About
145
Publications
41,588
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,550
Citations
Citations since 2017
Introduction
Ronald's primary research interests are regulation by (and of) technology, specifically related to privacy and other fundamental rights. He is also motivated and trying to understand the effects of profiling, function creep and privacy infringements in general. He currently leads different research teams in the fields of accountability in cloud computing, legal and ethical aspects of robotic technologies, privacy-enhancing identity management and Big Data.
Additional affiliations
January 2004 - present
September 1992 - December 2003
October 1989 - August 1992
Publications
Publications (145)
This book brings together papers that offer conceptual analyses, highlight issues, propose solutions, and discuss practices regarding privacy, data protection and enforcing rights in a changing world. It is one of the results of the 14th annual International Conference on Computers, Privacy and Data Protection (CPDP), which took place online in Jan...
This book brings together papers that offer conceptual analyses, highlight issues, propose solutions, and discuss practices regarding privacy, data protection and Artificial Intelligence. It is one of the results of the thirteenth annual International Conference on Computers, Privacy and Data Protection (CPDP) held in Brussels in January 2020.
The...
Recital 77; Article 5(2) (Principle of accountability); Article 42 (Certification); Article 55 (Competence of the supervisory authorities); Article 56 (Competence of the lead supervisory authority); Articles 57(1)(p)–(q) (Tasks of the supervisory authorities); Article 58(3)(e) (Powers of the supervisory authorities); Article 63 (Consistency mechani...
Article 5(2) (Principle of accountability); Article 24(3) (Responsibility of the controller); Article 25(3) (Data protection by design and by default); Article 28(5) (Responsibilities of the processor) (see too recital 81); Article 32(3) (Security of processing); Article 43 (Certification bodies); Article 46(2)(f) (Transfers subject to appropriate...
This new book provides an article-by-article commentary on the new EU General Data Protection Regulation. Adopted in April 2016 and applicable from May 2018, the GDPR is the centrepiece of the recent reform of the EU regulatory framework for protection of personal data. It replaces the 1995 EU Data Protection Directive and has become the most signi...
This chapter reviews the intricate structure of documents compiled by WADA to discover the main ideas in the WADA code and standards regarding the gathering of data, testing and sanctioning. Additionally, it focuses on the organisational structure within the context of doping, which includes most national and international sport federations. The ai...
This chapter offers a European Union perspective on data protection in the context of the anti-doping regime. It presents the Union’s essential data protection framework, which includes Articles 7 and 8 of the EU Charter of Fundamental Rights and the new General Data Protection Regulation (GDPR). Using the relevant legal texts, the main data protec...
Chapter 2 explained the organisational structure of WADA, an overview of the different sport and anti-doping bodies in the world and a discussion of the most important rules and standards applicable to the athletes and anti-doping organisations. It discussed which behaviour is considered an ADVR, how tests are distributed and conducted, how samples...
This chapter describes and analyses Article 8 (right to a private life), Article 6 (right to a fair trial) and Article 14 (prohibition of discrimination) of the European Convention of Human Rights. The analysis is applied to the anti-doping regime under WADA. The discussion is mainly built upon primary sources such as legal texts and case law. With...
The subjects of this volume are more relevant than ever, especially in light of the raft of electoral scandals concerning voter profiling.
This volume brings together papers that offer conceptual analyses, highlight issues, propose solutions, and discuss practices regarding privacy and data protection. It is one of the results of the twelfth annua...
This book addresses the tension between, on the one hand, anti-doping practices and measures and, on the other hand, the fundamental rights of athletes.
New techniques for testing and re-testing samples taken several years ago, have caused a push by the World Anti-Doping Agency and affiliated organizations for stricter rules, more doping tests an...
The Tilburg Institute for Law, Technology, and Society led a study for the Directorate-General for Justice and Consumers on certification mechanisms, seals or marks under Articles 42 and 43 of Regulation (EU) 2016/679. The study aimed at analyzing existing certifications, providing recommendations for requirements for data protection certification...
This chapter provides an introduction to the overarching topic and question of this volume on how and whether to regulate new technologies in times of change. It introduces the regulating technology (development) model.
