Better protection of employee data for economic success (EduMiDa)
Due to high cost pressures, companies increasingly resort to so-called agile ressource planning, e.g. the real-time collection of location data of employees to avoid idle times and the associated costs. Such data can be very sensitive though, and should thus be collected in a privacy-friendly way in order to protect employees.
It is the objective of the project "Success through Employee Data Protection" (EduMiDa) to research and to develop automatedly verifiable metrics, with the help of which employees can control how their data is protected. The metrics also support works councils and company data protection officers in their cooperation and control duties. The EduMiDa project team also investigates the economic contexts of measures of employee data protection to assess the adequacy of data protection measures from a legal as well as an economic point of view. A selection of the developed metrics are to be implemented in a demonstrator and to be tested in a real-life application scenario.
The IGMR supports the research project with its legal expertise in the field of employee data protection law. Project partner of the University of Bremen (IGMR) are the Fraunhofer Institute for Secure Information Technology (SIT), Darmstadt (Coordinator), the University of Münster and the application partner p.l.i. solutions GmbH, Gütersloh. The project is funded by the Federal Ministry of Education and Research.
Duration: 1.6.2021 - 30.11.2023
SKINET - Proactive Safety through Artifical Intelligence in Automobile and Industrial IT Networks
Since October 2020 the IGMR participates in the joint project SKINET with the subproject "Legal conformity of AI-supported safety measures in automobile and industrial IT networks", providing legal support for the entire project. SKINET is funded by the Federal Ministry of Education and Research.
With the increasing complexity of IT systems and their growing connectivity, new opportunities for attack arise all the time. It is becoming increasingly difficult to guaranty complete security of information and operation of these IT systems. Constant monitoring of IT components, early recognition and handling of safety-relevant incidents and comprehensive continuous assessment of the safety level of the entire system are important elements of a solution to these problems. These measures cannot be fully implemented in today's systems, though - frequently due to reasons of complexity and expenditure.
The central idea of the SKINET project is the application of methods and functions of artificial intelligence (AI) to efficiently recognise and deal with safety-relevant incidents and their causes. The mere information of responsible persons in cases of attack is to accompanied by automatic recommendation or autonomous introduction of suitable measures in order to ensure best possible security and availability. SKINET will develop a distributed system for the recognition and management of safety-relevant incidents for this purpose. Based on AI-suppoprted sensors, which are used in vehicles or industry networks as an extension to existing technologies (e.g. firewalls, data logger systems or anti-virus software), an AI engine will be developed for additional recognition or prognosis of attacks or misfunctions.
In order to guaranty legal certainty, data protection-sensitive interfaces and questions of liabililty of the AI solution will be taken into account over the entire duration of the project. Many questions of legal AI and IT safety research have not been completed resolved or are still controversial. The focus here is on IT safety and data protection law, product approval as well as product and producer liability law. Based on existing solution proposals and combined with the interdisciplinary project coordination of SKINET, legal concepts already under discussion are to be reviewed, validated and where necessary developed further and tested in the concrete application scenarios investigated by the project.
Duration: 1 October 2020 - September 2023
Strengthening protection of personal data in the health sector: a comparative analysis of the Tanzanian and German eHealth System
The joint project of the Open University of Tanzania and the University of Bremen is concerned with the regulation of personal data in the eHealth sector. Research is focussed on the electronic health card and the associated challenges arising for data protection regulation in Germany and Tansania. At the same time, the project is to provide the basis for the establishment of a LL.M. Health Law Programme at the University of Tanzania including Tanzanian and German courses. The overall objective is a framework for a long-term cooperation in research and education in the field of data protection and healthcare, leading e.g. to the joint supervision of PhD projects.
With eHealth applications such as the electronic health card, digital technologies have increasingly become part of the healthcare system worldwide. EHealth can support an effectively functioning and cost-effective healthcare system, in particular in rural areas with lower levels of medical provision. According to the WHO, there are 20000 patients for every doctor in Tanzania, compared to 218 patients in Germany. At the same time, eHealth promotes the collection of data which are processed and made available at various points. The particular challenge consists in protecting sensitive personal health data by corresponding legal regulation without unnecessarily impairing the functioning of the healthcare system. This challenge of data protection regulation is present in Germany as well as Tanzania, with Germany having introduced the electronic health card at an earlier date. The complex issues in the field of eHealth require intensive international collaboration and each side can profit from the different experiences and perspectives of the other here.
In comparative as well as empirical studies, the data protection situtation in both countries is to be investigated, also in view of the internationalisation of data protection law and the increasing need for a harmonisation of data protection legislation with the European General Data Protection Regulation in third countries. In addition to legal publications, the establishment of an LL.M. Programme for Health Law at the Open University of Tanzania is to be prepared, the curriculum and a guidance for lecturers are to be developed. Four workshops will be organised in Bremen and Dar es Salaam. The first workshop took place at the Open University of Tanzania at Dar es Salaam and Sansibar from 5 to 12 August 2019, with the participation of legal and medical experts. Due to the Covid pandemic, the workshop planned for 2020 had to be postponed.
