Our experts

Cosimo Monda

Cosimo Monda is the Director of the Maastricht European Centre on Privacy and Cybersecurity (ECPC), which has been established in 2016 at the Law Faculty, Maastricht University.

At ECPC his work has a strong European and international outlook in the field of privacy and cybersecurity, steering an interdisciplinary group of researchers, academics and professionals active in areas of fundamental rights, data privacy, transparency and confidentiality, IT, data security, and more. Cosimo Monda has a longstanding experience in designing executive education, certification courses and online learning modules for professionals who are required to deal with new regulations and on-going developments in the privacy and cybersecurity market. Before joining Maastricht University, he was working at the European Institute of Public Administration, as Senior Lecturer and Head of Information, Publications, and Marketing services. He holds a Law Degree obtained at the University of Bologna.

His fields of expertise include Data Protection and Cyber security, EU Information Management; Transparency and access to documents; EU Agencies; EU decision-making procedures and Institutions and EU law. 

Paul Breitbarth

Paul Breitbarth is a privacy lawyer from the Netherlands. In 2016, he joined the Canadian privacy software and research company Nymity, which became part of TrustArc in November 2019. He currently serves as Director, EU Policy and Strategy and is based at TrustArc’s office in The Hague, the Netherlands. As part of the Privacy Intelligence team, Paul contributes to the company’s thought leadership via papers, webinars and public speaking opportunities on a variety of topics, including accountability, the demonstration of compliance and dealing with multiple data protection laws with one single privacy program. Paul also maintains regulator contacts across the EU and beyond. Paul is Senior Visiting Fellow at Maastricht University's European Centre on Privacy and Cybersecurity.

Before joining Nymity, Paul served as senior international officer at the Dutch Data Protection Authority. He was an active member of various Article 29 Working Party subgroups, co-authoring opinions on the data protection reform, surveillance, the Privacy Shield and others. In 2015, he organized the International Privacy Conference in Amsterdam. Paul holds a Master of Laws from Maastricht University in the Netherlands.


Paolo Balboni is Professor of Privacy, Cybersecurity, and IT Contract Law at Maastricht University, and Founding Partner of ICT Legal Consulting (ICTLC).

ICT Legal Consulting is a law firm with offices in Milan, Bologna, Rome, an International Desk in Amsterdam, and multiple Partner Law Firms around the world. Together with his team, he provides legal counsel across Europe to multinational companies specializing in the fields of Personal Data Protection, Data Security, ICT, and Intellectual Property Law. Dr. Balboni is the President of the European Privacy Association based in Brussels, the Cloud Computing Sector Director and Responsible for Foreign Affairs at the Italian Institute for Privacy in Rome, Italy. Balboni is actively involved in European Commission studies on new technologies and is a regularly invited expert in the revision of the EU Commission proposal for a General Data Protection Regulation. He co-chairs the Privacy Level Agreement (PLA) Working Group of Cloud Security Alliance and has acted as the legal counsel for the European Network and Information Security Agency (ENISA) projects on ‘Cloud Computing Risk Assessment’, ‘Security and Resilience in Governmental Clouds’, and ‘Procure Secure: A guide to monitoring of security service levels in cloud contracts’. He is Lecturer at the Master in Digital Media Management at the European Institute of Design and Research Associate at Tilburg University. He obtained his Law Degree with distinction from the University of Bologna in 2002 and a Ph.D. in Comparative ICT Law from Tilburg University in 2008. In 2018 he was appointed as professor at the Faculty of Law, Maastricht University.

Martin Abrams

Martin Abrams, Executive Director at The Information Accountability Foundation, Texas (USA)