The subjects of Privacy and Data Protection are more relevant than ever, and especially since 25 May 2018, when the European General Data Protection Regulation became enforceable.
This volume brings together papers that offer conceptual analyses, highlight issues, propose solutions, and discuss practices regarding privacy and data protection. It...
Techno-regulation is a prominent mechanism for regulating human behaviour. One type of techno-regulation concerns automated decision-making with legal effects. While automated decision-making (ADM) systems in the public domain have traditionally been based on conscious design of decisional norms, increasingly, Data Science methodologies are used to...
The subjects of Privacy and Data Protection are more relevant than ever with the European General Data Protection Regulation (GDPR) becoming enforceable in May 2018.
This volume brings together papers that offer conceptual analyses, highlight issues, propose solutions, and discuss practices regarding privacy and data protection. It is one of the r...
The paper intends to identify certain "rule of law" implications of Big Data analysis from a techno-regulatory perspective-namely, (i) the collapse of the normative enterprise, (ii) the erosion of moral enterprise and (iii) replacing of causative basis with correlative calculations. Although these implications are not completely specific to Big Dat...
Robots are slowly, but certainly, entering people’s professional and private lives. They require the attention of regulators due to the challenges they present to existing legal frameworks and the new legal and ethical questions they raise. This paper discusses four major regulatory dilemmas in the field of robotics: how to keep up with technologic...
This book features peer reviewed contributions from across the disciplines on themes relating to protection of data and to privacy protection. The authors explore fundamental and legal questions, investigate case studies and consider concepts and tools such as privacy by design, the risks of surveillance and fostering trust. Readers may trace both...
The essays in this book clarify the technical, legal, ethical, and social aspects of the interaction between eHealth technologies and surveillance practices. The book starts out by presenting a theoretical framework on eHealth and surveillance, followed by an introduction to the various ideas on eHealth and surveillance explored in the subsequent c...
This article focuses on the role of accountability within information management, particularly in cloud computing contexts. Key to this notion is that an accountable Cloud Provider must demonstrate both willingness and capacity for being a responsible steward of other people's data. More generally, the notion of accountability is defined as it appl...
We propose a data protection impact assessment (DPIA) method based on successive questionnaires for an initial screening and for a full screening for a given project. These were tailored to satisfy the needs of Small and Medium Enterprises (SMEs) that intend to process personal data in the cloud. The approach is based on legal and socio-economic an...
This volume brings together papers that offer methodologies, conceptual analyses, highlight issues, propose solutions, and discuss practices regarding privacy and data protection. It is one of the results of the eight annual International Conference on Computers, Privacy, and Data Protection, CPDP 2015, held in Brussels in January 2015.
The book ex...
Profiling the online behaviour of Internet users has become a defining feature of the Internet. Individual surfing behaviour is tracked by many enterprises for statistical purposes, but also for behavioural advertising and other personalisation services. Profiling implies the processing of personal data often facilitated by cookies and other marker...
There is a pressing need to make the differences between cloud offerings more transparent to cloud customers. Examples of properties that vary across cloud service providers (and that are reflected in cloud contracts) include subcontracting, location of data centres, use restriction, applicable law, data backup, encryption, remedies, storage period...
Available at: http://jaatun.no/papers/2014/guidinglights.pdf
In order to be an accountable organisation, Cloud Providers need to commit to being responsible stewards of other people's information. This implies demonstrating both willingness and capacity for such stewardship. This paper outlines the fundamental requirements that must be met by acco...
In this article the authors explore the various ways in which robot behaviour is regulated. A distinction is drawn between imposing regulations on robots, imposing regulation by robots, and imposing regulation in robots. Two angles are looked at in depth: regulation that aims at influencing human behaviour and regulation whose scope is robots' beha...
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2436436
The so-called "Right to Be Forgotten or Erasure" (RTBF), article 17 of the proposed General Data Protection Regulation, provides individuals with a means to oppose the often persistent digital memory of the Web. Because digital information technologies affect the accessibility of informatio...
