Post-Doctoral Research Visit F/M Detecting Privacy Violations and/or Dark Patterns in Web/mobile/IoT applications
Inria
Sophia Antipolis, 06560
Post-Doctoral Research Visit F/M Detecting Privacy Violations and/or Dark Patterns in Web/mobile/IoT applications
Le descriptif de l’offre ci-dessous est en Anglais
Type de contrat : CDD
Contrat renouvelable : Oui
Niveau de diplôme exigé : Thèse ou équivalent
Fonction : Post-Doctorant
A propos du centre ou de la direction fonctionnelle
The Inria Grenoble research center groups together almost 600 people in 23 research teams and 7 research support departments.
Staff is present on three campuses in Grenoble, in close collaboration with other research and higher education institutions (University Grenoble Alpes, CNRS, CEA, INRAE, …), but also with key economic players in the area.
Inria Grenoble is active in the fields of high-performance computing, verification and embedded systems, modeling of the environment at multiple levels, and data science and artificial intelligence. The center is a top-level scientific institute with an extensive network of international collaborations in Europe and the rest of the world.
*Position located on the sophia antipolis site
Contexte et atouts du poste
This position is funded directly by Inria within the project DATA4US and will be hosted in the Privatics team at Sophia Antipolis and led by Nataliia Bielova.
The Privatics team is an Inria research group based in Grenoble, Lyon and Sophia Antipolis. Privatics follows a multidisciplinary approach in considering the scientific and technical issues, but also economic, legal and social aspects of privacy. The team has expertise in the identification of privacy issues, anonymization techniques and sanitization database and design of Privacy Enhancing Technologies (PETs). Privatics has a long history of contributing to Standards Developing Organisations (IETF and IEEE), to the public consultations of the European Data Protection Board (EDPB) and EU authorities (such as Data Protection and Consumer Protection) and has a strategic partnership with the French Data Protection Authority (CNIL).
Mission confiée
The main responsibility of the postdoctoral researcher will be to lead and contribute to the research projects focusing on the detection of privacy violations and/or dark patterns and identifying potential violations of Data Protection and Consumer laws in a collaboration with the law scholar Cristiana Santos (Assist.Prof. at Utrecht University, NL) and/or design/HCI scholar Colin M. Gray (Assoc.Prof. at Indiana University Bloomington). The postdoctoral researcher, if interested, can also make short-term research visits to the existign and new collaborators within the research agenda.
The candidate should be motivated to publish the research results at relevant top-tier conferences (such as USENIX Security, IEEE Security and Privacy, Privacy Enhancing Technologies Symposium (PoPETs), The Web Conference, Internet Measurement Conference, and ACM Conference on Human Factors in Computing Systems (CHI), …). Additionally, an ideal candidate will be interested in transdisciplinary collaborations and contributing to conference and journal publications in other fields.
Principales activités
Current topics of interest include:
- Analysis and operalisation of GDPR concepts in concrete digital systems (on the Web [4], mobile but also, if interested, in IoT and augmented/virtual reality). Such concepts may include: consent [1], transparency [3], data subject acess requests [2].
- Legal and/or technical analysis of the requirements [5] set by the upcoming EU Digital Service Act (DSA) and the Digital Market Act (DMA) in the context of concrete digital contexts (social networks, general purpose websites, gaming services etc.) and on concrete devices (Web, mobile, IoT, etc.)
- Building upon the dark patterns ontology [6] and expanding it to new contexts, practices and applicable legal regimes.
Within each of those thematic areas, we are open to a variety of methodological approaches, including:
- Large-scale Web and mobile measurements to detect potential violations with the legal requirements [1,4] (GDPR, DSA, DMA).
- Qualitative analysis of digital systems to identify misalaignments between legal requirements and practice [8], identify new dark patterns instances or new types of privacy invasion.
- Crowdsourcing and quantitative user studies [7].
The postdoctoral researcher will have an opportunity to engage in other relevant activities if so desired in preparation for future professional roles (mentorship of students, teaching, application for competitive awards and other recognitions).
References
[1] Do Cookie Banners Respect my Choice? Measuring Legal Compliance of Banners from IAB Europe’s Transparency and Consent Framework Célestin Matte, Nataliia Bielova, Cristiana Santos. IEEE Symposium on Security and Privacy (IEEE S&P 2020).
[2] Security Analysis of Subject Access Request Procedures. Coline Boniface, Imane Fouad, Nataliia Bielova, Cédric Lauradoux, and Cristiana Santos. Annual Privacy Forum (APF 2019).
[3] On Compliance of Cookie Purposes with the Purpose Specification Principle Imane Fouad, Cristiana Santos, Feras Al Kassar, Nataliia Bielova and Stefano Calzavara. International Workshop on Privacy Engineering (IWPE 2020)
[4] My Cookie is a phoenix: detection, measurement, and lawfulness of cookie respawning with browser fingerprinting Imane Fouad, Cristiana Santos, Arnaud Legout, Nataliia Bielova. Privacy Enhancing Technologies Symposium (PoPETS 2022).
[5] Are cookie banners indeed compliant with the law? Deciphering EU legal requirements on consent and technical means to verify compliance of cookie banners. Cristiana Santos, Nataliia Bielova and Célestin Matte. International Journal on Technology and Regulation (TechReg), 2020.
[6] Towards a Preliminary Ontology of Dark Patterns Knowledge Colin M. Gray, Cristiana Santos, Nataliia Bielova. ACM CHI Conference on Human Factors in Computing Systems (ACM CHI 2023)
[7] The Effect of Design Patterns on (Present and Future) Cookie Consent Decisions. Nataliia Bielova, Laura Litvine, Anysia Nguyen, Mariam Chammat, Vincent Toubiana and Estelle Harry. USENIX Security Symposium (Sec), 2024. Accepted for publication.
[8] Two worlds apart! Closing the gap between regulating EU consent and user studies. Nataliia Bielova, Cristiana Santos, Colin M. Gray. To be published in Volume 37 of the Harvard Journal of Law & Technology (JOLT).
Compétences
Required:
- PhD (or close to completion) in Computer Science, Information Science, or a related field. PhD in Data Protection or Consumer Protection law may also be eligible if the candidate is interested in transdisciplinary collaboration with Computer Scientists.
- Strong publication record in top-tier international conferences.
- Experience in at least one of:
* Large-scale Web and/or mobile and/or IoT measurements,
* Data science,
* Designing, conducting and analyzing results of quantitative user studies; crowdsourcing. - Strong communication skills, including the ability to respectfully engage in discussions with people of different backgrounds.
- Proficiency in written and spoken English (French is not required).
- Self-motivation, attention to detail, and a drive to produce high-quality work.
Desired:
- Interest in research literature from outside of Computer Science and in transdisciplinary collaborations.
Avantages
- Subsidized meals
- Partial reimbursement of public transport costs
- Leave: 7 weeks of annual leave + 10 extra days off due to RTT (statutory reduction in working hours) + possibility of exceptional leave (sick children, moving home, etc.)
- Possibility of teleworking (90 days / year) and flexible organization of working hours
- Professional equipment available (videoconferencing, loan of computer equipment, etc.)
- Social, cultural and sports events and activities
- Access to vocational training
- Social security coverage under conditions
Rémunération
2788€ gross salary / month