PhD Candidate: Legal Cybersecurity and Privacy Obligations for the Internet of Things (0.8 - 1.0 FTE)
PhD Candidate: Legal Cybersecurity and Privacy Obligations for the Internet of Things
Employment: 0.8 - 1.0 FTE
Gross monthly salary: € 2,434 - € 3,111
Faculty of Science
Required background: Research University Degree
Application deadline: 17 January 2022
We are looking for a PhD candidate in law. The project concerns legal cybersecurity and privacy obligations in relation to IoT devices. The Internet of Things (IoT) consists of many devices that are connected to each other and the internet. The IoT surrounds us with a network of smart, interconnected devices and services capable of sensing or even listening to requests or needs, and acting on them.
While the IoT has important and useful functions, it also presents serious cybersecurity and privacy risks. These risks are amplified due to various characteristics of IoT devices. For example, the software of these devices is often only supported for a limited time. This can lead to insecure devices that are not updated but still used. Furthermore, cybersecurity and privacy can depend on many different actors such as the developers of the hardware and software of the IoT device and other connected devices, the controllers of personal data, and the users themselves. In addition, several types of market failures are at play. For instance, the manufacturers and users of IoT devices are often best able to secure the devices, while they lack incentives to do so.
The European Union has adopted and proposed many legal rules in relation to cybersecurity and privacy. Nevertheless, problems remain, especially in the IoT context. For example, the EU rules do not provide clear rules on the distribution of responsibility when cybersecurity and privacy depend on multiple parties. Furthermore, the current legal framework is fragmented and inconsistent. It contains many obligations, but they are limited to specific situations, risks and actors. For these reasons, legal cybersecurity and privacy obligations may not always be effective.
The aim of this project is to analyse and critically evaluate the current legal framework in relation to cybersecurity and privacy obligations for the internet of things, and to provide recommendations for future rules. The exact research question will be formulated in collaboration with the supervisors. It is also possible to formulate a more specific question related to this broader topic. Your teaching load may be up to 10% of your appointment.
You will be supervised by Prof. Bart Jacobs, Dr Pieter Wolters, and Prof. Frederik Zuiderveen Borgesius.
You hold a Master's degree in law.
You have a demonstrable interest in law and information technology.
You have an excellent command of written and spoken English.
You have a good understanding of cybersecurity and privacy, preferably demonstrated by work experience, publications, or a Master's thesis.
As a PhD candidate, you will be affiliated with the iHub, Radboud's interdisciplinary research hub on digitalisation and society. iHub brings together a diverse range of academics from across the humanities, social sciences, engineering, law, and natural sciences to tackle urgent questions raised by the increased digitalisation and datafication of science and society. Digital technologies shape more and more aspects of our lives, from how we work and communicate, to how we live together in cities, participate in politics, promote health and fight disease. As digitalisation expands to all sectors of society, governance of science and technology becomes increasingly complex, and balancing benefits and risks while negotiating competing interests becomes paramount. iHub's mission is to better understand the effects of digitalisation on our society and to help steer digital transformations in ways where public values are central.
You will also be affiliated with the Digital Security Group of the Institute for Computing and Information Sciences (iCIS). As one of the three research groups at iCIS, the Digital Security group conducts research in a wide range of topics in the overlapping fields of cybersecurity, cryptography and privacy. The research topics at iCIS include: the design and secure implementation of cryptography, side-channel analysis, software security, mobile network security, online tracking, privacy design patterns, the legal aspects of privacy, and user- and privacy-friendly solutions for identity management and data management.
You will also be in close contact with the Faculty of Law, which has a long-standing reputation for quality in research, teaching and organisation.
This PhD position has been created within the context of the INTERSCT Project, 'towards an Internet of secure things'. INTERSCT is a virtual research institute that brings together research on cybersecurity for the Internet-of-Things (IoT) launched by the INTERSCT project, the largest cybersecurity project the Dutch Research Council (NWO) has ever funded. INTERSCT is a public-private partnership of more than 40 partners from academia, industry, government and civil society.
We want to get the best out of science, others and ourselves. Why? Because this is what the world around us desperately needs. Leading research and education make an indispensable contribution to a healthy, free world with equal opportunities for all. This is what unites the more than 24,000 students and 5,600 employees at Radboud University. And this requires even more talent, collaboration and lifelong learning. You have a part to play!
Employment for 0.8 (5 year contract) - 1.0 (4 year contract) FTE.
The gross starting salary amounts to €2,434 per month based on a 38-hour working week, and will increase to €3,111 from the fourth year onwards (salary scale P).
You will receive 8% holiday allowance and 8.3% end-of-year bonus.
You will be appointed for an initial period of 18 months, after which your performance will be evaluated. If the evaluation is positive, the contract will be extended by 2.5 years (4 year contract) or 3.5 years (5 year contract).
You will be able to use our Dual Career and Family Care Services. Our Dual Career and Family Care Officer can assist you with family-related support, help your partner or spouse prepare for the local labour market, provide customized support in their search for employment and help your family settle in Nijmegen.
Working for us means getting extra days off. In case of full-time employment, you can choose between 29 or 41 days of annual leave instead of the legally allotted 20.
Additional employment conditions
Work and science require good employment practices. This is reflected in Radboud University's primary and secondary employment conditions. You can make arrangements for the best possible work-life balance with flexible working hours, various leave arrangements and working from home. You are also able to compose part of your employment conditions yourself, for example, exchange income for extra leave days and receive a reimbursement for your sports subscription. And of course, we offer a good pension plan. You are given plenty of room and responsibility to develop your talents and realise your ambitions. Therefore, we provide various training and development schemes.
Would you like more information?
For questions about the position, please contact Pieter Wolters, Associate Professor at email@example.com. Alternatively, you can contact Frederik Zuiderveen Borgesius, Professor ICT & Law at firstname.lastname@example.org.
Practical information and applications
You can apply until 17 January 2022, exclusively using the button below. Kindly address your application to Pieter Wolters. Please fill in the application form and attach the following documents:
A motivation letter (maximum 1 page).
Your CV (maximum 4 pages) including the names and contact details of two references.
A list of courses taken and grades obtained.
A research pitch in which you lay out some initial ideas for this project (maximum of 350 words).
The first round of interviews will take place during the fourth week of January. You would preferably begin employment on 1 March.
We can imagine you're curious about our application procedure. It offers a rough outline of what you can expect during the application process, how we handle your personal data and how we deal with internal and external candidates.
We drafted this vacancy to find and hire our new colleague ourselves. Recruitment agencies are kindly requested to refrain from responding.