Data Protection by Design

Efstratios Koulierakis’ doctoral dissertation focuses on data protection law. More precisely, the work elaborates on the obligation of data protection by design, which is introduced in article 25 of the General Data Protection Regulation (GDPR). The provision requires that data controllers implement technical and organisational measures in order to inscribe the data protection principles into the design of digital applications. The monograph starts by exploring how the abstract principles of data protection law can be part of digital architecture. Subsequently, the monograph analyses the requirements of article 25 GDPR in order to answer the question how data controllers can implement this abstract obligation. It is found that the law uses very open-ended formulations, which create uncertainty.

This uncertainty is also present with respect to the use of anonymisation techniques as means of compliance by design. The author examines those digital tools and argues that anonymisation techniques are safeguards for the protection of data subjects, not tools for circumventing the application of EU data protection law. Despite this assertion, the use of anonymisation techniques brings about many questions, due to an ongoing legal debate regarding their status in data protection law.

To address the legal uncertainty, the monograph delves into officially approved Codes of Conduct and certification requirements in the field of data protection law. The author concludes that these soft law texts offer very detailed guidance about compliance with the obligation of data protection by design. Furthermore, the author claims that, under certain conditions, the data controllers who used the officially approved Codes of Conduct and certification criteria as guidance for compliance by design are protected according to the EU law principle of legitimate expectations.

Lastly, the work examines the obligation of data protection by design from a multidisciplinary perspective. Specifically, the monograph explores Knowledge Graphs as technical tools that contribute towards the embedding of data protection rules into the design of technology. That is because Knowledge Graphs constructed with the use of Semantic Web technologies can be tools for expressing data protection rules into machine readable format. Thus, Knowledge Graphs can facilitate compliance with the obligation of data protection by design. The illustrative example of Knowledge Graphs shows that the same technical standards could themselves be sources of risks as well as solutions for the protection of the data subjects’ rights.

Koulierakis defended his dissertation PhD on 12 December 2024, research took place at the Law School of the University of Groningen. The work was supervised by prof. Mifsud Bonnici and dr. Milaj-Weishaar and it was supported by the H2020 Marie Skłodowska-Curie Actions as part of the interdisciplinary project KnowGraphs.

Efstratios Koulierakis
Data Protection by Design: From Abstract Principles to Implementation


The monograph has been submitted to the Library of the University of Groningen. It may be downloaded upon request.

Databankenrecht Privacy
Over de auteur(s)
Redactie
GERELATEERDE ITEMS
Nieuws
CNV: Digitale monitoring op werkvloer neemt toe
14 januari 2025
Blog
Anna Berlee: ‘Mijn vakgebied is inspirerend omdat recht en technologie er samenkomen’
7 januari 2025
Nieuws
Mogelijke privacy risico’s Centraal Archief Bijzondere Rechtspleging
28 november 2024
Nieuws
Privacyorganisaties: nieuw patiëntenportaal Mitz betekent einde beroepsgeheim
19 november 2024
Blog
Privacy in het datatijdperk
11 november 2024