EU-China Symposium on Data Security and Personal Data Protection

Vagelis Papakonstantinou within the Brussels Privacy Hub, the Cyber and Data Security Lab, co-hosted an "EU-China Symposium on Data Security and Personal Data Protection". It was held on 29th November 2019, and was a full-day, by-invitation only event. The symposium aimed at providing researchers, entrepreneurs and government officials from Europe and China a unique opportunity

2019-12-04T08:25:28+00:00November 29th, 2019|Categories: Conferences|Tags: , |

Δέκα σκέψεις για τον ν.4624/2019 και τη σχέση του με τον ΓΚΠΔ

Δημοσιεύθηκε στο e.themis.gr, 25.11.2019   Δέκα σκέψεις για τον ν.4624/2019, τη σχέση του με τον ΓΚΠΔ, και την προστασία δεδομένων προσωπικού χαρακτήρα στην Ελλάδα εν γένει Καθώς έχουν ήδη περάσει λίγοι μήνες από την εισαγωγή του ν.4624/2019 και όχι μόνο οι πρώτες κριτικές έχουν ήδη διατυπωθεί (σε αναμονή βέβαια και της σχετικής γνωμοδότησης της Αρχής

2019-12-02T10:09:16+00:00November 25th, 2019|Categories: Blog posts|Tags: , , |

New Article, The new EU cybersecurity framework: The NIS Directive, ENISA’s role and the General Data Protection Regulation

My new article has been published in Computer Law & Security Review, November 2019 Abstract The NIS Directive is the first horizontal legislation undertaken at EU level for the protection of network and information systems across the Union. During the last decades e-services, new technologies, information systems and networks have become embedded in our daily

2019-11-26T09:02:33+00:00November 24th, 2019|Categories: Blog posts|Tags: , , |

Coming of age in the digital age: The GDPR and the children’s license to surf the web

Published on LinkedIn, 6 May 2019.   *** This is part of the GDPR ethics series; A broad mission statement may be found in its opening text. *** Article 8 of the GDPR puts forward the conditions under which children can lawfully consent to the processing of their data by third parties over the internet. In this way it

2019-05-25T06:04:38+00:00May 6th, 2019|Categories: Blog posts|Tags: , , |

Withdrawal of consent under the GDPR: No justification needed?

Published on LinkedIn, 15 March 2019.   *** This is part of the GDPR ethics series; A broad mission statement may be found in its opening text. *** As seen in the analysis of Article 6 of the GDPR, consent is an important, and by far the preferable, legal mechanism for the lawful processing of personal data. Its importance is

2019-06-01T06:01:11+00:00March 15th, 2019|Categories: Blog posts|Tags: , , |

Consent under the GDPR: When is it really “freely given”?

Published on LinkedIn, 7 February 2019.   *** This is part of the GDPR ethics series; A broad mission statement may be found in its opening text. ***   Same as with Article 5, an article-by-article analysis of the GDPR from an ethics point of view need not go further than the first sentence when it comes to its Article

2019-05-25T05:26:39+00:00February 7th, 2019|Categories: Blog posts|Tags: , , |

What is “fair” in “fair and lawful” processing of personal data?

An article by article analysis of the GDPR from an ethics perspective need not go any further than the first line when it comes to its Article 5: “Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’)”. What is “lawful processing” one

2019-01-19T18:48:10+00:00January 19th, 2019|Categories: Blog posts|Tags: , |

Member of the Greek GDPR implementation law-making committee

Appointed a member of the law-making committee drafting the GDPR (and the Police and Criminal Justice Data Protection Directive) implementation law in Greece. The law-making committee, established under the Greek Ministry of Justice, has been in session since 2016 but has not been able to produce a final legislative act yet, although public consultation has

2019-01-17T23:10:42+00:00January 17th, 2019|Categories: Other|Tags: , |

No right to be forgotten for the GDPR

Article 4 of the GDPR contains its definitions. This is in line both with its predecessor, the EU 1995 Data Protection Directive, and general EU law-making: Customarily, in all EU technical legislation a set of definitions comes before the actual legal provisions. This is basic law-writing technique also met in complex contracts: Definitions come first so

2018-12-14T19:18:40+00:00December 14th, 2018|Categories: Blog posts|Tags: , |

Death, taxes, and now the GDPR

Article 3 of the GDPR sets its geographical scope. The general rule is that it applies whenever a controller or a processor is established in the EU regardless where the processing takes place. That is something expected. However, the GDPR also applies to people who are in the EU whenever they surf the web (“offered

2018-12-02T20:20:31+00:00December 2nd, 2018|Categories: Blog posts|Tags: , |

About My Work

Thank you for taking the time to visit my website! You can learn more about me here. Please feel free to use and re-use information published on this website, but do keep in mind the date of publication.

You can contact me at vagelis AT papakonstantinou DOT me, or through my online social network accounts.

Recent Works

Recent Posts