Seminar/Thesis: Automated Permission Preference Manager

ID 119116513 © Melpomenem |
ID 119116513 © Melpomenem |


Privacy and functionality are usually considered at odds with each other. As data privacy practices are enforced, data becomes a scarce resource. In order to balance the protection of user privacy with functional services, the European Union enforced the general data protection regulation ([2]). Inspired by legal principles, GDPR is the framework where users, controllers and data processors rights and responsibilities are specified.

Out of the six mechanisms that the GDPR establishes to allow data controllers to capture subject’s data, consent is the simplest to implement [1]. As a result, applications have often opted for asking consent as means to make the user aware of their needs for processing data. However, consent is the weakest mechanism to justify gathering and processing of user data, since consent can be removed at any time and the user’s data has to be erased.

As mobile and web-based applications request consent, the burden is on the user to assess and mitigate security risks and enforce privacy preference [3]. As the number of applications users interact with increases, the problem becomes intractable, especially when considering users with cognitive impairments, or with no technology familiarity. The problem becomes critical in the digital health realm when applications are suggested/imposed on users by third parties. For example, physicians and insurance companies suggest elderly citizens to use nutrition tracking applications.


How can we create a representation of user privacy preferences that can be used to automate the navigation and data exchange negotiation of Digital Health services?

Learning Objectives

  • Gain an overview of full-stack development for medical health applications
  • Explore and understand the social and technical challenges and implications of automated permission preference manager
  • Apply machine learning models to permission preference

Course Data

Project typeSeminar/Thesis
PeriodWinter Semester 2021/22
Presence timeVirtual seminar, working from remote
Useful knowledgePython, data analytics, Android programming
Work distribution30% development, 20% experimentation, 30% data analysis and evaluation, 10% consultation, 10% reporting
Med. Eng. designationAdvanced Context Recognition (ACR)
StudOn linkComing soon
First meetingComing soon
RegistrationVia StudOn, obligatory after introduction.


Cesare Bartolini, Antonello Calabró, Eda Marchetti, "GDPR and business processes: an effective solution", Proceedings of the 2nd International Conference on Applications of Intelligent Systems, Association for Computing Machinery, January 7, 2019.

Additional up-to-date literature recommendations are provided during the meeting sessions.


  • Final project presentation, demonstrator and final report.


Dr. Luis I. Lopera G.

  • Job title: Researcher
  • Address:
    Henkestraße 91, Haus 7, 1. OG
    91052 Erlangen
  • Phone number: +49 9131 85-23605
  • Email:
Friedrich-Alexander-Universität Erlangen-Nürnberg