Data Protection and Privacy: (In)visibilities and Infrastructures

Volume 36 of the series Law, Governance and Technology Series pp 241-269


On the Road to Privacy- and Data Protection-Friendly Security Technologies in the Workplace – A Case-Study of the MUSES Risk and Trust Analysis Engine

  • Yung Shin Van Der SypeAffiliated withCentre for IT & IP Law, KU Leuven Email author 
  • , Jonathan GuislainAffiliated withISS CUI, Medi@Law, G3S, University of Geneva
  • , Jean-Marc SeigneurAffiliated withISS CUI, Medi@Law, G3S, University of Geneva
  • , Xavier TitiAffiliated withISS CUI, Medi@Law, G3S, University of Geneva

* Final gross prices may vary according to local VAT.

Get Access


It seems generally accepted that the major threat for company security occurs from within the organisation itself. Given the potential threats for the value attached to information resources, companies are increasing their efforts to counteract these risks, introduced by employees. Many company security technologies are strongly focused on analysing employee behaviour. An example of such a monitoring tool is MUSES (Multiplatform Usable Endpoint Security). MUSES is a user-centric security system that aims to enhance company security by reducing security risks introduced by user behaviour. However, even though the monitoring of employees may be beneficial to secure company data assets, the monitoring of employees is restricted by privacy and data protection regulation. In this paper, we use one MUSES component, namely the Real-Time Risk and Trust Analysis Engine (MUSES RT2AE), as a use case to study in which way privacy and data protection legislation limits the monitoring of employees through company security technologies.