Our experts

ECPC teaching staff

Cosimo Monda

Cosimo Monda is the Director of the Maastricht European Centre on Privacy and Cybersecurity (ECPC), which has been established in 2016 at the Law Faculty, Maastricht University.

At ECPC his work has a strong European and international outlook in the field of privacy and cybersecurity, steering an interdisciplinary group of researchers, academics and professionals active in areas of fundamental rights, data privacy, transparency and confidentiality, IT, data security, and more. Cosimo Monda has a longstanding experience in designing executive education, certification courses and online learning modules for professionals who are required to deal with new regulations and on-going developments in the privacy and cybersecurity market. Before joining Maastricht University, he was working at the European Institute of Public Administration, as Senior Lecturer and Head of Information, Publications, and Marketing services. He holds a Law Degree obtained at the University of Bologna.

His fields of expertise include Data Protection and Cyber security, EU Information Management; Transparency and access to documents; EU Agencies; EU decision-making procedures and Institutions and EU law. 

cosimo monda

Andreea Lisievici Nevin

Andreea Lisievici Nevin is a Romanian lawyer based in Sweden, with a rich experience advising global organizations on EU data protection and tech law. Her career spans leading law firms as well as  senior in-house roles at Volvo Cars and Boeing, spearheading global privacy compliance initiatives for cutting-edge technologies. She is now Managing Partner of ICTLC Sweden where she continues to help organizations operationalize digital law compliance while mentoring the next generation of privacy professionals through her hub PrivacyCraft.
Recognized as a Fellow of Information Privacy, Andreea holds multiple certifications in the field and is a Visiting Fellow at the Maastricht University.

Profile picture of Andreea

Experts ECPC-G

United States

Liana Chen

Liana Chen is a partner at Kronenberger Rosenfeld LLP, focusing on privacy and digital advertising matters. As an attorney based in California, she advises businesses on US regulatory compliance, including under federal standards, such as Federal Trade Commission (FTC) rules and guidelines, and state privacy laws, such as the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA). Liana regularly assists clients navigating complex data protection and cybersecurity laws in a global economy, including by building privacy programs and drafting legal contracts. Liana also defends companies that are investigated or sued by the FTC or other government regulators. She is well-versed on privacy issues involving marketing, technology, financial offers, social media, health and insurance, biometrics, unauthorized access and security breaches, wiretap laws, and data brokering and selling; and her experience spans the Children’s Online Privacy Protection Act (COPPA), Gramm-Leach-Bliley Act (GLBA), related Safeguards and Privacy Rules, Stored Communications Act (SCA), and Electronic Communications Privacy Act (ECPA).

Liana earned her B.A., summa cum laude, from UC San Diego and J.D., with high honors, from George Washington University Law School. For over a decade, she has taught and moderated various courses to both law students and attorneys. She has litigated in state and federal courts across the US. She is also an active member of the International Association of Privacy Professionals (IAPP) and Internet Law Leadership Summit (ILLS); and she served on the Executive Committee of the Bar Association of San Francisco (Barristers, Litigation). Previously, Liana handled FTC and data privacy cases at an international law firm in Washington, DC.

Liana

Jeewon Kim Serrato

Jeewon Kim Serrato is partner in the San Francisco, co-lead of the Digital Transformation and Data Economy team and co-lead of the U.S. Consumer Privacy practice at BakerHostetler. Her practice focuses on guiding organizations through periods of transformation and change, whether it is driven by innovation or crisis management. She counsels clients in the areas of consumer privacy, cybersecurity, data optimization and data science.

Before joining Baker, Jeewon served as Legislative Counsel for the US House of Representatives in Washington, DC, and as head privacy executive for two public companies, a global data broker and a major financial services institution with $3.5 trillion in assets. Jeewon advises C-suite level executives on the impact that critical business events involving technology and data can have on the customers, employees and the bottom line. Jeewon helps design and execute compliance programs for international corporations, as well as negotiate cross-border M&A deals, and advise on high-stakes investigation and dispute matters. She has a thorough understanding of U.S. and global privacy regulations, including the California Consumer Privacy Act (CCPA) and the EU General Data Protection Regulation (GDPR). Most recently, Jeewon represented Sephora in the first-ever CCPA settlement with the California Department of Justice. 

Jeewon formerly served on the U.S. Department of Homeland Security Data Privacy and Integrity Advisory Committee and as Inaugural Chair of the California Lawyers Association’s Privacy Law Section Executive Committee. She is co-author of the International Association of Privacy Professionals (IAPP) publication, Data Processing Agreements: Coordination, Drafting and Negotiation (2019) and the “International Personal Data Protection and Cross-Border Data Transfers” chapter of Privacy Compliance and Litigation in California (2021), a publication of the Continuing Education of the Bar (CEB), a non-profit program of the University of California.

