Research cluster "Certificates and codes of conduct (trust and product-enablement)"

In the research cluster “Certificates and codes of conduct”, our research group explores under which conditions certification programmes and other co-regulation mechanisms, as provided for in the GDPR, can help companies to build consumer and business trust in their data-driven products and services. An example for this approach is the “F​reeFlow​” project submitted together with ECDF colleagues at the BMWi. In this project proposal, we analyse, among other things, how anonymization of movement data could be certified.


Selected publications:

  • Grafenstein, M. v. (upcoming). Co-Regulation and the Competitive Advantage in the GDPR: Data protection certification mechanisms, codes of conduct and the “state of the art” of data protection-by-design. In González-Fuster, G., van Brakel, R. and P. De Hert, Research Handbook on Privacy and Data Protection Law. Values, Norms and Global Politics, Edward Elgar Publishing, 1st Ed.. Cheltenham: Edward Elgar Publishing.
  • Grafenstein, M.v (2018). Transfers of Personal Data to Third Countries: Certification Mechanisms, Binding Corporate Rules, and Codes of Conduct as Suitable Alternatives to the ‘Adequacy Decision’? Privacy and Cyber Security on the Books and on the Ground, 1 (1).


Selected events:

  • Certification for GDPR-compliant Anonymity: Real Anonymisation or just another Risk Assessment? CPDP2018 Computer, Privacy and Data Protection Conference. AirCloak. La Cave, Brussels, Belgium: 30.01.2019
  • Challenges and Strategies for Certifying Data Anonymisation for Data Sharing. IAPP Europe Data Protection Congress 2017. IAPP. Conference Center, Brussels, Belgium: 08.11.2017