Every time you accept cookies or sign up for an app, a company collects your personal data — and most of them have no clear playbook for handling it responsibly. PROTECT brought together lawyers, ethicists, and data engineers from 12 organizations across 5 countries to figure out practical rules for companies navigating this mess. They trained 14 researchers who sit at the crossroads of law, ethics, and technology, and produced a toolkit that privacy officers can actually use on the job. Think of it as a translation layer between what the law demands and what engineers need to build.
Companies collecting and analyzing personal data — especially tech SMEs — face a minefield of legal and ethical obligations that change faster than they can keep up. GDPR compliance is expensive and confusing, and getting it wrong means fines, reputational damage, and lost customer trust. Most companies lack the in-house expertise to balance innovation with data protection, particularly when using big data analytics and machine learning on personal information.
The project produced two key practical deliverables: a Toolkit for Ethical Issues designed specifically for Industry Privacy Officers (accompanied by a press release for broad distribution), and a published Compendium of results and instructional materials available on the project website. These sit alongside 7 total deliverables including research outputs from 14 trained PhD researchers.
If you are a tech SME dealing with complex GDPR obligations while trying to innovate fast — this project developed a Toolkit for Ethical Issues specifically designed for Industry Privacy Officers. It covers how to incorporate privacy and data protection into digital service development, built with input from 5 industry partners across 5 EU countries.
If you are a financial institution dealing with growing regulatory pressure around customer data analytics and profiling — this project produced a compendium of results and instructional materials on personal data protection in the context of big data and machine learning. The consortium included 3 SMEs working alongside 5 universities, giving the outputs both legal rigor and practical industry grounding.
If you are an e-commerce company that personalizes services using customer browsing and purchase data — this project addressed exactly your challenge: balancing attractive personalization with data protection obligations. The toolkit and training materials help companies understand the ethical and legal implications of collecting personal data from users at scale.
The compendium of results and the Toolkit for Ethical Issues for Industry Privacy Officers are published as open-access materials on the project website. As an MSCA-ITN funded project, the outputs are intended for broad dissemination. Direct costs would relate to implementation and adaptation to your specific company context.
The project consortium itself spanned 5 countries (Belgium, Germany, Spain, Ireland, Netherlands) and involved 12 partners, so the outputs were designed with cross-border applicability in mind. The toolkit addresses EU-wide regulation (GDPR) rather than single-country rules, making it relevant for multi-country operations.
As an MSCA-ITN (Marie Skłodowska-Curie) project, the primary outputs are research publications and training materials, typically made available under open access. The toolkit and compendium were published on the project website with an accompanying press release, suggesting they are publicly accessible.
The project ran from 2019 to 2024, so the outputs reflect GDPR as enforced through early 2024. However, data protection law evolves rapidly — particularly around AI and automated decision-making — so some materials may need updating for post-2024 regulatory developments like the EU AI Act.
No. The toolkit is designed to support Industry Privacy Officers, not replace them. It provides structured guidance on ethical issues related to personal data collection and use, helping existing privacy teams make better-informed decisions about digital service development.
The consortium included 5 industry partners (42% industry ratio) and 3 SMEs, suggesting the outputs were developed with real industry input. However, based on available project data, there is no explicit evidence of large-scale pilot deployment or commercial testing of the toolkit beyond the consortium.
The PROTECT consortium is well-balanced for a training network, with 12 partners split almost evenly between academia (5 universities, 2 research orgs) and industry (5 companies including 3 SMEs). The 42% industry ratio is notably high for an MSCA-ITN, signaling that the research was grounded in real business needs rather than purely academic. Partners span 5 countries — Belgium, Germany, Spain, Ireland, and Netherlands — covering major EU data protection jurisdictions. Trinity College Dublin coordinated, giving the project a strong legal and regulatory anchor. For a business looking at the outputs, this mix means the toolkit and compendium were shaped by companies that actually deal with privacy compliance daily, not just theorists.
Trinity College Dublin coordinated this project. The research team can be reached through the PROTECT network website or the university's research office.
Want to know if PROTECT's privacy toolkit fits your company's data protection challenges? SciTransfer can arrange a direct introduction to the research team and help you assess applicability to your specific situation.
