PAOLO BALBONI (PH.D.) IS A TOP-TIER EUROPEAN ICT, PRIVACY & DATA PROTECTION LAWYER AND SERVES AS DATA PROTECTION OFFICER (DPO) FOR MULTINATIONAL COMPANIES. PROFESSOR OF PRIVACY, CYBERSECURITY, AND IT CONTRACT LAW AT THE EUROPEAN CENTRE ON PRIVACY AND CYBERSECURITY WITHIN THE MAASTRICHT UNIVERSITY FACULTY OF LAW. PRESIDENT OF THE EUROPEAN PRIVACY ASSOCIATION. LEAD AUDITOR BS ISO/IEC 27001:2013 (IRCA CERTIFIED).
Paolo Balboni (qualified lawyer admitted to the Milan Bar) is a Founding Partner of ICT Legal Consulting (ICTLC), a law firm with offices in Milan, Bologna, Rome, an International Desk in Amsterdam, and multiple Partner Law Firms around the world. Together with his team he advises clients in the fields of Personal Data Protection, also acting as Data Protection Officer in outsourcing, Data Security, Information and Communication Technology (ICT) and Intellectual Property Law. Paolo has considerable experience in Information Technologies including Cloud Computing, Big Data, Analytics and the Internet of Things, Media and Entertainment, Healthcare, Fashion, Automotive, Insurance, Banking, Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT).
Paolo is Professor of Privacy, Cybersecurity, and IT Contract Law at the European Centre on Privacy and Cybersecurity (ECPC) within the Maastricht University Faculty of Law, President of the European Privacy Association based in Brussels and Cloud Computing Sector Director and Responsible for Foreign Affairs at the Italian Institute for Privacy in Rome, Italy. He is involved in European Commission studies on new technologies and participated in the revision of the EU Commission proposal for a General Data Protection Regulation.
He co-chairs the Privacy Level Agreement (PLA) Working Group of Cloud Security Alliance and has acted as the legal counsel for the European Network and Information Security Agency (ENISA) projects on ‘Cloud Computing Risk Assessment’, ‘Security and Resilience in Governmental Clouds’, and ‘Procure Secure: A guide to monitoring of security service levels in cloud contracts’.
Paolo is the author of the book Trustmarks in E-Commerce: The Value of Web Seals and the Liability of their Providers (T.M.C Asser Press), and of numerous journal articles published in leading European Law reviews.
Graduated in Law at the University of Bologna (Italy) in 2001, Paolo Balboni completed his Ph.D. in Comparative Technology Law at Tilburg University (The Netherlands) in 2008.
He speaks Italian, English and Dutch fluently and has good knowledge of French, Spanish, and German.
- Privacy and Data Protection
- Cloud Computing
- e-Commerce
- Information Technology
- Marketing and Advertising
- Legal Training
- Communications
- e-Healthcare
- Intellectual Property
- e-Documents

Paolo Balboni has been listed as a Recommended Lawyer for TMT in the 2017 edition of The Legal 500.
WEBSITE

Paolo Balboni has been selected to be part of Legals Finest, both home and a premier guide to leading attorneys across the world. WEBSITE

Paolo Balboni has been awarded the 2014 and 2015 Legals Finest 200 Client Choice IT Law Award for Italy. WEBSITE

ICT Legal Consulting is the recommended law firm in Italy in the practice areas of IT Law and Data Protection. WEBSITE

Paolo Balboni is the recommended Italian attorney in the practice areas of IT Law and Data Protection. WEBSITE

ICT Legal Consulting is the recommended law firm in Italy in the practice areas of IT Law and Data Protection. WEBSITE

Paolo Balboni has been selected as the top lawyer in Italy for IT Law by Five Star Law.
