Scalable solutions for complex legal problems
Artificial intelligence, Platforms, Big Data, the Internet of Things – data-driven innovation challenges the law. Our team provides innovative research and development services turning complex problems into scalable solutions.
Learn more about our research services and solutions
Scalable solutions for complex legal problems
Artificial intelligence, Platforms, Big Data, the Internet of Things – data-driven innovation challenges the law by creating complex challenges. Our team provides innovative research and development services turning complex problems into simple and scalable solutions.
Learn more about our research services and solutions.
Network and clients:
Innovating with Data and AI Governance
Data Protection and Security by Design
Digital
Self-Determination
Innovating with Data and AI Governance
Data Protection and Security by Design
Digital
Self-Determination

Services

1. Research and Development

From Cutting-Edge Research to Legal Tech Solutions

As an academic spin-off, we bring over a decade of interdisciplinary research in data governance and data protection at various renowned institutions into real-world solutions. Our mission is to bridge the gap between theory and practice by developing scalable legal tech solutions and offering research services in data governance, compliance, and digital self-determination. Our interdisciplinary team combines expert knowledge from law, User Experience and User Interface design, empirical studies, and technology.

Research and development services:

Legal Tech Development
solve legal problems through scalable solutions
Research Services
Tailored empirical studies and expert analysis
Get in touch for our research and development services
2. Training

Empowering Your Team with Knowledge & Practical Skills in Data Protection

We offer innovative online courses, including a serious game, to train your employees in data-driven innovation and data protection and security. Whether you are an SME, an international corporation or a public organisation, our interactive training courses help you to exploit the potential of data-driven innovation while effectively managing compliance risks.

Training services:

Online Courses
Innovative, expert-led online modules on data governance, data protection, and data innovation management
Serious Game
Engage and teach your team with a mind-opening experience focused on real-world data businesses and data protection and security incidents
Tailored Solutions
Custom training for teams, from awareness sessions to in-depth, role-specific education
Get in touch for our training services
3. Consultancy

Expert Guidance for Navigating Data Protection and Data Governance

Our interdisciplinary team provides tailored, research-backed consultancy to help businesses and public organizations navigate the complex landscape of digital technology regulation. Drawing from over a decade of interdisciplinary research and practical expertise, we guide our customers in implementing robust strategies that align with regulatory requirements, such as from the GDPR, AI Act, Digital Services Act, Digital Markets Act, Data Governance Act, and Data Act.

Consultancy services:

Data Governance Strategy
Develop and implement frameworks that ensure data is both utilized and protected efficiently
Data Protection & Security by Design Strategy
Tailored roadmaps for meeting regulatory requirements, ensuring privacy, and safeguarding user rights
Regulatory Assessments & Recommendations
In-depth evaluations and strategic advice to align with regulation and mitigate (compliance) risks
Get in touch for our consultancy services

Solutions

DATA PROTECTION BY DESIGN

Consenter Universe

In today's digital world, privacy and data protection are just as important as the innovations that are generated with data – and users’ consent plays a pivotal role in this conflict of interests. However, explaining this conflict of interest to users in such a way that they can make real decisions that meet their needs is challenging. Consenter bridges the gap between the expectations of users, data-driven services, technology providers and regulators. By providing seamless, user-friendly privacy solutions, Consenter helps users control their data, ensures legal compliance for businesses, and increases trust in the digital world in an empirically validated manner.

Consent Agent
Consenter is a highly advanced and consumer-friendly consent agent that allows consumers to give and manage consent across services and contexts for free.
Consent Banner
Service providers can regain users’ trust with Consenter’s GDPR-compliant and easily integrable consent banner.
Clearance System
With Consenter’s clearance system, third-party technology providers can prove GDPR-compliance to business customers and gain competitive advantage.
Data Protection Certificate
With Consenter’s certificate, service providers can demonstrate compliance to users, customers, competitors and data protection authorities – all in a streamlined and resource-effective certification process.

DATA PROTECTION BY DESIGN

Serious Game: Admins & Hackers

Admins & Hackers is the next generation of data protection training. With Admins & Hackers, data protection becomes engaging and interactive. Our serious game offers a hands-on learning experience where participants actively engage in developing data protection and security strategies as a team, solving real-world challenges. Admins & Hackers excites and sensitizes your employees about privacy and data protection and is suitable for all job roles without requiring prior knowledge in data protection. Admins & Hackers is available in two forms: as a board game for on-site training and as an online game.

Visit the Admins & Hackers website

DATA PROTECTION BY DESIGN

AI & DATA GOVERNANCE

Online Course: Data Innovation Management (in publication)

Our certification schemes and Codes of Conduct provide legally secure solutions for obtaining, managing, and adhering to the legal requirements of the GDPR, the Digital Services Act and the AI Act (beside other laws) in a scalable and cost-efficient manner. By ensuring that all data sharing entities meet the conditions expressed in consent agreements, we minimize regulatory uncertainty and foster trust between all entities.

Get informed when our course is published

DATA PROTECTION BY DESIGN

Certification and Codes of Conduct

Admins & Hackers is the next generation of data protection training. With Admins & Hackers, data protection becomes engaging and interactive. Our serious game offers a hands-on learning experience where participants actively engage in developing data protection and security strategies as a team, solving real-world challenges. Admins & Hackers excites and sensitizes your employees about privacy and data protection and is suitable for all job roles without requiring prior knowledge in data protection. Admins & Hackers is available in two forms: as a board game for on-site training and as an online game.

Contact our experts team

AI & DATA GOVERNANCE

HIIG

Data Governance Handbook for Smart Cities

The Data Governance Handbook is a comprehensive, open-access resource designed to provide insights and practical guidance on data governance in data-driven urban development. Born out of an extensive research project, this handbook offers expert knowledge, methods and best practices for real-world applications in the Smart City sphere. Whether you're a business leader, working in a municipal administration, a data governance professional or interested citizen, this handbook provides actionable frameworks, strategies, and tools to ensure that data is secure, compliant, and ethically managed in data-driven projects.

Visit the Data Governance Handbook

DIGITAL SELF DETERMINATION

AR App: Mauerschau

Digital self-determination is not only about privacy and data protection; it means that users are empowered to make autonomous decisions, in the digital world through digital means. Mauerschau is just an example of how this may work in the area of history production and media consumption.  Mauerschau is an immersive AR experience platform that brings together multiple perspectives from experts and laypeople on the construction and fall of the Berlin Wall. In the Mauerschau, you’ll experience the contrasting viewpoints of a divided city through cutting edge dramaturgic digital means.

Read moreVisit the Mauerschau website

Research

L&I Technology

2023–2026

Secure in Data Traffic (Privacy Dashboard)

Building on the Consenter project (Your Privacy Lawyer), we supplement the Consent Agent and Consent Banner developed with user-friendly data subject rights. A so-called Privacy Dashboard enables consumers to understand, with a few clicks, why personalised content is being displayed to them and to adapt these parameters to their needs. The Privacy Dashboard thus provides a visual, common interface through which websites and advertisers can disclose to consumers their advertising profiles.

Visit website

L&I Technology

2023–2025

Your Privacy Lawyer (Consenter)

In this project, we are solving the current cookie banner problem by developing user-friendly consent procedures. A central element is a consent agent that helps consumers to better understand their data protection risks and to decide accordingly, while avoiding consent fatigue. The project is also creating a certification programme that guarantees consumers and companies that the data collected will be treated in accordance with the GDPR.

Visit website

HIIG

2022–2025

Data & Smart City Governance

In this project with the city of Berlin, we are modeling a data governance process to facilitate the sharing of data between the government, civil society and private companies. Our aim is to support the use of data in smart cities for the common good and to advance the digitalisation of the administration that is necessary for this aim.

Visit website

HIIG

2021–2025

Repositories and AI systems in daily care

As part of the BMBF funding programme ‘Making repositories and AI systems usable in everyday care’, eight collaborative projects and one scientific support and networking project are being funded. We support the research consortium with our legal expertise in simplifying data access for nursing staff and for AI researchers in the case of fall prevention. A central element here is the development of GDPR certification programmes.

Visit website

Technopolis

2023–2025

Datentreuhand

In this accompanying research project, we are using an interdisciplinary approach to examine the legal, technical and economic conditions for successful data trust models. To reach this aim, we are developing in our legal module a toolbox to develop various data governance models that can be used to solve standardised conflicts of interest in data in a cost-effective way.

Visit website

HIIG

2019–2025

Data Protection as a Service

In this research project, we are working with several research partners to develop solutions that help website operators to overcome their knowledge uncertainties. By defining GDPR provisions for websites, we are creating criteria that determine how website owners should operate their blog in accordance with the GDPR.

Visit website

VZBV

2024

Study on the regulation of online advertising

In this expert opinion for the Federation of German Consumer Organisations (Verbraucherzentrale Bundesverband – vzbv) we, together with my colleague Dr. Nina Herbort, developed a framework for the regulation of personalised advertising. Our proposal aims to reduce the current lack of transparency for consumers and advertisers and thus to create a much more efficient online advertising market in Europe. 

