Data Protection and Data Sovereignty

Informed and self-determined in the digital world

Since 2009 already, we have been working on how to enable people and companies to have sovereignty over their data. To this end, we are researching methods and tools to inform users appropriately about the processing of their data (transparency) and to give them possibilities to exert influence (self-determination). In the case of personal data, there are major overlaps with data protection, which we take into account and use for our own benefit.

Specifically, our methods and technologies support you in

  • designing data protection and data sovereignty measures in a user-centered way,
  • technically controlling the usage of data, for example based on corporate policies or user settings, and
  • classifying information easily and reliably in Microsoft Office.

Designing measures in a user-centered way

It is increasingly challenging to present complex processes, data flows, and protective measures for users in an understandable and traceable way. It is also important to make users aware of the consequences of their consents and data protection settings – without unduly influencing them.

We therefore rely on a strongly user-centered approach and the application of principles from the research field “Usable Security & Privacy”. Users are very heterogeneous in terms of their needs and capabilities. During implementation, we also take these factors into account, in addition to some fundamental conditions and best practices.

This is the only way to ultimately implement target-group-oriented measures for achieving transparency (e.g., through user-friendly data protection declarations, uniform image icons, and traceability of data flows) and self-determination (e.g., through end-to-end consent management and user-friendly settings).

We support you with:

  • General or use-case-specific documents and training in the area of “Usable Security and Privacy”,
  • Mediation of tensions between the disciplines of usability / UX and security / privacy, and
  • Support in the user-friendly design of measures, such as privacy cockpits, data protection declarations, or privacy settings.

Controlling the use of data by technical means

Especially in modern, highly networked (eco)systems, it is becoming increasingly challenging to track and control how data is used by the parties involved. With our “MYDATA Control Technologies” (MYDATA for short), we have been offering a technical solution since 2018.

MYDATA allows fine-grained masking and filtering of data flows, for example to anonymize them. Compared to traditional access control, MYDATA also enables context- and situation-based restrictions as well as restrictions on the intended use. The ability to flexibly adapt data usage policies at any time ensures high maintainability and avoids unnecessary complexity in technical integration. 


To the blog post: MYDATA Control Technologies [in German]

Classifying information easily and reliably

Correct classification of information (e.g., as confidential, internal, or public) is a prerequisite for technical or organizational measures to work effectively. Our add-ins for Microsoft Office support you in completely and correctly classifying your documents. This not only promotes compliance, but also helps to avoid data loss due to unintentional release of confidential documents.

The MYDATA Office add-ins provide:

  • Information classification of Microsoft Word, Excel, and PowerPoint files
  • Protection when sending documents via Microsoft Outlook

MY DATA Control Technologies Office Add-ins

Reference projects in the area of Data Protection and Data Sovereignty

Industry: Software


Fraunhofer IESE and its project partners developed a practice-oriented and legally compliant approach for technology-supported employee data privacy.

Success Story

Deutsche Telekom AG

Deutsche Telekom is using Fraunhofer IESE’s MYDATA Control Technologies for data usage control of their Data Intelligence Hub (DIH).

Industry: Automotive & Mobility


Fraunhofer IESE is working together with other Fraunhofer Institutes to develop solutions for the sovereign and thus self-determined exchange of data across company boundaries.