WEBSITE
2018
- Balboni, P. & Dragan, T. (2018) Controversies and Challenges of Trustmarks: Lessons for Privacy and Data Protection Seals. In Rodrigues, R. & Papakonstantinou, V. (eds). Privacy and Data Protection Seals – Information Technology and Law Series, T.M.C. Asser Press, The Hague, The Netherlands, 83-112
- Balboni, P. (2018) Italian Data Protection Authority first semester 2018 inspection plan, Lexology
- Balboni, P. (2018) Piano delle attività ispettive previste per il primo semestre 2018 dal Garante, Lexology
- Balboni, P. (2018) The Italian Data Protection Authority’s Faq on the Data Protection Officer (DPO) in public sphere, Lexology
- Balboni, P. (2018) WP29 published the Guidelines on Transparency, Lexology
- Balboni, P. (2018) WP29 published the awaited draft Guidelines on Consent, Lexology
- Balboni, P. (2018) Data security and breach notification in Italy, Lexology
- Balboni, P. (2018) The Italian Budget Law and its impact on legitimate interest (and portability), Lexology
- Balboni, P. (2018) Article 29 Working Party – Opinions assembled in a free printable volume for easy consultation, Lexology
- Balboni, P. (2018) La pronuncia del Garante per la protezione dei dati personali contro il “social spam”, Lexology
2017
- Balboni, P. et al. (2017) Whitepaper on Cloud Technology Options towards Free Flow of Data (v1.3), ©DPSP Cluster, 110 pages
- Balboni, P. (2017) Le linee guida del Gruppo di Lavoro ex Art. 29 sulla notifica delle violazioni dei dati personali nel RGPD, Lexology
- Balboni, P. (2017) Article 29 Working Party publishes Guidelines on Personal data breach notification under GDPR, Lexology
- Balboni, P. (2017) The Italian Garante authorises to verify the identity of lawyers through web-cams, Lexology
- Balboni, P. (2017) The ECHR clarified the limits of corporate email snooping by employers, Lexology
- Balboni, P. (2017) CJEU: the EU-Canada PNR Agreement is incompatible with the fundamental rights recognised by the EU , Lexology
- Balboni, P. (2017) The passing of time is not the only criteria to be considered in the exercise of the right to be forgotten, Lexology
- Balboni, P. (2017) Banking: employees are not allowed to furtively view current accounts, Lexology
- Balboni, P. (2017) The Italian legislator approves an amendment allowing traffic data retention for 6 years, Lexology
- Balboni, P. (2017) The new German Federal Data Protection Act to adapt the law to the EU GDPR, Lexology
- Balboni, P. (2017) Article 29 Working Party published opinion on personal data processing at work, Lexology
- Balboni, P. (2017) Big Data: Agcom, Antitrust and Italian Data Protection Authority launch a joint investigation, Lexology
- Balboni, P. (2017) Italian Parliament passes landmark law against cyberbullying, Lexology
- Balboni, P. (2017) The Italian Data Protection Authority releases its Report on 2016 Activities: Data breaches and commercial exploitation of data are increasingly under the spotlight, Lexology
- Balboni, P. (2017) Privacy, new EU Regulation: Italian Data Protection Authority launches initiatives with Public Administration and enterprises, Lexology
- Balboni, P. (2017) The Italian DPA issued its first guidelines on the GDPR, Lexology
- Balboni, P. (2017) Italian Data Protection Authority turns spotlight on SPID, call centers and the national statistical system, Lexology
- Balboni, P. (2017) Italian employers can no longer control employees’ e-mails and communications when private-professional use of corporate devices are allowed, Lexology
- Balboni, P. (2017) The Italian Data Protection Authority forbids the use of contact details of companies and professionals for marketing purposes without prior consent, Lexology
- Balboni, P. (2017) Data Security and Cybercrime in Italy, Lexology
- Balboni, P. (2017) Electronic marketing and internet use in Italy, Lexology
- Balboni, P. (2017) Data security and breach notification in Italy, Lexology
- Balboni, P. (2017) Collection, storage and transfer of data in Italy, Lexology
2016
- Balboni, P. (2016) Il cloud computing e l’internet of things (“IoT”): come minimizzare i rischi legali, ICT Security (Tecna Editrice), 26-30