Jeewon earned her B.A. from UC Berkeley, a J.D. with UC Berkeley School of Law, and a Certificate with Honors from the International Program of Political Science and Social Sciences from Institut d'Etudes Politiques de Paris.

jeewon

Jonathan Lurie

Jonathan Lurie is a founding partner of The Law Offices of Lurie and Ferri. His career has seen him as either outside “inside counsel” or pure privacy compliance counsel for an enormous array of businesses ranging from startups to brick and mortar stores to international eCommerce companies.  He has advised on developing full privacy programs in unique, data driven environments as well as worked with businesses to address enforcement actions. A frequent speaker on privacy issues, he has presented numerous times on the complex patchwork of U.S. omnibus privacy laws. He has a passion for helping entrepreneurs, as well as tech and entertainment focused startups, with the many legal issues a growing business will face on the way to achieving the dreams of their founders. He is current Chair of the Intellectual Property Section of the California Lawyers Association.

Profile photo of Jon Lurie

Brazil

Domingos Farinho

Domingos Farinho is an Assistant Professor at the University of Lisbon School of Law. He is also a Senior Fellow of the Lisbon Public Law research centre where he coordinates the Lisbon Digital Rights and Freedoms research group. His main areas of research are Administrative Law (especially EU Regulatory Law), Fundamental Rights (mainly Privacy and Data Protection), and Legal Theory. He is also a legal consultant working in the field of TMT and digital public law. He has been especially interested in fundamental rights in the context of Public Administrations and Cyberspace. He has coordinated and participated in several courses regarding Data Protection, the GDPR and access to State-held information.

Domingos

Miriam Wimmer

Miriam Wimmer is a member of the first Board of Directors of the Brazilian National Data Protection Authority, ANPD. She holds a PhD degree in Communications from the University of Brasilia, and a Master degree in Public Law from the State University of Rio de Janeiro. She is also a Professor at the Law School of IDP, in Brasília, and guest lecturer on digital law and personal data protection at several other educational institutions. As a professional civil servant since 2007, she has held senior positions in different public bodies in Brazil, such as the national telecommunications regulator, the Ministry of Science and Technology, and the Ministry of Communications. She has been involved in policy discussions concerning personal data protection since 2011, and had an active role throughout the entire process of drafting and approval of the Brazilian legislation currently in force.

Miriam

Kenya

Amit Gadhia

Amit Gadhia is an experienced and dual qualified data protection lawyer with over 24 years of legal practice in Kenya. Amit has advised organisations of all sizes on Data Protection compliance requirements under the Kenya Data Protection Act, 2019 (DPA) and General Data Protection Regulation (GPDR).
Amit’s recent major assignments and experience include conducting a Data Protection Impact Assessment for a major infrastructure project in Kenya and advising them on various aspects of data protection; being part of a team for Data Protection compliance project for a national airline with international operations, specifically assisting on data mapping and inventory, privacy by design and staff training; advising a national supermarket chain in Kenya on their Data Protection compliance requirements and registration with the Office of the Data Protection Commissioner and being a data protection consultant with a leading regional audit and assurance, tax and outsourcing provider across East Africa.
Amit’s qualifications and credentials include Advocate of the High Court of Kenya, Solicitors of the Senior Courts of England and Wales, Certified Privacy Engineer (foundation level - Data Protocol), OneTrust Fellow of Privacy Technology, Certified Privacy International Professional (CIPP/E) an an LL.B. (Hons) title from the Cardiff University, Wales, UK.

Amit

Rose Mosero

Rose Mosero, HSC, FIP is the Deputy Data Commissioner- Compliance at the Office of the Data Protection Commissioner, Kenya.  Prior to taking up that position, Rose also served as the Legal, Policy and Regulatory Advisor to the Cabinet Secretary in the then, Ministry of ICT, Innovation and Youth Affairs, and as an advisor to the Data Commissioner (secondment) and technical lead on data protection.

Rose is a dually registered lawyer having been admitted as an Australian Legal Practitioner and an Advocate of the High Court of Kenya. Rose is also a Fellow of Information Privacy having been conferred that designation by the International Association of Privacy Professionals in recognition of her expertise in the field of Privacy and Data Protection. Rose also serves as an advisory board member at the International Association of Privacy Professionals.

