Automatic Privacy Management Based on Dynamic Consent

Within EU GDPR (General Data Protection Regulation), consent constitutes one of the six possible legal grounds for lawfully processing personal data, and it is also the one found most confusing. To comply with GDPR, consent must be freely given, specific, informed and unambiguous. However, it is questionable that the current schemes ensure a real privacy choice to the data subject. Also, while GDPR empowers individuals to have more control over their personal data, it seems to also rely on robust decision-making when individuals may not have the knowledge or experience in data privacy or security.

This project will explore how automation may improve user experience in consent in smart home environments with a multiplicity of Internet of Things devices. The research will explore temporal knowledge representation and reasoning to identify attributes and rules for consent in particular contexts and how they change with time. Extracted knowledge will be used to create a user-friendly representation of consent behaviour, and automatically generate recommendations for user privacy policies.

Applicants will be required to demonstrate their ability to think analytically and innovatively; develop software with a working knowledge of data analysis techniques; research, analyse and critically evaluate information; communicate results and findings in research reports.

Applicants will have or be expected to receive a first or upper-second class honours degree in Engineering, Computer Science, Design, Mathematics, Physics or a similar discipline. A Postgraduate Masters degree may be an advantage.

Experience in privacy and data protection principles; privacy-enhancing technologies; Internet of Things, user-experience design; recommendation systems is an advantage. In addition, the applicant should be highly motivated, able to work in a team, collaborate with others and have good communication skills.