Lecturer in IT Law

Rechtsanwalt (non-practicing - Germany), Solicitor (non-practicing - England and Wales)
View my full research profile

Biography

Judith Rauhofer is a Lecturer in IT Law at the University of Edinburgh and an Associate Director of the Centre for Studies of Intellectual Property and Technology Law (SCRIPT).

Her research interests include the commercial and fundamental rights aspects of online privacy and electronic surveillance, data protection, information security and all areas of e-commerce and internet law and policy. Judith is particularly interested in exploring the tensions between privacy as an individual right and as a common good. She is currently working on a project (with Prof. Lilian Edwards, Strathclyde) on "Privacy, Personal Data and the Freemium Model" as part of the inter-institutional Centre for Creativity, Regulation, Enterprise & Technology (CREATe).

At Honours level, Judith teaches Law, Information and Technology; at Masters level, she teaches Information Technology Law (eLLM), Legal Challenges of Information Technolgy (LLM) and Information: Control and Power (both LLM and eLLM). In 2013/14, she is programme director for the eLLM Information Technology Law and the eLLM Innovation, Technology and the Law.

Judith is qualified as a Rechtsanwalt in Germany and as a solicitor in England and Wales. She has worked in legal practice for several years, advising clients from the media and new media industries on aspects of e-commerce, data protection and IT law. She continues to provide consultancy services in the area of e-commerce and data protection compliance.

Judith is a member of the Executive Committee of the British and Irish Law, Eductation and Technology Association (BILETA) and of the Advisory Councils to the Open Rights Group (ORG) and the foundation for information policy research (fipr). She also serves as a member of the Editorial Board of the European Journal of Law and Technology.

PhD Supervisees

Jiahong Chen  'Personal Data Protection in the Age of Big Data: Legal Challenges and Responses'

Laurence Diver  'Artificial Intelligence and compliance by design'

Daniel Torres Goncalves  'The role of law interpretation to the protection of Digital Identity Rights'

Matthew Jewell  'Counter-narratives in the Smart City: Digital architecture and the power to oppose'

Jesus Manuel Niebla Zatarain  'Intelligent Agents to Enforce Copyright on the Internet'

Journal Articles

Burkhard Schafer, Judith Rauhofer, Zbigniew Kwecka, William Buchanan, '"I am Spartacus" : privacy enhancing technologies, collaborative obfuscation and privacy as a public good' (2014) Artificial Intelligence and Law vol 22 p113-139 [Download]
Abstract: The paper introduces an approach to privacy enhancing technologies that sees privacy not merely as an individual right, but as a public good. This idea finds its correspondence in our approach to privacy protection through obfuscation, where everybody in a group takes a small privacy risk to protect the anonymity of fellow group members. We show how these ideas can be computationally realised in an Investigative Data Acquisition Platform (IDAP). IDAP is an efficient symmetric Private Information Retrieval protocol optimised for the specific purpose of facilitating public authorities' enquiries for evidence.

Judith Rauhofer '"Look to yourselves, that we lose not those things which we have wrought." What do the proposed changes to the purpose limitation principle mean for public bodies' rights to access third-party data?' (2014) International Review of Law, Computers and Technology Vol 28 No 2 pp 144-159
Abstract: This article analyses the proposed changes to the purpose limitation principles contained in the draft Data Protection Regulation adopted by the European Commission in January 2012. It examines the historical motives for the introduction of the principle as part of the 1995 Data Protection Directive, and looks at the constitutional framework under which it operates both at EU and member state level. It considers the risks and long-term consequences that EU citizens may face if the principle is eroded or substantially abandoned.

Judith Rauhofer 'One Step Forward, Two Steps Back? Critical Observations on the Proposed Reform of the EU Data Protection Framework' (2013) Journal of Law & Economic Regulation Vol 6 No1 (Serial No 11)
Abstract: Recent changes in market dynamics of electronic and mobile commerce mean that users of online services are no longer "passive agents of consumption". Instead online business models increasingly provide a platform for user interaction while simultaneously relying on the contributions made by those users for the population of those spaces. Like many other online services that form part of the Web 2.0 economy, SNS, in the main, are offered free at the point of access. Instead of charging their users a monetary fee, most SNS providers generate revenue through payments they receive from third parties in exchange for the right directly to display advertising to their users or in exchange for providing aggregated data on those users' behaviour, likes and dislikes. This means that users now "pay'" for online services with the personal information they disclose. Despite repeated announcements by members of the SNS industry that they are committed to the protection of their users' online privacy, it can therefore not be denied that, in practice, a high level of privacy protection is likely to be in stark conflict with SNS providers' business objectives and that, in reality, most SNS providers are entirely dependent for their market position on promoting an environment that encourages "openness" and widespread information-sharing by their users through the use of default privacy settings and the subtle encouragement of maximum disclosure in the form of financial and non-financial incentives (for example, additional "free" functionality). This article will examine the implications of these technical, economical and social developments of internet users' rights to privacy under the current EU data protection framework and whether the changes to that framework proposed by the European Commission in 2012 are likely to address the policy issues identified.

