Elias GrünewaldTechnische Universität Berlin | TUB · Department of Information Systems and Knowledge-Based Methods
Elias Grünewald
Master of Science
About
17
Publications
2,008
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
90
Citations
Citations since 2017
Introduction
Publications
Publications (17)
In this paper, we present TILT, a transparency information language and toolkit explicitly designed to represent and process transparency information in line with the requirements of the GDPR and allowing for a more automated and adaptive use of such information than established, legalese data protection policies do.
We provide a detailed analysis...
Cloud native information systems engineering enables scalable and resilient service infrastructures for all major online offerings. These are built following agile development practices. At the same time, a growing demand for privacy-friendly services is articulated by societal norms and policy through effective legislative frameworks. In this pape...
Transparency – the provision of information about what personal data is collected for which purposes, how long it is stored, or to which parties it is transferred – is one of the core privacy principles underlying regulations such as the GDPR. Technical approaches for implementing transparency in practice are, however, only rarely considered. In th...
Fog computing is an emerging computing paradigm that uses processing and storage capabilities located at the edge, in the cloud, and possibly in between. Testing fog applications, however, is hard since runtime infrastructures will typically be in use or may not exist, yet. In this paper, we propose an approach that emulates such infrastructures in...
Hinreichende Datensouveränität gestaltet sich für Verbraucher:innen in der Praxis als äußerst schwierig. Die Europäische Datenschutzgrundverordnung garantiert umfassende Betroffenenrechte, die von verwantwortlichen Stellen durch technisch-organisatorische Maßnahmen umzusetzen sind. Traditionelle Vorgehensweisen wie die Bereitstellung länglicher Dat...
Transparency regarding the processing of personal data in online services is a necessary precondition for informed decisions on whether or not to share personal data. In this paper, we argue that privacy interfaces shall incorporate the context of display, personal preferences, and individual competences of data subjects following the principles of...
Cloud native systems are processing large amounts of personal data through numerous and possibly multi-paradigmatic data stores (e.g., relational and non-relational databases). From a privacy engineering perspective, a core challenge is to keep track of all exact locations, where personal data is being stored, as required by regulatory frameworks s...
Cloud native systems are processing large amounts of personal data through numerous and possibly multi-paradigmatic data stores (e.g., relational and non-relational databases). From a privacy engineering perspective, a core challenge is to keep track of all exact locations, where personal data is being stored, as required by regulatory frameworks s...
Federated learning may be subject to both global aggregation attacks and distributed poisoning attacks. Blockchain technology along with incentive and penalty mechanisms have been suggested to counter these. In this paper, we explore verifiable off-chain computations using zero-knowledge proofs as an alternative to incentive and penalty mechanisms...
The purpose of regulatory data minimization obligations is to limit personal data to the absolute minimum necessary for a given context. Beyond the initial data collection, storage, and processing, data minimization is also required for subsequent data releases, as it is the case when data are provided using query-capable Web APIs. Data-providing W...
Cloud native information systems engineering enables scalable and resilient software architectures powering major online offerings. Today, these are built following agile development practices. At the same time, a growing demand for privacy-friendly services is articulated by societal norms and policy through effective legislative frameworks. In th...
The purpose of regulatory data minimization obligations is to limit personal data to the absolute minimum necessary for a given context. Beyond the initial data collection, storage, and processing, data minimization is also required for subsequent data releases, as it is the case when data are provided using query-capable Web APIs. Data-providing W...
Hinreichende Datensouveränität gestaltet sich für Verbraucher:innen in der Praxis als äußerst schwierig. Die Europäische Datenschutzgrundverordnung garantiert umfassende Betroffenenrechte, die von verantwortlichen Stellen durch technisch-organisatorische Ma{\ss}nahmen umzusetzen sind. Traditionelle Vorgehensweisen wie die Bereitstellung länglicher...
In this paper, we present RedCASTLE, a practically applicable solution for Edge-based k_s-anonymization of IoT streaming data in Node-RED. RedCASTLE builds upon a pre-existing, rudimentary implementation of the CASTLE algorithm and significantly extends it with functionalities indispensable for real-world IoT scenarios. In addition, RedCASTLE provi...
Transparency - the provision of information about what personal data is collected for which purposes, how long it is stored, or to which parties it is transferred - is one of the core privacy principles underlying regulations such as the GDPR. Technical approaches for implementing transparency in practice are, however, only rarely considered. In th...
In this paper, we present TILT, a transparency information language and toolkit explicitly designed to represent and process transparency information in line with the requirements of the GDPR and allowing for a more automated and adaptive use of such information than established, legalese data protection policies do. We provide a detailed analysis...
Projects
Project (1)
The aim of the three-year project DaSKITA is the design and prototypical implementation of AI-based concepts, mechanisms and tools which enable consumers to obtain a higher level of awareness and self-determination in the context of data-driven services. Transparency and the right of access have always been an integral part of privacy / data protection regulations: to be able to act in a sovereign and self-determined way in everyday digital life, consumers need to know “who knows what, when, and on what occasion about them" (BVerfG 65, 1). In practice, however, both – the exercise of such rights as well as the actual understanding of provided information – are subject to prohibitive hurdles for consumers who are are, basically existing rights notwithstanding, usually not sufficiently informed to actually act in a sovereign and self-determined manner in everyday digital life.
In close cooperation between computer science, legal and socio-political research as well as corporate practice, specific, AI-based technologies for the low-effort exercise of transparency and access rights, for simplified reception of appropriate information and its machine-readable provision by service providers are to be developed in the project DaSKITA. Thus, a sustainable contribution to consumer sovereignty in everyday digital life can be achieved. Following a concept of “privacy engineering” that goes well beyond mere data minimization and security, this shall provide a significant contribution to the technically mediated fulfillment of the requirements given by, in particular, the GDPR (“privacy/data protection by design”).
The Department of Information Systems Engineering (ISE) at TU Berlin is the consortium lead and focuses on questions of the formal representation, machine-readable provision, and AI-based extraction of transparency information from privacy policies, the AI-supported exertion of the right of access, and the user-side presentation of respective information. Further project partner is iRights.Lab.
The project is supported by funds of the Federal Ministry of Justice and Consumer Protection (BMJV) based on a decision of the Parliament of the Federal Republic of Germany via the Federal Office for Agriculture and Food (BLE) under the innovation support program.
https://www.ise.tu-berlin.de/daskita
