Sarah Artola

Legal Officer, CNIL

Sarah is a Legal Officer at the AI Department of the French Data Protection Authority (CNIL). She joined the CNIL in 2022 and has been participating since then in the elaboration of the CNIL and the EDPB’s doctrine on the application of the GDPR to the development of AI systems.

Isabel Barberá

Senior Advisor at the Dutch Coordinating Supervisor on AI and Algorithms (DCA), Dutch DPA

Isabel Barberá is a recognized expert in AI privacy, security, and risk management. She works as Senior Advisor for the Dutch Coordinating Supervisor on AI and Algorithms (DCA) at the Autoriteit Persoonsgegevens (AP), the Dutch DPA and also serves as an expert for the Council of Europe’s Data Protection Unit, where she researches privacy risks, mitigations, and evaluation methods for Large Language Models. Isabel also contributes as an expert to the development of European AI standards on risk management, cybersecurity and incident reporting at CEN/CENELEC and ETSI. She is a member of ENISA’s Ad Hoc Working Group on Data Protection Engineering, and through the EDPB’s Support Pool of Experts, she has contributed in the past to several AI-related projects. Isabel is also an independent researcher on AI risks and safety, contributing to international initiatives such as the MIT AI Risk Repository and NIST’s AI Risk Identification and Assessment (ARIA). She is the author of PLOT4AI, an open-source threat modeling framework designed to support the identification of AI risks during the development and deployment of AI systems.

Prof. Theodore Christakis

Professor, Université Grenoble Alpes

Theodore Christakis is Professor of International, European and Digital Law at University Grenoble Alpes (France), Director of the Centre for International Security and European Law (CESICE), Director of Research for Europe with the Cross-Border Data Forum, Member of the Board of Directors of the Future of Privacy Forum and a former Distinguished Visiting Fellow at the New York University Cybersecurity Centre. He is Chair on the Legal and Regulatory Implications of Artificial Intelligence with the Multidisciplinary Institute on AI (AI-Regulation.com).  As an international expert he has advised governments, international organisations, and private companies on issues concerning international and European law, cybersecurity, artificial intelligence, and data protection law. He served as a member of the French National Digital Council and as an expert for the OECD in the process which led to the adoption, in December 2022, of the OECD Declaration on Government Access to Personal Data Held by Private Sector Entities. He is currently serving as a member of the French National Committee on Digital Ethics as well as a member of the International Data Transfers Experts Council of the UK Government and an expert for the High-Level Expert Group on Access to Data for Effective Law Enforcement created by the European Commission and the Council of the European Union. He also has experience working as external Data Protection Officer (GDPR compliance).

Itxaso Domínguez de Olazábal

Policy Advisor, EDRi

I​​txaso Domínguez de Olazábal (she/her), PhD, is a Policy Advisor at European Digital Rights (EDRi), specialising in data protection with a focus on commercial surveillance. Her work examines the intersection of technology, surveillance, and content governance, highlighting the need to protect both individual and collective rights, particularly for vulnerable communities within and beyond Europe. She has extensive experience in digital rights, including at 7amleh, where she addressed the extraterritorial impact of EU digital laws and corporate responsibility in violating rights across the Global Majority. In addition to her role at EDRi, Dr Domínguez de Olazábal is a professor of international relations and geopolitics.

Lorelien Hoet

Director EU Government Affairs, Microsoft

Lorelien Hoet is Director of EU Government Affairs at Microsoft. In this role, she deals notably with European questions regarding privacy, law enforcement, content regulation and telecommunications policies. Before joining Microsoft in 2018, she worked as a legal executive at Proximus, holding different positions including Head of Legal Consumer business, and at Orange where she worked as Director of Regulatory Affairs. She holds an LL.M from KU Leuven and was also active as attorney at the bars of Brussels and Stockholm.

Laura Lazaro Cabrera

Counsel and Director of the Equity and Data Programme, CDT Europe

Laura Lazaro Cabrera is Counsel and Director of the Equity and Data Programme at the Centre for Democracy and Technology Europe Office in Brussels, where she leads the work promoting the effective protection of fundamental human rights in the implementation of European Union legislation regulating new technologies, notably the AI Act. Laura has a background in data protection, and previously worked in an international privacy NGO focussing on surveillance and harmful uses of automation by governments.

