Research cluster "Data protection by design (method innovation transfer)"

In the research cluster “data protection by design”, we combine concepts and methods from different research disciplines, such as from law and Human Computer Interaction (HCI). In this cluster, our core research project is the project “​Designing and Testing Privacy Icons for their Effectiveness​”​. According to the GDPR-legislator, privacy icons should enable individuals to better understand the complexity of privacy, for example, with respect to data protection policies and informed consent. In numerous exploratory workshops with laypeople, we have explored how these laypersons perceive privacy risks when using specific technologies, such as voice recognition (e.g. Alexa and Google Home), smart cars (e.g. “pay-as-you-drive” insurance rates) but also, more commonly, websites. Understanding how laypeople perceive privacy risks is crucial for designing privacy icons to help them understand these risks effectively. The result of these workshops is a list of user-perceived privacy risks that we subsequently categorized together with more than 10 privacy and security experts.

On this basis we are currently working as an interdisciplinary team from the fields of law, UX design and visual communication on the development of privacy icons. With our research focus on data protection transparency regulations and consent, we are investigating the question of how and in what form users should be confronted with data protection guidelines in the future in order to achieve informed consent. Therefore, our current work focuses on developing privacy icons and user-oriented information architecture.


Selected publications:

  • Grafenstein, M. v. & Wunderlich, L. (2020). The concept of data protection law. In: Privacy Visuals. PinG (Privacy in Germany), 8(1), 2-3.
  • Jakobi, Timo, et al. "Web Tracking Under the New Data Protection Law: Design Potentials at the Intersection of Jurisprudence and HCI." i-com 19.1 (2020): 31-45.
  • Alizadeh, Fatemeh, et al. "GDPR-Reality check on the right to access data: claiming and investigating personally identifiable data from companies." Proceedings of Mensch und Computer 2019. 2019. 811-814.
  • Timo Jakobi, Max von Grafenstein, Dominik Pins, Alexander Boden and Gunnar Stevens. 2020. Über die nutzerInnenfreundliche Formulierung von Zwecken der Datenverarbeitung von Sprachassistenten: Eine Interpretation des Zweckbindungsprinzips aus NutzerInnensicht. In Proceedings of Mensch und Computer 2020 (MUC20). ACM, Magdeburg, Germany, 12 pages.


Selected workshops, conferences and events:

  • GDPR Data Protection Icons and Transparency: Where do we stand? CPDP 2020 Computer, Privacy and Data Protection Conference. Einstein Centre Digital Future. Petite Halle, Brussels, Belgium: 22.01.2020