Our experts

Cosimo Monda

Cosimo Monda is the Director of the Maastricht European Centre on Privacy and Cybersecurity (ECPC), which has been established in 2016 at the Law Faculty, Maastricht University.

At ECPC his work has a strong European and international outlook in the field of privacy and cybersecurity, steering an interdisciplinary group of researchers, academics and professionals active in areas of fundamental rights, data privacy, transparency and confidentiality, IT, data security, and more. Cosimo Monda has a longstanding experience in designing executive education, certification courses and online learning modules for professionals who are required to deal with new regulations and on-going developments in the privacy and cybersecurity market. Before joining Maastricht University, he was working at the European Institute of Public Administration, as Senior Lecturer and Head of Information, Publications, and Marketing services. He holds a Law Degree obtained at the University of Bologna.

His fields of expertise include Data Protection and Cyber security, EU Information Management; Transparency and access to documents; EU Agencies; EU decision-making procedures and Institutions and EU law. 

Paolo Balboni

Paolo Balboni (PhD) is a Professor of Privacy, Cybersecurity, and IT Contract Law at the European Centre on Privacy and Cybersecurity (ECPC) within the Maastricht University Faculty of Law. His main research focuses are cybersecurity, data management/sharing and data protection as a corporate social responsibility, which together can be used to help organisations responsibly further their economic targets and at the same time positively contribute to the development of a fair data-centric society.

Qualified lawyer specialized in ICT, Privacy & Cybersecurity admitted to the Milan Bar and registered to the Amsterdam Bar. He is a Founding Partner of ICT Legal Consulting (ICTLC), an international law firm, and ICT Cyber Consulting, a company specialized in information/data security. Prof. Dr. Balboni is a Recommended Lawyer ranked by The Legal 500 EMEA 2023 in the areas of Data Privacy and Data Protection and Industry Focus: TMT. He is the Chairman of the European Patent Office (EPO) Data Protection Board, Member of the EUMETSAT Data Protection Supervisory Authority, Member of the Europrivacy Board of Experts, Member of the European Commission’s Expert Group on B2B data sharing and cloud computing contracts, and of the Cloud Security Alliance’s AI Safety Expert Group. Prof. Dr. Balboni furthermore advises governments on national matters concerning cybersecurity and privacy and in 2018, he drafted the national Surinamese Privacy and Data Protection Law.

Yazan Al-Masri

Yazan Al-Masri is a renowned Cybersecurity and Privacy advisor, helping organizations develop an effective Information security and Privacy Programs. Yazan is a regular teacher in Maastricht University's Advanced Master in Privacy, Cybersecurity and Data Management. He holds a Masters Degree in Information Security and Digital Criminology with 25 years of international level experience in Information Security, Data Privacy, Business Continuity & Risk Management, IT Service Management, IT Infrastructure and Project Management. He has a proven track record of implementing complex cross-functional IT Security strategic initiatives, Network Infrastructure as well as IT service Support/delivery strategies to support corporate mandate.

Davide Baldini

Davide Baldini is a data protection and IT lawyer. He is a Partner at the leading international law firm ICT Legal Consulting, where he provides consultancy on personal data protection, TMT and IT contracts to multinational companies and innovative start-ups. He obtained the DPO certification (ECPC-B) issued by Maastricht University and is a certified auditor for the Cloud Security Alliance Code of Conduct and for the Europrivacy certification scheme. He held the position of research fellow at the University of Florence from May 2021 to October 2022, conducting research on profiling and automated decision-making. He is currently a PhD Candidate in European and Transnational Legal Studies at the same University, where he conducts research in the field of artificial intelligence, with a focus on algorithmic discrimination. He is the author of several essays and papers for legal blogs and law journals.

Anna Pouliou

Anna Pouliou is an internationally recognized data protection expert with over 15 years of experience in this field. She is a qualified attorney and has held leading roles and led privacy teams in major global corporations but also worked as a partner in the Big4, offering data protection advisory services to private and public sectors alike. In February 2024, she was appointed Chair of the Data Protection Commission at CERN, the data protection supervisory authority of the European Organization for Nuclear Research.

