You are here: Home / Staff members / Staff Members / Jef Ausloos

Jef Ausloos

Jef Ausloos
Research fellow
Centre for IT & IP Law
Sint-Michielsstraat 6 - box 3443
3000 Leuven
Belgium

contact

Jef Ausloos started as a legal researcher at CiTiP in february 2012 . He holds degrees in law from the Universities of Namur, Leuven and Hong Kong. Before joining CiTiP, Jef worked as an International Fellow at the Center for Democracy & Technology (cdt.org) and at the Electronic Frontier Foundation (eff.org) in the US. He has been on research visits at the Berkman Center for Internet & Society (Harvard University) in 2012; the Institute for Information Law (University of Amsterdam) in 2015; and the Centre for Intellectual Property and Information Law (Cambridge University) in 2017. 

Jef's research focuses on how (and if) data protection rights can counteract power-asymmetries over data in the information society. His PhD looks at the normative underpinnings of individual control, empowerment and autonomy in EU data protection law and evaluates how existing legal tools can achieve these goals in the modern-day, largely privatised information ecosystem.

 

Find him on Twitter: @Jausl00s

 

SSRN Papers

 

Publications

query=user:U0083103 year:[1999 TO 2019] &institution=lirias&from=1&step=20&sort=scdate
showing 1 to 20 of 68
Items per page 10 |20 |50
Sort newest first |author |title |popularity
  • Monteiro Krebs, Luciana; Alvarado Rodriguez, Oscar Luis; Dewitte, Pierre; Ausloos, Jef; Geerts, David; Naudts, Laurens; Verbert, Katrien; 2019. Tell Me What You Know: GDPR Implications on Designing Transparency and Accountability for News Recommender Systems. Proceeding CHI EA '19 Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems; 2019 Publisher: ACM Digital Library; New York, NY, USA
    LIRIAS2379654
    description
    The GDPR has a significant impact on the way users interact with technologies, especially the everyday platforms used to personalize news and related forms of information. This paper presents the initial results from a study whose primary objective is to empirically test those platforms' level of compliance with the so-called 'right to explanation'. Four research topics considered as gaps in existing legal and HCI scholarship originated from the project's initial phase, namely (1) GDPR compliance through user-centered design; (2) the inclusion of values in the system; (3) design considerations regarding interaction strategies, algorithmic experience, transparency, and explanations; and (4) technical challenges. The second phase is currently ongoing and allows us to make some observations regarding the registration process and the privacy policies of three categories of news actors: first-party content providers, news aggregators and social media platforms.

    Published online
  • media
    Walraven, Jan; 2019. Wanneer de krant jou leest. Apache; 2019
    LIRIAS2379656
    description


    Published
  • presentation
    Ausloos, Jef; Dewitte, pierre; 2019. Shattering One-Way Mirrors. Data Subject Access Rights in Practice.
    LIRIAS2783299
    description


    Published
  • Ausloos, J; 2018. The Right to Erasure: Safeguard for Informational Self-Determination in a Digital Society ?.
    LIRIAS2123546
    description
    The main research question of Jef Ausloos' PhD project is "How can the right to erasure meaningfully safeguard the fundamental right to data protection without unduly interfering with other fundamental rights and freedoms?" In theory, the right to erasure can be considered as the epitome of individual empowerment under data protection law. In practice, however, the right is rarely acknowledged by data controllers and usually only in an 'ad hoc' way. Hence, the research will examine and evaluate how the right to erasure can meaningfully empower data subject in light of the issues mentioned supra. Three central research questions - each corresponding to a Part - will be tackled: a) When/why does the right to erasure apply? Sub-questions include: what is the rationale of the right to erasure; what is the history of the right to erasure; what is the scope of application of the right to erasure; what are the preconditions for the right to erasure? b) How should the right to erasure be balanced against the fundamental rights to freedom of expression (art.11 Charter) and freedom to conduct a business (art. 16 Charter)? Sub-questions include: how are information and economic freedoms affected by invoking/applying the right to erasure; what is the rationale of both fundamental rights; what is scope of application of these fundamental rights; what are their preconditions; what are the exceptions to their application; how are they traditionally balanced; how should they be balanced against the fundamental right to data protection? c) How should the right to erasure be implemented in practice? Sub-questions include: what are the practical challenges for the right to erasure to achieve its purpose; should the right to erasure's scope of application be adjusted; can/should there be different degrees of the right to erasure in practice; how should obligations and responsibilities be distributed between relevant stakeholders?