Book Front matter of AICT 421 (TUTORIAL)
This volume brings together papers that offer conceptual analyses, highlight issues, propose solutions, and discuss practices regarding privacy and data protection. The first section of the book provides an overview of developments in data protection in different parts of the world. The second section focuses on one of the most captivating innovati...
The so-called "Right to Be Forgotten or Erasure" (RTBF), article 17 of the proposed General Data Protection Regulation, provides individuals with a means to oppose the often persistent digital memory of the Web. Because digital information technologies affect the accessibility of information over time and time plays a fundamental role in biological...
This book contains a range of keynote papers and submitted papers presented at the 7th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6 International Summer School, held in Nijmegen, The Netherlands, in June 2013. The 13 revised full papers and 6 keynote papers included in this volume were carefully selected from a total of 30 presentations and 11 keynote ta...
As demonstrated by other papers on this issue, open-source intelligence (OSINT) by state authorities poses challenges for privacy protection and intellectual-property enforcement. A possible strategy to address these challenges is to adapt the design of OSINT tools to embed normative requirements, in particular legal requirements. The experience of...
‘Privacy by design’ is an increasingly popular paradigm. It is the principle or concept that privacy should be promoted as a default setting of every new ICT system and should be built into systems from the design stage. The draft General Data Protection Regulation embraces ‘privacy by design’ without detailing how it can or should be applied. This...
Information and Communication Technologies allow us to bridge space and time. New services and industries are constatnly being created and people no longer depend on the here and now for their development, but can tap into resources across the globe.
Cloud Computing, for instance, allows users to make use of remote services and store their data f...
Technology affects behaviour. Speed bumps, for instance, provide an effective way to enforce speed limits imposed by the legislator. In cases such as these, technology is instrumental to the enforcement of legal norms. This kind of regulation by technology, techno-regulation, or ‘code as code’ has become part of the contemporary regulator’s toolbox...
On 25 January 2012, the European Commission presented its long awaited new �Data protection package�. With this proposal for a drastic revision of the data protection framework in Europe, it is fair to say that we are witnessing a rebirth of European data protection, and perhaps, its passage from an impulsive youth to a more mature state. Technolog...
Cloud and IT service providers should act as responsible stewards for the data of their customers and users. However, the current absence of accountability frameworks for distributed IT services makes it difficult for users to understand, influence and determine how their service providers honour their obligations. The A4Cloud project will create s...
Although Europe has a significant legal data protection framework, built up around EU Directive 95/46/EC and the Charter of Fundamental Rights, the question of whether data protection and its legal framework are 'in good health' is increasingly being posed. Advanced technologies raise fundamental issues regarding key concepts of data protection. Fa...
This book constitutes the thoroughly refereed post-conference proceedings of the 7th IFIP WG 9.2, 9.6/11.7, 11.4, 11.6 International Summer School, held in Trento, Italy, in September 2011. The 20 revised papers were carefully selected from numerous submissions during two rounds of reviewing. The book also contains two invited talks. The papers are...
Second Life can be seen as a social microcosmos in which fairly normal people lead a social life and where social needs develop. Privacy is one of those needs. It is a need that is seemingly at odds with the key characteristics of Second Life: social interaction, transparency and openness. This chapter sketches the state of privacy in Second Life a...
SNSs pose numerous privacy issues that are reasonably well known and understood. Many issues boil down to the same problem: information makes it to the wrong audience. This problem is inherent to the design and business model of the current social network sites. Facebook is a case in point here. Its architecture is biased towards information disclo...
Artifacts are generally constructed on purpose and have intended and unintended effects on the conduct of people. As such, architecture can be used in regulating society, as speed ramps convincingly show. But is this de facto regulating behaviour by means of technology, regulating society in a legal sense, or is it merely disciplining society? Indi...
Medical technology advances rapidly. As of 2009, about 188.000 people worldwide had received cochlear implants, and promising trials have been conducted with retinal and subretinal implants. These devices are meant to (partially) repair deaf and blind people’s impairments, allowing them to (re)gain ‘normal’ sensory perception. These medical devices...