Judith Rauhofer 'Future-Proofing Privacy: Time for An Ethical Introspection?' (2012) Surveillance and Society Vol 10 No 34
Abstract: When trying to establish whether privacy is dead or whether it is merely evolving, we may very well be asking the wrong question. While there is considerable evidence that the concept of privacy is undergoing a sea change in the eyes of both individuals and policy makers, it could be argued that this is merely an expression of a much more fundamental issue that underpins the technological, political and economic changes we have witnessed over the past decade. It is true that anecdotal evidence suggests that individuals, both as citizens and consumers, no longer value their privacy the way they once did. Many claim that this is true in particular for younger people who seem increasingly comfortable with sharing even intimate details about themselves and their life with others, including a much wider range of "others" than their parents' generation would have done. Nevertheless, successive studies have shown that the wish for control over one's own information remains high with, for example, 78 per cent of respondents to a 2011 EU survey on privacy believing that their specific approval should be required before any kind of information about them is collected and processed. This article assesses the likely reasons for internet users increasing lack of trust in online providers' willingness and ability to keep their personal information secure and to use it only for purposes of which users are aware and which they have approved. It asks what the future for privacy and data protection law should look like and proposes that the existing defensive discourse around data protection should be replaced with a positive agenda for privacy based on an ethical enquiry into the kind of personal data processing that we, as a society, believe should be permitted.

Judith Rauhofer '"Privacy is dead, get over it!" Information privacy and the dream of a risk-free society' (2008) Information and Communications Technology Law Vol 17 Issue 3 pp 185-197

Judith Rauhofer, Marie-Theres Tinnefeld 'Whistleblower: Verantwortliche Mitarbeiter oder Denunzianten? Fragen im Feld von Ethikrichtlinien, des Datenschutzes und der Mitbestimmung' (2008) Datenschutz und Datensicherheit Vol 32 No 11 pp 717-723

Judith Rauhofer 'Blowing the whistle on Sarbanes-Oxley: Anonymous hotlines and the historical stigma of denunciation in modern Germany' (2007) International Review of Law, Computers and Technology Vol 21 No 3 pp 363-376

Judith Rauhofer ''Defence against the Dark Arts: How the British Response to the Terrorist Threat Is Parodied in J K Rowling's "Harry Potter and the Half Blood Prince' (2007) International Journal of Liability and Scientific Enquiry Vol 1 Nos 12 pp 94-113

Judith Rauhofer ''Just because you're paranoid, doesn't mean they're not after you: legislative developments in relation to the mandatory retention of communications data in the UK and the European Union' (2006) SCRIPT-ed Vol 3 Issue 4 pp 322-343 [Download]

Judith Rauhofer ''Die Vorratsdatenspeicherung als Instrument sozialer Kontrolle - Eine deutsch/britische Perspektive' (2006) Datenschutz Nachrichten Vol 2 pp 56-59

Chapters

Judith Rauhofer 'Round and round the garden? : Big data, small government and the balance of power in the information age' in Erich Schweighofer et al. (eds) Transparenz (Österreichische Computer Gesellschaft, 2014) 607-616
Abstract: With personal data caught in a revolving door between private and public sector access, the privacy harms arising from the monitoring of individuals are more difficult to qualify than ever. Concepts of personal data that depend on identifiability permit practices where governments and companies can single out otherwise unidentified persons on the basis of their behaviour or interests. Concepts of harm that rely on evidence of material damage ignore the way in which access to data not only maintains but re-enforces existing power imbalances. This article will look at the notion of privacy harms from an EU perspective taking into account the discussions on the role of personal data in the context of the ongoing revision of the EU data protection framework

Judith Rauhofer, Burkhard Schafer, Zbigniew Kwecka; William Buchanan 'Schutz der Anonymität als Gemeinschaftsaufgabe - eine neue Generation von PETs?' in M. Horbach (eds) Informatik angepasst an Mensch, Organisation und Umwelt (INFORMATIK 2013) (Köllen Druck+Verlag, 2013) 2134-2148

Smita Kheria, Daithi Mac Sithigh, Judith Rauhofer, Burkhard Schafer '(Mis)appropriation Art? Copyright and Data Protection implications of "CCTV Sniffing" as Art' in E. Schweighofer, F. Kummer, W. Hötzendorfer (eds) Abstraktion und Applikation (OCG, 2013) 489-498

