PhD research Tilburg Institute for Law, Technology, and Society (TILT)

processing under the relevant legal frameworks

Emre Bayamlioglu

Major research question and the research framework

What are the transparency needs engendered by data-driven decision-making practices, whether this ‘transparency desiderata’ is properly addressed in the current EU data protection regime, and to what extent IP rights stand as an impediment?

The study proceeds with the unfolding and elaborating of the major research question through sub-questions under the below framework.

• A legal framework of transparency which goes beyond the conventional understanding –of certain access rights and disclosure requirements- to ensure the intelligibility of algorithmic processes and their possible discriminatory and privacy invasive outcome.
• Whether the EU data protection regime is compatible with the extent, forms and mechanisms of the transparency desiderata prescribed within the study.
• Taking into account Recital 51 of the GDPR -which provides that transparency allowances of the data protection regime should not adversely affect the rights and freedoms of others- to what extent IP rights stand as an impediment for the transparency framework.

Supervisor: Prof. dr. Ronald Leenes

How citizen sensing may transform the governance of environmental risk to public health

Anna Berti Suman

‘Citizen Sensing’, framed as grassroots-driven monitoring initiatives based on sensor technology, is increasingly influencing the governance of environmental risk to public health. When lay people distrust official information or just want to fill data gaps, they may resort to sensors and data infrastructures to visualize, monitor, and report risks caused by environmental factors to public health. Although through an initial conflict, Citizen Sensing may ultimately converge with and actually strengthen institutional risk governance. This PhD project aims at investigating under which conditions community-led Citizen Sensing, responding to a risk and eventually generated from distrust, can complement institutional risk governance and which interventions are needed for the practice to result in this contributory outcome. The practice of Citizen Sensing is legitimized on the basis of individual rights: the right to live in a healthy environment and the right to access environmental information, and brings the promise to contribute to a more accountable governance of the risk. This complementary potential is assessed by empirically researching the policy uptake of Citizen Sensing and its ability to produce the mitigation or even removal of the risk at issue. A number of case studies, e.g. the Safecast Radiations Monitoring case and the AiREAS Air Monitoring case, are inspected, through a mix of qualitative and quantitative methods. The case studies are analysed through a theoretical framework built on theories derived from legal, socio-political and STS scholarship on Risk Governance, on the Risk Society, and on Boundary Work, combined with theories on Co-production, Communicative Action and on the role of Non-Expert Knowledge and of Scientific Knowledge in society.

Supervisors: Prof. dr. Ronald Leenes and Prof. dr. Jonathan Verschuuren

Lorenzo Dalla Corte

We are on the wake of a revolution in urbanism – a shift from data-informed urbanism to data-driven, networked urbanism. An ever-increasing deluge of data is being collected, analyzed, and used to fuel what has been defined with the umbrella term “smart city”: an environment in which an extended network of sensors, coupled with big data analytics techniques, produce an extremely large amount of data, allowing to manage and control diverse facets of the urban ecosystem.

The unprecedented amount of information that smart cities are bound to bring forth, however, warrants a cautious approach, and calls for clear-cut values in order to orient the design of the data gathering and processing infrastructures on which smart cities will be based. On one hand, the data gathered by and through the smart city environment can revolutionize urbanism, and enable a plethora of positive effects and constructive consequences. On the other, the array of networked sensors and the extensive data processing capabilities that define the smart city’s technological stack raise a number of legal and policy issues, which need to be tackled from the very outset of the smart city’s development – from the design phase on.

Privacy and data protection, in primis, are naturally threatened by the deluge of data gathered by the multiplicity of sensors on which the smart city is based. The future evolution of large-scale smart environments has the potential to shift the normality of urban dwelling from a paradigm in which anonymity is the norm and identification the exception to one in which inhabitants are identified by default, and anonymous by exception. The SPOW project, carried on together with TU Delft’s Open Data Knowledge Centre (KcOD), aims at investigating the idea of balancing open data – both a by-product of and a precondition for the smart city’s development – and the right to personal data protection.

Supervisors: Prof. dr. Eleni Kosta (TiU) and Dr. ir. Bastiaan van Loenen (TU Delft)

Irene Kamara

Irene’s PhD dissertation explores the role of standardisation in the field of human rights, through examining the case of technical standards in support of the right to protection of personal data in the EU.

The aim of the research is mainly to contribute to the data protection body of literature by introducing a framework of principles and safeguards under which technical standards may support the protection of the right of Art. 8 Charter Fundamental Rights EU, taking into account the legitimacy and governance issues of the standards-development processes, the human rights nature of the right to protection of personal data, but also the policy and regulatory appraisal of technical standards as an instrument which may support the aims of EU secondary legislation.

Supervisors: Prof. dr. Paul de Hert , Prof. dr. Kees Stuurman and Prof. dr. Eleni Kosta

Paulan Korenhof

The inducement of Paulan Korenhof her research is the development of the so-called "Right to be Forgotten and Erasure" as part of the General Data Protection Regulation. The right to be forgotten should be(come) a means to battle problems that are caused by the presumably "everlasting" memory of the internet. In current literature there is no consensus on the exact content or meaning of "the right to be forgotten" and it remains unclear how such a right should be put into practice. One of the underlying major issues is that it is not sufficiently clear what the exact outline of the problems is that are the result of the presumably "everlasting digital memory". By taking on a meta-perspective and consulting different disciplinary sources like philosophies of technology, sociology and law, Paulan aims to identify the different types of problems and to construct a problem taxonomy that can form a base on which effective solutions can be build.

