Who owns research data stored in a digital preservation repository? Who is liable if the data are lost? Who decides when the data may be deleted from a repository? These and other questions in the large area of information law are among the research topics of the professorship for Intellectual Property Rights in distributed information infrastructures (IGR) that was newly established by FIZ Karlsruhe and Karlsruhe Institute of Technology (KIT).
The IGR also accompanies current reform activities in the copyright, IT (security) and data protection sectors at German and EU level. Besides general topics like the protection of fundamental rights when drafting European and international regulations in these areas, the IGR also deals with specific questions – e.g., how can data be exchanged with third countries in a legally compliant manner in the future and how can research data be handled in compliance with data protection and copyright laws. The results achieved from this research are supposed contribute to the discussion in academia and at a political level and are to be used directly for the further development of FIZ Karlsruhe’s information services.
The IGR’s activities focus on copyright law, data privacy law, and IT law.
1. Copyright in intangible and virtual assets
FIZ Karlsruhe’s Intellectual Property Rights department deals with all copyright issues related to research infrastructures, e.g. the rights in intangible assets and goods. This also includes the rights in data (e.g., research data) and databases, protecting personal rights, and securing these rights through appropriate IT solutions in infrastructures and information systems. More recent issues resulting from text and data mining within the scope of research databases are also an object of research.
A concrete example of the department’s work is the legal briefing outlining recommended actions for researchers put together for the RADAR project. The RADAR system poses a number of complex legal problems – e.g. data protection and copyright issues – which are not easy for the researchers and data providers using the system to understand. The Intellectual Property Rights department has worked to provide a simple, understandable and brief overview of these problems. This can be presented to RADAR users to allow them to appreciate their legal position and potential liabilities when deciding how to use the system.
2. Data privacy law
Protecting (sensitive) data is a major challenge in general and for information infrastructures and data management systems in particular, for example if personal data are processed, edited, preserved, and used in distributed information systems such as globally operated databases. The IGR department’s activities focus on how best to implement the EU data protection reform and how best to adapt infrastructures to the legal changes it will bring about. Topics to be considered – besides data transfers to third countries – are tools such as the Data Protection Impact Assessment and the regulation of algorithms.
IGR is also involved in several national and EU projects dealing with data protection issues. For example, the EU-Projekt (STARR) started in March 2016 and aims to develop a "decision support and self-management system for stroke survivors" to improve aftercare at home. In this process, a great deal of highly sensitive personal data is generated. Needless to say, the handling of this data needs to be compliant with law. In this project, FIZ Karlsruhe analyzes the legal situation and engages and accompanies technological development right from the start. This allows privacy- and data protection relevant risks to be identified and addressed while the technology is still being designed. The results from this project will provide important findings for other subject areas, e.g., for the handling sensitive research data.
3. IT law
IT law, and in particular IT security, is one of the key challenges information infrastructures will face in the years to come. In this area, the IGR participates in several national and EU projects hosted at FIZ Karlsruhe, the KIT, and the University of Münster. These include the EIDI, OVERVIEW und ITS.APT (IT-Security Awareness Penetration Testing) projects funded by the Federal Ministry of Education and Research and the TITANIUM project – examining legal questions within the framework of block chain analysis – funded by the EU. In addition, Prof. Dr. Boehm supervises a PhD on the topic of liability risks after IT-security violations sponsored by the RWTÜV Stiftung.