information, and brings the promise to contribute to a more accountable governance of the risk. This complementary potential is assessed by empirically researching the policy uptake of Citizen Sensing and its ability to produce the mitigation or even removal of the risk at issue. A number of case studies, e.g. the Safecast Radiations Monitoring case and the AiREAS Air Monitoring case, are inspected, through a mix of qualitative and quantitative methods. The case studies are analysed through a theoretical framework built on theories derived from legal, socio-political and STS scholarship on Risk Governance, on the Risk Society, and on Boundary Work, combined with theories on Co-production, Communicative Action and on the role of Non-Expert Knowledge and of Scientific Knowledge in society.

Supervisors: Prof. dr. Ronald Leenes; Prof. dr. Jonathan Verschuuren

Irene Kamara

Irene’s PhD dissertation explores the role of standardisation in the field of human rights, through examining the case of technical standards in support of the right to protection of personal data in the EU.

The aim of the research is mainly to contribute to the data protection body of literature by introducing a framework of principles and safeguards under which technical standards may support the protection of the right of Art. 8 Charter Fundamental Rights EU, taking into account the legitimacy and governance issues of the standards-development processes, the human rights nature of the right to protection of personal data, but also the policy and regulatory appraisal of technical standards as an instrument which may support the aims of EU secondary legislation.

Supervisors: Prof. Paul de Hert, Prof. Kees Stuurman, Prof. Eleni Kosta

Sascha van Schendel 

The increased use of Big Data analytics to extract information and patterns from large datasets, and construct predictions, contributes to the importance of data and the authoritative role of data in decision making. Especially in sectors such as that of law enforcement, Big Data analytics can impact the way processes work and decisions are made. In the law enforcement sector, decisions have a very serious impact on the human rights of suspects or other citizens in the case at hand. In the course of the general policing task, fundamental rights of individuals or groups can be impacted as well by the use of Big Data analytics. A specific issue is the opacity of these processes towards impacted individuals and the general audience, creating a lack of awareness as well as issues with regard to the execution of human rights, such as the right to an effective remedy.

The research targets specific practices of Big Data analytics and analyzes the relevant safeguards and requirements under the frameworks of criminal law and data protection legislation, both on the EU level and Dutch level, with specific attention to transparency requirements.

Supervisor: Prof. Eleni Kosta