Visit website

Universität Darmstadt

2020–2024

Antrieb 4.0

For the Antrieb 4.0 research project, we have developed standardised guidelines with the help of partners in the field. These guidelines enable data to be shared while protecting trade secrets. In this way, drive manufacturers, machine manufacturers and operators can exploit the potential of data-driven innovation without having to fear competitive disadvantages. 

Visit website

ECDF / UDK

2020–2024

Energiewendebauen

In this accompanying research project, we worked with engineers and environmental economists to develop a criteria catalogue for GDPR-compliant processing of personal data in buildings, as well as visual elements for user-friendly information. An important result are conceptual elements for a dashboard to support environmentally friendly behaviour in buildings, which meets both high privacy and autonomy requirements for its residents. 

Visit website

ECDF / UDK

2020–2024

Usable Privacy / Privacy Icons

In this project, we developed interdisciplinary concepts and methods in a team of lawyers, UX and UI designers as well as social scientists, which can be used to develop user-friendly privacy measures and empirically test their effectiveness. In doing so, we developed prototypes, in particular for user-friendly transparency measures (including privacy icons) and usable choice architectures.

Visit website

ECDF / UDK

2020–2023

Freemove

In this project, we supported an interdisciplinary team of computer scientists and human interaction design researchers in the development of user-friendly anonymisation procedures for mobility data. An important component of this was the development of a certification programme for these anonymisation procedures.

Visit website

New Institute

2020–2023

The New Hanse

In this project, a team of innovation economists, computer scientists and lawyers developed a blueprint for cities that is designed to help them access data from private companies for the common good. The blueprint was developed on the basis of a use case together with and for the city of Hamburg. Central building blocks are a legal framework for corresponding data access claims and a data trust to clarify and control the data access and usage conditions.

Visit website

HIIG

2017–2018

Privacy by design in smart cities

In this project, we carried out a data protection impact assessment for a smart city project of the company Cisco and developed a corresponding privacy by design solution. This use case also formed the basis for a game jam in which we worked with over 30 game designers to develop educational games to raise awareness of the public and employees for privacy and security issues.

Visit website

HIIG

2013–2016

Entrepreneurship Research Lab

The Entrepreneurship Research Lab supports internet-based entrepreneurship by connecting researchers, practitioners, and industry professionals. Part of the lab was the development and operation of several startup clinics, in particular a startup law clinic in which we advised over 140 startup founders on legal issues related to their innovation processes. The data collected formed the basis for an investigation into the effects of regulation on innovation processes using the example of the principle of purpose limitation in data protection law.

Visit website

Books

Grafenstein, M. v. (2018)

The Principle of Purpose Limitation in Data Protection Laws. The Risk-based Approach, Principles, and Private Standards as Elements for Regulating Innovation

Baden-Baden: Nomos. more information

Journal articles and conference papers

Grafenstein, M. v., & Rupp, V. (2024)

Clarifying “personal data” and the role of anonymisation in data protection law: Including and excluding data from the scope of the GDPR (more clearly) through refining the concept of data protection

Computer Law & Security Review, 52. DOI: 10.1016/j.clsr.2023.105932 more information

Grafenstein, M. v., Kiefaber, I., Heumüller, J., Rupp, V., Graßl, P., Kolless, O., & Puzst, Z. (2024)

Privacy icons as a component of effective transparency and controls under the GDPR: effective data protection by design based on art. 25 GDPR

Computer Law & Security Review, 52. DOI: 10.1016/j.clsr.2023.105924 more information

Grassl, P., Gerber, N., & Grafenstein, M. v. (2024)

How Effectively Do Consent Notices Inform Users About the Risks to Their Fundamental Rights?

European Data Protection Law Review, 10(1), 96-104. DOI: 10.21552/edpl/2024/1/14 more information

Mihaljević, H., Müller, I., Dill, K., Yollu-Tok, A., & von Grafenstein, M. (2023)

More or less discrimination? Practical feasibility of fairness auditing of technologies for personnel selection

AI & Society. DOI: 10.1007/s00146-023-01726-w more information

Jakobi, T., Grafenstein, M. v., Smieskol, P., & Stevens, G. (2022)

A Taxonomy of user-perceived privacy risks to foster accountability of data-based services

Journal of Responsible Technology, 10, 1-14. DOI: 10.1016/j.jrt.2022.100029 more information

Grafenstein, M. v. (2021)

Refining the concept of the right to data protection in article 8 ECFR – üart II

European Data Protection Law Review, 7(2), 190-205. DOI: 10.21552/edpl/2021/2/8 more information

Grafenstein, M. v. (2021)

Refining the concept of the right to data protection in article 8 ECFR – part III

European Data Protection Law Review, 7(3), 373-387. DOI: 10.21552/edpl/2021/3/6 more information

Grafenstein, M. v., Jakobi, T., & Stevens, G. (2021)

Effective data protection by design through interdisciplinary research methods: The example of effective purpose specification by applying user-Centred UX-design methods

Computer Law & Security Review, 46. DOI: 10.1016/j.clsr.2022.105722 more information

Grafenstein, M. v. (2020)

Innovationsoffener Datenschutz durch Folgenabschätzungen und Technikgestaltung

Datenschutz und Datensicherheit - DuD, 44(3), 172-175. more information

Grafenstein, M. v., Jakobi T., Gegner, C., Labadie, C., Mertens, P., Öksüz, A. & Stevens, G. (2020)

The Role of IS in the Conflicting Interests Regarding GDPR

Business & Information Systems Engineering. more information

Grafenstein, M. v., Jakobi, T., Stevens, G., Seifert, A.-M., & Becker, M. (2020)

Web Tracking Under the New Data Protection Law: Design Potentials at the Intersection of Jurisprudence and HCI

i-com, 19(1), 31–45. DOI: https://doi.org/10.1515/icom-2020-0004 more information

Wernick, A., Olk, C., & Grafenstein, M. v. (2020)

Defining Data Intermediaries

Technology and Regulation, 65–77. DOI: 10.26116/techreg more information

Grafenstein, M. v. (2020)

Refining the Concept of the Right to Data Protection in Article 8 ECFR – Part I

European Data Protection Law Review, 6(4), 509-521. DOI: 10.21552/edpl/2020/4/7 more information

Grafenstein, M. v., Jain, A., Thorne, M., Rogers, J. et al. (2019)

Our Friends Electric – Reflections on Advocacy and Design Research for the Voice Enabled Internet

ACM CHI Conference on Human Factors in Computing Systems. DOI: 10.1145/3290605.3300344 more information

Grafenstein, M. v., Wernick, A., & Olk, C. (2019)

Data Governance: Enhancing Innovation and Protecting Against Its Risks

Intereconomics, 54 (4), 228-232. DOI: 10.1007/s10272-019-0829-9 more information

Grafenstein, M. v., & Wunderlich, L. (2019)

The concept of data protection law

PinG (Privacy in Germany), 8(1), 2–3. DOI: 10.5281/zenodo.3968996 more information

Grafenstein, M. v. & Schulz, W. (2016)

The right to be forgotten in data protection law: a search for the concept of protection

International Journal of Public Law and Policy - IJPLP. more information

Ulbricht, L. & Grafenstein, M. v. (2016)

Big data through the power lense: marker for regulating innovation

Internet Policy Review. more information

Grafenstein, M. v. (2016)

Die Auswirkungen des Zweckbindungsprinzips auf Innovationsprozesse in Startups

Smart World - Smart Law? Weltweite Netze mit regionaler Regulierung. Tagungsband DSRI-Herbstakademie 2016, 233-246. more information

Grafenstein, M. v., Schneider, E., Richter, N. (2015)

MAUERSCHAU: A Mobile Virtual Museum – Postmodern Storytelling through Digital Media

Kultur und Informatik: Cross Media. more information

Grafenstein, M. v. (2015)

Das Zweckbindungsprinzip zwischen Innovationsoffenheit und Rechtssicherheit – Zur mangelnden Differenzierung der Rechtsgüterbetroffenheit

Datenschutz und Datensicherheit - DuD, 39(12), pp 789-795. more information

Dopfer, M., Grafenstein v., M., Richter, N., Schildhauer, T., Tech, R., Trifonov, S., & Wrobel, M. (2015)

Fördernde und Hindernde Faktoren Für Internet-Enabled Startups (Supporting and Hindering Factors for Internet-Enabled Startups)

HIIG Discussion Paper Series, 2015(06). more information

Editorships

Ulbricht, L., & Grafenstein, M. v. (2016)

Big data: big power shifts [Special issue]

Internet Policy Review, 5(1). DOI: 10.14763/2016.1.406 more information

Book contributions and chapters

Schildhauer, T., Jakobi, T., & Grafenstein, M. v. (2021)

Data privacy: a driver for a competitive advantage.