    Published
  • presentation
    Kuczerawy, Aleksandra; Ausloos, Jef; Dewitte, Pierre; 2018. Shattering One-Way Mirrors The Right of Access in Practice.
    LIRIAS2334426
    description


    Published
  • Ausloos, Jef; 2018. Paul-Olivier Dehaye and the Raiders of the Lost Data. Publisher: CiTiP Blog
    LIRIAS2209054
    description
    With the recent Facebook/Cambridge Analytica scandal and the GDPR knocking at the door, we seem to be witnessing a watershed moment in data protection online. In the last year or so, people have been made increasingly aware of their data subject rights (of access, explanation, erasure, etc). Paul-Olivier Dehaye has been at the forefront in this battle of reclaiming control over personal data.

    Published
  • journal-article
    Veale, Michael; Binns, Reuben; Ausloos, Jef; 2018. When data protection by design and data subject rights clash. International Data Privacy Law; 2018; Vol. 8; iss. 2; pp. 105 - 123
    LIRIAS2208720
    description
    Data protection by design (DPbD), a holistic approach to embedding principles in technical and organizational measures undertaken by data controllers, building on the notion of Privacy by Design, is now a qualified duty in the GDPR. Practitioners have seen DPbD less holistically, instead framing it through the confidentiality-focussed lens of privacy enhancing technologies (PETs). We show that some confidentiality-focussed DPbD strategies used by large data controllers leave data reidentifiable by capable adversaries while heavily limiting controllers’ ability to provide data subject rights, such as access, erasure and objection, to manage this risk. Informed by case studies of Apple’s Siri voice assistant and Transport for London’s Wi-Fi analytics, we suggest three main ways to make deployed DPbD more accountable and data subject–centric: building parallel systems to fulfil rights, including dealing with volunteered data; making inevitable trade-offs more explicit and transparent through Data Protection Impact Assessments; and through ex ante and ex post information rights (Articles 13–15), which we argue may require the provision of information concerning DPbD trade-offs. Despite steep technical hurdles, we call both for researchers in PETs to develop rigorous techniques to balance privacy-as-control with privacy-as-confidentiality, and for DPAs to consider tailoring guidance and future frameworks to better oversee the trade-offs being made by primarily well-intentioned data controllers employing DPbD.
    Publisher: Oxford University Press
    Published
  • Ausloos, Jef; Dewitte, Pierre; 2018. Shattering one-way mirrors – data subject access rights in practice. International Data Privacy Law; 2018; Vol. 8; iss. 1; pp. 1 - 25
    LIRIAS1711864
    description
    The right of access occupies a central role in EU data protection law’s arsenal of data subject empowerment measures. It can be seen as a nec- essary enabler for most other data subject rights as well as an important role in monitoring opera- tions and (en)forcing compliance. Despite some high-profile revelations regarding unsavoury data processing practices over the past few years, access rights still appear to be under- used and not properly accommodated. It is espe- cially this last hypothesis we tried to investigate and substantiate through a legal empirical study. During the first half of 2017, around 60 informa- tion society service providers were contacted with data subject access requests. Eventually, the study confirmed the general suspicion that access rights are by and large not adequately accommo- dated. The systematic approach did allow for a more granular identification of key issues and broader problematic trends. Notably, it uncov- ered an often-flagrant lack of awareness; organi- zation; motivation; and harmonization. Despite the poor results of the empirical study, we still believe there to be an important role for data subject empowerment tools in a hyper-complex, automated, and ubiquitous data-processing ecosys- tem. Even if only used marginally, they provide a checks and balances infrastructure overseeing controllers’ processing operations, both on an indi- vidual basis as well as collectively. The empirical findings also allow identifying concrete suggestions aimed at controllers, such as relatively easy fixes in privacy policies and access rights templates.
    Publisher: Oxford University Press
    Published
  • other
    Ausloos, Jef; Dewitte, Pierre; 2018. Shattering One-Way Mirrors. Data Subject Access Rights in Practice. Publisher: CiTiP Working Paper Series: Issue 31/2018
    LIRIAS1712006
    description
    The right of access occupies a central role in EU data protection law's arsenal of data subject empowerment measures. It can be seen as a necessary enabler for most other data subject rights as well as an important role in monitoring operations and (en)forcing compliance. Despite some high-profile revelations regarding unsavoury data processing practices over the past few years, access rights still appear to be underused and not properly accommodated. It is especially this last hypothesis we tried to investigate and substantiate through a legal empirical study. During the first half of 2017, around sixty information society service providers were contacted with data subject access requests. Eventually, the study confirmed the general suspicion that access rights are by and large not adequately accommodated. The systematic approach did allow for a more granular identification of key issues and broader problematic trends. Notably, it uncovered an often-flagrant lack of awareness; organisation; motivation; and harmonisation. Despite the poor results of the empirical study, we still believe there to be an important role for data subject empowerment tools in a hyper-complex, automated and ubiquitous data-processing ecosystem. Even if only used marginally, they provide a checks and balances infrastructure overseeing controllers' processing operations, both on an individual basis as well as collectively. The empirical findings also allow identifying concrete suggestions aimed at controllers, such as relatively easy fixes in privacy policies and access rights templates.

