Tilburg Institute for Law, Technology, and Society (TILT)

TILT studies emerging technologies and their impact on the individual and society, recognizing the interplay between technology, regulation and fundamental values & human rights.

Ph.D. research Tilburg Institute for Law, Technology, and Society (TILT)

At present the following research is carried out by our internal PhD candidates:

The memory of the Web: a taxonomy of the social problems

Paulan Korenhof

The inducement of Paulan Korenhof her research is the development of the so-called "Right to be Forgotten and Erasure" as part of the General Data Protection Regulation. The right to be forgotten should be(come) a means to battle problems that are caused by the presumably "everlasting" memory of the internet. In current literature there is no consensus on the exact content or meaning of "the right to be forgotten" and it remains unclear how such a right should be put into practice. One of the underlying major issues is that it is not sufficiently clear what the exact outline of the problems is that are the result of the presumably "everlasting digital memory". By taking on a meta-perspective and consulting different disciplinary sources like philosophies of technology, sociology and law, Paulan aims to identify the different types of problems and to construct a problem taxonomy that can form a base on which effective solutions can be build.

Supervisors: Prof. Bert Jaap Koops and Prof. Ronald Leenes.

Accountability under EU data protection law:*

* exploring the adequacy of the accountability framework for cloud computing and other future internet services

Dimitra Stefanatou

Building on the case of cloud computing technology, the research explores if -and to what extent- the principle of accountability, as provided in the field of the European data protection law, manages to address successfully the emerging data protection challenges. Following a discussion on the gradual development of the accountability principle in Europe, the research approaches accountability based on the main components identified with respect to data protection. The project will address accountability under the Data Protection Directive, while taking into account the proposed amendments in the context of the ongoing data protection reform. The research will provide a timely analysis at a turning point for the European legislation by capturing the transition from the current to the revised data protection framework relating to the framing of the accountability principle. The PhD research aims at examining whether the accountability under the European data protection framework is adequate for promoting legal certainty and trust for online services.

Supervisor: Prof. R.E. Leenes

Daily mentor: Dr. Eleni Kosta

Living Lab: Stratumseind 2.0

Maša Savič

This research is about privacy and big data-based security in public spaces. It is connected to the ongoing Living Lab "Stratumseind 2.0" project on the prominent Stratumseind nightlife street in Eindhoven. The Stratumseind project is a public-private partnership in principle established to increase security so as to renovate the public area, bars and restaurants. Innovative solutions such as lighting, social media and gaming technologies are being deployed and tested in order to meet the goals. Through these solutions a great amount of data will become available for mining, leading to serious privacy concerns beyond data protection (eg. discrimination when used for decision making, unfair treatment, exclusion, stigmatization, de-individualization, loss of autonomy and confrontation with unwanted information). These issues are further complicated by the fact that this is happening in public space, since the need for privacy protection in public spaces is likely not adequately covered by existing legal frameworks. Masha’s research will delve into such and similar issues, emphasizing which actions and acts pose an actual threat to and harm human rights and freedoms (and people's lives in general) and consequently develop a more adequate normative framework in this context.

Main supervisor: Prof. R. Leenes

Daily supervisors: Dr. E. Kosta and Dr. T. Timan

Second supervisor: Prof. B.J. Koops

Fighting Botnets

Karine e Silva

PhD research investigating the legal grounds and constraints of anti-botnet operations and information sharing in public and private sector. It aims to define the lawful limits and opportunities for botnet mitigation in the Netherlands and at EU level, drawing an international comparative analysis of selected countries.

Supervisor: Prof. B.J. Koops

Privacy in the 21st century:

Finding a new paradigm to protect citizens in the age of ubiquitous data

Ivan Skorvanek

The research takes place within the VICI project of Bert-Jaap Koops. The VICI project is aimed at reinventing physical-space privacy in light of developments in mobile devices, cloud computing, and surveillance, which will be done in a large part by comparative legal analyses of eight legal systems. Within the comparative legal analyses, Ivan will study the legal systems of Germany, Poland and Czech Republic.

Supervisor: Prof. B-J. Koops

IPR conflicts between open source and software patents ...

in the standard context

Jingze Li

The research explores the existing and potential conflicts between open source software and software patent in the standard field. Recognizing that the information technology standards represent a new and unique challenge with respect to both time and the need for interoperability, it has become a common view that network and network components in the ICT sector must be interoperable and open for connection. However, including software in software related standards may hinder interoperability that excludes the open source software from the market, due to fundamentally different license policy of the two paradigms. By analyzing the difference of the license agreements of both sides, this research aims at finding solutions to overcome the conflicts and ways for potential cooperation between open source software and proprietary software with patents embedded.

Supervisor: Prof. C. Stuurman; co-supervisors: Dr. M. Schellekens; Dr. M. Husovec

Algorithmic Transparency as protection against automated data ...

processing under the relevant legal frameworks

Emre Bayamlioglu

Major research question and the research framework

What are the transparency needs engendered by data-driven decision-making practices, whether this ‘transparency desiderata’ is properly addressed in the current EU data protection regime, and to what extent IP rights stand as an impediment?

The study proceeds with the unfolding and elaborating of the major research question through sub-questions under the below framework.