In M. Einhorn, M. Löffler, E. de Bellis, A. Herrmann, & P. Burghartz (Eds.), The Machine Age of Customer Insight. Bingley, United Kingdom: Emerald Publishing Limited. more information

Grafenstein, M. v., Heumüller, J. & Jakobi, T. (2021)

Die Gestaltung wirksamer Bildsymbole für Verarbeitungszwecke und ihre Folgen für Betroffene mithilfe einer interdisziplinären Forschungsmethodologie

In A. Boden, T. Jakobi, G. Stevens & C. Bala, Verbraucherdatenschutz - Technik und Regulation zur Unterstützung des Individuums (pp. 1-20). Sankt Augustin, Germany: Hochschule Bonn-Rhein-Sieg. DOI: 10.18418/978-3-96043-095-7_07 more information

Grafenstein, M. v. (2019)

Co-Regulation and the Competitive Advantage in the GDPR: Data protection certification mechanisms, codes of conduct and the “state of the art” of data protection-by-design

In González-Fuster, G., van Brakel, R., & P. De Hert, Research Handbook on Privacy and Data Protection Law. Values, Norms and Global Politics, Edward Elgar Publishing, 1st Ed.. Cheltenham: Edward Elgar Publishing. more information

Grafenstein, M. v. (2018)

Regulation as a Facilitator of Startup Innovation: The Purpose Limitation Principle and Data Privacy

In N., Richter, P., Jackson, & T., Schildhauer, (Eds.), Entrepreneurial Innovation and Leadership Preparing for a Digital Future (pp. 41-49). Cham, Switzerland: Palgrave McMillan. more information

Pype, P., Daalderop, G., Schulz-Kamm, E., Walters, E., & Grafenstein, M. v. (2017)

Privacy and Security in Autonomous Vehicles

In D. Watzenig & M. Horn, Automated Driving: Safer and More Efficient Future Driving (pp. 17-28). Berlin, Heidelberg: Springer. more information

Grafenstein, M. v. (2017)

Kommentar zu Art.2 der Datenschutz-Grundverordnung

In Gierschmann, Sibylle Dr., Schlender, Katharina, Stenzel, Rainer Dr. (Eds.), Kommentar - Datenschutzgrundverordnung, 1. Köln: Bundesanzeiger Verlag. more information

Working papers

Kreutzer, S., Heimer, T., Nachtigall, H., Pschorn, L., Bauer, F., Blind, K., Martin, N., Grafenstein, M. v., Streblow, R., Du, J. & Schölzel, J. (2024)

Wissenschaftliche Begleitung und Vernetzung der Projekte zur Entwicklung und praktischen Erprobung von Datentreuhandmodellen in den Bereichen Forschung und Wirtschaft: Bericht zu Arbeitspaket 1.2: Anforderungen und Umsetzungshemmnisse für Datentreuhandmodelle

Publikationsserver der RWTH Aachen University. DOI: 10.18154/RWTH-2024-04375 more information

Kreutzer, S., Heimer, T., Nachtigall, H., Pschorn, L., Waiblinger, F., Blind, K., Martin, N., Horvat, D., Grafenstein, M. v., Schweinberg, M., Streblow, R., Du, J. & Schölzel, J. (2024)

Wissenschaftliche Begleitung und Vernetzung der Projekte zur Entwicklung und praktischen Erprobung von Datentreuhandmodellen in den Bereichen Forschung und Wirtschaft: Arbeitspaket 1.1 Bestandsaufnahme

Publikationsserver der RWTH Aachen University. DOI: 10.18154/RWTH-2024-04376 more information

de Macedo Schäfer, N., Schweinberg, M. J., Stenzel, M., & von Grafenstein, M. (2023)

Data Governance im Spannungsfeld datengetriebener Verwaltung. Herausforderungen von Kommunen bei der Etablierung einer Smart City Administration

HIIG Discussion Paper Series, 2023(4). DOI: 10.5281/zenodo.8297607 more information

Auer, A., von Grafenstein, M., Kruse, L. & de Macedo Schäfer, N. (2023)

Öffentlichkeitsbeteiligung in der datengetriebenen Verwaltung. Ein prozessbezogener Ansatz zur Lösung datenbezogener Interessenkonflikte durch die Ergänzung formeller Beteiligung

HIIG Discussion Paper Series, 2023(5). DOI: 10.2139/ssrn.4603704 more information

Bria, F., Blankertz, A., Fernández-Monge, F., Gelhaar, J., Grafenstein, M. v., Haase, A., Kattel, R., Otto, B., Sagarra Pascual, O., & Rackow, L. (2023)

Governing Urban Data for the Public Interest

The New Hanse Project Blueprint. more information

Grafenstein, M. (2023)

The New Hanse: Data sharing between public and private actors in the public interest – A first legal assessment toward a legal blueprint

The New Hanse Report. more information

Frank, R. D., Grafenstein, M. v., & Rothfritz, L. (2022)

Open Data und die Risikowahrnehmung in der Öffentlichen Daseinsvorsorge

Einstein Center Digital Future. DOI: 10.5281/zenodo.6285549 more information

Grafenstein, M. v. (2022)

Reconciling Conflicting Interests in Data through Data Governance. An Analytical Framework

HIIG Discussion Paper Series, 2022(2). DOI: 10.5281/zenodo.7390542 more information

Grafenstein, M. v. (2021)

Specific certification schemes as rule, general schemes (and criteria) as exception

HIIG Discussion Paper Series, 2021(04). DOI: 10.5281/zenodo.4905484 more information

Grafenstein, M. v., Pallas, J., & Pohle, J. (2021)

Datenschutz durch Technikgestaltung gem. Art. 25 Abs. 1 DS-GVO

HIIG Discussion Paper Series, 2021(5). DOI: 10.5281/zenodo.6325328 more information

Grafenstein, M. v., Heumüller, J., Belgacom, E., Jakobi, T., Smieskol, P., & Wunderlich, L. (2021)

Effective regulation through design – Aligning the ePrivacy regulation with the EU General Data Protection Regulation (GDPR): tracking technologies in personalised internet content and the data protection by design approach

OpenAIRE. DOI: 10.5281/zenodo.5575447 more information

Grafenstein, M. v. (2021)

Kurzpapier: Data Governance. Ein Framework zur Erfassung “erfolgreicher” Data Governance-Modelle

HIIG Discussion Paper Series, 2021(6). DOI: 10.5281/zenodo.6327345 more information

Grafenstein, M. v., & Ulich, A. (2021)

Data-Governance-Framework für das Digital Urban Center for Aging and Health (DUCAH)

Stiftung für Internet und Gesellschaft. more information

Grafenstein, M. v. (2020)

How to build data-driven innovation projects at large with data protection by design

HIIG Discussion Paper Series, 2020(3), 93. more information

Grafenstein, M. v., Jakobi, T. (2019)

Une Nouvelle Gouvernance pour les Données au XXIème Siècle – Des Standards pour la Circulation et la Protection des Données Personelles

more information

Grafenstein, M. v. (2016)

Gesamtheit der Grundrechte als belastbarer Maßstab fur den „risikobasierten“ Ansatz: ein Losungsvorschlag fur das Zweckbindungsprinzip

Die Zukunft des Datenschutzes im Kontext von Forschung und Smart Data - Datenschutzgrundprinzipien im Diskurs, 34-37. more information

Raabe, O., Lenk, A. et al. (2015)

Smart Data – Smart Privacy? Impulse für eine interdisziplinär rechtlich-technische Evaluation

Technical Report des BMWi-Technologieprogramms „Smart Data – Innovationen aus Daten“. more information

Dopfer M., Grafenstein, M. v., Richter, N., Schildhauer, T., Tech, R. P. G., Trifonov, S., Wrobel, M. (2015)

Fördernde Und Hindernde Faktoren Für Internet-Enabled Startups. (Supporting and Hindering Factors for Internet-Enabled Startups.)

HIIG Discussion Paper Series. more information

Grafenstein, M. v. (2014)

Copyright Protection of Formats on the European Single Market – A Definition of the Coypright Protected Work with respect to Utilitarian Coypright Theories

The Single Market and copyright protection of formats. more information

other publications

Pohle, J., Grafenstein, M., & Ulich, A. (2023)

Menschenzentrierte Data Governance im Gesundheits- und Pflegesektor

Digital society blog. more information

Grafenstein, M. v. (2023)

Stellungnahme zum Referentenentwurf des Bundesministeriums für Digitales und Verkehr „Verordnung über Dienste zur Einwilligungsverwaltung nach § 26 Abs. 2 TTDSG“

Humboldt Institute for Internet and Society. more information

Grafenstein, M. v. (2023)

„Es muss ein Primat der Demokratie über Technologie und Geschäftsmodell geben.“ Ein Gespräch mit Paul Nemitz

TE.MA. more information

Rupp, V., Heumüller, J., & von Grafenstein, M. (2022)

Effiziente Datenminimierung im Gebäude- und Quartierssektor

Retrieved from https://zenodo.org/record/6854465#.YuJPHi-22Rt. more information

Grafenstein, M. v. (2022)

Wie lassen sich Datenteilen und Datenschutz vereinbaren?