    Published
  • Ausloos, Jef; Dewitte, Pierre; Geerts, David; Valcke, Peggy; Zaman, Bieke; 2018. Algorithmic Transparency and Accountability in Practice.
    LIRIAS1712014
    description
    This position paper aims to contribute to the debate on algorithmic transparency and accountability, relating it to compliance with the so-called right to an explanation in EU data protection law. We propose a research agenda based on legal-empirical data, that will constitute the basis for pinpointing key issues, evidence-based policy guidance and conducting further interdisciplinary research. Based on this research agenda, we are preparing the co-creation of a concrete prototype for making recommendation algorithms for news curation understandable to the average individual. This position paper is the result of a collaboration between two research centres, with expertise in law (CiTiP) and Human-Computer Interaction (Mintlab), enabling a more holistic perspective on a critical societal issue.

    Published
  • journal-article
    Clifford, D; Ausloos, J; 2018. Data protection and the role of fairness. Yearbook of European Law; 2018; Vol. 37; pp. 130 - 187
    LIRIAS2208721
    description
    © The Author(s) 2018. Published by Oxford University Press. All rights reserved. The purpose of this article is to examine the principle of fairness as it appears in EU data protection law. Despite the fact that this principle is often referred to as a key tenet of the data protection framework, a precise understanding of its role remains elusive. As such, this article aims to provide the first steps towards a more thorough understanding of the fairness principle. This is significant as it is argued that fairness is delineated from the other data protection principles and thus this article aims to clarify its overarching role and importance in the General Data Protection Regulation (GDPR). The article divides the fairness principle into procedural fairness and fair balancing elements which are evident in the fairness checks and balances in the GDPR. Building on this analysis the article identifies gaps, shortcomings and areas for future research thus calling for further analysis on the precise contours of the fairness principle.
    Publisher: Oxford University Press (OUP)
    Published
  • Ausloos, Jef; Heyman, Rob; Bertels, Natalie; Pierson, Jo; Valcke, Peggy; 2018. Designing-by-Debate: A Blueprint for Responsible Data-Driven Research & Innovation. Responsible Research and Innovation Actions in Science Education, Gender and Ethics: Cases and Experiences; 2018; Edition: 1; pp. 47 - 64 Publisher: Springer; Cham
    LIRIAS1711945
    description
    The emergence and rapid development of ICT-centred research methodologies, and data-driven research and innovation in particular, fundamen- tally challenge ethical values, human rights and security in the EU and beyond. This is especially—though not exclusively—the result of fragmented legal, ethical and terminological frameworks; a mismatch between rules and how they are applied or disregarded in practice; the privatisation of research data and methods; the fact that these challenges are spread over multiple actors and disciplines and issues raised by data opportunism. These challenges keep Responsible Research and Innovation (RRI) largely hypothetical in many contexts and may lead to social rejection and distorted legislation of emerging research methodologies as well as the huge socio-economic potential they hold. This contribution advances the first blueprint for an innovative approach