PhD Candidate: Computer Security and Privacy: Online Privacy and Digital Rights

JOB DESCRIPTION

Do you have a creative and critical mind and think that contemporary web services and apps are often flawed and could do better than mainly serve stakeholders in the data economy? Do you believe that the interests of human users need to be considered more fundamentally than just presenting them with annoying consent banners and lengthy privacy policies? Then you have a part to play as a PhD candidate. By identifying risks for human users’ digital rights in online systems and exploring the human factor in mitigating them, you will help us develop new, innovative methods to make ethical and privacy-friendly technology more usable.

Current consumer technology comes with many risks to the digital rights and well-being of its users: Many web services, apps and even operating systems have adopted the business model of being available to end users free of monetary charges, monetising their personal data instead; large Internet companies widely employ manipulative design to keep users’ attention and lock them into their ecosystems; and AI companies mine user-generated content from the internet with disregard for privacy or intellectual property laws. Jurisdictions across the globe try to tackle these challenges through new legislation and platform regulation such as the European Union’s General Data Protection Regulation (GDPR), Digital Services Act (DSA), Digital Markets Act (DMA), and AI Act, or new privacy laws in different US states, but their effects are often limited and enforcement is slow.

In the case of privacy laws, the most visible impact is an increase in the prevalence and complexity of privacy policies or cookie consent notices that give the illusion of control but are often not properly implemented and overwhelm users with legal text they are unlikely to read, let alone understand its implications. Instead, more fundamental approaches are required and users’ privacy and other digital rights need to be built into systems from the very beginning of the application lifecycle instead of letting users agree to a privacy notice added just before the service, app or device is rolled out. This is ever more important in the age of AI, in which it is becoming increasingly difficult to predict what inferences might be drawn from one’s personal data in the future.

As a PhD candidate in the area of online privacy and digital rights, you will work towards a future in which technology will consider users’ digital rights holistically throughout the whole application lifecycle. This includes understanding what threats current and emerging technologies pose to users’ rights, how the involved actors are handling these threats, and what could be done to encourage a more holistic consideration of users’ rights. The Digital Security group studies these questions from an empirical perspective, using both technical measurements to identify and measure security and privacy issues at scale and methods from human-computer interaction such as surveys and interviews to understand the human factor behind these observations and find out how the situation could be improved.

The concrete focus of your PhD research will be determined based on your interests. Possible topics include, but are not limited to (i) measurements of privacy issues on websites and in mobile apps and smart devices, often at large scale using automation tools, (ii) analysis of deceptive design in online services and similar practices that can be harmful to users, (iii) analysis of countermeasures against online tracking and strategies for digital self-defence, (iv) surveys and interview studies with end users and developers about their awareness, perception and handling of risks to their digital rights, and (v) the analysis, (multilingual) comparison and improvement of privacy notices such as cookie banners or privacy policies.

You will be supervised by Assistant Professor Christine Utz (https://christineutz.net) to conduct research on your selected topics of interest and publish the results at top-ranked international academic conferences. Beyond academia, your research will have the potential to identify and raise awareness about violations of users’ digital rights by online services and apps, support the development of ethical and human-centred alternatives, as well as inform national and European stakeholders about the effectiveness of past and future regulations related to user privacy and digital rights, and what could be done to address shortcomings.

You will spend about 10% of your time (0.1 FTE) assisting with teaching at our department. This will typically include tutoring practical assignments, grading coursework, and supervising student projects.

REQUIREMENTS

• You hold a Master’s degree in computer science, cybersecurity, or a related field or expect to obtain such a degree soon.
• You have solid programming skills.
• You have a strong interest in online privacy, data protection, digital rights, the human factor in computing, and the ethical and societal implications of technology.
• You are curious about other perspectives and enjoy engaging with researchers from non-technical fields, such as law, psychology, or the social sciences.
• You are proficient in English (Dutch is not required) and have good communication, presentation and writing skills.

CONDITIONS OF EMPLOYMENT

Fixed-term contract: 4 year.

• We will give you a temporary employment contract (1.0 FTE) of 1.5 years, after which your performance will be evaluated. If the evaluation is positive, your contract will be extended by 2.5 years (4-year contract).
• You will receive a starting salary of €2,770 gross per month based on a 38-hour working week, which will increase to €3,539 in the fourth year (salary scale P).
• You will receive an 8% holiday allowance and an 8,3% end-of-year bonus.
• You will be able to use our Dual Career and Family Support Service. The Dual Career Programme assists your partner via support, tools, and resources to improve their chances of independently finding employment in the Netherlands. Our Family Support Service helps you and your partner feel welcome and at home by providing customised assistance in navigating local facilities, schools, and amenities. Also take a look at our support for international staff page to discover all our services for international employees.
• You will receive extra days off. With full-time employment, you can choose between 30 or 41 days of annual leave instead of the statutory 20.

Work and science require good employment practices. This is reflected in Radboud University's primary and secondary employment conditions. You can make arrangements for the best possible work-life balance with flexible working hours, various leave arrangements and working from home. You are also able to compose part of your employment conditions yourself, for example, exchange income for extra leave days and receive a reimbursement for your sports subscription. And of course, we offer a good pension plan. You are given plenty of room and responsibility to develop your talents and realise your ambitions. Therefore, we provide various training and development schemes.

DEPARTMENT

You will join the Digital Security (DiS) group at the Institute for Computing and Information Sciences (iCIS) at Radboud University’s Faculty of Science. The Digital Security group is one of the leading groups in computer security and privacy in the Netherlands and Europe. Tackling the societal challenges of security and privacy requires perspectives from beyond the purely technical realm, so some of our group’s research is carried out as part of iHub, Radboud University's interdisciplinary research hub on digitalisation and society.

Radboud University is located in Nijmegen, a vibrant university city in the east of the Netherlands and the 2018 European Green Capital. The Netherlands are among the highest ranked countries in the world for quality of life.

ADDITIONAL INFORMATION

You can apply only via the button below. Address your letter of application to dr. Christine Utz. In the application form, you will find which documents you need to include with your application.

The first interviews will take place on Tuesday 15 October. Any second interview will take place on Monday 21 October. You will preferably start your employment on 1 January 2025.

We can imagine you're curious about our application procedure. It describes what you can expect during the application procedure and how we handle your personal data and internal and external candidates.