Martin Abrams, Executive Director and Chief Strategist for the Foundation, has 35 years of experience as an information and consumer policy innovator. Multi-stakeholder collaboration has been a key for Abrams in developing practical solutions to dilemmas in information policy. His most recent work has been on big data governance and privacy compliance driven by demonstrable data stewardship. For the past five years, he has led the Global Accountability Project, which has refined the accountability principle that is part of various data protection laws and guidance documents.
Abrams has also provided leadership in other policy areas. He worked on multi-layered privacy notices, which changed the way policy makers and organisations thought about privacy transparency. His work is generally reflected in new laws and regulatory guidance in jurisdictions from Asia, across Europe and in the Americas. He has led educational seminars on almost every continent and has been a key advisor to four International Conference of Data Protection and Privacy Commissioners. He has been deeply involved in the development of the APEC Cross Border Privacy Rules and has also been involved with the OECD Working Party on Information Security and Privacy. He is an advisor to numerous benchmark corporate privacy programmes.
Abrams was the co-founder and President of the Centre for Information Policy Leadership at Hunton & Williams LLP, which he led for 13 years. Prior to that, he was Vice President of Information Policy at Experian and Director of Information Policy at TRW Information Systems where he designed one of the early privacy impact assessment tools. He also chaired their Consumer Advisory Council. Abrams began his consumer policy work at the Federal Reserve Bank of Cleveland where he was Assistant Vice President and Community Affairs Officer. At the Federal Reserve Bank he drove collaboration by helping banks and the communities they serve find their intersection of self-interest.

Christopher Docksey

Christopher Docksey, Honorary Director General of the European data protection Supervisor (EDPS)

He has been responsible for the coordination and implementation of policies and activities since 2010. He is a member of the English Bar and a law graduate of the Universities of Cambridge and Virginia. He has taught law at the Universities of Exeter and Washington and at the Marshall-Wythe School of Law. He was the Legal Adviser on data protection to the European Commission from 2001 to 2010. During this period he represented the Commission in the data protection cases before the European Court of Justice and advised on draft legislation and international negotiations on matters such as Safe Harbor, PNR and TFTP. Most recently he represented the EDPS in the Schrems proceedings before the Court.

Philippe Renaudière

Philippe Renaudière is the former Data Protection Officer of the European Commission. The previous positions of Mr Renaudière in the Commission were successively held with DG Justice Liberty Security where he was Head of the Data Protection Unit from 2005 to 2006, DG MARKT, where he was Head of the International Relations Unit from 1996 to 2001 and Head of the International Relations from 2001 to 2005, member of the cabinet of Commissioner K Van Miert from 1992 to 1996 in the fields of transport and competition and DG Environment, in the subjects of legal affairs from 1987to1990 and global environment issues from 1990 to 1992.


Leena Kuusniemi, Legal Advisor at Leegal Oy and Former Senior Legal Counsel, Rovio Entertainment

Leena supported Rovio’s technology R&D, cloud services, patent initiatives and technology co-operation initiatives, and is responsible for all privacy and regulatory matters globally. Before joining Rovio in 2012, Leena was with Nokia for ten years, mainly supporting Nokia’s device R&D, online services, data security and privacy. Prior to Nokia, she was a legal counsel at Remedy and started her career as an attorney and litigator. Leena has participated into numerous legal working groups and lectured widely in various seminars and universities.

Christopher Kuner

Christopher Kuner is professor of law at the Vrije Universiteit Brussel (VUB) in Brussels, Belgium, and co-director of the Brussels Privacy Hub, a legal research centre at the VUB. He is also an affiliated lecturer at the University of Cambridge, and a Visiting Professor at the London School of Economics and Political Science.

The author of numerous books and articles, Dr. Kuner is editor-in-chief of the law journal International Data Privacy Law published by Oxford University Press. He has participated in the work of numerous international organizations, and has taught courses at the summer session of the Hague Academy of International Law and at the summer school of the Academy of European Law in Florence.


Brian Honan, is an independent security consultant based in Dublin, Ireland, and is also the founder and head of IRISSCERT, Ireland’s first CERT. He is a Special Advisor to Europol’s Cybercrime Centre (EC3), an adjunct lecturer on Information Security in University College Dublin, and sits on the advisory board for a number of innovative security companies.

Brian is recognised internationally as an expert in the field of information security and has worked with numerous companies in the private sector and with government departments, in Ireland, Europe and throughout the United Kingdom. Brian has also provided advice to the European Commission on matters relating to information security. He is on the advisory board for a number of innovative information security companies. Brian is the author of the book “ISO 27001 in a Windows Environment” and co-author of books “The CSA Guide to Cloud Computing” and “The Cloud Security Rules”. He is a regular speaker at major industry conferences and regular contributes to industry publications. In 2013 Brian was awarded “SC Magazine Information Security Person of the Year” for his contribution to the computer security industry. Brian Honan was also inducted into the 2016 Infosecurity Europe Hall of Fame.