aimed at overcoming the challenges obstructing the full realisation of RRI. The Designing-by-Debate (DbD) approach provides a system- atic model and method for inclusive dialogue through smart stewardship, enabling researchers and the broader stakeholder community to develop, fine-tune and operationalise the framework for RRI to their situation. It is an iterative process based on different forms of participatory debate, aimed at formulating RRI proto- cols and policies with maximal participation from all stakeholders. The method relies on sharing protocols and guidelines so that they can be used and improved simultaneously through new RRI applications. The DbD approach has different well-defined layers and components, that are aimed at making RRI work in the field. Notwithstanding its greater ambitions, the scope of this contribution is con- fined to DbD in the context of data-driven research and innovation (and how to align it with ethical, normative, and societal values that are central to the EU identity). DbD, we argue, provides the prerequisites for a holistic yet concrete approach to key legal, ethical and social challenges emerging from ubiquitous use of technology and ‘data’ to do research and innovation.

    Published
  • Veale, Michael; Binns, Reuben; Ausloos, Jef; 2017. When Data Protection by Design and Data Subject Rights Clash.
    LIRIAS1711871
    description
    Data Protection by Design (DPbD), a holistic approach to embedding principles in technical and organisational measures undertaken by data controllers, building on the notion of Privacy by Design, is now a qualified duty in the GDPR. Practitioners have seen DPbD less holistically, instead framing it through the confidentiality-focussed lens of Privacy Enhancing Technologies (PETs). While focussing primarily on confidentiality risk, we show that some DPbD strategies deployed by large data controllers result in personal data which, despite remaining clearly reidentifiable by a capable adversary, make it difficult for the controller to grant data subjects rights (eg access, erasure, objection) over for the purposes of managing this risk. Informed by case studies of Apple's Siri voice assistant and Transport for London's Wi-Fi analytics, we suggest three main ways to make deployed DPbD more accountable and data subject-centric: building parallel systems to fulfil rights, including dealing with volunteered data; making inevitable trade-offs more explicit and transparent through Data Protection Impact Assessments; and through ex ante and ex post information rights (arts 13-15), which we argue may require the provision of information concerning DPbD trade-offs. Despite steep technical hurdles, we call both for researchers in PETs to develop rigorous techniques to balance privacy-as-control with privacy-as-confidentiality, and for DPAs to consider tailoring guidance and future frameworks to better oversee the trade-offs being made by primarily well-intentioned data controllers employing DPbD.

    Published
  • Ausloos, Jef; 2017. Designing-by-Debate: A Blueprint for Responsible Data-Driven Research & Innovation. Publisher: CiTiP Blog
    LIRIAS1711870
    description
    The emergence and rapid development of data-driven research and innovation (R&I) fundamentally challenge normative, ethical and social values. In collaboration with other academics, CiTiP aims to develop a methodology to proactively, sustainably and effectively incorporate legal, ethical and social considerations into R&I design. We call this approach Designing-by-Debate.