Bárbara Lazarotto

Marie-Sklodowska Curie Action’s Fellow, VUB

Barbara Lazarotto is a PhD researcher at the Law Science Technology and Society research group at the Vrije Universiteit Brussel. She is a Marie-Skloswska Fellow at Horizon 2020 Legality Attentive Data Scientists – LeADS Project.

Prof. Gianclaudio Malgieri

Honorary Director, Leiden University & Brussels Privacy Hub

An Associate Professor of Law and technology at Leiden University (the Netherlands), where he is a Board Member of the eLaw Center for Law and Digital Technologies. He is a Honorary Director of the Brussels Privacy Hub, as the Managing Editor of CLSR (Computer Law & Security Review, Elsevier), and co-leads “VULNERA“, the International Observatory of Vulnerable People in Data Protection. He is the Project leader of RESOCIAL, an NWO-funded project on vulnerability and resilience on social media and he is the author of “Vulnerability and Data Protection Law” (Oxford University Press, 2023). Gianclaudio has authored over 80 publications, including articles in leading international academic journals. His works have been cited by, inter alia, top international newspapers (The New York Times, The Washington Post, Le Monde, Politico, La Tribune) and European and International Institutions.

Bianca-Ioana Marcu

Managing Director for Europe, FPF

Bianca-Ioana Marcu is the Managing Director for Europe at the Future of Privacy Forum (FPF), where she advances thought leadership on data protection, privacy, and AI regulation from a global perspective. Leading a team of legal and policy experts in Brussels, Bianca’s work at FPF focuses on finding pathways for continued cooperation and dialogue on digital regulation, ensuring that strong respect for fundamental rights coexists alongside technology development.

Prior to joining FPF, Bianca was the Managing Director of the Computers, Privacy and Data Protection (CPDP) Conference, served as co-Director of the Belgian NGO Privacy Salon, as well as a Researcher in Law at the LSTS Research Group of the Vrije Universiteit Brussel. With an LLM in International Law, Globalisation and Human Rights from Maastricht University, Bianca’s research and publications have previously focused on Data Protection as the Last Line of Defence (Springer Nature), the legal challenges of Biometrics, Facial Recognition and the Fundamental Rights of Minors (European Law Blog), and on AI regulation from the perspective of international law (FPF).

In addition to managing the Europe office, Bianca also coordinates FPF’s presence in Africa by centering African-led expertise, fostering inclusive collaboration, and advancing the global digital regulatory dialogue by connecting local priorities with global developments. Bianca also held roles in advocacy, with a focus on gender justice, and holds a Data Protection Officer (DPO) certification from the European Centre on Privacy and Cybersecurity.

Olivier Micol

Head of the Data Protection Unit, DG JUST, European Commission

Olivier Micol is since 2016 the head of the Data protection unit within the Directorate General for Justice and Consumers of the European Commission. His tasks include monitoring the implementation of the EU data protection rules, in particular the GDPR, and the respect of these rules in all EU policies. 

Within the European Commission, he previously followed the bilateral trade relations between the EU and Asia for 12 years, in the Directorate General for Trade and in the EU Delegation in China. He also worked for 7 years in the field of consumer policy, as deputy head of the Consumer strategy unit, and subsequently as head of the Financial services and redress unit in the Directorate General for Justice and Consumers.

Prof. Norman Sadeh

Professor, Carnegie Mellon University

Norman Sadeh is a Professor in the School of Computer Science at Carnegie Mellon University (CMU). Sadeh has (co-)founded and (co-)directed several groundbreaking graduate programs at CMU. This includes the Privacy Engineering Program (co-founder and co-director,2012-present), the Ph.D. Program in Societal Computing (co-founder and co-director, 2003-2013), and the MBA track in Technology Strategy and Product Management launched jointly by the Tepper School of Business and the School of Computer Science (co-founder and director, 2005-2017). Sadeh’s current research interests include cybersecurity, online privacy, Human-AI Interaction, AI governance, mobile computing, the Internet of Things, user-oriented machine learning, language technologies, and semantic web technologies.