Rose received a Head of State Commendation (HSC) from H.E. The President of the Republic of Kenya in recognition of her contribution to Kenya's ICT Regulatory and Policy frameworks, including Digital Economy and Data Protection.

Rose Mosero

Canada

Anca Sattler

Anca Sattler is Senior Associate General Counsel at Global Payments, Inc., a global fintech company based in Atlanta, GA. Anca’s responsibility is leading privacy and data protection compliance, primarily for Europe and Canada. Prior to joining Global Payments, Anca was in private practice where she focused on privacy, data protection and international trade as part of Dentons Canada, a large multinational law firm. In her capacity as counsel, Anca represented large multinational companies in their privacy and trade-related matters and acted as external Data Protection Officer for various businesses operating in Europe. Anca earned her J.D., cum laude, from the University of Ottawa where she specialized in international law and is certified by the International Association of Privacy Professionals in both European privacy law (CIPP/E) and Canadian privacy law (CIPP/C). Currently, Anca has obtained an Advanced Masters' Degree with the Maastricht European Centre on Privacy and Cybersecurity. 

Anca

India

Sajai Singh

Sajai Singh is the Co-Chair of the Firm’s Corporate Practice. His practice focuses primarily on compliance with particular emphasis on cross-border issues. He is an acclaimed compliance lawyer with more than 32 years of experience representing a wide variety of industries, businesses and sectors. He started his career as a litigator, litigating labour and employment matters. Thereafter, he moved to transactional and compliance work. This wealth of experience means that he understands complex compliance issues that arise in major transactions and can provide practical solutions to resolve these issues; providing advice that goes well beyond legal and contractual matters, and into the technical and commercial heart of the success of the transaction. In terms of sectors, Sajai maintains an active practice in the Knowledge based industries sectors. He is known as a pioneering lawyer supporting the development of the Information Technology sector in India. Sajai has mapped the development of technology law in India and is today an expert in cyber security and data privacy matters in India. He is on the breach response teams of various international organizations, including insurance companies. He regularly publishes and speaks on a variety of legal, regulatory and compliance related topics, specially focused on cross-border trade. Sajai is passionate about education, and regularly conducts client education seminars, executive education programs and boot camps for young lawyers. The Cyberspace Camp ™ program is one such program he has patronized and promoted in several developing nations. Sajai is the Past President of ITechLaw, the International Technology Lawyers Association, headquartered in the US. This is a first for any Asian.

Sajai

Japan

Daniel Schwarz

Daniel Schwarz is an IT System Engineer and Entrepreneur in Tokyo with over 15 years of experience in the field. 

He holds a degree in Computer Science - System Integration and has a strong background in Data Ethics and Data Privacy. In addition to his work as Founder and CEO of ITD-GBS Tokyo, Daniel is also active in the broader IT community in Japan. He is the chairman of the IT roundtable at the German Chamber of Commerce and Industry, and has served as a guest speaker at events organized by the EU Delegation in Tokyo and the Japanese Privacy Commission. He is also the creator of Mobyl, a plug and play IT solution, which was has been recognized as social change maker by the Nippon Foundation in Japan.

Daniel is known for his dedication to using technology for social good, and has developed an edX course on AI and data ethics in collaboration with the Tokyo Institute of Technology, and is frequently invited to speak on topics related to technology and privacy. With his expertise and passion for making a positive impact, Daniel is a valuable asset to the IT community in Japan.

Daniel

Tobias Schiebe

Tobias Schiebe is a qualified German lawyer, Certified Data Privacy Professional (CIPP/E) and Registered Foreign Attorney in Japan. Tobias is based since 10 years in Tokyo. He regularly deals in his legal practice in Japan with data protection and data privacy issues, in particular in a multinational cross-border context, advising clients from a wide range of industries, such as IT, E-Commerce, Consumer Goods and Mobility.

Tobias’s academic background and legal training in Europe and the Asia-Pacific Region includes work experience in a Japanese law firm in Tokyo, the largest trade union in New Zealand and the Hamburg office of an Anglo-American law firm.

Tobias is a frequent speaker at seminars and trainings for business people in Japan and Europe. In March 2021, Tobias co-established in Japan the service “unwyr” in cooperation with IT-Deutschland Global Solutions K.K. to seamlessly provide IT and legal services with regard to data protection compliance.

Tobias

Australia and New Zealand

Chloe Hatzis

Chloe Hatzis is internationally experienced at implementing information security in business operations. She has an LLB (Hons) and a decade of experience in business operations, cyber security strategy, international privacy and data protection, information security management, corporate governance, and cyberlaw training for executive level management. 

