1 of 31

IP4OS�“From Privacy to Reusability Responsible Data for Reproducible and AI-Ready Science”

BITTS

16/04/2026

Katharina Miller

Lead WP3

2 of 31

Who are we?

  • Miller International Knowledge (MIK): Legal boutique since 2009
  • 2 German–Spanish partners: Katharina Miller & Óscar Fernández
  • 7 employees and collaborators: Involved in more than 50 horizon projects, mostly in the role of ethics advisors.
  • Contact person: Katharina Miller, with over 16 years of legal experience in Germany and Spain, she has established herself as a leading figure within the legal community. Katharina is admitted to the bar in both countries (Stuttgart and Madrid) and serves on various supervisory boards, where she advises on complex legal matters. In addition, she plays an important role in legal education and teaches at renowned institutions such as IE Law School. Fields, amongst others: Data Protection.

3 of 31

Who are our clients?

  • Companies (selection)

Public institutions (selection)

  • Private individuals (Spanish and international)

4 of 31

What do we offer?

5 of 31

6 of 31

Our relationship to COS:

  • COS is advisory board member in IP4OS
  • COS is advisory board member in iRISE
  • MIK supports the METASCIENCE Alliance

7 of 31

IP4OS is funded by the European Commission under the Horizon Europe Research and Innovation Programme with project number: 101188026 

8 of 31

IP4OS Overview

  • Name & Topic: IP4OS – “Intellectual Properties for Open Science”
  • Beneficiaries & Partners: 8 European partner institutions across six countries:
    • Germany: CAU Kiel & EURICE
    • Sweden: Karolinska Institutet
    • Spain: Miller International Knowledge SL
    • Netherlands: ASTP IFLA
    • Bulgaria: Pensoft
    • Croatia: University of Zagreb

8

9 of 31

IP4OS Overview

  • Duration & Budget:

Two-year project (January 2025 – December 2026), funded at €2 million

  • Main Objectives:

Promote the “as open as possible, as closed as necessary” principle by integrating agile IP management with Open Science (OS) practices through a “concerted IP‑OS” approach

9

10 of 31

Key Achievements & Deliverables�

  • Synergy Framework: Developed and launched as a best‑practices manual, outlining how to balance IP protection and OS—including examples and recommendations

  • Outreach & Awareness: Increased awareness of IP tools that support OS by +50% among Communities of Practice, via campaigns featuring advocates, media, webinars, and case sharing

  • Capacity Building: Designed and delivered the Synergy Core Curriculum targeting multi‑professional teams across HEIs and RPOs across Europe—training 300 professionals plus 27 multipliers

10

11 of 31

Privacy requirements in European projects

  • Humans
  • Data protection

12 of 31

The tension

Reproducibility vs Privacy

  • Need for access
  • Legal constraints
  • Ethical limits

12

13 of 31

Reality from practice

Our project experience (for example DivAirCity)

  • Sensitive data
  • GDPR constraints
  • Limits of anonymisation

13

14 of 31

Personal Data

🔹 Obvious identifiers

Name and surname

Home or work address

Email address

Phone number

Passport or ID number

🔹 Digital & online identifiers

IP address

Device ID

Cookies

Usernames and social-media handles

🔹 Personal characteristics

Date of birth

Gender

Nationality

Photograph or video image

Voice recording

🔹 Behavioural data

Location history

Search history

Purchase history

Work performance records

Social interactions

15 of 31

Sensitive Personal Data

Some personal data is considered especially sensitive and receives stronger legal protection (under GDPR, special categories of data):

  • Health data
  • Genetic data
  • Biometric data (fingerprints, facial recognition)
  • Racial or ethnic origin
  • Religious or philosophical beliefs
  • Political opinions
  • Trade-union membership
  • Sexual orientation or sex life

Misuse of this data can lead to discrimination or serious harm.

16 of 31

What is not Personal Data?

Information is not personal data if:

  • It is fully anonymous (no possibility of re-identification), or
  • It refers only to legal persons (companies), not individuals�(unless it identifies a person behind the company)

Pseudonymised data (e.g. replacing names with codes) is still personal data if re-identification is possible.

17 of 31

Why Personal Data matters today?

Personal data is used to:

  • Make decisions about people (jobs, credit, insurance)
  • Predict behaviour (AI profiling)
  • Target advertising and content
  • Enable surveillance and social sorting

Governance layer: US and EU

18 of 31

Our Future?

19 of 31

The Challenge for BITSS members

  • Reproducibility requires access < - > Privacy restricts access
    • Design problem, not trade-off

19

20 of 31

FAIR Principles

  • Findable Accessible Interoperable Reusable
    • FAIR-R (AI readiness)

20

21 of 31

The Gap

FAIR ≠ legally reusable

Examples:

  • Personal data
  • No legal basis
  • Restricted reuse

21

22 of 31

FAIR-R²L Rubric for datasets

  • License clarity
  • AI suitability
  • Restrictions
  • The FAIR-R²L Rubric, part of the IP4OS Toolbox and developed by Miller International Knowledge, is an expansion of the FAIR principles, the FAIR-R concept (referring to AI-Readiness of data) and adds a further crucial dimension: datasets must also be Responsibly Licensed, ethically sound, in line with the PID strategy, sustainable and legally ready for reuse in AI and machine learning workflows (source).
  • Using the FAIR-R²L Rubric researchers, institutions, and policymakers ensure not only the technical openness of datasets (being Findable, Accessible, Interoperable, and Reusable), but also their responsible licensing for reuse. By evaluating real datasets, they can identify technical and legal gaps that constrain responsible reuse, thereby contributing to improved readiness for Open Science and AI-enabled research.

22

23 of 31

Extend with GDPR

Add:

  • Lawful basis
  • Re-identification risk
  • Purpose limitation

23

24 of 31

New Concept

  • Responsible Reusability
  • FAIR + Legal + Ethical

24

25 of 31

Privacy by Design

From DivAirCity

  • built-in protection
  • lifecycle approach

25

26 of 31

New Idea

  • Reproducibility-by-Design
  • Design data for reuse from the start

26

27 of 31

Governance Layer (IP4OS)

  • Licensing
  • Data-sharing agreements
  • Access control

27

28 of 31

Controlled Openness

  • Not open vs closed → governed access

28

29 of 31

Framework

Responsible Data Lifecycle

  • Plan
  • Generate
  • Process
  • Share
  • Reuse

Example: DivAirCity

29

    • Statistics and data integrity
    • Falsification
    • Representation and interpretation
    • Data usage
    • Data ownership and access
    • Data stroage and protection
    • Sources of data
    • Generating data
    • Human subjects
    • Understanding Data and Research
    • The life cycle of data management

Planning

Generating

Processing

Using, sharing, and preserving

Source: DivAirCity

30 of 31

Your contact

  • Katharina Miller, LL.M. (Luxembourg)
  • Rechtsanwältin & Abogada
  • Partner

  • Phone:

ES: +34 91 828 88 00

DE: +49 7171 920 99 00

  • Email: miller@miller.international

31 of 31

Katharina Miller�Lead WP3 �Miller International Knowledge (MIK)

THANK YOU

project@ip4os.eu

ip4os.eu

This project receives funding from the European Union’s Horizon Europe research and innovation programme under grant agreement No 101188026. �Views and opinions expressed are those of the author(s) only and do not necessarily reflect those of the European Union or the European Research Executive Agency (REA). Neither the EU nor the European Research Executive Agency (REA) can be held responsible for them.