Ninja Marnau
Ass. iur. | Researcher

  • Information Security and Cryptography
  • Building E9 1, Room 1.18
  • +49 681 302 71943
  • +49 681 302 71 942
  • marnau(aeht)

Curriculum Vitae

Ninja Marnau

I am a Senior Researcher at CISPA in Saarbrücken. I work interdisciplinarily between law and computer science in the fields of IT security and privacy. Furthermore, I coordinate the government relations and the industry transfer of CISPA.

About me: privacy lawyer and senior researcher, technophile, experienced in legal policy and standardization work

Please refer to my full CV for more details, publications and invited talks.

Since 2014 Senior Researcher
at CISPA , Saarland University , Germany
2013 - 2014 Legal Consultant
at the W3C/ERCIM (World Wide Web Consortium) , France
2010 - 2013 Lawyer and Researcher
at ULD (Independent Centre for Privacy Protection Schleswig-Holstein) Germany



For checking compliance with privacy regulations, the respective laws have to be represented in a computer-readable form. Classically, this is done by modeling laws as logical formulas and verifying whether a predicate is logically entailed.

This is in contrast to the juristical judgement of compliance, where it is common to judge on precedents. In this project we formalize case-law and use this formalization to learn in which contexts a given predicate is satisfiable.


Search engines are the prevalently used tools to collect information about individuals on the Internet. Search results typically comprise a variety of sources that contain personal information -- either intentionally released by the person herself, or unintentionally leaked or published by third parties, often with detrimental effects on the individual\'s privacy. To grant individuals the ability to regain control over their disseminated personal information, the European Court of Justice recently ruled that EU citizens have a right to be forgotten in the sense that indexing systems, must offer them technical means to request removal of links from search results that point to sources violating their data protection rights. As of now, these technical means consist of a web form that requires a user to manually identify all relevant links upfront and to insert them into the web form, followed by a manual evaluation by employees of the indexing system to assess if the request is eligible and lawful. We propose a universal framework Oblivion to support the automation of the right to be forgotten in a scalable, provable and privacy-preserving manner. First, Oblivion enables a user to automatically find and tag her disseminated personal information using natural language processing and image recognition techniques and file a request in a privacy-preserving manner. Second, Oblivion provides indexing systems with an automated and provable eligibility mechanism, asserting that the author of a request is indeed affected by an online resource. The automated ligibility proof ensures censorship-resistance so that only legitimately affected individuals can request the removal of corresponding links from search results. We have conducted comprehensive evaluations, showing that Oblivion is capable of handling 278 removal requests per second, and is hence suitable for large-scale deployment.



Oblivion: Mitigating Privacy Leaks by Controlling the Discoverability of Online Information

PriCL: Creating a Precedent. A Framework for Reasoning about Privacy Case Law

Oblivion: Mitigating Privacy Leaks by Controlling the Discoverability of Online Information


Security and Privacy Enhancing Multi-Cloud Architectures


Thesenpapier – Datenschutzrechtliche Lösungen für Cloud Computing

Cloud Computing: solutions in the field of data protection law - Cloud Computing Legal Framework Working Group


Cloud Computing und Safe Harbor

Herausforderungen und erste Schritte zur sicheren und datenschutzkonformen Cloud