The research project of Claudia Quelle concerns the risk-based approach in the General Data Protection Regulation. She is particularly interested in the relation between the risk-based approach and the objective of the GDPR to protect the fundamental rights of natural persons. Her main thesis is that the risk-based approach gives rise to a new paradigm of fundamental rights in the field of data protection. The risk-based approach entails, in short, that controllers are accorded the responsibility to calibrate their legal obligations under the GDPR. It is a meta-regulatory take on the prevention of risks to the rights and freedoms of individuals. This approach could be justifiable on the basis that controllers should bear responsibility for the protection of individuals. It is, however, at odds with the facets of data protection law which focus on the control of the data subject over the processing operations which pertain to her.
Personal website: https://www.tilburguniversity.edu/webwijs/show/c.quelle/
Publications
Enhancing compliance under the general data protection regulation: The risky upshot of the accountability- and risk-based approachQuelle, C., 2018, In : European Journal of Risk Regulation. 9, 3, p. 502-526 25 p.
Review of the book Information sovereignty: Data privacy, sovereign powers and the rule of law, R. Polčák and D. J. B. Svantesson, 2017Quelle, C., 2018, In : European Data Protection Law Review. 4, 2
C Quelle, ?The ?risk revolution? in EU data protection law: We can?t have our cake and eat it, too? in R Leenes, R van Brakel, S Gutwirth and P De Hert (eds), Data Protection and Privacy: The Age of Intelligent Machines (Hart Publishing, forthcoming). Available at SSRN: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3000382
C. Quelle, Not Just User Control in the General Data Protection Regulation in A. Lehmann et al (eds), Privacy and Identity Management Facing up to Next Steps, IFIP AICT 498 (2017). Available at SSRN: https://ssrn.com/abstract=2925410
C. Quelle, The Data Protection Impact Assessment, or: How the General Data Protection Regulation May Still Come to Foster Ethically Responsible Data Processing (PI.lab, November 25, 2015). Available at http://pilab.nl/about%20pi%20lab/blog/data%20protection%20impact%20assessement.html and https://ssrn.com/abstract=2695398
C. Quelle, The data protection impact assessment: what can it contribute to data protection? (LLM thesis, Tilburg University 2015) http://arno.uvt.nl
Presentations
TILTing perspectives 2017, 'Privacy, proceduralism and self-regulation in data protection law'
Computers, Privacy & Data Protection 2017, 'The risk-based approach in the General Data Protection Regulation. A risky turn for data protection?'
IFIP Summer School 2016 (Privacy and Identity Management - Facing up to Next Steps), 'Not just user control in the General Data Protection Regulation. On controller responsibility and how to evaluate its suitability to achieve fundamental rights protection'
ECPR Standing Group on Regulatory Governance, Sixth Biennial Conference (RegGov 2016), 'The risk-based approach to data protection. Keeping abreast of technological change through delegated risk management?'
Edinburgh Postgraduate Law Conference 2016, 'The risk-based approach to data protection & fundamental rights'
Other
Best Student Paper Award IFIP Summer School for the paper "Not just user control in the General Data Protection Regulation".
Master's thesis award Hans Frankenprijs 2016 for the thesis 'The Data Protection Impact Assessment. What can it contribute to data protection?'.
Honourable mention master's thesis award Internet Scriptieprijzen 2015 - Internet & Recht for the thesis 'The Data Protection Impact Assessment. What can it contribute to data protection?'.