 Anna is also a lecturer and senior fellow in Data Governance, International Privacy Laws, Artificial Intelligence and other related topics at the Universities of Saint-Gallen and Maastricht as well as a regular speaker on technology, IoT, AI, digitalization and data protection with over 100 speaking engagements delivered around the world. She has been teaching at the Data Protection Academy training DPAs globally as well as DPOs in humanitarian action for the United Nations, the Red Cross and other NGOs in Africa and in Asia. Anna is multilingual, speaking a total of seven languages.

Throughout her career, Anna has been actively involved in the advocacy discussions in Brussels and Washington DC since the birth of the GDPR as well as in the international debate on data transfers. Between 2017 and 2022, she was one of the 27 members of the GDPR Multi-Stakeholder Expert Group advising the European Commission on GDPR implementation on behalf of Business Europe. She has also accompanied the European Commission during bilateral discussions on data protection with the US Congress, the governments and privacy regulators of India, Indonesia, Singapore and during multilateral ones at the G20 in Japan. Anna has also acted as National Rapporteur for data protection for the International Federation for European Law (FIDE) in the team of Prof. Vassilis Skouris, former President of the Court of Justice of the European Union. 

Thomas Fabry 

Thomas Fabry is assistant professor of privacy and cybersecurity at Maastricht University's European Centre on Privacy and Cybersecurity (ECPC). As a multidisciplinary scientist, he holds a master degree in Computing Science from KU Leuven (Belgium), a PhD in Engineering Sciences from Université Grenoble Alpes (France), a bachelor degree in Medicine, and a teaching degree in Mathematics also from KU Leuven. His current research interests are mainly situated in the field of (healthcare) security, privacy and data ethics. Previous research has included fields such as medical imaging and computer vision, biometrics for security and privacy and (computational) health physics.

Prior to joining Maastricht University, Thomas Fabry held research positions in Belgium and at CERN in Switzerland, as well as industry roles in the Netherlands and Switzerland that featured quality/regulatory management and cybersecurity governance.

As part of his professional activities outside academia, Thomas Fabry holds the role of Senior Privacy Officer/Senior Scientist at Philips.

Beyond his academic pursuits, Thomas Fabry is an accomplished musician.

Fernando Silva

Fernando Silva, works as ICT Security Specialist in the Data Protection Unit of the European Parliament since 2022. Started a career with the Portuguese Data Protection Authority in 1995, in the areas of Inspection, audits and ICT department on data protection compliance where carried with more than 500 inspections over 17 years of the career, later performed also the role of DPO at the Portuguese DPA. Was frequent participant in the Joint Supervision Body audit teams to Europol, Eurojust and Schengen Information Systems. In 2012 took the position of Technical Advisor at the Eurojust DPO. In 2014 took the position of eu-LISA's DPO, agency responsible for the operational management of the large-scale systems of Schengen, VISA and Eurodac. In 2019 joined the DP Unit at the Portuguese Central Bank, supporting the DPO. 

Is currently part of the ENISA Data Privacy Engineering AdHoc Working Group and of the IWGDPT.

Is graduated in Electronic and Computers Engineering, certified DPO by EIPA, Certified by SANS on Cloud Security, Blockchain and SmartContracts, Applied data Science and AI Machine Learning for CyberSecurity Professionals, and Auditing Systems and Networks. It is also ISACA Certified Data Privacy Solutions Engineer and Certified Information Privacy Manager by IAPP among other ISO's certifications.

Laura Brodahl 

Laura Brodahl is a senior associate in the EU data regulatory practice of Wilson Sonsini, based in Brussels. Her practice focuses on digital regulatory issues under the GDPR, AI Act and EU Cybersecurity regulations such as the Digital Operational Resilience Act (DORA) and NIS2 Directive. Laura regularly offers strategic and practical guidance to organizations of all sizes, including in their interactions with regulatory authorities. Her all-round experience allows her to easily navigate the complexities of the EU's data regulatory landscape. She has considerable experience in advising on cutting-edge technologies in FinTech, social media, autonomous vehicles, and biometrics. The Legal 500 calls her out for “ her advice on matters relating to innovation technology”.

Emerald de Leeuw-Goggin

Global Head of AI Governance and Privacy at Logitech

Joyce Groneschild

Joyce Groneschild is the Deputy-Director of the European Centre on Privacy and Cybersecurity (ECPC) at the Faculty of Law. Joyce is a strategic marketing specialist with a strong focus on value co-creation. She has a longstanding experience in running executive education programmes for professionals, managing large projects and developing executive programmes to fit organisations’ needs globally.