Our experts

Cosimo Monda

Cosimo Monda is the Director of the Maastricht European Centre on Privacy and Cybersecurity (ECPC), which has been established in 2016 at the Law Faculty, Maastricht University.

At ECPC his work has a strong European and international outlook in the field of privacy and cybersecurity, steering an interdisciplinary group of researchers, academics and professionals active in areas of fundamental rights, data privacy, transparency and confidentiality, IT, data security, and more. Cosimo Monda has a longstanding experience in designing executive education, certification courses and online learning modules for professionals who are required to deal with new regulations and on-going developments in the privacy and cybersecurity market. Before joining Maastricht University, he was working at the European Institute of Public Administration, as Senior Lecturer and Head of Information, Publications, and Marketing services. He holds a Law Degree obtained at the University of Bologna.

His fields of expertise include Data Protection and Cyber security, EU Information Management; Transparency and access to documents; EU Agencies; EU decision-making procedures and Institutions and EU law. 

Anna Pouliou

Anna Pouliou is an internationally recognized data protection expert with over 15 years of experience in this field. She is a qualified attorney and has held leading roles and led privacy teams in major global corporations but also worked as a partner in the Big4, offering data protection advisory services to private and public sectors alike. In February 2024, she was appointed Chair of the Data Protection Commission at CERN, the data protection supervisory authority of the European Organization for Nuclear Research.

 Anna is also a lecturer and senior fellow in Data Governance, International Privacy Laws, Artificial Intelligence and other related topics at the Universities of Saint-Gallen and Maastricht as well as a regular speaker on technology, IoT, AI, digitalization and data protection with over 100 speaking engagements delivered around the world. She has been teaching at the Data Protection Academy training DPAs globally as well as DPOs in humanitarian action for the United Nations, the Red Cross and other NGOs in Africa and in Asia. Anna is multilingual, speaking a total of seven languages.

Throughout her career, Anna has been actively involved in the advocacy discussions in Brussels and Washington DC since the birth of the GDPR as well as in the international debate on data transfers. Between 2017 and 2022, she was one of the 27 members of the GDPR Multi-Stakeholder Expert Group advising the European Commission on GDPR implementation on behalf of Business Europe. She has also accompanied the European Commission during bilateral discussions on data protection with the US Congress, the governments and privacy regulators of India, Indonesia, Singapore and during multilateral ones at the G20 in Japan. Anna has also acted as National Rapporteur for data protection for the International Federation for European Law (FIDE) in the team of Prof. Vassilis Skouris, former President of the Court of Justice of the European Union. 

Paul Breitbarth

Paul Breitbarth a privacy lawyer from the Netherlands. He currently works as Data Protection Lead for Catawiki, the leading online auction marketplace to buy and sell special objects. In addition, Paul works as Senior Visiting Fellow at Maastricht University’s European Centre on Privacy and Cybersecurity, and serves as Member of the Data Protection Board of the European Patent Office. He is a regular speaker on webinars and at conferences, and co-hosts the Serious Privacy podcast. 

Previously, Paul worked both in the public and private sector in multiple privacy roles, including at TrustArc, Nymity and the Dutch Data Protection Authority. He was an active member of various Article 29 Working Party subgroups, co-authoring opinions on the data protection reform, surveillance, the Privacy Shield and others. In 2015, he organized the International Privacy Conference in Amsterdam. Paul holds a Master of Laws from Maastricht University in the Netherlands.

Paolo Balboni

Paolo Balboni (PhD) is a Professor of Privacy, Cybersecurity, and IT Contract Law at the European Centre on Privacy and Cybersecurity (ECPC) within the Maastricht University Faculty of Law. His main research focuses are cybersecurity, data management/sharing and data protection as a corporate social responsibility, which together can be used to help organisations responsibly further their economic targets and at the same time positively contribute to the development of a fair data-centric society.

Qualified lawyer specialized in ICT, Privacy & Cybersecurity admitted to the Milan Bar and registered to the Amsterdam Bar. He is a Founding Partner of ICT Legal Consulting (ICTLC), an international law firm, and ICT Cyber Consulting, a company specialized in information/data security. Prof. Dr. Balboni is a Recommended Lawyer ranked by The Legal 500 EMEA 2023 in the areas of Data Privacy and Data Protection and Industry Focus: TMT. He is the Chairman of the European Patent Office (EPO) Data Protection Board, Member of the EUMETSAT Data Protection Supervisory Authority, Member of the Europrivacy Board of Experts, Member of the European Commission’s Expert Group on B2B data sharing and cloud computing contracts, and of the Cloud Security Alliance’s AI Safety Expert Group. Prof. Dr. Balboni furthermore advises governments on national matters concerning cybersecurity and privacy and in 2018, he drafted the national Surinamese Privacy and Data Protection Law.

Fernando Silva

Fernando Silva, works as ICT Security Specialist in the Data Protection Unit of the European Parliament since 2022. Started a career with the Portuguese Data Protection Authority in 1995, in the areas of Inspection, audits and ICT department on data protection compliance where carried with more than 500 inspections over 17 years of the career, later performed also the role of DPO at the Portuguese DPA. Was frequent participant in the Joint Supervision Body audit teams to Europol, Eurojust and Schengen Information Systems. In 2012 took the position of Technical Advisor at the Eurojust DPO. In 2014 took the position of eu-LISA's DPO, agency responsible for the operational management of the large-scale systems of Schengen, VISA and Eurodac. In 2019 joined the DP Unit at the Portuguese Central Bank, supporting the DPO. 

Is currently part of the ENISA Data Privacy Engineering AdHoc Working Group and of the IWGDPT.

Is graduated in Electronic and Computers Engineering, certified DPO by EIPA, Certified by SANS on Cloud Security, Blockchain and SmartContracts, Applied data Science and AI Machine Learning for CyberSecurity Professionals, and Auditing Systems and Networks. It is also ISACA Certified Data Privacy Solutions Engineer and Certified Information Privacy Manager by IAPP among other ISO's certifications.

Andreea Lisievici Nevin

Andreea Lisievici Nevin is a Romanian lawyer based in Sweden, with a rich experience advising global organizations on EU data protection and tech law. Her career spans leading law firms as well as  senior in-house roles at Volvo Cars and Boeing, spearheading global privacy compliance initiatives for cutting-edge technologies. She is now Managing Partner of ICTLC Sweden where she continues to help organizations operationalize digital law compliance while mentoring the next generation of privacy professionals through her hub PrivacyCraft.
Recognized as a Fellow of Information Privacy, Andreea holds multiple certifications in the field and is a Visiting Fellow at the Maastricht University.

Helena Bossini Castillo

Helena Bossini Castillo is a Lecturer at the European Centre on Privacy and Cybersecurity (ECPC), which she joined in September 2023. Before joining ECPC, Helena worked as a Privacy Officer at the Faculty of Health, Medicine and Life Sciences at Maastricht University, where she advised on the compliant use of health data for research and education. In this role, she gained extensive experience in the challenges that researchers and the healthcare sector face in improving the quality of life of patients while protecting their privacy. Her professional experience also includes working as a legal and privacy advisor for hospitals, start-ups and automotive companies.

In addition to her work at Maastricht University, Helena participated in the working groups for the implementation of the Code of Conduct for Scientific Research promoted by Health-RI and Coreon in the Netherlands. In addition, she contributed to the discussion on the secondary use of health data in the Netherlands carried out by Health –RI.