FAZ. more information

Rehmann, F., Cudok, F., Rupp, V., Grafenstein, M. von., Kegel, J., Aretz, A. & Streblow, R. (2022)

Thesen zur Digitalisierung der Energiewende in Deutschland: Status Quo und Ausblick- eine Expert*innenbefragung der deutschen Forschungslandschaft

Whitepaper. more information

Grafenstein, M. v., Jakobi, T., & Wunderlich, L. (2020)

Der Kiezkartograph mit Datenspende

StadtManufaktur. more information

Grafenstein, M. v., Hölzel, J., Irgmaier, F. & Pohle, J. (2018)

Nudging: Regulierung durch Big Data und Verhaltenswissenschaften

more information

Grafenstein, M. v. (2018)

Transfers of Personal Data to Third Countries: Certification Mechanisms, Binding Corporate Rules, and Codes of Conduct as Suitable Alternatives to the ‘Adequacy Decision’?

Privacy and Cyber Security on the Books and on the Ground, 1 (1). more information

Grafenstein, M. v. (2017)

Serious Games as a Tool for Privacy-by-Design

Digital Society Blog. more information

Grafenstein, M. v. (2017)

Datenschutz fit für das digitale Zeitalter: Jan Phillip Albrecht im Interview

more information

Grafenstein, M. v. (2016)

Legal Hackathon: „Building Standards of Privacy- and Security-by-Design for the IoT”

Digital Society Blog. more information

Grafenstein, M. v. (2015)

Legal support for Startups on a Global Scale – iLINC, the European Network of ICT Law Incubators

Digital Society Blog. more information

Grafenstein, M. v. (2015)

Keine Innovation ohne Investition: Ein Dilemma der klassischen Medienindustrie

Digital Society Blog. more information

Grafenstein, M. v. (2015)

Plattformträger für «Mobiles Museum in Berlin» gesucht!

Digital Society Blog. more information

Grafenstein, M. v. (2015)

Start-ups and Data Protection – Purpose Specification and Limitation

iLINC Policy Briefs. more information

Grafenstein, M. v., & Wunderlich, L. (2015)

A Concept Study for Privacy Icons Representing Different Privacy Risks

Zenodo. more information

Grafenstein, M. v. (2014)

Audiovisuelle Medien und ihre Produzenten auf dem Weg in das ‘digitale Zeitalter’

Digital Society Blog. more information

Grafenstein, M. v. (2014)

re:publica und MEDIA CONVENTION: Politische Netzdebatte vs. Kommerzialisierung?

Digital Society Blog. more information

Grafenstein, M. v. (2014)

Planung vs. explorative Entwicklung

Digital Society Blog. more information

Grafenstein, M. v. (2014)

Schutzinstrumente für oder gegen Innovation

Digital Society Blog. more information

Lectures

Datenteilen trotz Geschäftsgeheimnissen. Vorstellung der Ergebnisse der Data Governance-Studie im Reallabor Antrieb 4.0

9. Quartalstreffen im Reallabor Antrieb 4.0. Forschungsvereinigung Elektrotechnik beim ZVEI e.V. gefördert durch das Bundesministerium für Wirtschaft und Klimaschutz. Online, Berlin, Germany: 05.12.2024, Max von Grafenstein, Maurice Stenzel

Smart Data Governance. Der digitale Leitfaden für die datengetriebene Verwaltung

Smart Country Convention – Digitales Berlin. Bitkom e.V.. hub27, Messe Berlin, Berlin, Germany: 16.10.2024

Berlin der Begegnung - 13. interdisziplinärer Workshop für exzellente Nachwuchskräfte

Genshagener Kreis e.V. Berlin. Stiftung Genshagen, Im Schloss, Genshagen, Deutschland: 22.11.2022 more information

Data Laws & Data Governance

Data Commons & the Law. Humboldt Institut für Internet und Gesellschaft, Berlin, online: 27.10.2022

What’s the deal? – Zum Gegenstand des Tauschgeschäfts im Datenschutz

DatenTag: Daten gegen Dienstleistung. Stiftung Datenschutz. ESMT, Berlin, Germany: 25.05.2022 more information

Erfolgreiche Einwilligungsagenten und die User Experience

DatenTag: Das TTDSG und neue Wege zur Einwilligungsverwaltung. Stiftung Datenschutz. Historische Kassenhalle im Humboldt Carré, Berlin, Germany: 03.11.2021 more information

Designing Effective Privacy Icons through an Interdisciplinary Research Methodology

Forum Verbraucherinformatik 2021: Verbraucherdatenschutz – Technik und Regulation zur Unterstützung des Individuums (Session: Ethische/rechtliche Überlegungen zu interdisziplinärem, digitalen Daten- und Verbraucherschutz). Verbraucherinformatik. Online, Online, Germany: 23.09.2021, Max von Grafenstein, Timo Jakobi, Julie Heumüller, more information

The General Data Protection Regulation: From Compliance to Competitive Advantage

European Association for Data Protection Professionals (EADPP) Conference (Session: The General Data Protection Regulation: From Compliance to Competitive Advantage). European Association for Data Protection Professionals (EADPP). Mauritslaan 49, 6129 EL Urmond, The Netherlands, Urmond, Netherland: 14.11.2019 more information

#tobediscussed – Digitale Selbstbestimmung in der Mediengesellschaft. ECDF, Medieninnovationszentrum Babelsberg (MIZ)

Robert Koch Forum, Berlin, Deutschland: 20.06.2019 more information

Data-Driven Economy Challenges and Opportunities

Data Governance and Smart Cities (Session: Regulation and Governance). Intereconomics / IW (German Economic Institute). Hamburgische Landesvertretung, Berlin, Deutschland: 17.06.2019 more information

Smart City Governance: Citizens, Privacy and Services

CPDP 2018 Computer, Privacy and Data Protection Conference (Session: Smart City Governance: Citizens, Privacy and Services). Centre for Research into Information, Surveillance and Privacy. Area 42 Petit, Brussels, Belgium: 30.01.2019 more information

Nudging: Regulierung durch Big Data und Verhaltenswissenschaften

Gutachterfachtagung: Big Data: intelligente Datenanalyse für die Datenökonomie. ABIDA-Projekt. Bundesministerium für Bildung und Forschung (BMBF), Berlin, Germany: 17.10.2018, Maximilian von Grafenstein, Jörg Pohle, more information

Taking ownership of wearables’ data by applying the approach of data protection by design

E-Stitches Berlin #3: Taking Ownership of Your Wearable’s Data. KOBA. KOBA, Berlin, Germany: 11.10.2018 more information

The ‘state of the art’ of privacy- and security-by-design (measures)

MyData 2017. University of Helsinki. Tallinn University, Tallinn, Latvia: 30.08.2018, Maximilian Von Grafenstein, Christina Douka

Challenges and Strategies for Certifying Data Anonymisation for Data Sharing

IAPP Europe Data Protection Congress 2017. IAPP. Conference Center, Brussels, Belgium: 08.11.2017

Gemeinsame oder getrennte Infrastruktur

Zukunft gestalten! (Session: Aggregatoren und Plattformen). Unesco Kommission e.V.. Neue Nationalbibliothek, Berlin, Germany: 19.10.2017

Legitimate Interest and Compatible Purpose Vs. Consent

Bitkom Privacy Konferenz 2017. Bitkom. Kalkscheune, Berlin, Germany: 19.09.2017, Maximilian von Grafenstein, Michael Kamps

Die Auswirkungen des Zweckbindungsprinzips auf Innovationsprozesse in Startups

Herbstakademie (Session: Data Protection Law). Deutsche Stiftung für Recht und Informatik. Bucerius Law School, Hamburg, Germany: 15.09.2017

EU General Data Protection Regulation

National Congress for Personal Health. Şişli Hamidiye Etfal Eah Konferans Salonu. Şişli Hamidiye, Istanbul, Turkey: 03.06.2017

Big Data, Big Business?

