The Fourth Interdisciplinary Summerschool on Privacy (ISP 2019)

The interdisciplinary summerschool on privacy provides an intensive one week academic post-graduate programme teaching privacy from a technical, legal and social perspective. The goal of the summerschool is to provide students with a solid background in the theory of privacy construction, modelling and protection from these three different perspectives. It also aims to help them to establish a first international network with peers and senior academics across these disparate disciplines.

Theme: Dark Patterns

According to Gray et al. dark patterns started as a practitioner led initiative uncovering features of interface design crafted to trick users into doing things they may not want to do, but which benefit the business in question. More formally, the authors define it as instances in which designers use their knowledge of human behavior (e.g., psychology), and the desires of end users to implement deceptive functionality that is not in the user's best interest.

At this summer school, we want to focus on dark patterns that impact users' privacy or their ability to practice their data protection rights. Dark patterns raise crucial questions regarding compliance with European data protection legislation and ethical technology deployment. In January 2019 the French Data Protection Authority (CNIL) imposed a fine of 50 million Euros on Google "in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, inadequate information and lack of valid consent regarding the ads personalization", according to the CNIL. This sky-high fine illustrates the importance paid by regulators to combating dark patterns. Also consumer organisations, like the Norwegian Consumer Council, have reported on how users are ‘deceived by design’ by tech companies, discouraging people to exercise their rights to privacy. In this summerschool we also propose to look beyond the interface, and ask, where do dark patterns emerge in the production of internet-based services, in the organizing of software and hardware infrastructures, in the elaboration and interpretation of laws, in the push for certain economic models, and conceptions of data, systems, users, and the social. How do we come to recognize, uncover, resist and prevent dark patterns in these different socio-technical contexts?

Dark patterns as a concept is a not easy to pin down, since manipulation of environment and behavior can be seen as a part of any design intervention. Yet, the rise of the concept is indicative that there are a considerable set of practices that are identified under the label of dark patterns. In this context, at the summer school, we will discuss study dark matters and ask whether intentions matter, or outcomes can also serve as a way to identify whether a practice may qualify as a dark pattern in the context of privacy and data protection. Being able to think collectively about this hard question will provide us with tools, methods and arguments to address the continuum between poor design or decisions, lack of resources, incompetence, recklessness, optimization, externalization of costs, and intentional patterns that lead to manipulation, deception or unwarranted levels of persuasion. We will explore together where we can productively draw the line when it comes to patterns that harm vs. patterns that just do, and how technical, social, ethical, legal and economic practices may be reimagined to address these practices.

See this page for additional resources on Dark Patterns.


The summer school is interdisciplinary, involving the following disciplines: computer science, law and social sciences / media and communication studies.

The school lasts one week, with nine scheduled lectures (five morning lectures and four afternoon lectures) of two hours each. These nine lectures are equally distributed over the three disciplines, with top-notch lectures from each of the disciplines. The lectures will lay the grounds for an interdisciplinary conversation among students and lecturers coming from a variety of backgrounds.

The remaining time is used for hands on working group sessions to study practical cases. The cases will be offered by businesses, governments, government related institutions (like DPAs) and civil society/NGOs. Groups of six students, ideally two from each discipline, are formed to tackle the cases and report back on their results in a plenary session.

The school is held in a location that encourages dialogue and social interactions between both the staff and the students, both during lectures and in the evening. Staff (i.e. lecturers) are encouraged to stay at the summer school for the whole length of the school. The summer school is foremost aimed at PhD students from computer science, law and social sciences.


Participants of the summerschool are awarded two ECTS (study credits) and receive a certificate of attendance issued by the Radboud University attesting this.


For further information please contact us by email at

Follow us on Twitter.


  • Jaap-Henk Hoepman (Radboud University / Privacy & Identity Lab)

Steering Committee

  • Seda Gürses (TU Delft / KU Leuven )
  • Claudia Diaz (imec / KU Leuven)
  • Eleni Kosta (TILT-Tilburg University / Privacy & Identity Lab)
  • Jo Pierson (imec / Vrije Universiteit Brussel)
  • Thorsten Strufe (TU Dresden)

ISP 2019 is sponsored by