What does Privacy by Design mean for Digital Rights Management?

Student thesis: Master's Thesis


This thesis sets out the privacy by design provisions in the draft GDPR, before considering the primary DRM approaches and the ways in which they can be abused to undermine user privacy. It describes the infamous Sony BMG incident, which demonstrates the significant social and commercial impact that can result from the abuse of DRM, and therefore why rightholders and DRM producers have an interest in adapting their systems to be regulatorily compliant. Thereafter, the discussion sets out the foundations of a novel visual modelling approach, the Petri net, that can be used to bridge the gap between legal requirements and technical architecture, before considering this approach as a candidate for achieving privacy by design under the GDPR (and compliance by design more generally).
Date of Award2021
Original languageEnglish
Awarding Institution
  • University of Edinburgh
SupervisorBurkhard Schafer (Promotor)


  • privacy by design
  • Petri nets
  • compliance
  • visualisation
  • isomorphism
  • legal tech
  • legal analytics
  • GDPR

Cite this