Research cluster "Data protection by design (method innovation transfer)"

In the research cluster “data protection by design”, we combine concepts and methods from different research disciplines, such as from law and Human Computer Interaction (HCI). In this cluster, our core research project is the project “​Designing and Testing Privacy Icons for their Effectiveness​”​. According to the GDPR-legislator, privacy icons should enable individuals to better understand the complexity of privacy, for example, with respect to data protection policies and informed consent. In numerous exploratory workshops with laypeople, we have explored how these laypersons perceive privacy risks when using specific technologies, such as voice recognition (e.g. Alexa and Google Home), smart cars (e.g. “pay-as-you-drive” insurance rates) but also, more commonly, websites. Understanding how laypeople perceive privacy risks is crucial for designing privacy icons to help them understand these risks effectively. The result of these workshops is a list of user-perceived privacy risks that we subsequently categorized together with more than 10 privacy and security experts. On this basis, we will start designing privacy icons later this year (hopefully despite the coronavirus) together with design students from the UdK. Together with other research institutions, we have also set up our Privacy Icons Forum to facilitate the exchange about privacy icons on an international level.

Besides this project, our research group aims to explore new forms and methods to better understand and explain the complexity of data protection. One example for this is our modularizable privacy policy for websites, which we have drafted and are constantly improving by applying the approach of “legal design”. Another example is our chart explaining “The concept of data protection law”.


Selected publications:

  • Grafenstein, M. v. & Wunderlich, L. (2020). The concept of data protection law. In: Privacy Visuals. PinG (Privacy in Germany), 8(1), 2-3.
  • Jakobi, Timo, et al. "Web Tracking Under the New Data Protection Law: Design Potentials at the Intersection of Jurisprudence and HCI." i-com 19.1 (2020): 31-45.
  • Alizadeh, Fatemeh, et al. "GDPR-Reality check on the right to access data: claiming and investigating personally identifiable data from companies." Proceedings of Mensch und Computer 2019. 2019. 811-814.
  • Timo Jakobi, Max von Grafenstein, Dominik Pins, Alexander Boden and Gunnar Stevens. 2020. Über die nutzerInnenfreundliche Formulierung von Zwecken der Datenverarbeitung von Sprachassistenten: Eine Interpretation des Zweckbindungsprinzips aus NutzerInnensicht. In Proceedings of Mensch und Computer 2020 (MUC20). ACM, Magdeburg, Germany, 12 pages.


Selected workshops, conferences and events:

  • GDPR Data Protection Icons and Transparency: Where do we stand? CPDP 2020 Computer, Privacy and Data Protection Conference. Einstein Centre Digital Future. Petite Halle, Brussels, Belgium: 22.01.2020