    Published
  • Clifford, Damian; Ausloos, Jef; 2017. Data Protection and the Role of Fairness (CiTiP Working Paper 29/2017).
    LIRIAS1711834
    description
    The purpose of this article is to examine the principle of fairness as it appears in EU data protection law. Despite the fact that this principle is often referred to as a key tenet of the data protection framework, a precise understanding of its role remains elusive. As such, this article aims to provide the first steps towards a more thorough understanding of the fairness principle. This is significant as it is argued that fairness is delineated from the other data protection principles and thus this article aims to clarify its overarching role and importance in the General Data Protection Regulation (GDPR). The article divides the fairness principle into procedural fairness and fair balancing elements which are evident in the fairness checks and balances in the GDPR. Building on this analysis the article identifies gaps, shortcomings and areas for future research thus calling for further analysis on the precise contours of the fairness principle.

    Published
  • Ausloos, Jef; 2017. Giving meaning to Lawfulness under the GDPR.
    LIRIAS1711831
    description
    Data protection rules are not particularly praised for their legal clarity or certainty. This vagueness is of course the product of the framework’s broad scope and vocation to be technology neutral and future-proof. One of the pivotal concepts in data protection law that may suffer from such vagueness is ‘lawfulness’. Yet, while most people may interpret this term in an ordinary language fashion, its meaning and scope seem to have narrowed in the General Data Protection Regulation.

    Published
  • Ausloos, Jef; 2017. Balancing in the GDPR: legitimate interests v. right to object.
    LIRIAS1711832
    description
    Balancing exercises permeate data protection law. This post investigates the interaction between two core manifestations of such balancing in the GDPR: the last lawful ground (Art.6(1)f) and the right to object (Art.21(1)).

    Published
  • journal-article
    Ausloos, Jef; 2017. Vergetelheids-zaken voor de Hoven van Cassatie te België en Frankrijk - Contradictoir of Complementair?. Computerrecht: Tijdschrift voor Informatica, Telecommunicatie en Recht; 2017; iss. 1; pp. 32 - 35
    LIRIAS1711741
    description
    In het voorjaar van 2016 velde zowel het Hof van Cassatie in België als dat in Frankrijk een belangrijk arrest met betrekking tot het zogenaamde ‘recht op vergetelheid’. Beide zaken betroffen een verzoek tot het anonimiseren van welbepaalde artikels in online krantenarchieven. Daar waar de onderliggende feiten op het eerste zicht vrijwel identiek lijken, kwamen de Hoven nochtans tot een tegengesteld besluit: in België haalde de eiser zijn slag thuis, daar waar de eiser in Frankrijk met lege handen naar huis diende terug te keren.
    Publisher: Kluwer
    Published
  • bookreview
    Ausloos, Jef; 2017. Book Review: Ctrl+Z: The Right to be Forgotten. By Meg Leta Jones. European Data Protection Law Review; 2017; Vol. 3; iss. 1; pp. 138 - 142 Publisher: Lexxion
    LIRIAS1711815
    description
    The so-called right to be forgotten has been a hot top- ic for quite a while. Since at least 2012 – when the European Commission explicitly used the phrase in its proposal for a General Data Protection Regulation – the term evolved from being more of an academic catchphrase into a legitimate legal and policy con- cept. In light of this, the first wave of (doctoral) re- search projects looking into the concept is also com- ing to an end. One of the most prolific such projects – particularly in the US – is that of Meg Leta Jones (previously Ambrose).1 Building on her PhD re- search, which she finished in 2013, Jones has written quite an ambitious book. Ctrl+Z: The Right to Be For- gotten transcends a purely legalistic investigation of the contentious concept but rather looks at it from many different angles (computer science, social sci- ence, etc) and perspectives (American, British, French, German, etc), all while being aimed at a more general, non-expert audience. Notwithstanding Jones’ admirable effort and the importance of the book as a whole, more seasoned readers in the field may wish for more depth at certain stages.

    Published
  • Kuczerawy, Aleksandra; Valcke, Peggy; Lambrecht, Ingrid; Ausloos, Jef; Graef, Inge; Følstad, Asbjørn; 2016. REVEAL Deliverable D.7.2 User Evaluation Report.
    LIRIAS1711808
    description


    Published