The doctoral student wants to monitor how the sites comply with the GDPR automatically

Author: Martina Fojtů for em.muni.cz

Karel Kubíček, a graduate of Masaryk University, is involved in automating regulations concerning handling personal data at the famous Swiss ETH technology. When you're browsing websites, you probably don't think much about whether it's safe or not and with whom your computer exchanges information. The fact that you don't have to consider every step of the way is due to the experts who do it for you. One of them is a graduate of the Faculty of Informatics, MU Karel Kubíček. As a doctoral student at the ETH in Zurich, he is now devising a system that would automatically check if websites are not working in violation of GDPR (General Data Protection Regulation). If so, he would report them immediately.

When the new EU regulation on handling personal data, known as GDPR, entered into force two years ago, it was a big exclamation point for many internet service providers. Everyone had to rethink how they worked with information from users, and not everyone immediately knew what needed to be done.

"I remember myself when they asked me about this topic at the degree examination at the time; I failed to answer that question. Now it's my research," laughs Karel Kubíček. Today, he is a graduate of the Faculty of Informatics at MU and a doctoral student at the well-known Swiss Federal University of Technology in Zurich, abbreviated ETH.

Theory and practical testing

In Switzerland today, he connects everything he has ever learned at Masaryk University. He focused on two directions from the bachelor's degree: he enjoyed theoretical computer science and algorithms, which he taught himself, but soon after, he started working in research, which practically dealt with cybersecurity.

In Zurich, he got into a group that at first quite surprised him with the amount of theoretical research. In the end, however, it turned out that it was his personal setting that would suit the group, and he could test things that the group invented. Kubíček deals with the protection of the privacy of web services users. The GDPR has set much stricter rules on how service providers can work with user data. The principle of the regulation is to minimize the stored data and declare the purpose for which the services need it.

"One part of my research is about how I can check if data is really being used only for the purpose declared in the privacy policy. I test it directly on web applications, while I look at data from the user's point of view and from the point of view of the service provider," Kubíček explains.

It is clear why might be the user view beneficial. However, the service provider's view is also useful because researchers would like to help them as well. If they are groping in their work, they will learn to handle data correctly, thanks to the results of their work.

"It is reminiscent of the work of the city police, and we also work with lawyers. We would like to create a tool that would defend the rights of users and automatically report to the authorities when a service acts illegally," says Kubíček, who is most motivated by his current work to touch the daily lives of people he can help.

He tried 20 applications before the ETH came out

But before he got to his current position, it took strong nerves. The ETH admission report was preceded by months of uncertainty.

Kubíček, otherwise a native of Brno, decided that he would like to work abroad after a study stay in Norway, where he studied at the beginning of his master's degree. After graduating, he sent out about 20 applications to various universities in October 2017. However, he did not receive the news that he had been enrolled at Zurich until July 2018. "They first admitted me to two schools. My personal situation at the time ruined the first one. I refused the second one because the local project didn't work well for me, and then I just waited for four months to see how it would turn out with the others," he says.

Not that his life at the time bothered him - he worked part-time and had time for his favourite mountains and travelling. Uncertainty didn't work for him, in any case. "When the decision came to me, of course, I was happy to go to ETH because it's a great university. But I was also very happy to feel that I was clear about what would happen next months."

He joined Zurich two years ago and, in addition to the multicultural environment of an international school, still enjoys the Swiss mountains and nature. Other career opportunities may appear in front of his eyes. The world-famous Google also has a security research group in Zurich.