Annual Conference LESI2017: IP Revolution? Scenarios for the future. Licensing Executives Society. Novotel Tour Eiffel, Paris, France: 24.04.2017

The Interplay between Data Protection Principles and Data-Driven Innovation

EuroDIG 2016. Brussels Meeting Center, Brussels, Belgium: 09.06.2016

IoT & Privacy

Startup Camp Berlin. Humboldt-Universität zu Berlin. Humboldt-Universität zu Berlin, Berlin, Germany: 08.04.2016

Big Data and data protection: A search for regulation exemplified on the principle of purpose limitation

Amsterdam Privacy Conference 2015. Amsterdam Platform for Privacy Research (APPR). Oudemanhuispoort, Amsterdam, Netherlands: 24.10.2015

MAUERSCHAU: A Mobile Virtual Museum - Postmodern Storytelling through Digital Media

EVA Electronic Visualisation and the Arts (Session: Parallel session: Papers - Museum). The Chartered Institute for IT. The Davidson Building, London, United Kingdom: 09.07.2015

MAUERSCHAU - Das Mobile Virtuelle Museum

MAI Tagung - Museums and the internet (Session: BLOCK II: Den Außenraum erschließen). LVR-Fachbereich Kultur, LVR- Archivberatungs- und Fortbildungszentrum. DASA Arbeitswelt Ausstellung / Bundesanstalt für Arbeitsschutz und Arbeitsmedizin (BAuA), Dortmund, Germany: 11.05.2015

Data Protection between Innovation and the Rule of Law

Magical Startups. Magical Startups. W Hotel, Santiago de Chile, Chile: 14.01.2015

Exploring Service Delivery by Startup Law Clinicsi

LINC Conference (Session: Break out session). Queen's University, Amsterdam, Netherland: 01.11.2014

Startups - der „rechtliche“ Weg in die Selbständigkeit

Career Center - Humboldt Innovations Zentrum. Humboldt-Universität zu Berlin, Berlin, Germany: 07.01.2014

Big Data - Verantwortlichkeiten für Wahrscheinlichkeitsresultate

Leadership in Digitaler Kommunikation. Electronic Business School. Electronic Business School, Berlin, Germany: 25.11.2013

Verkehrsdaten: (Echtzeit-)Verkehrsinformationen vs. Totalüberwachung

Future Mobility Camp Berlin 2013. EUREF Campus TU Berlin. EUREF Campus, Berlin, Germany: 26.10.2013

Panels

DatenFrühstück: "Datenschutzsignale"

Stiftung Datenschutz. Stiftung Datenschutz, Leipzig, Germany: 28.05.2024 more information

Fairness in Personalisation: the Role of Transparency and the Balance Between Interests

Privacy Conference 2023. Bitkom e.V.. Online, Berlin, Germany: 12.10.2023 more information

ECDF and Elsevier Conversations on Science in the Digital Future #1: Data Privacy in the Digital Era.

Einstein Center Digital Future, Berlin, Germany: 22.11.2022 more information

Organisational Challenges

Privacy Research Day. Commission Nationale de l'Informatique et des Libertés (CNIL). CNIL, Paris, France: 28.06.2022 more information

Where are the Missing Data Subjects? Democratising Data Protection Through Participation

Computers, Privacy and Data Protection. CDPC. Online, Brussels, Belgium: 28.01.2021 more information

From Strategy to Practice – Data Intermediaries in the EU

MyData Online. MyData Global. Online, Helsinki, Finland: 11.12.2020 more information

GDPR Data Protection Icons and Transparency: Where do we stand?

CPDP 2020 Computer, Privacy and Data Protection Conference. Einstein Centre Digital Future. Petite Halle, Brussels, Belgium: 22.01.2020 more information

Panel Wirtschaftsinformatik im Spannungsfeld der Datenschutzgrundverordnung

14. Internationale Tagung Wirtschaftsinformatik. Universität Siegen. Eintrachtssaal Siegerhalle, Siegen, Deutschland: 25.02.2019, Max von Grafenstein, Kai Hackbarth, Legner, Peter Mertens, Ayten Öksüz, Markus Weber, more information

Certification for GDPR-compliant Anonymity: Real Anonymisation or just another Risk Assessment?

CPDP2018 Computer, Privacy and Data Protection Conference. AirCloak. La Cave, Brussels, Belgium: 30.01.2019 more information

Designkurs: Nudging and Persuasive Design

Designdiskurs: Nudging and Persuasive Design. IDZ Internationales Design Zentrum Berlin, Berlin, Germany: 20.09.2018, Peter Post (Geschäftsführer der Kreativagentur Scholz & Volkmer), Prof. Dr. Max von Grafenstein (HIIG), Dr. Mira Fischer (Verhaltensökonomin), more information

In der Zukunft angekommen. Abschlussdiskussion der DIN/KITS-Konferenz

KITS-Konferenz - Das strategiepolitische Forum der Koordinierungsstelle IT-Sicherheit im DIN. KITS, Berlin, Germany: 02.07.2015

Moderation of workshops and panels

Wie kann der digitale Leitfaden für Data & Smart City Governance die datengetriebene Verwaltung unterstützen?

5. Kongress der Modellprojekte Smart Cities 2024. Bundesministerium für Wohnen, Stadtentwicklung und Bauwesen. KOMED Köln, Cologne, Germany: 20.11.2024, Maurice Stenzel, Alexandra Auer, Max von Grafenstein, more information

Workshop mit Mitgliedern des Digitalausschusses des Deutschen Bundestages zu § 26 TTDSG

Interner Workshop mit Mitgliedern des Digitalausschuss des Deutschen Bundestages zu § 26 TTDSG. Einstein Center Digital Future. Einstein Center Digital Future, Berlin, Germany: 05.06.2024

Cookie Pledge, Do Not Track… how is all that supposed to work from the user’s point of view?

Computers, Privacy and Data Protection conference (CPDP) 2024. UdK Berlin & Einstein Center Digital Future. Maison de la Poste, Brussels, Belgium: 23.05.2024 more information

Launch of the new board game: Admins and Hackers

CPDP 2020 Computer, Privacy and Data Protection Conference. Area42, Brussel, Belgium: 23.01.2020 more information

Exploring the "Design" in "Privacy" by design

CPDP2018 Computer, Privacy and Data Protection. Les Halles de Schaerbeek, Brussels, Belgium: 24.01.2018

Legal Hackathon "Wearables": Fashion Tech and Privacy-by-Design

re:publica 2017. Station, Berlin, Germany: 10.05.2017

Legal Hackathon: „Building Standards of Privacy- and Security-by-Design for the IoT"

AoIR Conference 2016 „Internet Rules!“.. Humboldt Institut für Internet und Gesellschaft, Berlin, Germany: 05.10.2016

Pay per Pixel - Current Challenges for Audio-Visual Media: (Legal) Conditions and New Business Models

Early Stage Researcher Colloquium. Humboldt Institut für Internet und Gesellschaft, Berlin, Germany: 09.10.2014, Henrike Maier, Lies van Roessel, Urs Kind, Maximilian von Grafenstein, Dr., Anett Göritz

Organisation of events

Datenteilen unter Wahrung von Geschäftsgeheimnissen

11.06.2024. Berlin Partner für Wirtschaft und Technologie, Berlin, Germany (National), Maurice Stenzel, Maximilian von Grafenstein

We do not protect data, but fundamental rights! What’s really at stake in Personalization, then?

Computers, Privacy and Data Protection conference (CPDP) 2024. 22.05.2024. Computers, Privacy and Data Protection conference (CPDP) 2024, Brussels, Belgium. Co-Organised by: Nexus Institut; Law & Innovation (International) more information

Reallabor Bürger*innen-Beteiligung: Bessere Luft durch Verkehrswende?

25.11.2023. CityLAB Berlin, Berlin, Germany (National), Luisa Kruse, Alexandra Auer, Maurice Stenzel, Maximilian von Grafenstein, more information

Öffentlichkeitsbeteiligung in der dategentetriebenen Verwaltung

23.10.2023. Humboldt Institut für Internet und Gesellschaft, Berlin, Germany (National), Luisa Kruse, Alexandra Auer, Maurice Stenzel, Maximilian von Grafenstein

1. Netzwerktreffen KI in der Pflege

From 26.09.2023 to 27.09.2023. Urania, Berlin, Germany. Co-Organised by: Universität Bremen, Charité Universitätsmedizin Berlin, Berliner Hochschule für Technik, vediso – Verband für Digitalisierung in der Sozialwirtschaft e.V. (National), Nils Heinemann, Maximilian von Grafenstein, Jörg Pohle, more information

GDPR Certification Schemes: General vs. Specific Schemes – What Do Effective Schemes Look Like?

CPDP 2022 Computer, Privacy and Data Protection Conference. with attending Vip: Jana Krahforst, Chris Taylor, Sebastian Meissner. 23.05.2022. Area42, Brussel, Belgium (International) more information

Effective Transparency and Control Measures (Including Privacy Icons): the Example of Cookie Banners. Where Do We Stand Now?

CPDP 2022 Computer, Privacy and Data Protection Conference. with attending Vip: Jana Krahforst (fraud0), Estelle Hary (CNIL), Nina Herbort (BFDI), AbdelKarim Mardini (Google). 23.05.2022. Area42, Brussel, Belgium (International) more information

Ask an Expert: Datenschutz und Data Governance

16.05.2022. Humboldt Institut für Internet und Gesellschaft, Berlin, Germany (National), Maximilian von Grafenstein, Jörg Pohle, more information

Datenschutz by Design in der (Vollzugs)Praxis – Workshop für Expert*innen

From 28.10.2021 to 28.10.2021. Humboldt Institut für Internet und Gesellschaft, Berlin, Germany. Co-Organised by: Alexander Dix (EAID), Frank Pallas (TU Berlin) (National), Maximilian von Grafenstein, Jörg Pohle, more information

“Citizens, give us your problems! How to Open Data without giving it away.”

