The interdisciplinary project entitled "Appropriate Measures for Security: Investigating Legal and Technical Requirements under the GDPR" was awarded the title of best Academy Assistant project from 2020/21 by the Network Institute. The project is led by Dayana Spagnuelo, affiliated with the UCDS research group, and Magdalena Jozwiak from the TLS, at the Faculty of Law. The researchers contribute with expertise in information security and human rights law respectively, in a collaboration between departments that is currently unique at the VU. The two researchers are assisted by Tina Marjanov, student from the Master in Computer Science, and Maria Konstantinou, student from the Masters in International Technology Law.
This project focuses on the analysis of decisions issued by Data Protection Authorities (DPAs) imposing fines for the violation of Article 32, GDPR. This Article regulates on "appropriate security measures", that according to the regulation should be in place in systems processing personal data. The requirements for implementation of such measures, however, are unclearly defined as depending on, among others: the state of the art in security mechanisms, cost of implementation, and risk and harm to rights and freedoms of people. By analysing those decisions, the team can understand how measures have failed in the past, and devise measures suitable to guarantee such technical and legal demands.
Despite the regulation being in force since 2018, defining the appropriateness of security measures is still a topical challenge and of societal relevance. Fines for the lack of these measures are still being issued, with more than 50 deliberations only this year. Those include cases in the Netherlands, such as the fine imposed to the OLVG hospital, and the most recent to UWV's data breach, for which security measures had been preemptively judged insufficient in a previous case.
The team is currently working on an extended academic publication of their findings, and their intermediate results will be presented in September 2021 at the 8th ACM Celebration of Women in Computing (womENcourage 2021), themed 'Bridging Communities to Foster Innovation'.