Intellectual property rights in distributed information infrastructures
Who owns research data stored in a digital preservation repository? Who is liable if the data are lost? Who decides when the data may be deleted? These and other questions in the broad area of information law are among the research topics falling under the professorship – newly established by FIZ Karlsruhe and the KIT in November 2015 – for Intellectual Property Rights in distributed information infrastructures (IGR).
The IGR also accompanies current reform activities in the copyright, IT (security) and data protection sectors at German and EU level. Besides general topics like the protection of fundamental rights when drafting European and international regulations in these areas, the IGR also deals with specific questions – e.g., how can data be exchanged with third countries in a legally compliant manner in the future and how can research data be handled in compliance with data protection and copyright laws. We apply the results of this research for the further development of FIZ Karlsruhe’s information services.
The IGR’s activities focus on copyright law, data protection law, and IT law
1. Copyright in intangible and virtual assets
FIZ Karlsruhe’s Intellectual Property Rights department deals with all copyright issues related to research infrastructures – e.g. regarding rights in intangible assets and goods. This includes rights in data (e.g., research data) and databases, data protection rights, and securing these rights through appropriate IT solutions. More recent issues resulting from text and data mining within the scope of research databases are also an object of research.
A concrete example of the department’s work is the legal briefing outlining recommended actions for researchers put together for the RADAR project. The RADAR system throws up a number of complex legal problems – e.g. data protection and copyright issues – which are not easy for the researchers and data providers using the system to understand. The Intellectual Property Rights department has worked to provide a simple, understandable and brief overview of these problems. This can be presented to RADAR users to allow them to appreciate their legal position and potential liabilities when deciding how to use the system.
2. Data protection law
Protecting personal data is a major challenge for information infrastructures and data management systems. This is particularly true if personal data are processed, edited, preserved, and used in distributed information systems such as globally operated databases. The IGR department’s activities focus on how best to implement the EU data protection reform and how best to adapt infrastructures to the legal changes it will bring about. Topics to be considered – besides data transfers to third countries – are tools such as the Data Protection Impact Assessment and the regulation of algorithms.
IGR is also involved in several national and EU projects dealing with data protection issues. For example, the EU-Projekt (STARR) started in March 2016 and aims to develop a "decision support and self-management system for stroke survivors" to improve aftercare at home. In this process, a great deal of highly sensitive personal data is generated. Needless to say, the handling of this data needs to be compliant with law. In this project, FIZ Karlsruhe analyzes the legal situation and engages and accompanies technological development right from the start. This allows privacy- and data protection relevant risks to be identified and addressed while the technology is still being designed. The results from this project will provide important findings for other subject areas, e.g., for the handling sensitive research data.
3. IT law
IT law, and in particular IT security, is one of the key challenges information infrastructures will face in the years to come. In this area, the IGR participates in several national and EU projects hosted at FIZ Karlsruhe, the KIT, and the University of Münster. These include the EIDI, OVERVIEW und ITS.APT (IT-Security Awareness Penetration Testing) projects funded by the Federal Ministry of Education and Research and the TITANIUM project – examining legal questions within the framework of block chain analysis – funded by the EU. In addition, Prof. Dr. Boehm supervises a PhD on the topic of liability risks after IT-security violations sponsored by the RWTÜV Stiftung.