Judith Rauhofer 'Diskriminierende Auswertung der Überwachung im öffentlichen Raum' in Heiner Bielefeldt, Volkmar Deile, Brigitte Hamm, Franz-Josef Hutter, Sabine Kurtenbach and Hannes Tretter (eds) Nothing to hide - nothing to fear?: Datenschutz - Transparenz - Solidarität. Jahrbuch Menschenrechte 2011 (Boehlau Verlag, 2011) pp.63-73

Judith Rauhofer, Lilian Edwards and Majid Yar 'Recent Developments in UK Internet Law'' in Yvonne Jewkes and Majid Yar (eds) Handbook of Internet Crime (Willan, 2009) pp.437-465

Judith Rauhofer 'The Retention of Communications Data in Europe and the UK' in Charlotte Waelde, Lilian Edwards (eds) Law and the Internet (Hart, 2009) pp. 575-600

Judith Rauhofer 'Privacy and Surveillance: Legal and Socioeconomic Aspects of State Intrusion into Electronic Communications' in Charlotte Waelde, Lilian Edwards (eds) Law and the Internet (Hart, 2009) pp. 545-574

Judith Rauhofer 'Intrusion in the sphere of personal communications' in Dionysions Politos (eds) Socioeceonomic and Legal implications of electronic intrusion (Information Science Reference, 2009) pp. 25-46

Judith Rauhofer 'The Possibility of a Registered Partnership under German Law' in Leslie Moran, Daniel Monk and Sarah Beresford (eds) Legal Queeries: lesbian, gay and transgender legal studies (Continuum International Publishing Group Ltd., 1998)

Notes and Reviews

Daithi Mac Sithigh, Judith Rauhofer 'The Data Retention Directive Never Existed' (2014) SCRIPT-ed 11(1) 118-127 [Download]
Abstract: Analysis of the decision of the Court of Justice of the European Union in Joined Cases C-293/12 (Digital Rights Ireland) and C-594/12 (Kärntner Landesregierung), on the validity of the Data Retention Directive. Link: http://script-ed.org/wp-content/uploads/2014/04/macsithigh.pdf

Working Papers

Judith RauhoferDaithi Mac Sithigh, 'The Data Retention Directive Never Existed', Edinburgh Law School Working Paper Series, 2014/34 (SSRN, 2014) [Download]
Abstract: Analysis of the decision of the Court of Justice of the European Union in Joined Cases C-293/12 (Digital Rights Ireland) and C-594/12 (Kärntner Landesregierung), on the validity of the Data Retention Directive. The Court of Justice of the European Union (ECJ) has ruled that the 2006 Data Retention Directive is invalid. The basis of invalidity was the exceeding of the limits imposed by the principle of proportionality in the light of Articles 7, 8 and 52(1) of the EU Charter of Fundamental Rights (Charter). The decision was in respect of two joined preliminary references, one from Ireland and the other from Austria.

Judith Rauhofer 'One Step Forward, Two Steps Back? Critical Observations on the Proposed Reform of the EU Data Protection Framework', Edinburgh Law School Working Paper Series, 2013/17 (SSRN, 2013) [Download]
Abstract: Recent changes in market dynamics of electronic and mobile commerce mean that users of online services are no longer "passive agents of consumption". Instead online business models increasingly provide a platform for user interaction while simultaneously relying on the contributions made by those users for the population of those spaces. Like many other online services that form part of the Web 2.0 economy, SNS, in the main, are offered free at the point of access. Instead of charging their users a monetary fee, most SNS providers generate revenue through payments they receive from third parties in exchange for the right directly to display advertising to their users or in exchange for providing aggregated data on those users' behaviour, likes and dislikes. This means that users now "pay'" for online services with the personal information they disclose. Despite repeated announcements by members of the SNS industry that they are committed to the protection of their users' online privacy, it can therefore not be denied that, in practice, a high level of privacy protection is likely to be in stark conflict with SNS providers' business objectives and that, in reality, most SNS providers are entirely dependent for their market position on promoting an environment that encourages "openness" and widespread information-sharing by their users through the use of default privacy settings and the subtle encouragement of maximum disclosure in the form of financial and non-financial incentives (for example, additional "free" functionality). This article will examine the implications of these technical, economical and social developments of internet users' rights to privacy under the current EU data protection framework and whether the changes to that framework proposed by the European Commission in 2012 are likely to address the policy issues identified.

Judith Rauhofer 'Look to Yourselves, That We Lose Not Those Things Which We Have Wrought: The Proposed Changes to the Purpose Limitation Principle in Data Protection and Public Bodies' Rights to Access Third Party Data', Edinburgh Law School Working Paper Series, 2013/18 (SSRN, 2013) [Download]
Abstract: This article analyses the proposed changes to the purpose limitation principles contained in the draft Data Protection Regulation adopted by the European Commission in January 2012. It examines the historical motives for the introduction of the principle as part of the 1995 Data Protection Directive, and looks at the constitutional framework under which it operates both at EU and member state level. It considers the risks and long-term consequences that EU citizens may face if the principle is eroded or substantially abandoned.

