GDPR evaluation of prototypes
The results of a new project-based course on GDPR supervised by Associate Professor Malgorzata Cyndecka are out, and they are impressive.
Main content
May 2021 marked three years since the new law on data protection, the General Data Protection Regulation (GDPR) entered into force in the EU. As regards Norway, the GDPR became part of the national legislation (personopplysningsloven) in July 2018.
Analysing prototypes made by students
The GDPR is a difficult and complex piece of legislation. The risk of breaching the new, much stricter rules on data protection is thus high. This is also because the GDPR is often unclear and we still wait for many clarifications from the EU Court. At the same time, new technologies like AI are hungry for our personal data like never before.
So, how to learn and, most importantly, understand the GDPR? Only by applying it in practice (while meeting new people and having fun).
The Faculty of Law offers now a new project-based course where law students analyse innovative and often challenging prototypes made by students at Media City Bergen and make them GDPR-compliant. The very first reports documenting their (very successful) efforts are now out.
The reports:
A GDPR friendly Guider, Written by: Bianca Daltri, Olivier de Wijs, Emilie Mellbye Rytter-Ingebrigtsen and Wenhan Feng
Full report can be read here.
"When we initially got assigned to this project it was evident that through the interaction with people Guider has a lot of potential to improve lives. Despite this potential, the initial project was not designed with data protection in mind. Therefore this report aims to keep the interaction between the user and Guider, as envisioned by its creator, but make it compliant with the GDPR."
A GDPR Compliancy Report on Climategotchi, Written by: Øyvind Brurberg Haugland and Julie Ullerud Lind
Full report can be read here.
"Climategotchi will need to develop an algorithm that only obtains the bare minimum of what they need – whilst informing the data subject how they will act to fulfil the purpose. The data subject shall be informed in which way this process works, and thereby gain knowledge about how anonymized and minimized the process and amount of data really is. By doing this Climategotchi is ensuring compliance with principles of data minimization, storage limitation, accuracy and last but not least, fairness and transparency."
Climategotchi: A report on GDPR compliance, Written by: Cecilie Nyhus, Amanda Terhonen and Nadezda Kustova
Full report can be read here.
"Climategotchi has to assess what kind of data is necessary for this purpose and only data limited to what is necessary for further developing the App may be stored for this purpose. The purpose of further development of the App does not allow Climategotchi to store personal data in perpetuity, and if it is irrelevant to identify the users for the development of the App, the personal data stored should be anonymised so that the data subject cannot be identified."
Strengthen the protection
The GDPR aims to strengthen the data protection of those who have their personal data processed and, at the same time, safeguard the free movement of personal data. Data protection must be thus balanced against other freedoms like freedom of speech and rights like right to conduct business.