- Balboni, P. (2016) Chapter 20: Managing Legal Compliance Risk in the Cloud and Negotiating Personal Data Protection Requirements with Vendors. In J. R. Vacca (ed.), Cloud Computing Security: Foundations and Challenges, CRC Press (an imprint of Taylor & Francis Group, LLC), Boca Raton, Florida-US, 267-276
2015
- Balboni, P. (2015) Personal Data Protection Aspects of Big Data.In Kuan-Ching Li, Hai Jiang, Laurence T. Yang, and Alfredo Cuzzocrea (eds.), Big Data Algorithms, Analytics, and Applications, Chapman and Hall/CRC, Boca Raton (FL), 283-300
2014
- Balboni P., Pelino E., Scudiero L.(2014) Rethinking the one-stop-shop mechanism: legal certainty and legitimate expectation, 30 Computer Law & Security Review, 392-402
- Balboni, & Partesotti, C. (2014) Digital Right Management in the Cloud. In K.C. Li, Q. Li & T. K. Shih (eds.) Cloud Computing and Digital Media: Fundamentals, Techniques, and Applications, Chapman and Hall/CRC, London, 345-358
- Balboni, P. & Converso, D. (2014) Bring Your Own Device – Legal Analysis & Practical TIPs for an effective BYOD corporate Policy, ICTLC Papers, 13 pages
Download the complete list here
22 May 2018
Paolo Balboni is a speaker at the“Convegno Privacy Unolegal 2018” event organized by Sistemi UNO in Turin (Italy)
17 May 2018
Paolo Balboni is a speaker in the in the Risk-Based Approach to Proportionality panel at the closed-door ‘Digital Single Market Ecosystem: Innovation, a Seamless Digital Market, and Stakeholder Rights and Interests – How Do They Work Together?’ conference organised by the European Centre on Privacy and Cybersecurity (ECPC) at Maastricht University and The Information Accountability Foundation (IAF) in Brussels (Belgium)
26 April 2018
Paolo Balboni is a speaker at the Cyberwarching.eu Concertation Meeting in the International policy and standards evolution panel in Brussels (Belgium)
23 April 2018
Paolo Balboni is a speaker at the GDPR Workshop in Amsterdam (The Netherlands)
18 April 2018
Paolo Balboni is a lecturer at the at Master of Privacy Officer and General Counsel of Privacy (TÜV certified) organized by Federprivacy in Rome (Italy)
12 April 2018
Paolo Balboni is a speaker at the“Convegno Privacy Unolegal 2018” event organized by Sistemi UNO in Milan (Italy)
10-11 April 2018
Paolo Balboni is a lecturer at the “Data Protection Officer (DPO) Certification course” organized by Maastricht University in Brussels (Belgium)
29 March 2018
Paolo Balboni is a speaker at the“Convegno Privacy Unolegal 2018” event organized by Sistemi UNO in Rome (Italy)
20-21 March 2018
Paolo Balboni is a lecturer at the “Data Protection Impact Assessment (DPIA), Security Risk Assessment & Data Protection by Design: Assessing and Designing Compliant Data Processing” course organized by Maastricht University in Brussels (Belgium)
13-14 March 2018
Paolo Balboni is a lecturer at the “Data Protection Officer (DPO) Certification course” organized by Maastricht University in Brussels (Belgium)
07 December 2017
Paolo Balboni will speak at the Securing the Cloud – How to get ready for the GDPR webinar organized by Tresorit
16-17 November 2017
Paolo Balboni will speak about how companies can prepare for the GDPR at SICUREZZA 2017 at the Fiera Milano in Milan (Italy)
19 October 2017
Paolo Balboni will speak about CSA PLA Codes of Conduct in the webinar organized by Assitel
10 October 2017
Paolo Balboni will speak about European Data Protection Regulation at the TIM per l’Italia Digitale event in Bologna (Italy)
21 September 2017
Paolo Balboni is a speaker at the 3rd Annual India Privacy Summit in Taj West End, Bangalore (India)
25 July 2017
Paolo Balboni is a lecturer at the at Master of Privacy Officer and General Counsel of Privacy (TÜV certified) organized by Federprivacy in Figline Valdarno, Filorence (Italy)
04/05 July 2017
Paolo Balboni is a lecturer “Data Protection Officer (DPO) Certification course” organized by Maastricht University in Brussels (Belgium)
20-21 June 2017
Paolo Balboni is a lecturer at the at Master of Privacy Officer and General Counsel of Privacy (TÜV certified) organized by Federprivacy in Milan (Italy)
14 June 2017
Paolo Balboni is a speaker at the “Convegno Privacy Unolegal 2017” event organized by Sistemi UNO in Milan (Italy)
13 June 2017
Paolo Balboni is a speaker on The GDPR at a Workshop organized by ICT Legal Consulting in Bologna (Italy)
05 June 2017
