Forsch! Podcast: “We need a Nutri-Score for data protection.”

In the fifth episode of “Forsch!” – Science in Interview, BZ reporter Andreas Eberhard and Dr. des Jeremias Othman (ForschungRegion Braunschweig) speak with computer scientist Prof. Dr. Ina Schiering from Ostfalia University of Applied Sciences in Wolfenbüttel. The IT security specialist describes what data protection is, why it is becoming increasingly important, and provides tips on how we can handle data practically and responsibly.

Data Protection – an Abstract Concept?

“From my perspective, data protection is the protection of fundamental rights.” When asked about data protection, a concept often perceived as abstract, Ina Schiering explains that data protection is primarily the protection of privacy in a world undergoing digital transformation, where large parts of our lives manifest as digital data. Data protection then means setting boundaries to prevent so-called stakeholders (Note: These can be companies, corporations, or governments) from arbitrarily drawing conclusions about our living conditions, attitudes, etc. Understood in this way, data protection is relevant, among other things, in trade union work, confidential discussions in the work environment, or in cases of illness. Data protection focuses on an individual. IT security, on the other hand, is intended to ensure on the company side that data is not accessed unauthorized by third parties.

Data Protection Objectives

For this purpose, certain key objectives have been formulated. Foremost among these is data minimization, meaning that only data truly necessary for a specific purpose is collected. Before installing an app on a smartphone, for example, one can ask whether the displayed permissions, through which data is collected, are always necessary. If in doubt, one can opt for a different provider. Data minimization also means that data no longer required is deleted. During the pandemic phase, for instance, this must happen after a certain period for information about restaurant visits. Collected data, such as address or phone number, thus does not remain indefinitely. This, in turn, also increases confidentiality.

The objective of integrity or correctness – which Ina Schiering subsequently addresses – can be explained using the example of the digital patient file: For treating personnel in clinics or care facilities, correct data is of high relevance. Only if availability is ensured – another data protection objective – can it be decided, for example, in a medical emergency, which medications are needed. Medical personnel, in turn, can prove that certain care activities have been performed. Furthermore, non-linkability is intended to ensure that, for example, health insurance companies cannot access vital or GPS data from fitness trackers.

In addition to these principles, there are overarching, inherent objectives concerning personal rights: transparency and intervenability. On the one hand, it must be clear to every data subject how data is processed – this is where the right to information applies – and on the other hand, there must be the possibility to approach a company to request the deletion of certain data. This is made possible by the General Data Protection Regulation, or GDPR for short.

The GDPR: a Milestone and Export Success

“The General Data Protection Regulation, which has been in force since 2018, is a huge step forward,” states Ina Schiering, further explaining that it legally regulates the digital services that accompany us daily and thus secures our fundamental rights. However, the researcher also concedes that there is a need to legally refine individual parts, as it is a comparatively new law. As an export success, the GDPR has already made it to California, establishing the right to information, the right to rectification, and the right to deletion of no longer needed data there as well.

A Practical Example

How can effective data protection be achieved? When developing technical applications, i.e., apps, Ina Schiering advises considering data protection from the outset. From her research, she reports on the app “Reha-Goal,” which enables people, for example, after a stroke, to define sequences of specific activities and to orient themselves using the app. This way, shopping or bus travel can be successfully managed again. The app operates entirely without storing personal data. This principle is called “Privacy-by-Design”; data protection is already integrated into the development process.

What’s Next?

Data protection is being discussed on many levels. In the political landscape, Ina Schiering observes a trend, similar to listening to virologists during the pandemic, to increasingly involve experts in data protection in political decision-making. This trend should be encouraged, and digital competence should be further developed not only in politics but also in everyday life and among the general public. What could this mean for the average user? “Just as with food, we also need a Nutri-Score for apps, which enables users to quickly and easily decide which apps promise secure data protection and which ones require closer scrutiny.”

The podcast “Forsch! – Science in Interview” is a cooperation between ForschungRegion Braunschweig and Braunschweiger Zeitung. The hosts Jeremias Othman (ForschungRegion Braunschweig) and Andreas Eberhard (Braunschweiger Zeitung) speak with regional stakeholders about their research, their personalities – and about current social, political, and ethical questions and debates.

Listen directly here or stream on Spotify, Apple Podcasts or Deezer.