The project is a cooperation of the IGMR and the Open University of Tanzania, Dar es Salaam, directed by Prof. Dr. Benedikt Buchner and Prof. Dr. Alex Makulilo. Also working on the project are young researchers Dr. Rindstone Ezekiel und Dr. Doreen Mwmalangala as well as Merle Freye and Dr. Dennis-Kenji Kipker. Prof. Makulilo has been appointed as one of currently ten Research Ambassadors of the University of Bremen in 2019. Research Ambassadors are to represent the university abroad, act as contact persons for those interested in studying, teaching or researching at Bremen and help to establish a network of alumni and researchers of the University of Bremen. The University provides financial and academic support for the Research Ambassadors. Alex Boniface Makulilo completed his PhD supervised by Benedikt Buchner in 2012 with a DAAD scholarship and carried out research at the IGMR, in particular on data protection law in Africa, from 2014 to 2016 and in 2017 with a scholarship of the Alexander von Humboldt Foundation.
The project is sponsored by the Alexander von Humboldt Foundation within the framework of the Programme for the Promotion of Institute Parternships.
Duration of the project: 1 July 2019 to 30 June 2022
INTUITIV - Nonverbal und Informative-Verbal Human-Robot communication
The IGMR participates in the INTUITIV project as a subcontractor of the German Research Center for Artificial Intelligence (DFKI). The project aims at investigating how intentions of a robot can be understood by humans through anticipatory path selection in combination with iconic and verbal communication, so that the discomfort due to uncertainty regarding the actions of a robot is minimized.
The IGMR provides legal support for the project, in particular in order to guarantee the legal confirmity of study conditions (legal conformity of information of test subjects and declarations of consent, safety of use of robots etc.) and data processing as well as to identify liability risks and the legal requirements for the use of service and transport robots in public spaces. The focus is on questions of data protection law, liability law, medical devices law and public law requirements.
Duration of subcontract: 2019 - 2021
The support of work processes through digital assistance systems has permeated all value-creation areas, from production to technical service. So-called wearables such as smartwatches or augmented reality glasses assist in assembly and repair. These digital work tools enable employees to have both hands free for their actual task. However, wearables also allow for the collection and processing of large amounts of personal data in this context, such as data on motion sequences, resting pulse, blood pressure and bioimpedance, but also photographs, video and audio recordings of the employee's immediatete enviroment.
In principle, the collection and analysis of personal data has a valuable potential for companies as well as employees. Wearables can provide customised, i.e. personalised (real-time) assistance for the individual employee in this way. The assistance provided may be dynamically adapted to the continuously determined individual level of knowledge - the more heterogenous the qualification structures of employees, the more profitable the use of personalised assistance, for the company as well as for the individual employee.
In practice, the success of such assistance systems depends on employees' acceptance on the one hand and on the legal conformity of the developed solutions on the other. Employees might be concerned that the data will be misused for other purposes such as the assessment of their productivity, performance, quality of work or even lifestyle. Every advantage of personalised assistance would recede to the background under such circumstances, with the consequence of low acceptance of the new assistance system. Also, an assistance system has to take into account the applicable legal framework conditions in order to establish itself as a - lawful - product on the market. The PersonA project aims to create a privacy-management system for the collection and use of personal data within the framework of personalised assistance systems, which will increase employees' acceptance while guaranteeing legal conformity, and, moreover, can by applied in different sectors and for different work processes.
The joint project will be carried out by the IGMR in cooperation with the markstones Institute and the Ruhr University Bochum. Practice cooperations include the nextpractice Institute of Complexity and Change gGmbH, the Ubimax GmbH, the WS System GmbH and the KEMPER GmbH. The project started in September 2019 and will run for three years.It is funded by the Federal Ministry of Education and Reesearch and the European Social Fund with 1.5 Mio. Euro.
Safety in Food Production and Logistics through Distributed-Ledger Technology (NutriSafe)
Since February 2019 the IGMR participates in the joint project NutriSafe funded by the Federal Ministry of Education and Research.
The internationalisation and digitalisation of production and trade has led to higly complex and networked structures. Austria and Germany have therefore decided to join forces and research on a bilateral basis in order to provide the best possible protection for safety-relevant trade chains. The EHEC and Fipronil scandals have shown that food safety and traceability of supply chains are not only important in crisis situations. Information systems play a central role in this context and new technologies can help to make them as safe as possible.
It is the objective of NutriSafe to protect food production and trade against digital attacks such as manipulation of data and systems and to enhance their resilience. To this purpose, technologies, data models, business processes, service architecure and business models are to be developed and made available as components in a modular construction system. It is important to ensure that the various existing insular systems will be connected to the new comprehensive solution. Legal support, an evaluation of results with the associated partners and the development of recommendations for action will ensure the practicability of the system.
The modular construction system is to enable above all SMEs to use blockchain technologies to cost-efficiently safeguard digital information chains. A closed digitial information chain from the purchaser to the consumer will optimise the traceability of goods as well as the fast restoration of supply.