Paolo Balboni is a speaker on “Privacy Level Agreement (PLA) Code of Conduct for Cloud Service Providers (CSPs): a compliance tool for the new Privacy REGULATION (EU) 2016/679″ at the CSA Summit @ Infosecurity Europe 2017 in London (United Kingdom)
25 May 2017
Paolo Balboni is a speaker at the Convegno Privacy Unolegal 2017 in Turin (Italy)
24 May 2017
Paolo Balboni is a spearker at the event on the General Data Protection Regulation in a workshop organized by Netmind in Formigine, MO (Italy)
16 May 2017
Paolo Balboni is a speaker on the General Data Protection Regulation in a workshop organized by ICT Legal Consulting in Bologna (Italy)
12 May 2017
Paolo Balboni is a speaker at the 12th international conference “Green, Pervasive and Cloud Computing” in Cetara (Italy)
10 May 2017
Paolo Balboni is a lecturer at the “Data Protection Officer (DPO) Certification course” organized by Maastricht University in Brussels (Belgium)
13 April 2017
Paolo Balboni is a speaker at the “CSA Netherlands Chapter Summit 2017” organized by Cloud Security Alliance in Leiden (The Netherlands)
03 April 2017
Paolo Balboni is a lecturer at the “New EU Regulation 2016/679” Conference organized by Federprivacy in Cosenza (Italy)
04 April 2017
Paolo Balboni is a speaker at the ICT Legal Consulting event on the General Data Protection Regulation workshop in Bologna (Italy)
30-31 March 2017
Paolo Balboni is a lecturer at the Privacy and Cloud Security Risks, Opportunities and Compliance course organized by the Maastricht University European Centre on Privacy and Cybersecurity in Brussels (Belgium)
15-16 March 2017
Paolo Balboni is a speaker on “Regulatory Issues Concerning Data Privacy – What Do Cloud Service Providers And Users Need To Understand?” at Cloud Security Expo 2017 in London (United Kingdom)
13-14 March 2017
Paolo Balboni is a lecturer at the Regulating Privacy through Accountability Principles and Ethical Standards in the era of Big Data organized by the Maastricht University European Centre on Privacy and Cybersecurity in Brussels (Belgium)
22-23 February 2017
Paolo Balboni is a speaker at “PRIVACY COMPLIANCE FORUM” organized by AFGE in Milan (Italy)
07 February 2017
Paolo Balboni is a speaker at “La compliance data protection alla luce del regolamento europeo 679/2016” organized by 4CLegal in Milan (Italy)
02 December 2016
Paolo Balboni is a speaker at “BIG DATA Machen wir uns zum gläsernen Menschen?” organized by Raiffeisen in Bozen (Italy)
01 December 2016
Paolo Balboni is a speaker at the MagNews Webinar: “Profiling users online: definitions, requirements, and use of technologies like cookies, tracking technologies, finger printing, HTML5 Storage”
30 November 2016
Paolo Balboni is Lecturer at Master of Privacy Officer and General Counsel of Privacy (TÜV certified) organized by Federprivacy in Florence (Italy)
16 November 2016
Paolo Balboni is a speaker on “Privacy Level Agreement (PLA_V3) for Cloud Service Provider in compliance with the Regulation (EU) 2016/679 on personal data” at the CSA EMEA Congress in Madrid (Spain)
26 October 2016
Paolo Balboni is a speaker at Nordic IT Security in Stockholm (Sweden)
18 October 2016
Paolo Balboni is a speaker at the European Regulation 2016/679 on personal data protection with specific reference to workplace controls seminar organized by Unindustria Bologna in collaboration with Confindustria Modena and Unindustria Ferrara in Bologna (Italy)
17 October 2016
Paolo Balboni is a speaker at the European Regulation 2016/679 on personal data protection with specific reference to workplace controls seminar organized by Unindustria Bologna in collaboration with Confindustria Modena and Unindustria Ferrara in Bologna (Italy)
13 October 2016
Paolo Balboni is a speaker on “Big Data & Analytics: It’s about quality, not Quantity” at the TÜV Federprivacy – Privacy Day Forum 2016 organized by Federprivacy in Rome (Italy)
27 September 2016
Paolo Balboni is a speaker on the Impact of the European General Data Protection Regulation at the C5 EU Pharmaceutical Regulatory Law conference in London (United Kingdom)
21 September 2016
Paolo Balboni is a lecturer at the Privacy Officer & Privacy Consultant (TϋV Certified) course organized by Federprivacy in Milan (Italy)
13 July 2016