Aurélie Pols

Aurélie Pols, Privacy Engineer, owner of consultancy Competing on Privacy, Member of the EDPS Ethics Advisory Group

Aurélie Pols designs data privacy best practices: documenting data flows, minimising risk related to data uses, solving for data quality. She spent 18 years optimising digital data-based decision-making processes. She co-founded and sold her start-up to Digitas LBi (Publicis). Used to following the money to optimise data trails, she follows data to minimise risks, touching upon security practices and ethical data uses. 
She leads her own consultancy, Competing on Privacy, serves as DPO for NY based CDP mParticle and is part of the EDPS’ EAG. She has been teaching Privacy & Ethics at IE Business School in Madrid for 5 years, supports DPO training courses for Maastricht University, is part of their ECPC board and supports IEEE’s P7002 (Data Privacy Process).


Mika Lauhde, Vice-President Cyber Security & Privacy, Global Public Affairs, Huawei Technologies

Since early 2018, Mika Lauhde is working for Huawei Technologies as Vice-President Cyber Security & Privacy. Before he was working at 65Security; an expert house in Cyber security services for authorities, Law-enforcement, courts, law firms and companies needing advanced Security services. Prior joining 65Security he worked in SSH Communications Security as VP, Government Relations and Business Development. Engaging governments, industry partners, and product- and service users on important security and privacy issues such as critical infrastructure protection, compliancy, software assurance, risk and identity management. In Nokia Corporation, Mika Lauhde headed Business Security and Continuity, where he was accountable of Government Relations in Cyber Security area, Criminal compliancy and forensic, Nokia wide crisis management as well terminal and manufacturing related security tool manufacturing.
Mika has an extensive experience with cyber security related topics and governmental institutions both in Europe and USA. Currently he is a Member of ENISA (European Network and Information Security Agency) Permanent Stakeholder Group and Europol Cyber security and privacy adviser as well Visiting lecturer, Maastricht University, Centre of Data protection and Cyber Security (2017-); Member of ENISA (European Network and Information Security Agency) PSG (2009 – ); Europol Cyber Security Advisor (2016 – ) Europol Privacy Expert (2015 -); Visiting lecturer, Maastricht University, Centre of Data protection and Cyber Security (2017-); Member of Loueven University European Crypto Task Force (2014 – ); Founding Member and Board Member of TDL (Trust in Digital Life) (2010 – 2013 ) (Part of the European Cyber Security Strategy plan 2013); Member of EU government security advisory board RISEPTIS, reporting to Commissar Redding),  (2007-2009); Member of Finnish government ICT security advisory board (2007 – 2010); Member of UK government critical infrastructure protection group CPNI (2005 – 2009)

Massimo Marelli

Massimo Marelli LL.B. (QMUL), LL.M (Cantab) is the Head of Data Protection Office at the International Committee of the Red Cross (ICRC)

Before taking this role at the ICRC headquarters in Geneva, Massimo held several positions as a Delegate in the field and legal adviser at the ICRC. Prior to joining the ICRC, Massimo worked as lawyer at the UK Office of Fair Trading, Referendaire at the EU General Court, and as Solicitor in private practice. Massimo is a member of the Brussels Privacy Hub Advisory Board, and with Dr. Christopher Kuner leads the Brussels Privacy Hub/ICRC “Data Protection and Humanitarian Action” working series.


Ben Hayes has more than 20 years’ experience working on international security and human rights issues with NGOs, international organisations and research institutes, much of it focussed on the rights to privacy and data protection. He worked as a Data Protection Legal Advisor to the UN Refugee Agency and the International Committee of the Red Cross before establishing his own consultancy. He has produced large-scale data protection impact assessments in a range of complex and challenging environments including the Syria refugee crisis, community health surveillance post-Ebola and international biometric identification databases.


