New publication

Felice di aver partecipato con la collega Francesca Tugnoli alla stesura del commento sui Reati Informatici (art. 24 bis), Reati IP (art. 25 Nonies) e art. 67 nel Commentario al Decreto sulla responsabilità da reato degli Enti – D.Lgs. 231/2001 edito dalla Pacini Editore. Ringraziamo Guido Stampanoni Bassi e Lorenzo Nicolò Meazza dell'opportunità che ci ha permesso di sottolineare gli aspetti multidisciplinari di queste materie (IT, ...

IT’S TUTORIAL TIME! WEEK 6: A CYBERSECURITY READING OF THE GDPR

Thursday is problem-based learning tutorial day in the “EU and Global Cybersecurity Fundamentals” course! Following Monday’s lecture in which the students of the Advanced Master in Privacy, Cybersecurity and Data Management have been provided with a cybersecurity reading of the GDPR,  today’s tutorial will require them to discuss and prepare a presentation on the difference between two key concepts with respect to data protection and cybersecurity: anonymized ...

ICTLC expands to Athens, Greece through partnership with Spiros Tassis

We are extremely proud to announce that ICTLC has signed a partnership in Greece with Tassis & Associates Law Office. ICTLC Greece is based in Athens and led by Spiros Tassis, a highly renowned international lawyer with more than 20 years of experience advising entities in the areas of TMT, Privacy and ICT law. The Greek team ...

It’s TUTORIAL TIME! Week 3: User authentication, access controls and database, data center and network security

It’s Thursday and that means it’s tutorial time again in the European Centre on Privacy and Cybersecurity (ECPC) "EU and Global Cybersecurity Fundamentals" course within the Advanced Master in Privacy, Cybersecurity and Data Management! This afternoon, we will stimulate the students to operationalise the knowledge gained during Fernando Silva’s lecture on Monday with a case study and ...

Data geopolitics: The UK is moving fast on data transfers with possible adequacy for the Dubai International Financial Centre

The United Kingdom (UK) is demonstrating its agility on data transfers after leaving the European Union (EU). Through its global data plans and new strategic alliances (i.e., adequacy procedures) the UK is moving ahead to reshape international data flows and the global digital economy. The United States, Australia, the Republic of Korea, Singapore, the Dubai International Finance Centre, ...

The future of EU-US data transfers

Last week I was interviewed by Laurie Clarke about the future of EU-US data transfers and what the US needs to do to make a new agreement a reality. Read “After a year of limbo a EU-US data privacy agreement still hangs in the balance” published in Tech Monitor, part of the New Statesman Media ...

The challenging job of Supervisory Authorities under the GDPR

How can the General Data Protection Regulation (GDPR) be effectively enforced so as to uphold fundamental rights and freedoms and at the same time, allow for the free flow of data within the Union? This is a question I have been pondering since well before Monday’s publication of the Irish Council for Civil Liberties’s (ICCL) 2021 report on the ...

The UK’s “data challenge” to the EU

This blog post is a re-elaboration of my interview this morning with Luca Bertuzzi, Digital & Media Editor from EurActiv, available here. Today the UK unveiled its “post-Brexit global data plans to boost growth, increase trade and improve healthcare”, which also include a multi-billion pound partnership with the US, Australia and the Republic of Korea.  Secretary of State ...

“The next great financial crisis could come from a cyber attack”: 5 critical cybersecurity measures you should put in place today

The 2021 Report on the SolarWinds Cyber Espionage Attack and Institutions’ Response published by the New York State Department of Financial Services (“Report”) commences with a stark warning: “The next great financial crisis could come from a cyber attack.” “The SolarWinds Attack is, to date, the most visible, widespread, and intrusive information technology (‘IT’) software supply chain attack – i.e., a ...

Two-sided control

What was promised by the GDPR (Art. 80 and Rec. 142) is now a reality! Following Schrems’ filing of 422 complaints to ten EU Data Protection Authorities yesterday for cookie-related violations, it is now clear that the data protection compliance posture of companies will be checked not only by Supervisory Authorities but also – de facto and actively – by privacy organisations and associations patrolling the internet to proactively find ...