The image of citizens (identity) plays a key role in citizen and government relationships and identifiability is perceived relevant in many contexts of public administration. This is particularly the case where citizens can exercise rights and claim benefits, and for various purposes, like administration and registration, public safety, security, g...
The internet reached the general public in the early 1990s. Since then it has changed dramatically. In its early days it was
primarily an information source where its novel users could marvel about what new ways of information dissemination, such
as Gopher and later the World Wide Web had to offer. People also communicated. For instance by means of...
Privacy and data protection have never been static. On the contrary, the history of the last 40 years shows the reverse. New issues and challenges continue to emerge, requiring an ongoing process of interpreting their effect in terms of reach, objectives and their deeper significance. Indeed, the consequences of technological applications due to un...
Second Life can be seen as a social microcosmos in which fairly normal people lead a social life and where social needs develop. Privacy is one of those needs. It is a need that is seemingly at odds with the key characteristics of Second Life: social interaction, transparency and openness. This chapter sketches the state of privacy in Second Life a...
Artifacts are generally constructed on purpose and have intended and unintended effects on the conduct of people. As such, architecture can be used in regulating society, as speed ramps convincingly show. But is this de facto regulating behavior by means of technology, regulating society in a legal sense, or is it merely disciplining society? Indiv...
This book documents the R&D outcome of the PRIME Project, an R&D project partially funded by the European Union’s Sixth Framework Programme and the Swiss Federal Office for Education and Science. PRIME has focused on privacy-enhancing identity management techniques and systems to support users’ sovereignty over their personal privacy and enterprise...
In recent years research has shown that most social network sites pose serious privacy and security risks for individual users. From the existing analyses of privacy and security risks in social network sites we deduce that one of the biggest categories of privacy risks revolves around the notion of `audience segregation', i.e. the partitioning of...
The notion of software code replacing legal code as a mechanism to control human behavior – “code as law” – is often illustrated with examples in intellectual property and freedom of speech. This Article examines the neglected issue of the impact of “code as law” on privacy. To what extent is privacy-related “code” being used, either to undermine o...
Aquest article tracta d'alguns dels temes de protecció de dades que es qüestionen en informàtica en núvol. Concretament, aborda la qüestió de la responsabilitat en el tractament de dades personals en situacions d'informàtica en núvol des de la perspectiva de la Unió Europea: com s'han d'avaluar models d'informàtica en núvol diferents pel que fa a l...
Lothar Fritsch's contribution addresses the powerful inferences that can be made by combining the location of mobiles phones with data from GIS systems and data mining techniques. Indeed, the combination of such data offers a rich picture of mobile phone users and their behaviour. Why and when should we worry, and how does it relate to location-bas...
Gutwirth and de Hert proclaim data protection instrumental to privacy. Privacy incorporates notions such as individuality, autonomy, integrity and dignity. These values are affected by IT systems that use personal data. Data protection regulation aims to control the use of personal data to protect the fundamental values mentioned. Data protection r...
Identification is ever more important in the online world, and identity-related crime is a growing problem related to this. This new category of crime is not restricted to high-profile instances of identity 'theft' or identity fraud; it is wide-ranging and complex, ranging from identity deletion to unlawful identity creation and identity 'theft'. C...
Data protection regulation, such as the European Data Protection Directive EU/95/46 (DPD), as an instrument to protect privacy,
addresses different actors. The Directive aims to regulate behaviour, in particular concerning the processing – including
collection and use – of personal data. The regulation therefore addresses actors in society engaged...
A English version of the Dutch article: Koops, E.J., Leenes, R.E., Marbus, R.C.P., Stuurman, C., & Verschuuren, J.M. (2005). Een heel klein artikel met grote gevolgen. Eerste verkenning van nanotechnologie & recht. Nederlands Juristenblad, 80(30), 1554-1559. The small will rule the world. The multi billion industry of ultra small - nanoparticles le...
Several opinion polls have reported that many people claim to be concerned about their privacy, yet that most people in fact
do very little to protect their privacy. Are privacy concerns indeed insufficient motivators to adopt privacy protection strategies?
