Ronald E. Leenes

Ronald E. Leenes
Tilburg University | UVT · Tilburg Institute for Law, Technology, and Society "TILT"

PhD

About

145
Publications
41,588
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,550
Citations
Citations since 2017
25 Research Items
896 Citations
2017201820192020202120222023050100150
2017201820192020202120222023050100150
2017201820192020202120222023050100150
2017201820192020202120222023050100150
Introduction
Ronald's primary research interests are regulation by (and of) technology, specifically related to privacy and other fundamental rights. He is also motivated and trying to understand the effects of profiling, function creep and privacy infringements in general. He currently leads different research teams in the fields of accountability in cloud computing, legal and ethical aspects of robotic technologies, privacy-enhancing identity management and Big Data.
Additional affiliations
January 2004 - present
Tilburg University
Position
  • professor in regulation by technology
September 1992 - December 2003
University of Twente
Position
  • Professor (Assistant)
October 1989 - August 1992
University of Twente
Position
  • Researcher

Publications

Publications (145)
Book
This book brings together papers that offer conceptual analyses, highlight issues, propose solutions, and discuss practices regarding privacy, data protection and enforcing rights in a changing world. It is one of the results of the 14th annual International Conference on Computers, Privacy and Data Protection (CPDP), which took place online in Jan...
Book
This book brings together papers that offer conceptual analyses, highlight issues, propose solutions, and discuss practices regarding privacy, data protection and Artificial Intelligence. It is one of the results of the thirteenth annual International Conference on Computers, Privacy and Data Protection (CPDP) held in Brussels in January 2020. The...
Chapter
Recital 77; Article 5(2) (Principle of accountability); Article 42 (Certification); Article 55 (Competence of the supervisory authorities); Article 56 (Competence of the lead supervisory authority); Articles 57(1)(p)–(q) (Tasks of the supervisory authorities); Article 58(3)(e) (Powers of the supervisory authorities); Article 63 (Consistency mechani...
Chapter
Article 5(2) (Principle of accountability); Article 24(3) (Responsibility of the controller); Article 25(3) (Data protection by design and by default); Article 28(5) (Responsibilities of the processor) (see too recital 81); Article 32(3) (Security of processing); Article 43 (Certification bodies); Article 46(2)(f) (Transfers subject to appropriate...
Article
This new book provides an article-by-article commentary on the new EU General Data Protection Regulation. Adopted in April 2016 and applicable from May 2018, the GDPR is the centrepiece of the recent reform of the EU regulatory framework for protection of personal data. It replaces the 1995 EU Data Protection Directive and has become the most signi...
Chapter
This chapter reviews the intricate structure of documents compiled by WADA to discover the main ideas in the WADA code and standards regarding the gathering of data, testing and sanctioning. Additionally, it focuses on the organisational structure within the context of doping, which includes most national and international sport federations. The ai...
Chapter
This chapter offers a European Union perspective on data protection in the context of the anti-doping regime. It presents the Union’s essential data protection framework, which includes Articles 7 and 8 of the EU Charter of Fundamental Rights and the new General Data Protection Regulation (GDPR). Using the relevant legal texts, the main data protec...
Chapter
Chapter 2 explained the organisational structure of WADA, an overview of the different sport and anti-doping bodies in the world and a discussion of the most important rules and standards applicable to the athletes and anti-doping organisations. It discussed which behaviour is considered an ADVR, how tests are distributed and conducted, how samples...
Chapter
This chapter describes and analyses Article 8 (right to a private life), Article 6 (right to a fair trial) and Article 14 (prohibition of discrimination) of the European Convention of Human Rights. The analysis is applied to the anti-doping regime under WADA. The discussion is mainly built upon primary sources such as legal texts and case law. With...
Book
The subjects of this volume are more relevant than ever, especially in light of the raft of electoral scandals concerning voter profiling. This volume brings together papers that offer conceptual analyses, highlight issues, propose solutions, and discuss practices regarding privacy and data protection. It is one of the results of the twelfth annua...
Book
This book addresses the tension between, on the one hand, anti-doping practices and measures and, on the other hand, the fundamental rights of athletes. New techniques for testing and re-testing samples taken several years ago, have caused a push by the World Anti-Doping Agency and affiliated organizations for stricter rules, more doping tests an...
Research
Full-text available
The Tilburg Institute for Law, Technology, and Society led a study for the Directorate-General for Justice and Consumers on certification mechanisms, seals or marks under Articles 42 and 43 of Regulation (EU) 2016/679. The study aimed at analyzing existing certifications, providing recommendations for requirements for data protection certification...
Chapter