Supervisors: Prof. dr. Bert Jaap Koops and Prof. dr. Ronald Leenes.

in the standard context

Jingze Li

The research explores the existing and potential conflicts between open source software and software patent in the standard field. Recognizing that the information technology standards represent a new and unique challenge with respect to both time and the need for interoperability, it has become a common view that network and network components in the ICT sector must be interoperable and open for connection. However, including software in software related standards may hinder interoperability that excludes the open source software from the market, due to fundamentally different license policy of the two paradigms. By analyzing the difference of the license agreements of both sides, this research aims at finding solutions to overcome the conflicts and ways for potential cooperation between open source software and proprietary software with patents embedded.

Supervisor: Prof. dr. C. Stuurman
Co-supervisors: Dr. M. Schellekens and Dr. M. Husovec

Hellen Mukiri-Smith

Hellen Mukiri-Smith is undertaking her PhD research within Dr. Linnet Taylor’s Global Data Justice Project.  She is conducting research on, the impact the use of financial services technologies (fintech) and biometric technologies in Kenya has on issues of data justice.  The research explores:

1.     the extent to which biometric and fintech data ecosystems or data value chains create power asymmetries, and how power is distributed within these ecosystems or value chains among different actors;

2.     the regulatory environment that governs fintech and biometric technologies including, data protection and competition regulations and other upcoming regulations meant to govern biometrics use; 

3.     how users of fintech and biometric technologies experience using these platforms and sharing their data through these platforms. What freedoms or unfreedoms do they experience? What are platform users’ valued functionings?

Supervisors: Dr. Linnet Taylor and Prof. Morag Goodwin

personal data processing. Is the risk-based approach of the General Data Protection Regulation compatible with the aim to achieve fundamental rights protection?

Claudia Quelle

This research project concerns the risk-based approach of the General Data Protection Regulation, and in particular its relation to the objective to protect fundamental rights. The risk-based approach is understood as a starting point in compliance and enforcement practices which entails that the applicable legal obligations are or should be regarded as more or less stringent, in accordance with the level of risk posed by the processing operation to the rights and freedoms at stake. The focus is not only on the letter of the law, but also on the underlying duty to prevent adverse effects on the individuals concerned. The DPIA and the prior consultation together play a pivotal role in the articulation, assessment and subsequent mitigation of risk.

 The risk-based approach can be seen as a meaningful supplement or alternative to user empowerment, embodied in data protection law through consent and data subject rights. This is because the onus of bringing about proper rights protection is placed first and foremost on controllers and the supervisory authorities which are to hold them to account. It is also a flexible instrument, able to cope with societal and technological change.

 However, its suitability as a regulatory instrument to bring about the protection of fundamental rights can be questioned. I am researching a number of facets to this main concern. Will the data protection impact assessment be taken seriously by controllers – and what would that require? If low risk situations are neglected, can we still speak of full-fledged fundamental rights protection? Lastly, can we speak of such protection if its content and scope is determined, first and foremost, by the controller and its supervisory authority, rather than by the (ideally: empowered) data subjects concerned?

Supervisors: Prof. dr. Ronald Leenes and Prof. dr. Bert van Roermund

Maša Savič

This research is about privacy and big data-based security in public spaces. It is connected to the ongoing Living Lab "Stratumseind 2.0" project on the prominent Stratumseind nightlife street in Eindhoven. The Stratumseind project is a public-private partnership in principle established to increase security so as to renovate the public area, bars and restaurants. Innovative solutions such as lighting, social media and gaming technologies are being deployed and tested in order to meet the goals. Through these solutions a great amount of data will become available for mining, leading to serious privacy concerns beyond data protection (eg. discrimination when used for decision making, unfair treatment, exclusion, stigmatization, de-individualization, loss of autonomy and confrontation with unwanted information). These issues are further complicated by the fact that this is happening in public space, since the need for privacy protection in public spaces is likely not adequately covered by existing legal frameworks. Masha’s research will delve into such and similar issues, emphasizing which actions and acts pose an actual threat to and harm human rights and freedoms (and people's lives in general) and consequently develop a more adequate normative framework in this context.

Main supervisor: Prof. dr. R. Leenes

Daily supervisors: Prof. dr. E. Kosta and Dr. T. Timan

Second supervisor: Prof. dr. B.J. Koops

Sascha van Schendel 

The increased use of Big Data analytics to extract information and patterns from large datasets, and construct predictions, contributes to the importance of data and the authoritative role of data in decision making. Especially in sectors such as that of law enforcement, Big Data analytics can impact the way processes work and decisions are made. In the law enforcement sector, decisions have a very serious impact on the human rights of suspects or other citizens in the case at hand. In the course of the general policing task, fundamental rights of individuals or groups can be impacted as well by the use of Big Data analytics. A specific issue is the opacity of these processes towards impacted individuals and the general audience, creating a lack of awareness as well as issues with regard to the execution of human rights, such as the right to an effective remedy.

The research targets specific practices of Big Data analytics and analyzes the relevant safeguards and requirements under the frameworks of criminal law and data protection legislation, both on the EU level and Dutch level, with specific attention to transparency requirements.

Supervisor: Prof. dr. Eleni Kosta

Karine e Silva

PhD research investigating the legal grounds and constraints of anti-botnet operations and information sharing in public and private sector. It aims to define the lawful limits and opportunities for botnet mitigation in the Netherlands and at EU level, drawing an international comparative analysis of selected countries.

Supervisor: Prof. dr. B.J. Koops

Finding a new paradigm to protect citizens in the age of ubiquitous data

Ivan Skorvanek

The research takes place within the VICI project of Bert-Jaap Koops. The VICI project is aimed at reinventing physical-space privacy in light of developments in mobile devices, cloud computing, and surveillance, which will be done in a large part by comparative legal analyses of eight legal systems. Within the comparative legal analyses, Ivan will study the legal systems of Germany, Poland and Czech Republic.

Supervisor: Prof. dr. B.J. Koops