  • A legal framework of transparency which goes beyond the conventional understanding –of certain access rights and disclosure requirements- to ensure the intelligibility of algorithmic processes and their possible discriminatory and privacy invasive outcome.
  • Whether the EU data protection regime is compatible with the extent, forms and mechanisms of the transparency desiderata prescribed within the study.
  • Taking into account Recital 51 of the GDPR -which provides that transparency allowances of the data protection regime should not adversely affect the rights and freedoms of others- to what extent IP rights stand as an impediment for the transparency framework.

Supervisor: Prof. Ronald Leenes

A risk-based approach to fundamental rights in the context of ...

personal data processing. Is the risk-based approach of the General Data Protection Regulation compatible with the aim to achieve fundamental rights protection?

Claudia Quelle

This research project concerns the risk-based approach of the General Data Protection Regulation, and in particular its relation to the objective to protect fundamental rights. The risk-based approach is understood as a starting point in compliance and enforcement practices which entails that the applicable legal obligations are or should be regarded as more or less stringent, in accordance with the level of risk posed by the processing operation to the rights and freedoms at stake. The focus is not only on the letter of the law, but also on the underlying duty to prevent adverse effects on the individuals concerned. The DPIA and the prior consultation together play a pivotal role in the articulation, assessment and subsequent mitigation of risk.

 The risk-based approach can be seen as a meaningful supplement or alternative to user empowerment, embodied in data protection law through consent and data subject rights. This is because the onus of bringing about proper rights protection is placed first and foremost on controllers and the supervisory authorities which are to hold them to account. It is also a flexible instrument, able to cope with societal and technological change.

 However, its suitability as a regulatory instrument to bring about the protection of fundamental rights can be questioned. I am researching a number of facets to this main concern. Will the data protection impact assessment be taken seriously by controllers – and what would that require? If low risk situations are neglected, can we still speak of full-fledged fundamental rights protection? Lastly, can we speak of such protection if its content and scope is determined, first and foremost, by the controller and its supervisory authority, rather than by the (ideally: empowered) data subjects concerned?


Sensing the risk

How citizen sensing may transform the governance of public and environmental health risk

Anna Berti Suman

This doctoral research focuses on how non-expert people take advantage of technology (in particular sensors and data infrastructures) to visualize, monitor, report and combat risks caused by environmental factors to public health. The practice is labelled as ‘citizen sensing’ in the sense of bottom-up initiated monitoring initiatives based on ICT, in general, and, in particular, on sensors. This research project investigates the influence of bottom-up citizen sensing on the governance of public/environmental health risk which is predominantly top-down. The ultimate aim is to understand how citizen sensing can complement the current models of risk governance. A number of case studies are empirically researched in order to inspect how lay people make use of citizen sensing to respond to public/environmental health risk. The legal foundations of citizen sensing are investigated and identified in the right to live in a healthy environment, the right to self-determination and to participation. The legal, social and political challenges posed by complementing state intervention with citizen sensing are addressed. Conclusively, a sustainable model of public/environmental health risk governance based on or facilitated by citizen sensing is drawn. In order to develop this research project and achieve the design stage, a doctrinal analysis on legal and socio-political theories is combined with case study research performed through qualitative methods (interviews and observations) and web analysis of citizen sensing platforms.

Supervisors: Prof. R. Leenes; Dr. S. Adams

Standardising the protection of personal data in the Internet of Things era: a European perspective in an interconnected world

Irene Kamara

Irene’s PhD dissertation explores the role of standardisation in the field of human rights, through examining the case of technical standards in support of the right to protection of personal data in the EU. 

The aim of the research is mainly to contribute to the data protection body of literature by introducing a framework of principles and safeguards under which technical standards may support the protection of the right of Art. 8 Charter Fundamental Rights EU, taking into account the legitimacy and governance issues of the standards-development processes, the human rights nature of the right to protection of personal data, but also the policy and regulatory appraisal of technical standards as an instrument which may support the aims of EU secondary legislation.

Supervisors: Prof. Paul de Hert, Prof. Kees Stuurman, Prof. Eleni Kosta

Transparency requirements in Big Data practices in the law enforcement domain

Sascha van Schendel 

The increased use of Big Data analytics to extract information and patterns from large datasets, and construct predictions, contributes to the importance of data and the authoritative role of data in decision making. Especially in sectors such as that of law enforcement, Big Data analytics can impact the way processes work and decisions are made. In the law enforcement sector, decisions have a very serious impact on the human rights of suspects or other citizens in the case at hand. In the course of the general policing task, fundamental rights of individuals or groups can be impacted as well by the use of Big Data analytics. A specific issue is the opacity of these processes towards impacted individuals and the general audience, creating a lack of awareness as well as issues with regard to the execution of human rights, such as the right to an effective remedy.

The research targets specific practices of Big Data analytics and analyzes the relevant safeguards and requirements under the frameworks of criminal law and data protection legislation, both on the EU level and Dutch level, with specific attention to transparency requirements.

Supervisor: Prof. Eleni Kosta

The following PhD candidates will upload a research description later:
  • Tom Chokrevski
  • Silvia de Conca
  • Mara Paun
  • Hosna Sheikhattar