Professor of Privacy, Cybersecurity, and IT Contract Law at Maastricht University Faculty of Law’s ECPC

I am honoured to announce my new role as extraordinary Professor of Privacy, Cybersecurity, and IT Contract Law at the European Centre on Privacy and Cybersecurity (ECPC) within the Maastricht University Faculty of Law.

The limits of corporate email snooping

On September 5th, 2017, the Grand Chamber of the European Court of Human Rights declared that employees must be aware in advance of the monitoring of their corporate email account. The case brought by a Romanian worker, Bogdan Barbulescu, dates back ten years to when he used an online chat service, Yahoo Messenger, to answer customer ...

EU-Canada PNR Agreement is incompatible with EU fundamental rights

The Court of Justice of the European Union recently issued an opinion determining that the agreement envisaged between the EU and Canada on the transfer of Passenger Name Record (PNR) data may not be concluded in its current form, since several provisions of the draft agreement don't meet requirements stemming from the fundamental rights of the European ...

Banks: Garante determines employees are not allowed to furtively view current accounts

On 22 June 2017, the Italian Data Protection Authority confirmed the unlawful processing of personal data by an Italian bank which permitted one of its employees to illicitly view and communicate current account data of one its clients to third parties. In the case at stake, an account holder argued before the Garante that specific data relating ...

3rd Annual India Privacy Summit: Privacy & Security in the Age of Intelligent Machines

I will be a speaker at the 3rd Annual India Privacy Summit on September 21, 2017 at Taj West End, Bangalore. Speakers will deliberate on best practices and field-tested solutions for the latest privacy issues facing a wide range of businesses and expert speakers are invited by the Executive Committee will give keynote speeches and all issues ...

Italy approves 6 year data retention

On 19 July 2017, during a session dedicated to the fulfilment of obligations resulting from EU membership, the Italian Chamber of Deputies approved an amendment which extends the period of retention of telephone and electronic communication traffic data to 6 years with a view of detecting and suppressing criminal offences and terrorism. The amendment still has to ...

New Article 29 Working Party Opinion Published: Opinion 2/2017 on data processing at work

The Article 29 Working Party adopted Opinion 2/2017 on data processing at work on 8 June 2017. The Opinion builds on Opinion 8/2001 and its 2002 Working Document on the surveillance of electronic communications in the workplace, adapting to the context of present technologies that have changed the field of employee data processing and therefore impacting the ...

Cloud technology options towards Free Flow of Data: A whitepaper from the DPSP Cluster

I am part of the DPSP Cluster, focused on Data Protection, Security and Privacy in the Cloud.  The Cluster is a result of the first call of H2020 LEIT WP2014-2015 which provided a number of grants for research on privacy in the cloud, data protection and data security. The whitepaper looks at technology solutions that the projects in the ...

David and Goliath: the GDPR and regulating the data-centric society

One year from the direct applicability of the new European Privacy Regulation... “Regulating the internet giants: The world’s most valuable resource is no longer oil, but data” published in the May 6th 2017 edition of The Economist explains the enormous power that Internet companies have due to their control over data.  It rightly describes that “uantity ...