As our world is becoming increasingly digitalized, the Internet of Things (IoT) is growing rapidly. While the IoT has important and useful functions, it also presents serious cybersecurity and privacy risks. As a PhD candidate, you will critically evaluate the current legal framework in relation to cybersecurity and privacy obligations for IoT and provide recommendations for future rules. This way, we can work towards safer digital ways to enhance our life and work.

We are looking for a PhD candidate in law. The project concerns legal cybersecurity and privacy obligations in relation to IoT devices. The Internet of Things (IoT) consists of many devices that are connected to each other and the internet. The IoT surrounds us with a network of smart, interconnected devices and services capable of sensing or even listening to requests or needs, and acting on them.

While the IoT has important and useful functions, it also presents serious cybersecurity and privacy risks. These risks are amplified due to various characteristics of IoT devices. For example, the software of these devices is often only supported for a limited time. This can lead to insecure devices that are not updated but still used. Furthermore, cybersecurity and privacy can depend on many different actors such as the developers of the hardware and software of the IoT device and other connected devices, the controllers of personal data, and the users themselves. In addition, several types of market failures are at play. For instance, the manufacturers and users of IoT devices are often best able to secure the devices, while they lack incentives to do so.

The European Union has adopted and proposed many legal rules in relation to cybersecurity and privacy. Nevertheless, problems remain, especially in the IoT context. For example, the EU rules do not provide clear rules on the distribution of responsibility when cybersecurity and privacy depend on multiple parties. Furthermore, the current legal framework is fragmented and inconsistent. It contains many obligations, but they are limited to specific situations, risks and actors. For these reasons, legal cybersecurity and privacy obligations may not always be effective.

The aim of this project is to analyse and critically evaluate the current legal framework in relation to cybersecurity and privacy obligations for the internet of things, and to provide recommendations for future rules. The exact research question will be formulated in collaboration with the supervisors. It is also possible to formulate a more specific question related to this broader topic. Your teaching load may be up to 10% of your appointment.

You will be supervised by Prof. Bart Jacobs, Dr Pieter Wolters, and Prof. Frederik Zuiderveen Borgesius.

• You hold a Master's degree in law.
• You have a demonstrable interest in law and information technology.
• You have an excellent command of written and spoken English.
• You have a good understanding of cybersecurity and privacy, preferably demonstrated by work experience, publications, or a Master's thesis.

Fixed-term contract: •you will be appointed for an initial period of 18 months, after which your performance will be evaluated. If the evaluation is positive, the contract will be extended by 2.5 years (4 year contract) or 3.5 years (5 year contract).

• Employment for 0.8 (5 year contract) - 1.0 (4 year contract) FTE.
• The gross starting salary amounts to €2,443 per month based on a 38-hour working week, and will increase to €3,122 from the fourth year onwards (salary scale P).
• You will receive 8% holiday allowance and 8.3% end-of-year bonus.
• You will be appointed for an initial period of 18 months, after which your performance will be evaluated. If the evaluation is positive, the contract will be extended by 2.5 years (4 year contract) or 3.5 years (5 year contract).
• You will be able to use our Dual Career and Family Care Services. Our Dual Career and Family Care Officer can assist you with family-related support, help your partner or spouse prepare for the local labour market, provide customized support in their search for employment  and help your family settle in Nijmegen.
• Working for us means getting extra days off. In case of full-time employment, you can choose between 29 or 41 days of annual leave instead of the legally allotted 20.

Additional employment conditions Work and science require good employment practices. This is reflected in Radboud University's primary and secondary employment conditions. You can make arrangements for the best possible work-life balance with flexible working hours, various leave arrangements and working from home. You are also able to compose part of your employment conditions yourself, for example, exchange income for extra leave days and receive a reimbursement for your sports subscription. And of course, we offer a good pension plan. You are given plenty of room and responsibility to develop your talents and realise your ambitions. Therefore, we provide various training and development schemes.

As a PhD candidate, you will be affiliated with the iHub, Radboud's interdisciplinary research hub on digitalisation and society. iHub brings together a diverse range of academics from across the humanities, social sciences, engineering, law, and natural sciences to tackle urgent questions raised by the increased digitalisation and datafication of science and society. Digital technologies shape more and more aspects of our lives, from how we work and communicate, to how we live together in cities, participate in politics, promote health and fight disease. As digitalisation expands to all sectors of society, governance of science and technology becomes increasingly complex, and balancing benefits and risks while negotiating competing interests becomes paramount. iHub's mission is to better understand the effects of digitalisation on our society and to help steer digital transformations in ways where public values are central.

You will also be affiliated with the Digital Security Group of the Institute for Computing and Information Sciences (iCIS). As one of the three research groups at iCIS, the Digital Security group conducts research in a wide range of topics in the overlapping fields of cybersecurity, cryptography and privacy. The research topics at iCIS include: the design and secure implementation of cryptography, side-channel analysis, software security, mobile network security, online tracking, privacy design patterns, the legal aspects of privacy, and user- and privacy-friendly solutions for identity management and data management.
You will also be in close contact with the Faculty of Law, which has a long-standing reputation for quality in research, teaching and organisation.

This PhD position has been created within the context of the INTERSCT Project, 'towards an Internet of secure things'. INTERSCT is a virtual research institute that brings together research on cybersecurity for the Internet-of-Things (IoT) launched by the INTERSCT project, the largest cybersecurity project the Dutch Research Council (NWO) has ever funded. INTERSCT is a public-private partnership of more than 40 partners from academia, industry, government and civil society.