What then characterizes the users of these strategies? On the basis of a large scale survey...
Data protection regulation aims to protect individuals against misuse and abuse of the their personal data, while at the same time allowing businesses and governments to use personal data for legitimate purposes. Collisions between these aims are prevalent in practices such as profiling and behavioral targeting, Many online service providers claim...
Negotiating is a complex task in which negotiators typically try to maximize their own interests without realizing that most conflict situations contain potential for solutions that benefit both parties involved in the dispute. It seems that negotiators typically refrain from exchanging and processing information about their own and the opponent's...
Data protection regulation aims to protect individuals against misuse and abuse of their personal data, while at the same time allowing businesses and governments to use personal data for legitimate purposes. Collisions between these aims are prevalent in practices such as profiling and behavioral targeting. Many online service providers claim not...
Informational privacy is under siege on the internet. One particular type of privacy threat relates to our digital personae, the digital representations of our identity. The abundant use of identifiers online facilitates the connection of personal data and behavioural patterns from various sources to the rich digital personae of internet users. The...
In this study we investigate the impact of converging technologies on legal practice and criminology in a forward looking study intended for practitioners and policy makers in the field of legislation, crime prevention, and law enforcement. We look at a 15 years timeframe and discuss the scientific and technical progress in various domains as well...
Second Life by many is considered to be more than just a game. It is a social microcosmos in which fairly normal people behave normally and where (complex) social behaviour develops. As such it is an interesting environment to study social and legal phenomena. In this chapter we will look at the privacy and how privacy is regulated within Second Li...
Electronic commerce is important, and perhaps, inevitable. Thus to consider the legal implications of enforcement, recognition and compliance with online alternative dispute resolution (OADR) is essential. However, in analysing enforcement, recognition ...
Identity theft is often perceived as one of the major upcoming threats in crime. However, there is no commonly accepted definition of 'identity theft' or 'identity fraud', and it is impossible to study the real threat of this phenomenon without conceptual clarity. In this article, we attempt to provide a starting point for policy and research by pr...
In 1995 the Dutch Ministry of the Interior and the Association of Dutch Local Governments (VNG) initiated an ambitious program to improve public service delivery. The aim of this so-called Public Counter 2000 (in Dutch: ‘Overheidsloket 2000’ or ‘OL2000’) program was a nation wide network of one-stop government agencies, providing citizens and trade...
‘Identity thieves make thousands of victims!’ is a typical headline of current e-zines. One pictures thousands of people panicking and pursuing thieves running away with their identities. Reality is different, of course. Identity criminals do no steal identities: they use identity as a tool to steal money. And the typical victim does not notice the...
The PRIME project develops privacy enhancing identity management systems that allow users in various application areas such as e-commerce to regain control over their personal spheres. This paper introduces the PRIME technical architecture that also includes special trust-enhancing mechanisms, and shows how PRIME technologies can enhance privacy an...
The handling of complex Personal Injury Claims is a complicated, confusing, challenging, and sometimes nasty procedure. This paper describes a project in which all relevant stakeholders collaborate to improve the procedure by establishing a Code of Conduct, the core ideas of which are implemented in a web application, PICE - Personal Injury Claims...
Projects
Projects (4)
The project aims at providing recommendations on the role of National Cybersecurity Agencies (with a focus on the Dutch Agency) in relation to cybersecurity certification, taking into account the EU Cybersecurity Act and related developments.
The Tilburg Institute for Law, Technology, and Society led a study for the Directorate-General for Justice and Consumers on certification mechanisms, seals or marks under Articles 42 and 43 of Regulation (EU) 2016/679. The study aimed at analyzing existing certifications, providing recommendations for requirements for data protection certification mechanisms, accreditation criteria, and technical standards in the field of data protection certification. The output from the study supports the establishment of data protection certification mechanisms and of data protection seals and marks pursuant to Articles 42 and 43 of the General Data Protection Regulation (EU) 2016/679. Ronald Leenes, Irene Kamara, Eric Lachaud and Kees Stuurman (TILT) are involved in this study together with researchers from TNO and Civic Consulting.