Academic Session I - The GDPR within a continuously reforming digital environment

  • Panel
  • Orangerie
  • Wednesday 21.05 — 14:15 - 15:30

Organising Institution

CPDP

Belgium

The first academic session explores the evolution of data protection through the GDPR in a constantly evolving digital world, through the lens of four related academic papers. Papers to be presented: Emanuela Podda, Università degli Studi di Milano (IT) & Nicola Leschke, Paris Lodron Universität Salzburg (AT) - Transitioning from Portability in the GDPR to Access in the Data Act: A Multidisciplinary Analysis of Data Access by Design David Michels, Queen Mary University of London (UK) - Beyond Schrems: The Full Conflict Between US Government Access and the GDPR Thiago Guimaraes Moraes, University of Brasilia and Vrije Universiteit Brussels (BR/BE) - From GDPR to the AI Act: Implementing Privacy by Design and Data Protection by Design in AI Systems Emmanouil Bougiakiotis, Fool’s Gold: A Sceptical View of the GDPR as the Golden Privacy Standard and an alternative way forward

Moderator

Manos Roussos

TILT (Tilburg Institute for Law, Technology and Society) - Netherlands

Manos Roussos is a doctoral researcher at the Tilburg Institute of Law, Technology, and the Society (TILT). His research focuses on the regulation of new technologies, focusing on protection of personal data within the financial sector, with a particular insight into access to personal data by public authorities for AML/CFT purposes.

Speaker

Nicola Leschke

Paris Lodron Universität Salzburg - Austria

Nicola Leschke is a doctoral researcher in the Privacy Engineering and Policy-Aligned Systems (PEPSys) group at the University of Salzburg. Her research is at the intersection of computer science and law. In particular, she focusses on technical challenges in (personal) data access. Before joining the interdisciplinary EXDIGIT project at the University of Salzburg, she was a research associate and an information systems management student at the Technical University of Berlin (Germany), where she discovered her passion for privacy engineering.

Speaker

David Michels

Queen Mary University of London - United Kingdom

Johan David Michels is a researcher with the Cloud Legal Project at the Centre for Commercial Law Studies, Queen Mary University of London, and a Guest Teacher at the London School of Economics. He has published articles covering cloud and IT services in leading US and European law journals and is a co-author of the Cloud Computing Law book (2nd edition, OUP, 2021). His research has been funded by Microsoft and Broadcom. His most recent article, entitled “Storm Clouds are Building: Surveillance, Sovereignty, and State Interests”, will be published in the Virginia Journal of Law and Technology in 2025.

Speaker

Thiago Guimaraes Moraes

University of Brasilia (UnB) and Vrije Universiteit Brussels (VUB) - Belgium

Thiago Moraes is a joint-degree Ph.D. Candidate in Law at University of Brasilia (UnB) and Vrije Universiteit Brussels (VUB) and a PhD fellow of the Digital Governance cluster at the United Nations University’s Institute on Comparative Regional Integrated Studies (UNU-CRIS). He holds a LLM in Law & Technology (Tilburg University), MSc in Information Sciences, and two Bachelors, one in Law and another in Network Engineering (UnB). Currently, he works as a Specialist in Data Protection and AI Governance at the Brazilian Data Protection Authority (ANPD). He has previously worked as Coordinator of Innovation and Research and was the first Data Protection Officer of ANPD. Thiago is co-founder and councilor of the Laboratory of Public Policy and Internet – LAPIN. CIPM, CIPT, CIPP/E, CDPO/BR.

Speaker

Emmanouil Bougiakiotis

European University Institute - Italy

Emmanouil Bougiakiotis is a PhD researcher in law at the European University Institute in Florence working on collective approaches to data protection governance. His research focuses on law, economics, and policy. Before returning to academia for his doctoral research he worked in the public sector including two brief stints at the Greek data protection authority and the European Data Protection Board.