Paolo Balboni is Lecturer at Master of Privacy Officer and General Counsel of Privacy (TÜV certified) organized by Federprivacy in Reggio Emilia (Italy)
06 July 2016
Paolo Balboni is Lecturer at Master of Privacy Officer and General Counsel of Privacy (TÜV certified) organized by Federprivacy in Rome (Italy)
29 June 2016
Paolo Balboni is a lecturer at the Training and Certification Programme for Data Protection Officers and Other Data Protection Professionals organized by the European Institute of Public Administration in Maastricht (The Netherlands)
15 June 2016
Paolo Balboni is a lecturer on Data Protection at the European Institute of Public Administration (EIPA) course at the European Railway Association in Valenciennes (France)
08 June 2016
Paolo Balboni is a lecturer at the Privacy Officer & Privacy Consultant (TϋV Certified) course organized by Federprivacy in Turin (Italy)
07 June 2016
Paolo Balboni is a lecturer at the AFGE event on the European Data Protection Regulation in Milan (Italy)
17 May 2016
Paolo Balboni is a speaker at the “Are you ready for the General Data Protection Regulation?” organized by delITad and ICT Legal Consulting in Antwerp (Belgium)
12 May 2016
Paolo Balboni is a speaker at the event on European Privacy Regulation organized by AFGE in Rome (Italy)
10 May 2016
Paolo Balboni is a speaker at the Event on The European Privacy Regulation for Companies oganized by Sistemi Uno in Turin (Italy)
11 April 2016
Paolo Balboni is a speaker on “Managing Risk in the Cloud: Contractual and Privacy Aspects” at the Security and Privacy in Cloud Computing event organized by the Order of Engineers in Bologna (Italy)
Download the complete list here
2018
12/03/2018 Sunewshub
Wetgeving privacy persoonsgegevens in de maak
11/03/2018 Sunewshub
Privacy in de digitale wereld, een nieuw fundamenteel recht voor Surinamers
11/03/2018 Dagbald Suriname
Privacy in de digitale wereld, een nieuw fundamenteel recht voor Surinamers
2017
17/11/2017 Sole 24 Ore
Con il regolamento europeo sulla privacy c’è posto per 45mila specialisti nelle imprese e nella pa
16/11/2017 UnoLegal
GDPR: Modello Organizzativo Privacy in materia di protezione dei dati personali
16/11/2017 Adnkronos
Con il GDPR la privacy diventa una questione di business
20/09/2017 Adnkronos
GDPR, focus sulla nuova privacy europea a Sicurezza 2017
09/05/2017 UnoLegal
Il GEPD sulla proposta di Direttiva relativa ai contratti di fornitura di contenuti digitali
06/04/2017 Adnkronos
Nuovo Regolamento UE 2016/679, scatta l’operazione privacy al sud
17/02/2017 Libero Quotidiano
Privacy, maratona di eventi per aziende e professionisti
16/02/2017 Adnkronos
Privacy, maratona di eventi per aziende e professionisti
10/02/2017 UnoLegal
Data Protection Officer: qual è il suo ruolo secondo i Garanti Privacy Europei?
2016
09/12/2016 Planet Compliance
Big Data and FinTech – An Alpine Perspective
03/12/2016 SudTirolNews
Bit Data: Kongress im Waltherhaus zeigt Chancen und Gefahren
20/09/2016 Adnkronos
Privacy Day Forum, è conto alla rovescia
24/06/2016 Open Democracy
Democracy – a call to arms
02/06/2016 Data Manager Online
Nuovo Regolamento UE, cambia la prospettiva della privacy
01/02/2016 BlastingNews
E SE DA GRANDE FACESSI IL PRIVACY OFFICER?
29/01/2016 Linkiesta
Torna dall’Olanda e apre uno studio legale “europeo”. Oggi dà lavoro a 15 professionisti
29/01/2016 Informazione.it
ICT Legal Consulting CULTURE – arte e diritto delle nuove tecnologie
2015
19/11/2015 NL Times
DATA PRIVACY DOCUMENTARY “DEMOCRACY” TO DEBUT AT AMSTERDAM’S IDFA
14/11/2015 The Guardian
Democracy: the film that gets behind the scenes of the European privacy debate
09/11/2015 netzpolitik.org
Wir schulden es Snowden, Datenschutz sexy zu machen – Filmemacher Bernet im Interview
31/10/2015 iRIGHTS
„Democracy: Im Rausch der Daten“ – der Weg zur EU-Datenschutzreform als Lehrstück
13/07/2015 Rai Radio 2
Italiani in continenti del 13/07/2015 – Paolo Balboni e Virgilio Vidor
Download the complete list here
TRUSTMARKS IN E-COMMERCE:
THE VALUE OF WEB SEALS AND THE LIABILITY OF THEIR PROVIDERS
This groundbreaking book is the first comprehensive study of trustmarks: electronic labels or visual representations that indicate an online merchant has met industry standards with regard to security, privacy, and business practices.