Giovanni Comandé (LLM Harvard Law School, Ph.D. Scuola Superiore Sant’Anna) is Full Professor of Private comparative law at Scuola Superiore Sant’Anna where he also studied as ordinary student. Since 1995 he has been a lawyer, included in the special roll for university teachers in Pisa and Attorney at law (New York Bar, since 1997). A mediator at Organismo Conciliazione Pisa and mediation trainer, he taught in and visited numerous universities (Washington and Lee School of Law; Université Laval; Fordham School of Law; Université Panthéon Assas Paris II, Faculté de Droit ; Hebrew Univeristy, Jérusalem; Wake Forrest University School of Law; University of South Carolina School of Law). He is an elected member and advisor for various projects to the American Law Institute (for ex. concerning Information Privacy Principles) member of the European Law Institute (ELI), of the European Group on Tort Law and of the European Centre of Tort and Insurance Law, Vienna. He works in Italian, English, Spanish and French. He directs the Interdisciplinary and Comparative Research lab where he leads, among else, the "Rights, Information, Governance, Health, Technology, Sciences in the Classifying society" project. He teaches "Legal issues in Data Science" at UNIPI.

His areas of competence includes: comparative law, data protection law, law and technology, algorithm regulation, civil law in general, tort law, personal injury, European private law, health law, private law of public administration, product liability, A.D.R. (Alternative Dispute Resolution), American law, insurance law and technology regulation. He is also the founder and President of Smartlex, a Scuola Superiore Sant' Anna.


Herke Kranenborg is a member of the European Commission’s Legal Service specialising in the field of privacy and data protection. In addition to advising client directorates-general in these areas, he represents the Commission in litigation before the EU Courts.

Previously, he worked at the Office of the European Data Protection Supervisor (EDPS). Herke is visiting fellow at the ECPC and, since 2010, affiliated senior researcher at the Institute for European Law of the K.U. Leuven. He has numerous national and international academic publications on EU law, in particular on data protection, privacy and fundamental rights in general. His PhD thesis, on the subject of EU data protection and public access to documents, was awarded by the Europa Institute of the University of Leiden (2007). In August 2018, together with prof. Luc Verhey, Herke published a monograph on the General Data Protection Regulation (GDPR): De Algemene Verordening Gegevensbescherming in Europees en Nederlands perspectief.


Martijn Jansen is Vice-President Security, Risk & Compliance at Applied Risk and guest lecturer at the Maastricht University European Centre on Privacy and Cybersecurity (ECPC).

Drawing on 22 years of experience in the infrastructure cyber security field, Martijn is responsible for regulatory and security compliance at Applied Risk, both internally and for clients in the critical infrastructure sectors. In previous roles at Avanade, British Telecom and Volker Wessels, Martijn led global teams of senior security compliance officers, supervising regulatory, data security and contractual compliance programs and audit for clients for industries such as government, manufacturing, oil & gas and defense. As a principal consultant at BT, Martijn was in charge of successful technological transformations for Pharmaceutical, Manufacturing, Governmental, and Telecommunications customers. For the Dutch e-ticketing consortium Infrastructure Design Authority, Martijn was security manager and lead designer, playing a key role in the introduction of the Dutch public transport electronic travel card (OV-chipkaart).


Julius Zaleskis, PhD is a founder of GDPR consultancy company Dataprotection.lt and teaches data protection law at Vilnius University (Lithuania). Since 2008 he advises major local and international companies on data protection compliance. As a national expert, he prepared studies for the European Commission and the Council of Europe, as a visiting researcher, he visited the British Institute of International and Comparative Law. Conducted more than 50 seminars for businesses, data protection officers, Lithuanian Data Protection Authority and other state institutions. Published more than 10 publications on matters of data protection. His handbook on GDPR and data protection law is due to be published in 2019.


Daiva Dumčiuvienė is an advocate, RIDD Vilnius founding partner and data protection officer. She is practicing personal data protection law and corporate law. Over the last two years Daiva provided legal advice and drafted personal data protection audit and impact assessment reports for private and state-owned companies, ranging from life-sciences, to finance and energy sectors. Daiva has also advised the Ministry of Finance and conducted research on personal data protection issues on application of counterfactual methods to evaluate the impact of the EU structural funding. Daiva obtained Master of Law in Vilnius University (2005) and Data Protection Officer (DPO) Certification at Maastricht University, Faculty of Law, European Centre on Privacy and Cybersecurity (2018).