Zum Inhalt springen

Effective data protection by design through interdisciplinary research methods: The example of effective purpose specification by applying user-Centred UX-design methods

Author: Grafenstein, M. v., Jakobi, T., & Stevens, G.
Published in: Computer Law & Security Review, 46
Year: 2021
Type: Academic articles
DOI: 10.1016/j.clsr.2022.105722

While the recent discussion on Art. 25 GDPR often considers the approach of data protection by design as an innovative idea, the notion of making data protection law more effective through requiring the data controller to implement the legal norms into the processing design is almost as old as the data protection debate. However, there is another, more recent shift in establishing the data protection by design approach through law, which is not yet understood to its fullest extent in the debate. Art. 25 GDPR requires the controller to not only implement the legal norms into the processing design but to do so in an effective manner. By explicitly declaring the effectiveness of the protection measures to be the legally required result, the legislator inevitably raises the question of which methods can be used to test and assure such efficacy. In our opinion, extending the legal compatibility assessment to the real effects of the required measures opens this approach to interdisciplinary methodologies. In this paper, we first summarise the current state of research on the methodology established in Art. 25 sect. 1 GDPR, and pinpoint some of the challenges of incorporating interdisciplinary research methodologies. On this premise, we present an empirical research methodology and first findings which offer one approach to answering the question on how to specify processing purposes effectively. Lastly, we discuss the implications of these findings for the legal interpretation of Art. 25 GDPR and related provisions, especially with respect to a more effective implementation of transparency and consent, and provide an outlook on possible next research steps.Data protection by design Effective purpose specification GDPR UXD HCI

Visit publication

Publication

Connected HIIG researchers

Timo Jakobi, Dr.

Projektleiter: Daten, Akteure, Infrastrukturen

Maximilian von Grafenstein, Prof. Dr.

Assoziierter Forscher, Co-Forschungsprogrammleiter


  • Open Access
  • Transdisciplinary