Judith Rauhofer 'Round and Round the Garden? Big Data, Small Government and the Balance of Power in the Information Age', Edinburgh Law School Working Paper Series (SSRN, 2013) [Download]
Abstract: With personal data caught in a revolving door between private and public sector access, the privacy harms arising from the monitoring of individuals are more difficult to qualify than ever. Concepts of personal data that depend on identifiability permit practices where governments and companies can single out otherwise unidentified persons on the basis of their behaviour or interests. Concepts of harm that rely on evidence of material damage ignore the way in which access to data not only maintains but re-enforces existing power imbalances. This article will look at the notion of privacy harms from an EU perspective taking into account the discussions on the role of personal data in the context of the ongoing revision of the EU data protection framework.

Papers and Presentations

Judith Rauhofer 'Demand side of media pluralism: The citizen, transparency and control, Invited paper' presented at Workshop "A definition of pluralism in the media sector. Comparing the results of the European projects with an interdisciplinary approach", Centre for Media Pluralism and Media Freedom at the European University Institute, Florence, 2012

Judith Rauhofer 'Right on track? The issue of consent in online behavioural advertising' presented at BILETA, Manchester Metropolitan University, 2011

Judith Rauhofer 'It's the nutjobs that will survive! In praise of paranoia' presented at GikII VI (2011), Gothenburg, 2011

Judith Rauhofer 'Information privacy, data mining and potential harms: social harms of OBA tracking (workshop organiser)' presented at AHRC/SCRIPT and BILETA Policy Forum on Online Behavioural Advertising, University of Edinburgh, 2011

Judith Rauhofer 'Right on track? Some musings on the regulation (or not) of location data collection' presented at ACM Web Science Conference 2011, Koblenz, Germany, 2011

Judith Rauhofer 'In the twilight zone of privacy law' presented at Computers, Freedom, and Privacy in a Networked Society - the 20th annual CFP conference, San Jose, California, 2010

Judith Rauhofer ''"…but they wouldn't do that" - Cultural differences in attitudes towards privacy as a common value' presented at BILETA, Vienna, 2010

Judith Rauhofer 'Beware of the leopard: user protection in a Web 2.0 world' presented at IRIS, Salzburg, 2010

Judith Rauhofer 'Privacy and Human Rights: An international comparison' presented at Amberhawk Data Protection Seminar, Pinsent and Mason LLP, Manchester, 2010

Judith Rauhofer 'Data security breach notification: a European view' presented at Information Security Best Practices, Wharton Business School, University of Pennsylvania, 2009

Judith Rauhofer 'Quo vadis Vorratsdatenspeicherung? Wo kein Richter, da kein Recht?' presented at IRIS (2009), University of Salzburg, 2009

Judith Rauhofer 'To have and have not: the retention of communications data between liberty, security and social cohesion' presented at WebSci'09: Society online, Athens, 2009

Judith Rauhofer 'You never talk alone: surveillance of online communications' presented at BILETA Annual Conference, Winchester, 2009

Judith Rauhofer 'Privacy is dead - get over it: Art. 8 and the dream of a risk-free society' presented at SLSA Annual Conference (2008), University of Manchester, 2008

Judith Rauhofer 'Privacy and the right to informational self-determination' presented at Joint Annual Meetings of the Law and Society Association and Canadian Law and Society Association, Montreal, 2008

Judith Rauhofer 'Is all gossip created equal? Privacy, reputation and harmful speech on the internet' presented at Knowledge Rights - Legal, Societal and Related Technological Aspects (Know Right08), Jagiellonian University, Kraków, Poland, 2008

Judith Rauhofer 'Invited member of a panel on data retention organised by the All Party Parliamentary Communications Group (apcomms)' presented at 2008 Parliament and Internet Conference, London, 2008

Judith Rauhofer 'Blowing the whistle on Sarbanes-Oxley: Anonymous hotlines and the historical stigma of denunciation in modern Germany' presented at IRIS, Salzburg, 2007

Judith Rauhofer ''Just because you're paranoid, doesn't mean they're not after you: legislative developments in relation to the retention of communications data' presented at SLSA, University of Liverpool, 2005

Judith Rauhofer ''Just because you're paranoid, doesn't mean they're not after you: legislative developments in relation to the retention of communications data' presented at 20th BILETA conference, Belfast 2005, Belfast, 2005

Judith Rauhofer 'History does not matter to them: the EU and data retention issues' presented at KnowRight Conference 2006 - Knowledge Rights - Legal, Societal and Related Technological Aspects, University of Vienna, 2005