This chapter provides an introduction to the overarching topic and question of this volume on how and whether to regulate new technologies in times of change. It introduces the regulating technology (development) model.
Book
The subjects of Privacy and Data Protection are more relevant than ever, and especially since 25 May 2018, when the European General Data Protection Regulation became enforceable. This volume brings together papers that offer conceptual analyses, highlight issues, propose solutions, and discuss practices regarding privacy and data protection. It...
Article
Full-text available
Techno-regulation is a prominent mechanism for regulating human behaviour. One type of techno-regulation concerns automated decision-making with legal effects. While automated decision-making (ADM) systems in the public domain have traditionally been based on conscious design of decisional norms, increasingly, Data Science methodologies are used to...
Book
The subjects of Privacy and Data Protection are more relevant than ever with the European General Data Protection Regulation (GDPR) becoming enforceable in May 2018. This volume brings together papers that offer conceptual analyses, highlight issues, propose solutions, and discuss practices regarding privacy and data protection. It is one of the r...
Preprint
Full-text available
The paper intends to identify certain "rule of law" implications of Big Data analysis from a techno-regulatory perspective-namely, (i) the collapse of the normative enterprise, (ii) the erosion of moral enterprise and (iii) replacing of causative basis with correlative calculations. Although these implications are not completely specific to Big Dat...
Article
Full-text available
Robots are slowly, but certainly, entering people’s professional and private lives. They require the attention of regulators due to the challenges they present to existing legal frameworks and the new legal and ethical questions they raise. This paper discusses four major regulatory dilemmas in the field of robotics: how to keep up with technologic...
Book
This book features peer reviewed contributions from across the disciplines on themes relating to protection of data and to privacy protection. The authors explore fundamental and legal questions, investigate case studies and consider concepts and tools such as privacy by design, the risks of surveillance and fostering trust. Readers may trace both...
Book
The essays in this book clarify the technical, legal, ethical, and social aspects of the interaction between eHealth technologies and surveillance practices. The book starts out by presenting a theoretical framework on eHealth and surveillance, followed by an introduction to the various ideas on eHealth and surveillance explored in the subsequent c...
Article
This article focuses on the role of accountability within information management, particularly in cloud computing contexts. Key to this notion is that an accountable Cloud Provider must demonstrate both willingness and capacity for being a responsible steward of other people's data. More generally, the notion of accountability is defined as it appl...
Conference Paper
We propose a data protection impact assessment (DPIA) method based on successive questionnaires for an initial screening and for a full screening for a given project. These were tailored to satisfy the needs of Small and Medium Enterprises (SMEs) that intend to process personal data in the cloud. The approach is based on legal and socio-economic an...
Book
This volume brings together papers that offer methodologies, conceptual analyses, highlight issues, propose solutions, and discuss practices regarding privacy and data protection. It is one of the results of the eight annual International Conference on Computers, Privacy, and Data Protection, CPDP 2015, held in Brussels in January 2015. The book ex...
Article
Profiling the online behaviour of Internet users has become a defining feature of the Internet. Individual surfing behaviour is tracked by many enterprises for statistical purposes, but also for behavioural advertising and other personalisation services. Profiling implies the processing of personal data often facilitated by cookies and other marker...
Article
There is a pressing need to make the differences between cloud offerings more transparent to cloud customers. Examples of properties that vary across cloud service providers (and that are reflected in cloud contracts) include subcontracting, location of data centres, use restriction, applicable law, data backup, encryption, remedies, storage period...
Conference Paper
Full-text available
Available at: http://jaatun.no/papers/2014/guidinglights.pdf In order to be an accountable organisation, Cloud Providers need to commit to being responsible stewards of other people's information. This implies demonstrating both willingness and capacity for such stewardship. This paper outlines the fundamental requirements that must be met by acco...
Article
In this article the authors explore the various ways in which robot behaviour is regulated. A distinction is drawn between imposing regulations on robots, imposing regulation by robots, and imposing regulation in robots. Two angles are looked at in depth: regulation that aims at influencing human behaviour and regulation whose scope is robots' beha...
Conference Paper
Full-text available
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2436436 The so-called "Right to Be Forgotten or Erasure" (RTBF), article 17 of the proposed General Data Protection Regulation, provides individuals with a means to oppose the often persistent digital memory of the Web. Because digital information technologies affect the accessibility of informatio...
