Rights in design. The technological reconstitution of privacy and data protection   

(financed by the Research Foundation Flanders)

 2015 – 2018


Data protection, privacy, data protection by design, privacy by design, constitutionality, rights

In response to controversies about digital technologies, different innovative ways to protect and articulate the rights of privacy and data protection have been developed across a variety of scales, sites and technologies, both in and outside traditional institutions. This project proposes to study the developments around the concept of ‘privacy by design’, the idea of building privacy protection into information technologies, from a broadened constitutional perspective. Through the notion of “rights in design”, it points at the double role of the interactions between practices of law and technology development in the mutual constitution of the rights of privacy and data protection. On the one hand, these rights play an increasingly important role in the construction of information technologies and are influencing their technological design. On the other hand, through these same developments the meaning and scope of these rights are themselves redesigned outside of the courts. These double developments point at a broad sense of constitutionality that is at play in these co-productions. The project will bring together insights from data protection, privacy, constitutional law and science and technology studies, to come up with a new conceptual and empirical framework for investigating these rights in design. It will study a variety of ways in which these rights are re-constituted on the intersection of law, technology, research, civil society and politics.

A Risk to a Right. Exploring a new notion in data protection law

(financed by the Research Foundation Flanders)

2015 – 2019


data protection, impact assessment, data protection impact assessment, rights, risk, risk management

The currently proposed European general data protection Regulation will introduce the novel obligation for controllers of personal data processing systems to perform a data protection impact assessment (DPIA). This tool, and in particular the notion of “risks to the rights and freedoms of data subjects” which is at its core, epitomises the shift from classical legal practice to more risk-based approaches. Traditionally, rights and risks belong within different spheres of knowledge and social organisation. Merging them in the proposed fashion could change their meanings into something hardly predictable. This application proposes to explore the nature of the relation between both concepts within the assessment of a “risk to a right”. This will occur by mapping the various relations that exist between risks and rights in different sectors, by deepening the legal insights these relations, and their application to a case study on smart grids technology. This should serve to identify gaps in the way DPIAs are currently operationalized, which can in turn provide opportunities for improvement and for lessons to be drawn from other practices and expertises that strike different relations between risks and rights. In this way this research aims to contribute to more socially robust assessments of the risks to the rights of privacy and data protection.



Pleinlaan 2

1050 Elsene, Brussels


+32 2 629 24 60







About us

LSTS2016 Compact Q


Brussels Laboratory for Data Protection & Privacy Impact Assessments

Research Group on Law, Science, Technology & Society (LSTS)

Faculty of Law and Criminology

Vrije Universiteit Brussel




Go to top