Design Sprint

Design Sprint 2020

“Privacy by Design: Tackling the Wicked”

By definition, there is no simple solution for “wicked problems” – and certainly not within a single scientific discipline. Effective data protection often proves to be a “wicked problem” in everyday life. So, how could you tackle this problem?

Take law students, add a selection of designers and provide them with interdisciplinary input for a day. Then, unite the participants into outstandingly creative privacy-by-design teams and let them work under high pressure on creative solutions for just under two days.
This was our recipe for the ‘Design Sprint 2020’, which took place at the University of Graz from 8 to 10 October. It was organised by Professor Eisenberger’s department (Institute for Public Law and Political Science) in cooperation with Dr. Stefanie Egger (FH Joanneum) and DI (FH) Christian Lepenik.


Thursday – Input, Input, Input

After opening words by Professor Iris Eisenberger and organiser Annemarie Hofer (from Eisenberger’s department), the Design Sprint started with interdisciplinary presentations for the participants. Concepts and self-perceptions had to be reflected on and explained, since lawyers and designers very rarely speak the same language.

First, Professor Iris Eisenberger gave an overview of the system of fundamental rights in Austria. Magdalena Nemeth  (from Eisenberger’s department) then confronted the design sprinters with a presentation on fundamental rights violations through so-called “nudging“. Stefanie Egger presented about the different effects that design can have on our behaviour, and Andreas Rohner (Knyrim.Trieb Rechtsanwälte) provided insights into the practice of data protection law.

These talks were based on the introductory lecture on the fundamentals of data protection by Assoz.-Prof. Christian Bergauer, provided online prior to the Design Sprint.

Friday – Breaks are for the weak!

After the three teams of law students and designers had formed on Thursday afternoon, they set out on Friday to find solutions for problems related to data protection. As usual with sprint formats, a lot of tinkering went on and many ideas were tried out, discarded, taken up again, reformulated and finally brought into the form of a mock-up or demo version. It was with reluctance that the hardworking teams finally left the seminar room in the evening.


Saturday – We proudly present!

On Saturday morning the participants were already waiting eagerly to be admitted into the lecture hall. First, they had the opportunity to make some final changes to their presentations. The first presentation began at 12 noon sharp.

Group 1 (Corinna Kacirek, Marla Meilinger and Andre Rohrleitner) developed the so-called ‘nö-card. The ‘nö-card’ concept seeks to show which data is collected when conventional customer loyalty cards are used. To do so, the ‘nö-card’ records which data is not collected at a transaction when a customer card is not used. This concept represents so-called ‘non-data’. With this creative intervention, the project aims to raise awareness of data protection among consumers and simultaneously criticise the excessive and disproportionate collection of personal data.

Group 2 (Manuela Strametz, Anna-Theresa Wagner, Lukas Pirker and Gvantsa Kapanadze) designed Safe.Citizen, a digital portal that bundles digital administrative procedures together and provides a user-friendly interface. The group particularly emphasised the impact of a modular e-government portal on the visibility of different data collections: the shift in focus from the transparent data subject ‘citizen’ to the transparent processor ‘state’ intends to give citizens more power over their own data and at the same time facilitate administrative procedures.

Group 3 (Sonja Zechner, Caroline Müller, Emil Nigmatullin and Michaela Franjo) considered the draft of the Health Telematics Act (Gesundheitstelematikgesetz), focusing on the issue of a digital vaccination card.

The question was whether and how a digital vaccination card could be implemented as an app in conformity with data protection requirements. The group proposed an app that not only manages vaccination data, but also gives citizens control over what data is shared with whom. To enable those functions, the group designed access control mechanisms in which certain interest groups, such as family doctors or pharmacists, could be given restricted access.



The jury was highly impressed by all three projects. The interdisciplinary teams approached data protection from different viewpoints and showed the potential of working together across disciplinary boundaries. During the design sprint, the participants used the opportunity to question and sharpen their own approach towards problems and get a new view on their own discipline.

We want to thank all those who contributed to the Design Sprint 2020 for the great success of the event, especially the presenters Professor Christian Bergauer, Stefanie Egger, Magdalena Nemeth and Andreas Rohner, for the exciting insights they shared with us. The core of the event, however, was the wonderful, motivated and inspired participants and their curiosity, sophistication and creativity.

To be continued!


Thomas Buocz, Annemarie Hofer, Nikolaus Poechhacker, Tess Upperton