Elias Grünewald

Elias Grünewald
Technische Universität Berlin | TUB · Department of Information Systems and Knowledge-Based Methods

Master of Science

About

15
Publications
1,662
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
69
Citations

Publications

Publications (15)
Conference Paper
Full-text available
In this paper, we present TILT, a transparency information language and toolkit explicitly designed to represent and process transparency information in line with the requirements of the GDPR and allowing for a more automated and adaptive use of such information than established, legalese data protection policies do. We provide a detailed analysis...
Preprint
Full-text available
Cloud native information systems engineering enables scalable and resilient service infrastructures for all major online offerings. These are built following agile development practices. At the same time, a growing demand for privacy-friendly services is articulated by societal norms and policy through effective legislative frameworks. In this pape...
Conference Paper
Full-text available
Transparency – the provision of information about what personal data is collected for which purposes, how long it is stored, or to which parties it is transferred – is one of the core privacy principles underlying regulations such as the GDPR. Technical approaches for implementing transparency in practice are, however, only rarely considered. In th...
Conference Paper
Full-text available
Fog computing is an emerging computing paradigm that uses processing and storage capabilities located at the edge, in the cloud, and possibly in between. Testing fog applications, however, is hard since runtime infrastructures will typically be in use or may not exist, yet. In this paper, we propose an approach that emulates such infrastructures in...
Conference Paper
Full-text available
Hinreichende Datensouveränität gestaltet sich für Verbraucher:innen in der Praxis als äußerst schwierig. Die Europäische Datenschutzgrundverordnung garantiert umfassende Betroffenenrechte, die von verwantwortlichen Stellen durch technisch-organisatorische Maßnahmen umzusetzen sind. Traditionelle Vorgehensweisen wie die Bereitstellung länglicher Dat...
Preprint
Full-text available
Cloud native systems are processing large amounts of personal data through numerous and possibly multi-paradigmatic data stores (e.g., relational and non-relational databases). From a privacy engineering perspective, a core challenge is to keep track of all exact locations, where personal data is being stored, as required by regulatory frameworks s...
Preprint
Full-text available
Federated learning may be subject to both global aggregation attacks and distributed poisoning attacks. Blockchain technology along with incentive and penalty mechanisms have been suggested to counter these. In this paper, we explore verifiable off-chain computations using zero-knowledge proofs as an alternative to incentive and penalty mechanisms...
Preprint
Full-text available
The purpose of regulatory data minimization obligations is to limit personal data to the absolute minimum necessary for a given context. Beyond the initial data collection, storage, and processing, data minimization is also required for subsequent data releases, as it is the case when data are provided using query-capable Web APIs. Data-providing W...
Chapter
Full-text available
Cloud native information systems engineering enables scalable and resilient software architectures powering major online offerings. Today, these are built following agile development practices. At the same time, a growing demand for privacy-friendly services is articulated by societal norms and policy through effective legislative frameworks. In th...
Preprint
Full-text available
Hinreichende Datensouveränität gestaltet sich für Verbraucher:innen in der Praxis als äußerst schwierig. Die Europäische Datenschutzgrundverordnung garantiert umfassende Betroffenenrechte, die von verantwortlichen Stellen durch technisch-organisatorische Ma{\ss}nahmen umzusetzen sind. Traditionelle Vorgehensweisen wie die Bereitstellung länglicher...
Preprint
Full-text available
In this paper, we present RedCASTLE, a practically applicable solution for Edge-based k_s-anonymization of IoT streaming data in Node-RED. RedCASTLE builds upon a pre-existing, rudimentary implementation of the CASTLE algorithm and significantly extends it with functionalities indispensable for real-world IoT scenarios. In addition, RedCASTLE provi...
Preprint
Full-text available
Transparency - the provision of information about what personal data is collected for which purposes, how long it is stored, or to which parties it is transferred - is one of the core privacy principles underlying regulations such as the GDPR. Technical approaches for implementing transparency in practice are, however, only rarely considered. In th...
Preprint
Full-text available
In this paper, we present TILT, a transparency information language and toolkit explicitly designed to represent and process transparency information in line with the requirements of the GDPR and allowing for a more automated and adaptive use of such information than established, legalese data protection policies do. We provide a detailed analysis...

Network

Cited By

Projects

Project (1)
Project
The aim of the three-year project DaSKITA is the design and prototypical implementation of AI-based concepts, mechanisms and tools which enable consumers to obtain a higher level of awareness and self-determination in the context of data-driven services. Transparency and the right of access have always been an integral part of privacy / data protection regulations: to be able to act in a sovereign and self-determined way in everyday digital life, consumers need to know “who knows what, when, and on what occasion about them" (BVerfG 65, 1). In practice, however, both – the exercise of such rights as well as the actual understanding of provided information – are subject to prohibitive hurdles for consumers who are are, basically existing rights notwithstanding, usually not sufficiently informed to actually act in a sovereign and self-determined manner in everyday digital life. In close cooperation between computer science, legal and socio-political research as well as corporate practice, specific, AI-based technologies for the low-effort exercise of transparency and access rights, for simplified reception of appropriate information and its machine-readable provision by service providers are to be developed in the project DaSKITA. Thus, a sustainable contribution to consumer sovereignty in everyday digital life can be achieved. Following a concept of “privacy engineering” that goes well beyond mere data minimization and security, this shall provide a significant contribution to the technically mediated fulfillment of the requirements given by, in particular, the GDPR (“privacy/data protection by design”). The Department of Information Systems Engineering (ISE) at TU Berlin is the consortium lead and focuses on questions of the formal representation, machine-readable provision, and AI-based extraction of transparency information from privacy policies, the AI-supported exertion of the right of access, and the user-side presentation of respective information. Further project partner is iRights.Lab. The project is supported by funds of the Federal Ministry of Justice and Consumer Protection (BMJV) based on a decision of the Parliament of the Federal Republic of Germany via the Federal Office for Agriculture and Food (BLE) under the innovation support program. https://www.ise.tu-berlin.de/daskita