On this page

Transfer into Practice

Our research is practice-oriented and application-focused—IT security in everyday life, privacy analyses of apps and websites, privacy-enhancing technologies, and digital teaching innovations. We apply our research findings in various formats: security analyses, expert reports, workshops, and talks for both companies and public institutions. We follow three core principles:

  1. Compatibility with research and teaching
  2. Ethical acceptability of the project
  3. Market-appropriate compensation

On this page, we present current and selected previous activities.

Consumer Protection and Society

Stiftung Warentest – Board of Trustees (from October 2025)

Since October 2025, Prof. Herrmann has been a member of the Board of Trustees of Stiftung Warentest. In this advisory role, he contributes expertise on IT security and data protection to the test design for digital products.

Security of Online Pharmacies (2019–2021)

What was it about? Systematic analysis of 170 online pharmacies. What did we find? Security vulnerability that allowed access to other customers’ accounts. Why does it matter? Nationwide media coverage led to the resolution of security issues.

Spiegel article on the security breach

Smart City Research Lab: Mobility Behavior Study (2021–2022)

Field study in Bamberg public transport with the Chair of Personality Psychology on decisions regarding disclosure of personal dataDetails

The project investigates the effects of incentives and the operator’s image on decisions to disclose personal information. Two stages of the decision cascade are examined:

  1. The decision to use a mobility platform.
  2. The decision to share private information there.

The investigation is conducted in a field study in Bamberg’s public transport system. The first stage of the decision cascade is the decision to scan a sticker with a QR code and thus access a linked website. The second stage of the decision cascade is the decision to allow the website’s location access.

The project was conducted in collaboration with the Chair of Personality Psychology and Psychological Assessment (Prof. Schütz).

Download poster (PDF)

Tracker-Scan Project (2021–2022)

Collaboration with Bayern Innovativ GmbH and Verbraucherzentrale Bayern for automated analysis of 100 German websites on tracking practices and cookie banner effectiveness … Details

What was it about and who was involved? Collaboration with Bayern Innovativ GmbH and Verbraucherzentrale Bayern: Analysis of 100 German websites (Tranco list). Process and objective. We examined 100 German-language websites (from the Tranco list) using an automated scan with an instrumented browser to determine which third-party tracking services are used and what data is transmitted to them. The research objective was to obtain an assessment of what proportion of the examined German-language websites establish connections to trackers on third-party servers to pass on information about website visitors. In particular, the investigation focused on whether website behavior regarding tracker contact changes when consent banner messages are filtered or hidden in the browser using the uBlock browser plugin. Selected results. On many sites, tracking services were loaded on the initial visit even without a banner blocker. Cookie banners were therefore often ineffective. Interactive results page with details: What were the impacts? Website operators are informed about potential data protection violations through the consumer protection agency.

Interactive results page (2022)

Data Policy for Smart City Bamberg (2020)

Knowledge foundation for the City of Bamberg developed through analysis of existing Smart City data policies and development of guiding questions for data protection and transparency … Details

In this project, a knowledge foundation was developed for the “Data Policy” working group of the Smart City program of the City of Bamberg.

A report was created with which the City of Bamberg can derive key points of its data policy from existing documents of other Smart Cities using guiding questions. The guiding questions include: What data can be the subject of a data policy? What measures are cited for the protection of personal data (data minimization, avoidance of collecting identifiable data, effective anonymization early in the processing process)? To what extent do the data policies address the conflict between transparency of public data and the protection of critical data? What statements do the data policies make about value creation through “big data,” such as through their own business models or by supporting start-ups with public data that can be used to develop marketable products?

The report provides guidance on what social, economic, or other impacts certain regulations in a data policy can have on a Smart City.

Data Policy report (DOI)

Talks and Public Outreach

A comprehensive list of talks and keynotes can be found here:

Talks and keynotes (including slides)

Selection of Keynote Talks

  • Digital Teaching Day (Regensburg, September 2025)
  • Upper Franconian AI Conference (February 2025)
  • TUM Commencement Address (July 2023, ≈1000 graduates)
  • BSI Conference Digital Everyday Life in Danger? (Bonn, February 2023)
  • DiKuLe Symposium (Bamberg, 2024)
  • IT Cluster Upper Franconia Entrepreneurial Event (Thurnau, July 2022)
  • Universitätsbund Bamberg e.V. (November 2023)
  • Villa Concordia Bamberg (December 2023)

Additional transfer talks including: Ring lecture series University of Regensburg, Rotary Club Bamberg, Lions Club Bamberg.