2020 Berlin Science Week. 03.11.2020. Online, Berlin, Germany (International), Luiza Bengtsson, Mareike Lisker, Jan Sebastian Götte, Maximilian von Grafenstein, Jörg Pohle, more information

3. Workshop zur Zertifizierung "Prüfprogramme für Auftragsverarbeiter"

13.01.2020. Humboldt Institut für Internet und Gesellschaft, Berlin, Germany (National), Maximilian von Grafenstein, Jörg Pohle

Workshop session

Workshop# 182: Data Governance for Smarter City Mobility at Internet Governance Forum 2019. From 28.11.2019 to 28.11.2019. Estrel Berlin, Berlin, Germany. Co-Organised by: Alina Wernick, Maximilian von Grafenstein, Li-hsien Chang, Natalie Kreindlina, Christopher Olk (International), Li-hsien Chang, Natalie Kreindlina, Alina Wernick, Maximilian von Grafenstein, more information

Data Governance: Between Concepts and Case Studies

02.07.2019. Humboldt Institute for Internet and Society, Berlin, Germany (International), Natalie Kreindlina, Alina Wernick, Christopher Olk, Maximilian von Grafenstein

"Data Protection as a Service – Zertifikate für Webhoster"

20.05.2019. Humboldt Institut für Internet und Gesellschaft, Berlin, Germany (National), Kevin Klug, Maximilian von Grafenstein, Jörg Pohle, Nuri Khadem

Who holds a stake in Smart City Data?

From 15.04.2019 to 15.04.2019. Humboldt Institute for Internet and Society, Berlin, Germany (International), Alina Wernick, Christopher Olk, Maximilian von Grafenstein

Expert workshop for „EXPLOIDS“: Host Intrusion Detection and the State of the Art of Data Protection and Security by Design

01.04.2019. Humboldt Institute for Internet and Society, Berlin, Germany (National), Björn Scheuermann, Maximilian von Grafenstein, Jörg Pohle

Data Protection by Design in Smart Cities

05.11.2018. Humboldt Institut für Internet und Gesellschaft, Berlin, Germany (International), Kevin Klug, Maximilian von Grafenstein, Jörg Pohle, Nuri Khadem

Methodische Fragen zu Prüfprogrammen im Sinne der Artikel 42 und 43 DSGVO (mit ECDF)

29.10.2018. Deutsche Akkreditierungsstelle DAkkS, Berlin, Germany (National), Julian Hölzel, Maximilian von Grafenstein, Jörg Pohle, Nuri Khadem

Nudging and Digital Platforms

with attending Vip: Maximilian Mayer. 10.01.2018. Humboldt Institut für Internet und Gesellschaft, Berlin, Germany (International), Florian Irgmaier, Maximilian von Grafenstein, Jörg Pohle

Game Jam – Unveil the privacy threat

From 07.10.2017 to 08.10.2017. Humboldt Institut for Internet and Society, sirius minds, Berlin, Germany (International), Katharina Beitz, Maximilian von Grafenstein, Thomas Schildhauer, Larissa Wunderlich

Startups Research with an Interdisciplinary Touch

iLINC Conference. 18.05.2015. betahaus Berlin, Berlin, Germany. Co-Organised by: Humboldt Carré (International)

Datenschutz zwischen Innovationsoffenheit und Rechtssicherheit

06.03.2015. Google Launchpad, München / Berlin, Germany (National)

Moot Court on Format Dispute Resolution „Survivor!“ vs. „Celebrity“

07.07.2014. Filmakademie Baden-Württemberg, Ludwigsburg, Germany (National)

Startup Clinics Talks about how to onboard talents with KPMG

27.05.2014. Alexander von Humboldt Institute for Internet and Society, Berlin, Germany (International)

Veröffentlichungsrechte im Netz

12.05.2014. Electronic Media School, Babelsberg, Germany (National)

Fachgespräch zur EU-Datenschutzreform mit dem BMI

27.01.2014. Walter-Hallstein-Institut für Europäisches Verfassungsrecht, Berlin, Germany (National), Emma Peters, Maximilian von Grafenstein, Jörg Pohle, Osvaldo Saldías, Rüdiger Schwarz, Ingolf Pernice

Functions

Academic Board of the European Association of Data Protection Professionals.Vice President
Annual Privacy Forum Lisbon 2020. Member of the Program Committee
PLSC Europe 2020 - European Privacy Law Scholars Conference in Tilburg. Member of the Programm Committee

Participation as an expert

What thinking of data as an economic good can (not) teach us about data governance?

Digital Legal Talks 2022 Law schools of Tilburg University, the University of Amsterdam, Radboud University and Maastricht University. Utrecht, De Zalen van Zeven, Utrecht, Netherlands: 24.11.2022 more information

Media appearances

Tracking im Netz: Manipulation, Diskriminierung und Vertrauensverlust“ durch personalisierte Werbung

12.02.2025, netzpolitik.org, more information

Mitmachaktion am Flughafen Tempelhof: Das CityLab simuliert in Berlin die Verkehrswende

24.11.2023, Tagesspiegel, more information

Datenpolitik: Kann die Luft in Berlin dank Künstlicher Intelligenz besser werden?

03.04.2023, Tagesspiegel, more information

Data Governance: Berlin startet Experiment

30.03.2023, Tagesspiegel Background, more information

Wie lassen sich Datenteilen und Datenschutz vereinbaren?

17.11.2022, Frankfurter Allgemeine Zeitung, more information

Online-Werbung: Wie kann man Cookie-Banner besser machen?

24.06.2022, Tagesspiegel, more information

Datenschutz verständlich machen Symbole wie im Straßenverkehr sollen Bürger aufklären

02.05.2019, Berliner Zeitung, more information

Über den Tellerrand schauen: 10 Jahre Einstein-Stiftung

02.12.2019, Berliner Morgenpost, more information

Interview: Berlin's Take on a High-Tech ‘Smart City’ Could Be Different

19.09.2019, Citylab, more information

Spiele lehren Sicherheit

20.09.2017, Unternehmen heute, more information

Research

Books

Grafenstein, M. v. (2018). The Principle of Purpose Limitation in Data Protection Laws. The Risk-based Approach, Principles, and Private Standards as Elements for Regulating Innovation. Baden-Baden: Nomos.

Journal articles and conference papers

Grafenstein, M. v., & Rupp, V. (2024). Clarifying “personal data” and the role of anonymisation in data protection law: Including and excluding data from the scope of the GDPR (more clearly) through refining the concept of data protection. Computer Law & Security Review, 52. DOI: 10.1016/j.clsr.2023.105932

Grafenstein, M. v., Kiefaber, I., Heumüller, J., Rupp, V., Graßl, P., Kolless, O., & Puzst, Z. (2024). Privacy icons as a component of effective transparency and controls under the GDPR: effective data protection by design based on art. 25 GDPR. Computer Law & Security Review, 52. DOI: 10.1016/j.clsr.2023.105924

Grassl, P., Gerber, N., & Grafenstein, M. v. (2024). How Effectively Do Consent Notices Inform Users About the Risks to Their Fundamental Rights? European Data Protection Law Review, 10(1), 96-104. DOI: 10.21552/edpl/2024/1/14

Mihaljević, H., Müller, I., Dill, K., Yollu-Tok, A., & von Grafenstein, M. (2023). More or less discrimination? Practical feasibility of fairness auditing of technologies for personnel selection. AI & Society. DOI: 10.1007/s00146-023-01726-w

Jakobi, T., Grafenstein, M. v., Smieskol, P., & Stevens, G. (2022). A Taxonomy of user-perceived privacy risks to foster accountability of data-based services. Journal of Responsible Technology, 10, 1-14. DOI: 10.1016/j.jrt.2022.100029

Grafenstein, M. v. (2021). Refining the concept of the right to data protection in article 8 ECFR – üart II. European Data Protection Law Review, 7(2), 190-205. DOI: 10.21552/edpl/2021/2/8

Grafenstein, M. v. (2021). Refining the concept of the right to data protection in article 8 ECFR – part III. European Data Protection Law Review, 7(3), 373-387. DOI: 10.21552/edpl/2021/3/6

Grafenstein, M. v., Jakobi, T., & Stevens, G. (2021). Effective data protection by design through interdisciplinary research methods: The example of effective purpose specification by applying user-Centred UX-design methods. Computer Law & Security Review, 46. DOI: 10.1016/j.clsr.2022.105722

Grafenstein, M. v. (2020). Innovationsoffener Datenschutz durch Folgenabschätzungen und Technikgestaltung. Datenschutz und Datensicherheit - DuD, 44(3), 172-175.