Book
This volume brings together papers that offer conceptual analyses, highlight issues, propose solutions, and discuss practices regarding privacy and data protection. The first section of the book provides an overview of developments in data protection in different parts of the world. The second section focuses on one of the most captivating innovati...
Article
The so-called "Right to Be Forgotten or Erasure" (RTBF), article 17 of the proposed General Data Protection Regulation, provides individuals with a means to oppose the often persistent digital memory of the Web. Because digital information technologies affect the accessibility of information over time and time plays a fundamental role in biological...
Book
This book contains a range of keynote papers and submitted papers presented at the 7th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6 International Summer School, held in Nijmegen, The Netherlands, in June 2013. The 13 revised full papers and 6 keynote papers included in this volume were carefully selected from a total of 30 presentations and 11 keynote ta...
Article
As demonstrated by other papers on this issue, open-source intelligence (OSINT) by state authorities poses challenges for privacy protection and intellectual-property enforcement. A possible strategy to address these challenges is to adapt the design of OSINT tools to embed normative requirements, in particular legal requirements. The experience of...
Article
Full-text available
‘Privacy by design’ is an increasingly popular paradigm. It is the principle or concept that privacy should be promoted as a default setting of every new ICT system and should be built into systems from the design stage. The draft General Data Protection Regulation embraces ‘privacy by design’ without detailing how it can or should be applied. This...
Book
Information and Communication Technologies allow us to bridge space and time. New services and industries are constatnly being created and people no longer depend on the here and now for their development, but can tap into resources across the globe. Cloud Computing, for instance, allows users to make use of remote services and store their data f...
Chapter
Technology affects behaviour. Speed bumps, for instance, provide an effective way to enforce speed limits imposed by the legislator. In cases such as these, technology is instrumental to the enforcement of legal norms. This kind of regulation by technology, techno-regulation, or ‘code as code’ has become part of the contemporary regulator’s toolbox...
Book
On 25 January 2012, the European Commission presented its long awaited new �Data protection package�. With this proposal for a drastic revision of the data protection framework in Europe, it is fair to say that we are witnessing a rebirth of European data protection, and perhaps, its passage from an impulsive youth to a more mature state. Technolog...
Conference Paper
Full-text available
Cloud and IT service providers should act as responsible stewards for the data of their customers and users. However, the current absence of accountability frameworks for distributed IT services makes it difficult for users to understand, influence and determine how their service providers honour their obligations. The A4Cloud project will create s...
Book
Although Europe has a significant legal data protection framework, built up around EU Directive 95/46/EC and the Charter of Fundamental Rights, the question of whether data protection and its legal framework are 'in good health' is increasingly being posed. Advanced technologies raise fundamental issues regarding key concepts of data protection. Fa...
Book
This book constitutes the thoroughly refereed post-conference proceedings of the 7th IFIP WG 9.2, 9.6/11.7, 11.4, 11.6 International Summer School, held in Trento, Italy, in September 2011. The 20 revised papers were carefully selected from numerous submissions during two rounds of reviewing. The book also contains two invited talks. The papers are...
Chapter
Second Life can be seen as a social microcosmos in which fairly normal people lead a social life and where social needs develop. Privacy is one of those needs. It is a need that is seemingly at odds with the key characteristics of Second Life: social interaction, transparency and openness. This chapter sketches the state of privacy in Second Life a...
Conference Paper
SNSs pose numerous privacy issues that are reasonably well known and understood. Many issues boil down to the same problem: information makes it to the wrong audience. This problem is inherent to the design and business model of the current social network sites. Facebook is a case in point here. Its architecture is biased towards information disclo...
Article
Full-text available
Artifacts are generally constructed on purpose and have intended and unintended effects on the conduct of people. As such, architecture can be used in regulating society, as speed ramps convincingly show. But is this de facto regulating behaviour by means of technology, regulating society in a legal sense, or is it merely disciplining society? Indi...
Article
Full-text available
Medical technology advances rapidly. As of 2009, about 188.000 people worldwide had received cochlear implants, and promising trials have been conducted with retinal and subretinal implants. These devices are meant to (partially) repair deaf and blind people’s impairments, allowing them to (re)gain ‘normal’ sensory perception. These medical devices...
