On PETs and their legal aspects
While measures for the enhancement of, respectively, security and privacy are not always commensurate and sometimes conflict, there is often considerable synergy between them. Such incentives have been largely absent from legislation on privacy and data protection.
However, the EU General Data Protection Regulation shows clear signs of legislative readiness to develop a more "systemic" approach to privacy and data protection than does the 1995 Data Protection Directive (Directive 95/46/EC). Unlike the latter, the Regulation includes provisions specifically mandating "data protection by design and default" (Article 23).
Privacy by design and ICT security
This prong of research follows the implementation of the Regulation particularly with respect to its provisions on “data protection by design and default”. It also considers alternative means for providing legal incentives to hardwire privacy. And it assesses more generally the interaction of ICT security provisions in privacy and data protection legislation with ICT security provisions in other laws pertaining to cyberspace.