It’s TUTORIAL TIME! Week 3: User authentication, access controls and database, data center and network security

It’s Thursday and that means it’s tutorial time again in the European Centre on Privacy and Cybersecurity (ECPC) "EU and Global Cybersecurity Fundamentals" course within the Advanced Master in Privacy, Cybersecurity and Data Management! This afternoon, we will stimulate the students to operationalise the knowledge gained during Fernando Silva’s lecture on Monday with a case study and ...

Data geopolitics: The UK is moving fast on data transfers with possible adequacy for the Dubai International Financial Centre

The United Kingdom (UK) is demonstrating its agility on data transfers after leaving the European Union (EU). Through its global data plans and new strategic alliances (i.e., adequacy procedures) the UK is moving ahead to reshape international data flows and the global digital economy. The United States, Australia, the Republic of Korea, Singapore, the Dubai International Finance Centre, ...

The future of EU-US data transfers

Last week I was interviewed by Laurie Clarke about the future of EU-US data transfers and what the US needs to do to make a new agreement a reality. Read “After a year of limbo a EU-US data privacy agreement still hangs in the balance” published in Tech Monitor, part of the New Statesman Media ...

The challenging job of Supervisory Authorities under the GDPR

How can the General Data Protection Regulation (GDPR) be effectively enforced so as to uphold fundamental rights and freedoms and at the same time, allow for the free flow of data within the Union? This is a question I have been pondering since well before Monday’s publication of the Irish Council for Civil Liberties’s (ICCL) 2021 report on the ...

The UK’s “data challenge” to the EU

This blog post is a re-elaboration of my interview this morning with Luca Bertuzzi, Digital & Media Editor from EurActiv, available here. Today the UK unveiled its “post-Brexit global data plans to boost growth, increase trade and improve healthcare”, which also include a multi-billion pound partnership with the US, Australia and the Republic of Korea.  Secretary of State ...

“The next great financial crisis could come from a cyber attack”: 5 critical cybersecurity measures you should put in place today

The 2021 Report on the SolarWinds Cyber Espionage Attack and Institutions’ Response published by the New York State Department of Financial Services (“Report”) commences with a stark warning: “The next great financial crisis could come from a cyber attack.” “The SolarWinds Attack is, to date, the most visible, widespread, and intrusive information technology (‘IT’) software supply chain attack – i.e., a ...

Two-sided control

What was promised by the GDPR (Art. 80 and Rec. 142) is now a reality! Following Schrems’ filing of 422 complaints to ten EU Data Protection Authorities yesterday for cookie-related violations, it is now clear that the data protection compliance posture of companies will be checked not only by Supervisory Authorities but also – de facto and actively – by privacy organisations and associations patrolling the internet to proactively find ...

Would a US federal privacy law re-establish trusted EU-US data flows?

You might be aware that early last month US Congresswoman Suzan DelBene, Representing Washington's 1st District, introduced the Information Transparency and Personal Data Control Act – in her words “legislation that would create a national data privacy standard to protect our most personal information and bring our  laws into the 21st Century.”   Important aspects of the Information Transparency and Personal Data ...

AI & Cybersecurity: Reflections on a multidimensional relationship

Earlier this month I was a guest on Episode 47: Innovation and Tech Zoom In of the European Edition of the Breaking Banks Podcast Moderated by Ajit Tripathi. The podcast looks at “European Unicorns, Startups, Founders, Regulators and Leaders innovating the rapidly evolving Fintech scene, with some of the world’s most well-known hosts and influencers in fintech. Produced in cooperation with FintechStage.” LISTEN ...

The importance of having a coordinated incident response plan in place

This is true not only in monetary terms, but information security could even be a question of life and death.   In September 2020, a breaking article confirmed the inevitable - the first death caused by a ransomware attack. The alleged victim is a woman who necessitated urgent medical care and had to be re-rerouted to another hospital as a ...