Available Topics

  • IT security in everyday digital life – practical and without fearmongering
  • AI in higher education and administration – opportunities and limitations
  • E-assessments and digital teaching – experiences from practice
  • Ethics and IT security research – constructive reporting of vulnerabilities

Additional Formats and Events

IT Forum Upper Franconia

The annual event connects IT companies and academia in the region. In 2023, we organized the forum together with the WIAI Faculty. About 230 participants discussed the topic of “AI and Sustainability” in 2 keynotes and 5 presentation sessions. 13 exhibitor booths and a startup lounge provided space for exchange.

The IT Forum took place for the eleventh time and increases public awareness of Upper Franconia as an IT location and enables networking between committed small and medium-sized IT companies, the industry network IT Cluster Upper Franconia , and the four Upper Franconian universities in the Technology Alliance Upper Franconia (TAO) .

Event websiteFlyer (PDF)Welcome trailer

German Academic Scholarship Foundation (Studienstiftung des deutschen Volkes)

Collaboration with Prof. Dr. Melanie Volkamer (KIT) in the Natural Sciences College (2022-2023). 25 students received insights into IT security and data protection in four one-week residential phases under the title “Hello, You Have a Security Problem!” Independent scientific studies on communication methods with website operators led to three publications:

"Data Protection Can Sometimes Be a Nuisance" A Notification Study on Data Sharing Practices in City Apps … Details

Study on GDPR compliance in 138 German city apps: 70 apps contacted services outside the EU without user consent; detailed notification strategies led to problem resolution in 17% of cases.

Drescher, J. N.; Moser, J.; Strangmann, N.; Spinner, J.; Herrmann, D.; Volkamer, M. (2024). MuC ‘24: Proceedings of Mensch und Computer 2024.

Paper (DOI)

Is Personalization Worth It? Notifying Blogs about a Privacy Issue Resulting from Poorly Implemented Consent Banners … Details

Analysis of privacy issues with cookie banners on blogs and development of effective notification strategies for website operators.

Kriecherbauer, T.; Schwank, R.; Krauss, A.; Neureither, K.; Remme, L.; Volkamer, M.; Herrmann, D. (2024). ARES ‘24: Proceedings of the 19th International Conference on Availability, Reliability and Security.

Paper (DOI)

RFC 9116 ("security.txt") at German University Servers … Details

Systematic evaluation of security.txt implementation at German universities shows low adoption and frequent configuration errors.

Eckstein, F., Rosenauer, R., Huppert, P. et al. (2025). Datenschutz und Datensicherheit 49, 522–526.

Paper (DOI)

Children’s University Bamberg (Kinderuni)

Explaining passwords in a child-friendly way: 9- to 12-year-olds learn about IT security without complicated technology.

Girls’ Day and TAO Student Research Center

Occasional contributions to regional educational formats such as Girls’ Day workshops and the student research center.

Responsible Disclosure

Our Approach

When we find vulnerabilities and security gaps, we inform operators and supervisory authorities.

Selected Cases

2024-07: Central procurement platform for Bavarian universities Multiple vulnerabilities up to possible complete compromise. Detailed report, timely resolution.

2021-05: Unnecessary password length restriction in Bavarian time tracking software (Bayzeit) Detailed report via IT service to the manufacturer, but not yet resolved (as of September 2025).

How to report? Please send a detailed email to dominik.herrmann@uni-bamberg.de .

Contact

Prof. Dr. Dominik Herrmann
Chair Privacy and Security in Information Systems
University of Bamberg, 96045 Bamberg Chair Privacy and Security in Information Systems
University of Bamberg
96045 Bamberg

dh.psi@uni-bamberg.de | +49 951 863-2661
uni-mal-anders.de | LinkedIn

Prof. Dr. Dominik Herrmann
Chair Privacy and Security in Information Systems,
University of Bamberg, 96045 Bamberg

dh.psi@uni-bamberg.de
+49 951 863-2661
uni-mal-anders.de | LinkedIn

View