Grafenstein, M. v., Jakobi T., Gegner, C., Labadie, C., Mertens, P., Öksüz, A. & Stevens, G. (2020). The Role of IS in the Conflicting Interests Regarding GDPR. Business & Information Systems Engineering.

Grafenstein, M. v., Jakobi, T., Stevens, G., Seifert, A.-M., & Becker, M. (2020). Web Tracking Under the New Data Protection Law: Design Potentials at the Intersection of Jurisprudence and HCI. i-com, 19(1), 31–45. DOI: https://doi.org/10.1515/icom-2020-0004

Wernick, A., Olk, C., & Grafenstein, M. v. (2020). Defining Data Intermediaries. Technology and Regulation, 65–77. DOI: 10.26116/techreg

Grafenstein, M. v. (2020). Refining the Concept of the Right to Data Protection in Article 8 ECFR – Part I. European Data Protection Law Review, 6(4), 509-521. DOI: 10.21552/edpl/2020/4/7

Grafenstein, M. v., Jain, A., Thorne, M., Rogers, J. et al. (2019). Our Friends Electric – Reflections on Advocacy and Design Research for the Voice Enabled Internet. ACM CHI Conference on Human Factors in Computing Systems. DOI: 10.1145/3290605.3300344

Grafenstein, M. v., Wernick, A., & Olk, C. (2019). Data Governance: Enhancing Innovation and Protecting Against Its Risks. Intereconomics, 54 (4), 228-232. DOI: 10.1007/s10272-019-0829-9

Grafenstein, M. v., & Wunderlich, L. (2019). The concept of data protection law. PinG (Privacy in Germany), 8(1), 2–3. DOI: 10.5281/zenodo.3968996

Grafenstein, M. v. & Schulz, W. (2016). The right to be forgotten in data protection law: a search for the concept of protection. International Journal of Public Law and Policy - IJPLP.

Ulbricht, L. & Grafenstein, M. v. (2016). Big data through the power lense: marker for regulating innovation. Internet Policy Review.

Grafenstein, M. v. (2016). Die Auswirkungen des Zweckbindungsprinzips auf Innovationsprozesse in Startups. Smart World - Smart Law? Weltweite Netze mit regionaler Regulierung. Tagungsband DSRI-Herbstakademie 2016, 233-246.

Grafenstein, M. v., Schneider, E., Richter, N. (2015). MAUERSCHAU: A Mobile Virtual Museum – Postmodern Storytelling through Digital Media. Kultur und Informatik: Cross Media.

Grafenstein, M. v. (2015). Das Zweckbindungsprinzip zwischen Innovationsoffenheit und Rechtssicherheit – Zur mangelnden Differenzierung der Rechtsgüterbetroffenheit. Datenschutz und Datensicherheit - DuD, 39(12), pp 789-795.

Dopfer, M., Grafenstein v., M., Richter, N., Schildhauer, T., Tech, R., Trifonov, S., & Wrobel, M. (2015). Fördernde und Hindernde Faktoren Für Internet-Enabled Startups (Supporting and Hindering Factors for Internet-Enabled Startups). HIIG Discussion Paper Series, 2015(06).

Editorships

Ulbricht, L., & Grafenstein, M. v. (2016). Big data: big power shifts [Special issue]. Internet Policy Review, 5(1). DOI: 10.14763/2016.1.406

Book contributions and chapters

Schildhauer, T., Jakobi, T., & Grafenstein, M. v. (2021). Data privacy: a driver for a competitive advantage. In M. Einhorn, M. Löffler, E. de Bellis, A. Herrmann, & P. Burghartz (Eds.), The Machine Age of Customer Insight. Bingley, United Kingdom: Emerald Publishing Limited.

Grafenstein, M. v., Heumüller, J. & Jakobi, T. (2021). Die Gestaltung wirksamer Bildsymbole für Verarbeitungszwecke und ihre Folgen für Betroffene mithilfe einer interdisziplinären Forschungsmethodologie. In A. Boden, T. Jakobi, G. Stevens & C. Bala, Verbraucherdatenschutz - Technik und Regulation zur Unterstützung des Individuums (pp. 1-20). Sankt Augustin, Germany: Hochschule Bonn-Rhein-Sieg. DOI: 10.18418/978-3-96043-095-7_07

Grafenstein, M. v. (2019). Co-Regulation and the Competitive Advantage in the GDPR: Data protection certification mechanisms, codes of conduct and the “state of the art” of data protection-by-design. In González-Fuster, G., van Brakel, R., & P. De Hert, Research Handbook on Privacy and Data Protection Law. Values, Norms and Global Politics, Edward Elgar Publishing, 1st Ed.. Cheltenham: Edward Elgar Publishing.

Grafenstein, M. v. (2018). Regulation as a Facilitator of Startup Innovation: The Purpose Limitation Principle and Data Privacy. In N., Richter, P., Jackson, & T., Schildhauer, (Eds.), Entrepreneurial Innovation and Leadership Preparing for a Digital Future (pp. 41-49). Cham, Switzerland: Palgrave McMillan.

Pype, P., Daalderop, G., Schulz-Kamm, E., Walters, E., & Grafenstein, M. v. (2017). Privacy and Security in Autonomous Vehicles. In D. Watzenig & M. Horn, Automated Driving: Safer and More Efficient Future Driving (pp. 17-28). Berlin, Heidelberg: Springer.

Grafenstein, M. v. (2017). Kommentar zu Art.2 der Datenschutz-Grundverordnung. In Gierschmann, Sibylle Dr., Schlender, Katharina, Stenzel, Rainer Dr. (Eds.), Kommentar - Datenschutzgrundverordnung, 1. Köln: Bundesanzeiger Verlag.

Papers

Kreutzer, S., Heimer, T., Nachtigall, H., Pschorn, L., Bauer, F., Blind, K., Martin, N., Grafenstein, M. v., Streblow, R., Du, J. & Schölzel, J. (2024). Wissenschaftliche Begleitung und Vernetzung der Projekte zur Entwicklung und praktischen Erprobung von Datentreuhandmodellen in den Bereichen Forschung und Wirtschaft: Bericht zu Arbeitspaket 1.2: Anforderungen und Umsetzungshemmnisse für Datentreuhandmodelle. Publikationsserver der RWTH Aachen University. DOI: 10.18154/RWTH-2024-04375

Kreutzer, S., Heimer, T., Nachtigall, H., Pschorn, L., Waiblinger, F., Blind, K., Martin, N., Horvat, D., Grafenstein, M. v., Schweinberg, M., Streblow, R., Du, J. & Schölzel, J. (2024). Wissenschaftliche Begleitung und Vernetzung der Projekte zur Entwicklung und praktischen Erprobung von Datentreuhandmodellen in den Bereichen Forschung und Wirtschaft: Arbeitspaket 1.1 Bestandsaufnahme. Publikationsserver der RWTH Aachen University. DOI: 10.18154/RWTH-2024-04376

de Macedo Schäfer, N., Schweinberg, M. J., Stenzel, M., & von Grafenstein, M. (2023). Data Governance im Spannungsfeld datengetriebener Verwaltung. Herausforderungen von Kommunen bei der Etablierung einer Smart City Administration. HIIG Discussion Paper Series, 2023(4). DOI: 10.5281/zenodo.8297607

Auer, A., von Grafenstein, M., Kruse, L. & de Macedo Schäfer, N. (2023). Öffentlichkeitsbeteiligung in der datengetriebenen Verwaltung. Ein prozessbezogener Ansatz zur Lösung datenbezogener Interessenkonflikte durch die Ergänzung formeller Beteiligung. HIIG Discussion Paper Series, 2023(5). DOI: 10.2139/ssrn.4603704

Bria, F., Blankertz, A., Fernández-Monge, F., Gelhaar, J., Grafenstein, M. v., Haase, A., Kattel, R., Otto, B., Sagarra Pascual, O., & Rackow, L. (2023). Governing Urban Data for the Public Interest. The New Hanse Project Blueprint.

Grafenstein, M. (2023). The New Hanse: Data sharing between public and private actors in the public interest – A first legal assessment toward a legal blueprint. The New Hanse Report.

