The ICTLC team constantly monitors and studies the most updated data protection and cybersecurity ethical, legal, and technical standards and other relevant developments (e.g., legislative updates, caselaw), so as to develop relevant frameworks for its clients. This is done in furtherance of ICTLC’s core activities, given that ICTLC’s professionals are involved in other EU projects and also assist multinational companies and organizations with respect to legal, security and ethical issues involving information and communication technologies. Moreover, ICTLC supports and represents its clients before relevant public institutions (including, for example, the Italian Data Protection Authority) on all matters related to the legal implications of both the development and use of new information and communication technologies and the Internet. ICTLC therefore brings all of its prior relevant theoretical and practical expertise, in the field of legal consultancy, to its participation in the Project, and views this participation as an opportunity to further consolidate its status as privileged observer of regulatory and policy trends involving the above-mentioned matters. As a result, ICTLC can provide state-of the-art and up-to-date guidance to the Project on legal, regulatory, ethical and societal aspects related to the development of new projects involving information and communication technologies (including those developed in the context of the Project). As part of an ongoing exercise developed in the context of the Project, ICTLC is using its expertise to assist the PolicyCLOUD Consortium in the identification and implementation of the relevant legal, regulatory, ethical and societal requirements triggered by the Project, to ensure that they are adequately addressed, in accordance with the principles of ethics, compliance and data protection by design.
To illustrate this expertise, please see a summary of relevant academic and professional accomplishments regarding the two ICTLC Founding Partners involved in the Project below:
Paolo Balboni, ICTLC founding partner, is Professor of Privacy, Cybersecurity, and IT Contract Law at the European Centre on Privacy and Cybersecurity (ECPC) within the Maastricht University Faculty of Law. He is involved in European Commission studies on new technologies and participated in the revision of the EU Commission proposal for a General Data Protection Regulation. Paolo Balboni played an active role in the drafting of the European Union Commission Data Protection Code of Conduct for Cloud Service Providers. He co-chairs the PLA Working Group of Cloud Security Alliance and has acted as the legal counsel for the ENISA projects on ‘Cloud Computing Risk Assessment’, ‘Security and Resilience in Governmental Clouds’, and ‘Procure Secure: A guide to monitoring of security service levels in cloud contracts’.
Luca Bolognini, ICTLC founding partner, is the President of the Italian Institute for Privacy and Data Valorisation (Istituto Italiano per la Privacy e la Valorizzazione dei Dati), the main think tank dedicated to advanced data protection studies in Italy established in 2008 and he has been acknowledged as “The Legal 500 EMEA 2020” Data Privacy and Data Protection Leading Individual for Italy. He serves as an independent Ethics and Privacy Advisor for several European research and innovation projects (Horizon 2020) and as an Expert Coach for the Executive Agency for Small & Medium-sized Enterprises (EASME) of the European Commission. He is member of the PM boards of the EU H2020 projects “Privacy Flag”, “Cloudwatch 2”, “Cyberwatching”, “nIoVe”, “ANITA”, “NGIoT”, “PREVENT”. Luca Bolognini is a member of the International Core Team of DataEthicsEU and co-chair of the EuroPrivacy Certification Board of Senior Experts.
Development of further expertise with which to provide consultancy to clients on the implementation of big data cloud-based systems (including systems aimed at the development of public policies) in compliance with relevant legal, regulatory, ethical, and societal requirements, so to adequately manage the economic, operational, regulatory, and reputational risks related to potential non-compliance with such requirements.