Research cluster "Certificates and codes of conduct (trust and product-enablement)"

In the research cluster “Certificates and codes of conduct”, our research group explores under which conditions certification methods and other co-regulation mechanisms, as provided for in the GDPR, can help companies to build consumer and business trust in their data-driven products and services.

The “FreeMove” project takes place within this approach and carries out transdisciplinary research into the data protection friendly availability of movement data for sustainable urban mobility. This includes in particular the implementation of “data protection by design” through data minimisation or functional anonymization as well as the possibility to certify anonymization methods. This project aims to provide recommendations on how to create data protection friendly mobility applications taking into account technological, legal and value-oriented aspects. It has been jointly submitted by ECDF researchers from different disciplines and research institutes, Statice (data-driven solutions provider) and the Berlin Transport Services (Berliner Verkehrsbetriebe, BVG) to the Federal Ministry of Education and Research (Bundesministerium für Bildung und Forschung, BMBF) in the context of its Mobility Future Lab 2050 (MobilitätsZukunftsLabor 2050).



Selected publications:

  • Grafenstein, M. v. (upcoming). Co-Regulation and the Competitive Advantage in the GDPR: Data protection certification mechanisms, codes of conduct and the “state of the art” of data protection-by-design. In González-Fuster, G., van Brakel, R. and P. De Hert, Research Handbook on Privacy and Data Protection Law. Values, Norms and Global Politics, Edward Elgar Publishing, 1st Ed.. Cheltenham: Edward Elgar Publishing.
  • Grafenstein, M.v (2018). Transfers of Personal Data to Third Countries: Certification Mechanisms, Binding Corporate Rules, and Codes of Conduct as Suitable Alternatives to the ‘Adequacy Decision’? Privacy and Cyber Security on the Books and on the Ground, 1 (1).


Selected events:

  • Certification for GDPR-compliant Anonymity: Real Anonymisation or just another Risk Assessment? CPDP2018 Computer, Privacy and Data Protection Conference. AirCloak. La Cave, Brussels, Belgium: 30.01.2019
  • Challenges and Strategies for Certifying Data Anonymisation for Data Sharing. IAPP Europe Data Protection Congress 2017. IAPP. Conference Center, Brussels, Belgium: 08.11.2017