Frank, R. D., Grafenstein, M. v., & Rothfritz, L. (2022). Open Data und die Risikowahrnehmung in der Öffentlichen Daseinsvorsorge. Einstein Center Digital Future. DOI: 10.5281/zenodo.6285549

Grafenstein, M. v. (2022). Reconciling Conflicting Interests in Data through Data Governance. An Analytical Framework. HIIG Discussion Paper Series, 2022(2). DOI: 10.5281/zenodo.7390542

Grafenstein, M. v. (2021). Specific certification schemes as rule, general schemes (and criteria) as exception. HIIG Discussion Paper Series, 2021(04). DOI: 10.5281/zenodo.4905484

Grafenstein, M. v., Pallas, J., & Pohle, J. (2021). Datenschutz durch Technikgestaltung gem. Art. 25 Abs. 1 DS-GVO. HIIG Discussion Paper Series, 2021(5). DOI: 10.5281/zenodo.6325328

Grafenstein, M. v., Heumüller, J., Belgacom, E., Jakobi, T., Smieskol, P., & Wunderlich, L. (2021). Effective regulation through design – Aligning the ePrivacy regulation with the EU General Data Protection Regulation (GDPR): tracking technologies in personalised internet content and the data protection by design approach. OpenAIRE. DOI: 10.5281/zenodo.5575447

Grafenstein, M. v. (2021). Kurzpapier: Data Governance. Ein Framework zur Erfassung “erfolgreicher” Data Governance-Modelle. HIIG Discussion Paper Series, 2021(6). DOI: 10.5281/zenodo.6327345

Grafenstein, M. v., & Ulich, A. (2021). Data-Governance-Framework für das Digital Urban Center for Aging and Health (DUCAH). Stiftung für Internet und Gesellschaft.

Grafenstein, M. v. (2020). How to build data-driven innovation projects at large with data protection by design. HIIG Discussion Paper Series, 2020(3), 93.

Grafenstein, M. v., Jakobi, T. (2019). Une Nouvelle Gouvernance pour les Données au XXIème Siècle – Des Standards pour la Circulation et la Protection des Données Personelles. Une Nouvelle Gouvernance pour les Données au XXIème Siècle - Des Standards pour la Circulation et la Protection des Données Personelles.

Grafenstein, M. v. (2016). Gesamtheit der Grundrechte als belastbarer Maßstab fur den „risikobasierten“ Ansatz: ein Losungsvorschlag fur das Zweckbindungsprinzip. Die Zukunft des Datenschutzes im Kontext von Forschung und Smart Data - Datenschutzgrundprinzipien im Diskurs, 34-37.

Raabe, O., Lenk, A. et al. (2015). Smart Data – Smart Privacy? Impulse für eine interdisziplinär rechtlich-technische Evaluation. Technical Report des BMWi-Technologieprogramms „Smart Data – Innovationen aus Daten“.

Dopfer M., Grafenstein, M. v., Richter, N., Schildhauer, T., Tech, R. P. G., Trifonov, S., Wrobel, M. (2015). Fördernde Und Hindernde Faktoren Für Internet-Enabled Startups. (Supporting and Hindering Factors for Internet-Enabled Startups.). HIIG Discussion Paper Series.

Grafenstein, M. v. (2014). Copyright Protection of Formats on the European Single Market – A Definition of the Coypright Protected Work with respect to Utilitarian Coypright Theories. The Single Market and copyright protection of formats.

other publications

Pohle, J., Grafenstein, M., & Ulich, A. (2023). Menschenzentrierte Data Governance im Gesundheits- und Pflegesektor. Digital society blog.

Grafenstein, M. v. (2023). Stellungnahme zum Referentenentwurf des Bundesministeriums für Digitales und Verkehr „Verordnung über Dienste zur Einwilligungsverwaltung nach § 26 Abs. 2 TTDSG“. Humboldt Institute for Internet and Society.

Grafenstein, M. v. (2023). „Es muss ein Primat der Demokratie über Technologie und Geschäftsmodell geben.“ Ein Gespräch mit Paul Nemitz. TE.MA.

Rupp, V., Heumüller, J., & von Grafenstein, M. (2022). Effiziente Datenminimierung im Gebäude- und Quartierssektor, Rupp, V., Heumüller, J., & von Grafenstein, M. (2022). Effiziente Datenminimierung im Gebäude- und Quartierssektor. Retrieved from https://zenodo.org/record/6854465#.YuJPHi-22Rt.

Grafenstein, M. v. (2022). Wie lassen sich Datenteilen und Datenschutz vereinbaren? FAZ.

Rehmann, F., Cudok, F., Rupp, V., Grafenstein, M. von., Kegel, J., Aretz, A. & Streblow, R. (2022). Thesen zur Digitalisierung der Energiewende in Deutschland: Status Quo und Ausblick- eine Expert*innenbefragung der deutschen Forschungslandschaft, F. Rehmann, F. Cudok, V. Rupp, M. von Grafenstein, J. Kegel, A. Aretz, R. Streblow. (2022). Thesen zur Digitalisierung der Energiewende in Deutschland: Status Quo und Ausblick- eine Expert*innenbefragung der deutschen Forschungslandschaft, Whitepaper.

Grafenstein, M. v., Jakobi, T., & Wunderlich, L. (2020). Der Kiezkartograph mit Datenspende. StadtManufaktur.

Grafenstein, M. v., Hölzel, J., Irgmaier, F. & Pohle, J. (2018). Nudging: Regulierung durch Big Data und Verhaltenswissenschaften.

Grafenstein, M. v. (2018). Transfers of Personal Data to Third Countries: Certification Mechanisms, Binding Corporate Rules, and Codes of Conduct as Suitable Alternatives to the ‘Adequacy Decision’? Privacy and Cyber Security on the Books and on the Ground, 1 (1).

Grafenstein, M. v. (2017). Serious Games as a Tool for Privacy-by-Design. Digital Society Blog.

Grafenstein, M. v. (2017). Datenschutz fit für das digitale Zeitalter: Jan Phillip Albrecht im Interview.

Grafenstein, M. v. (2016). Legal Hackathon: „Building Standards of Privacy- and Security-by-Design for the IoT”. Digital Society Blog.

Grafenstein, M. v. (2015). Legal support for Startups on a Global Scale – iLINC, the European Network of ICT Law Incubators. Digital Society Blog.

Grafenstein, M. v. (2015). Keine Innovation ohne Investition: Ein Dilemma der klassischen Medienindustrie. Digital Society Blog.

Grafenstein, M. v. (2015). Plattformträger für «Mobiles Museum in Berlin» gesucht! Digital Society Blog.

Grafenstein, M. v. (2015). Start-ups and Data Protection – Purpose Specification and Limitation. iLINC Policy Briefs.

Grafenstein, M. v., & Wunderlich, L. (2015). A Concept Study for Privacy Icons Representing Different Privacy Risks. Zenodo.

Grafenstein, M. v. (2014). Audiovisuelle Medien und ihre Produzenten auf dem Weg in das ‘digitale Zeitalter’. Digital Society Blog.

Grafenstein, M. v. (2014). re:publica und MEDIA CONVENTION: Politische Netzdebatte vs. Kommerzialisierung? Digital Society Blog.

Grafenstein, M. v. (2014). Planung vs. explorative Entwicklung. Digital Society Blog.

Grafenstein, M. v. (2014). Schutzinstrumente für oder gegen Innovation. Digital Society Blog.

News

Team

Founder, CEO & lawyer

Prof. Dr. Max von Grafenstein, LL.M.

Max von Grafenstein studied history and law in Regensburg and Munich and trained as a European film producer in Ludwigsburg, Paris and London. In Berlin, he developed his first interactive media project Mauerschau, a mobile augmented reality app with location-based eyewitness stories about the construction and fall of the Berlin Wall. He wrote his doctoral thesis on the regulation of data-driven innovation. As part of the interdisciplinary research group ‘Internet-enabled Innovation’, he also headed the HIIG Startup Law Clinic, in which he supported over 140 startups in solving legal issues with regard to their product and business model innovations. In 2018, he took up the interdisciplinary professorship of Digital Self-Determination at the Berlin University of the Arts as part of the Einstein Centre Digital Future research network. There, he and his team of designers, social scientists and lawyers develop user-friendly data protection solutions.

CEO

Max von Grafenstein

Business Development

Maurice Stenzel

Christopher Luxner

Legal

Valentin Rupp

Frido Uebachs

UX / UI

Yanwei Miao

Isabel Kiefaber

Vogel

Software Development

Gabriel Cosi

Leo DeJaneiro

Research

Paul Grassl

Nina Bender

Ulrich

CEO

Prof. Dr. Max von Grafenstein, LL.M.

Founder, CEO & Lawyer

Business Development

Maurice Stenzel

Project Coordinator & Project Development

Christopher Luxner

Project Coordinator

Legal

Valentin Rupp

Legal Research

Frido Uebachs

Legal Research

UX / UI

Yanwei Miao

User Experience Design

Isabel Kiefaber

User Interface Design

Vogel

User Experience Consultant

Software Development

Gabriel Cosi

Full Stack Web Developer

Leo DeJaneiro

Full Stack Web Developer

Research

Paul Grassl

Behavioural Science

Kakadu Labs

Business Intelligence

Dr. Nina Gerber

Research Consultant

Contact us
By Mail
info@law-innovation.com
Or directly here
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Contact us

By mail
info@law-innovation.tech
Or directly Here
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get notified

Be the first to hear about our products and research.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.