Article
Full-text available
The image of citizens (identity) plays a key role in citizen and government relationships and identifiability is perceived relevant in many contexts of public administration. This is particularly the case where citizens can exercise rights and claim benefits, and for various purposes, like administration and registration, public safety, security, g...
Article
The internet reached the general public in the early 1990s. Since then it has changed dramatically. In its early days it was primarily an information source where its novel users could marvel about what new ways of information dissemination, such as Gopher and later the World Wide Web had to offer. People also communicated. For instance by means of...
Book
Privacy and data protection have never been static. On the contrary, the history of the last 40 years shows the reverse. New issues and challenges continue to emerge, requiring an ongoing process of interpreting their effect in terms of reach, objectives and their deeper significance. Indeed, the consequences of technological applications due to un...
Chapter
Second Life can be seen as a social microcosmos in which fairly normal people lead a social life and where social needs develop. Privacy is one of those needs. It is a need that is seemingly at odds with the key characteristics of Second Life: social interaction, transparency and openness. This chapter sketches the state of privacy in Second Life a...
Article
Artifacts are generally constructed on purpose and have intended and unintended effects on the conduct of people. As such, architecture can be used in regulating society, as speed ramps convincingly show. But is this de facto regulating behavior by means of technology, regulating society in a legal sense, or is it merely disciplining society? Indiv...
Book
This book documents the R&D outcome of the PRIME Project, an R&D project partially funded by the European Union’s Sixth Framework Programme and the Swiss Federal Office for Education and Science. PRIME has focused on privacy-enhancing identity management techniques and systems to support users’ sovereignty over their personal privacy and enterprise...
Conference Paper
Full-text available
In recent years research has shown that most social network sites pose serious privacy and security risks for individual users. From the existing analyses of privacy and security risks in social network sites we deduce that one of the biggest categories of privacy risks revolves around the notion of `audience segregation', i.e. the partitioning of...
Article
Full-text available
The notion of software code replacing legal code as a mechanism to control human behavior – “code as law” – is often illustrated with examples in intellectual property and freedom of speech. This Article examines the neglected issue of the impact of “code as law” on privacy. To what extent is privacy-related “code” being used, either to undermine o...
Article
Aquest article tracta d'alguns dels temes de protecció de dades que es qüestionen en informàtica en núvol. Concretament, aborda la qüestió de la responsabilitat en el tractament de dades personals en situacions d'informàtica en núvol des de la perspectiva de la Unió Europea: com s'han d'avaluar models d'informàtica en núvol diferents pel que fa a l...
Article
Lothar Fritsch's contribution addresses the powerful inferences that can be made by combining the location of mobiles phones with data from GIS systems and data mining techniques. Indeed, the combination of such data offers a rich picture of mobile phone users and their behaviour. Why and when should we worry, and how does it relate to location-bas...
Article
Gutwirth and de Hert proclaim data protection instrumental to privacy. Privacy incorporates notions such as individuality, autonomy, integrity and dignity. These values are affected by IT systems that use personal data. Data protection regulation aims to control the use of personal data to protect the fundamental values mentioned. Data protection r...
Article
Full-text available
Identification is ever more important in the online world, and identity-related crime is a growing problem related to this. This new category of crime is not restricted to high-profile instances of identity 'theft' or identity fraud; it is wide-ranging and complex, ranging from identity deletion to unlawful identity creation and identity 'theft'. C...
Chapter
Data protection regulation, such as the European Data Protection Directive EU/95/46 (DPD), as an instrument to protect privacy, addresses different actors. The Directive aims to regulate behaviour, in particular concerning the processing – including collection and use – of personal data. The regulation therefore addresses actors in society engaged...
Article
A English version of the Dutch article: Koops, E.J., Leenes, R.E., Marbus, R.C.P., Stuurman, C., & Verschuuren, J.M. (2005). Een heel klein artikel met grote gevolgen. Eerste verkenning van nanotechnologie & recht. Nederlands Juristenblad, 80(30), 1554-1559. The small will rule the world. The multi billion industry of ultra small - nanoparticles le...
Chapter
Several opinion polls have reported that many people claim to be concerned about their privacy, yet that most people in fact do very little to protect their privacy. Are privacy concerns indeed insufficient motivators to adopt privacy protection strategies? What then characterizes the users of these strategies? On the basis of a large scale survey...