Her unique skill-set enables her to bridge the gap between implementing law, technology, business process and security to empower individuals and organisations to make informed decisions about their information.

Chloe is the Company Secretary for the Australian Information Security Association (AISA) and has been active in the AISA community since 2018, previously holding the position of Deputy Branch Chair for the Melbourne Executive Committee.

Chloe

Helaine Leggat

Helaine Leggat is an internationally recognised lawyer and one of a few in the world with this unique set of skills linked to over 20 years of hands-on experience. Her core belief is that personal data is the most important kind of information that there is in the world today - tantamount to national security. All her work involves some aspect of privacy and data protection compliance, risk, ethics, and security.

She has considerable international experience across banking, insurance, resources, emergency services, defence, education, health, utilities, retail, logistics, personal data protection, governance, telecommunications and emerging technologies, often working with large teams to implement technology solutions.

Helaine is the author of numerous publications in Australia and internationally on the application of national legal systems to cyberspace, privacy and data protection, surveillance, ethics, and information/hybrid warfare. Helaine regularly presents at international conferences and has been actively engaged in teaching and knowledge transfer for government, the private sector and academia for many years.

Helaine graduated in Law at the University of South Africa in 1990 and completed the transfer of her degree to practice in Australia through the University of Sydney in 2016.

Helaine

China

Arlene Zhang

Arlene Zhang is an experienced data protection and privacy compliance expert from China. She is familiar with data privacy protection laws and regulations both domestic and overseas, including Personal Information Protection, Data Security, Cybersecurity, GDPR and CPRA etc.

Based on her software development experience, she works with Business and R&D, Product and Security teams to covert legal requirements into technical and process solutions and implement them in a closed loop to fulfil the Privacy by Design.

She specializes in privacy consulting, providing privacy impact assessments, Privacy by Design UX design guidelines, cross-border data transfer, and AI model evaluations to product teams. She has a successful track record of developing and implementing privacy compliance systems for global technology companies

Arlene Zhang

João Barreiro

Based in London, João Barreiro is a qualified lawyer and currently the Chief Privacy and Data Ethics Officer of BeiGene, a biopharmaceutical company with 11,000 employees listed on the NASDAQ, Hong Kong and Shanghai stock exchanges. He leads a team of experts in privacy, information governance, digital data laws and AI, across US, China and Europe. He was recognized as the 2022 Privacy Executive of the Year by the PICCASO Privacy Awards for his outstanding work at BeiGene.

Some of the highlights of his career include:

  • Former global Chief Privacy Officer of HCL Technologies and Willis Towers Watson
  • Past privacy positions at the European Medicines Agency, IBM, and Celgene (BMS)
  • Co-author of several publications, including the book "Privacy Program Management", the main training material for the IAPP CIPP/M certifications, and “The Role of Privacy in ESG Explained”
  • International Association of Privacy Professionals (IAPP) Research Advisory Board and European Advisory Board
  • UK's Government International Data Transfers Expert Council
  • Consultative Expert on Digital Ethics at the European Insurance and Occupational Pensions Authority (EIOPA)
  • Board of Directors of the International Pharmaceutical & Medical Device Privacy Consortium (IPMPC)
Joao Barreiro

Programme Management

Joyce Groneschild

Joyce Groneschild is the Deputy-Director of the European Centre on Privacy and Cybersecurity (ECPC) at the Faculty of Law. Joyce is a strategic marketing specialist with a strong focus on value co-creation. She has a longstanding experience in running executive education programmes for professionals, managing large projects and developing executive programmes to fit organisations’ needs globally.

Joyce Groneschild

Programme Coordinator

Helena Bossini Castillo

Helena Bossini Castillo is a Lecturer at the European Centre on Privacy and Cybersecurity (ECPC), which she joined in September 2023. Before joining ECPC, Helena worked as a Privacy Officer at the Faculty of Health, Medicine and Life Sciences at Maastricht University, where she advised on the compliant use of health data for research and education. In this role, she gained extensive experience in the challenges that researchers and the healthcare sector face in improving the quality of life of patients while protecting their privacy. Her professional experience also includes working as a legal and privacy advisor for hospitals, start-ups and automotive companies.

In addition to her work at Maastricht University, Helena participated in the working groups for the implementation of the Code of Conduct for Scientific Research promoted by Health-RI and Coreon in the Netherlands. In addition, she contributed to the discussion on the secondary use of health data in the Netherlands carried out by Health –RI.

Helena Bossini Castillo