Paolo Balboni (P.)

Paolo Balboni is Professor of Privacy, Cybersecurity, and IT Contract Law at the European Centre on Privacy and Cybersecurity (ECPC) within the Maastricht University Faculty of Law. He graduated with a degree in Law from the University of Bologna (Italy) in 2001 and completed his Ph.D. in Comparative Technology Law at Tilburg University (The Netherlands) in 2008.

His main research focus is Data Protection as a Corporate Social Responsibility (DPCSR), which can be used to help companies to responsibly further their economic targets and at the same time positively contribute to the development of a fair data-centric society. Looking more precisely at how businesses can consider fair practices, privacy, data protection and data security as assets, DPCSR furthers the concept of fairness by design where fairness is built into the design of data processing activities (services, applications, algorithms, and products that enable information/data processing).  

He supports the European Centre on Privacy and Cybersecurity (ECPC) in the development of the methodology and programme of graduate and certification courses, namely the: Data Protection Officer (DPO) Certification course; Data Protection Officer (DPO) Humanitarian Action Certification; Privacy Executive week; and the Advanced Master on Privacy and Cybersecurity LLM/MSc. He lectures on topics such as how to create an effective Data Protection Compliance Framework, Data Protection by Design and by Default, Cybersecurity, Data Protection Impact Assessments, Cloud Computing, Big data & Analytics, ICT and Data Protection Contracts, the Future of Privacy, and Blockchain.

In 2019, he was appointed as a Member of the EUMETSAT Data Protection Supervisory Authority. In 2021, he was appointed as a Member of the Europrivacy Board of Experts.  In 2022, he was appointed as Chairman of the European Patent Office (EPO) Data Protection Board and as a Member of the European Commission’s Expert Group on B2B data sharing and cloud computing contracts.  

Paolo is involved in several Horizon Europe projects including, Knowledge Technologies for Democracy (KT4D), which is investigating how democracy and civic participation can be better facilitated in the face of rapidly changing knowledge technologies - such as Artificial Intelligence (AI), ARIEN, which is focused on AI-based tools for discovering and investigating illegal drug production and trafficking, and EMPOWER, a Horizon 2020 project, which is creating a Big Data European Platform to Promote Wellbeing and Health in the workplace.  

Paolo furthermore advises the Dutch government on national matters concerning cybersecurity and privacy and in 2018 drafted the national Surinamese Privacy and Data Protection Law.

He is the author of the book Trustmarks in E-Commerce: The Value of Web Seals and the Liability of their Providers (T.M.C Asser Press), and of numerous chapters in international books and  journal articles published in leading international peer-reviewed journals on the topics of Data Protection by Design, Cloud Computing, Big Data and Smart Analytics, Online Seals, Legal Aspects of Blockchain Technology: Smart Contracts, Intellectual Property and Data Protection’, ‘Law Enforcement Agencies Access to Data’, and ‘The Relationship Between Personal Data Protection And Use Of Information In Order To Fight Online-Terrorist Propaganda, Recruitment, And Radicalization’.

Qualified lawyer admitted to the Milan Bar (Italy) as well as registered under Section 16h of the Act on Advocates at the Amsterdam Bar (The Netherlands), Paolo is a Founding Partner of ICT Legal Consulting (ICTLC), a law firm with offices in Milan, Rome, Bologna, Amsterdam, Madrid, Athens, Helsinki, Paris, Lagos and Melbourne and Partner Law Firms in  more than 50 countries around the world. Together with his team he advises clients in the fields of Personal Data Protection, Data Security, Information and Communication Technology and Intellectual Property Law, also acting as Data Protection Officer in outsourcing.

He co-chairs the Privacy Level Agreement (PLA) Working Group of Cloud Security Alliance and has acted as the legal counsel for the European Network and Information Security Agency (ENISA) projects on ‘Cloud Computing Risk Assessment’, ‘Security and Resilience in Governmental Clouds’, and ‘Procure Secure: A guide to monitoring of security service levels in cloud contracts’.

He speaks Italian, English and Dutch fluently and has good knowledge of French, Spanish, and German.