Article
Data protection regulation aims to protect individuals against misuse and abuse of the their personal data, while at the same time allowing businesses and governments to use personal data for legitimate purposes. Collisions between these aims are prevalent in practices such as profiling and behavioral targeting, Many online service providers claim...
Conference Paper
Full-text available
Negotiating is a complex task in which negotiators typically try to maximize their own interests without realizing that most conflict situations contain potential for solutions that benefit both parties involved in the dispute. It seems that negotiators typically refrain from exchanging and processing information about their own and the opponent's...
Article
Full-text available
Data protection regulation aims to protect individuals against misuse and abuse of their personal data, while at the same time allowing businesses and governments to use personal data for legitimate purposes. Collisions between these aims are prevalent in practices such as profiling and behavioral targeting. Many online service providers claim not...
Article
Informational privacy is under siege on the internet. One particular type of privacy threat relates to our digital personae, the digital representations of our identity. The abundant use of identifiers online facilitates the connection of personal data and behavioural patterns from various sources to the rich digital personae of internet users. The...
Article
Full-text available
In this study we investigate the impact of converging technologies on legal practice and criminology in a forward looking study intended for practitioners and policy makers in the field of legislation, crime prevention, and law enforcement. We look at a 15 years timeframe and discuss the scientific and technical progress in various domains as well...
Article
Second Life by many is considered to be more than just a game. It is a social microcosmos in which fairly normal people behave normally and where (complex) social behaviour develops. As such it is an interesting environment to study social and legal phenomena. In this chapter we will look at the privacy and how privacy is regulated within Second Li...
Article
Electronic commerce is important, and perhaps, inevitable. Thus to consider the legal implications of enforcement, recognition and compliance with online alternative dispute resolution (OADR) is essential. However, in analysing enforcement, recognition ...
Article
Full-text available
Identity theft is often perceived as one of the major upcoming threats in crime. However, there is no commonly accepted definition of 'identity theft' or 'identity fraud', and it is impossible to study the real threat of this phenomenon without conceptual clarity. In this article, we attempt to provide a starting point for policy and research by pr...
Chapter
In 1995 the Dutch Ministry of the Interior and the Association of Dutch Local Governments (VNG) initiated an ambitious program to improve public service delivery. The aim of this so-called Public Counter 2000 (in Dutch: ‘Overheidsloket 2000’ or ‘OL2000’) program was a nation wide network of one-stop government agencies, providing citizens and trade...
Article
Full-text available
‘Identity thieves make thousands of victims!’ is a typical headline of current e-zines. One pictures thousands of people panicking and pursuing thieves running away with their identities. Reality is different, of course. Identity criminals do no steal identities: they use identity as a tool to steal money. And the typical victim does not notice the...
Conference Paper
The PRIME project develops privacy enhancing identity management systems that allow users in various application areas such as e-commerce to regain control over their personal spheres. This paper introduces the PRIME technical architecture that also includes special trust-enhancing mechanisms, and shows how PRIME technologies can enhance privacy an...
Conference Paper
The handling of complex Personal Injury Claims is a complicated, confusing, challenging, and sometimes nasty procedure. This paper describes a project in which all relevant stakeholders collaborate to improve the procedure by establishing a Code of Conduct, the core ideas of which are implemented in a web application, PICE - Personal Injury Claims...

Network

Cited By

Projects

Projects (4)
Archived project
The project aims at providing recommendations on the role of National Cybersecurity Agencies (with a focus on the Dutch Agency) in relation to cybersecurity certification, taking into account the EU Cybersecurity Act and related developments.
Archived project
The Tilburg Institute for Law, Technology, and Society led a study for the Directorate-General for Justice and Consumers on certification mechanisms, seals or marks under Articles 42 and 43 of Regulation (EU) 2016/679. The study aimed at analyzing existing certifications, providing recommendations for requirements for data protection certification mechanisms, accreditation criteria, and technical standards in the field of data protection certification. The output from the study supports the establishment of data protection certification mechanisms and of data protection seals and marks pursuant to Articles 42 and 43 of the General Data Protection Regulation (EU) 2016/679. Ronald Leenes, Irene Kamara, Eric Lachaud and Kees Stuurman (TILT) are involved in this study together with researchers from TNO and Civic Consulting.