Sadeh is well known for his pioneering work on AI-based privacy enhancing technologies, including the development of privacy assistants, the development of automated privacy compliance tools, and the development of NLP-based privacy enhancing technologies. He has also conducted foundational work on modeling people’s privacy expectations and preferences and on privacy and security nudging. His work has been credited with influencing the development of privacy-enhancing solutions at companies that include Apple, Google and Facebook/Meta (e.g., more expressive mobile app permissions, background privacy reminders/nudges, privacy dashboards, privacy compliance tools, mobile app privacy labels). Sadeh is the lead designer of CMU’s Privacy Infrastructure for the Internet of Things (IoT). Results of his research have also informed privacy policy and activities at regulatory agencies, including the Federal Trade Commission and the California Office of the Attorney General (e.g., mobile app privacy compliance, CCPA privacy opt-out notices, IoT privacy).

Guido Scorza

Member of the Board, Italian Data Protection Authority (Garante)

Guido Scorza is a lawyer, journalist, and adjunct professor of law in new technologies and privacy. He is a member of the Board of the Italian Data Protection Authority and formerly a Supreme Court lawyer and founding partner of the law firm E-Lex.

He has held institutional roles including Head of Legal Affairs for the Italian Digital Transformation Team, legal advisor to the Minister for Innovation, government representative at ICANN, and member of the Council of Europe’s ad hoc committee on AI regulation.

He teaches privacy, IT law, and digital rights at several Italian universities, including Roma Tre, UNINT, and Bologna.

He is the author of several books, such as Diario di un chatbot sentimentale (Luiss Press), Neuroverso (Mondadori), La privacy explained simply to young people (Mondadori), Processi al futuro (Egea), and Artificial Intelligence (Mondadori).

Prof. Sophie Stalla-Bourdillon

co-Director, Brussels Privacy Hub

Sophie Stalla-Bourdillon is co-Director of the Privacy Hub. She is also a visiting professor at the University of Southampton Law School of law, where she held the chair in IT law and Data Governance until 2022. She was Principal Legal Engineer at Immuta Research for six years. Sophie is the author and co-author of several legal articles, chapters and books on data protection and privacy. She is Editor-in-chief of the Computer Law and Security Review, a leading international journal of technology law, and has also served as a legal and data privacy expert for the European Commission, the Council of Europe, the Organisation for the Cooperation and Security in Europe, and for the Organisation for Economic Cooperation and Development.

Vincenzo Tiani

EU Senior Policy Counsel, FPF

Vincenzo Tiani is an EU Senior Policy Counsel at the Future of Privacy Forum, based in Brussels, where he primarily focuses on the intersection of data protection and AI.

Vincenzo holds an LL.M in IP and ICT Law from KU Leuven. He is an Adjunct Professor at IULM University in Milan, Italy, where he teaches copyright and data protection, and at EDHEC Business School in Lille, France, where he instructs on Digital Law and Data Regulation. Since 2022, he has been a Ph.D. candidate at the VUB University of Brussels and serves as the Programme & Dissemination Coordinator of the Brussels Privacy Hub, researching topics related to artificial intelligence and personal data protection.

Since 2017, Vincenzo has been a regular contributor to various Italian media outlets, including Wired, Vice, Il Sole 24 Ore, La Repubblica, StartupItalia, and Domani, writing about European digital policies.

Prior to joining FPF, Vincenzo’s career included roles at the European Parliament, where he focused on European Copyright reform; EDRi, an NGO dedicated to protecting citizens’ fundamental rights online; and CDT, the Center for Democracy & Technology, an international organization that safeguards fundamental rights online and works to maintain a free and innovative Internet. From October 2020 to November 2024, he worked as the Resident Partner of PANETTA Law Firm in Brussels, representing the firm.

Vincenzo has been a member of the Hermes Center for Transparency and Digital Human Rights, an Italian NGO, since 2018, where he monitors European legislative developments and their impact on fundamental rights online. In spring 2020, he was appointed to the Italian Ministry of Innovation’s Data Task Force to assess the data protection impact of Covid-19 contact tracing apps. From 2022 to 2024, he served as an External Advisor on AI and Digital issues for the office of MEP Brando Benifei, co-rapporteur of the AI Act. In 2024, he joined the OECD expert group on Data Protection and AI.

Monika Tomczak-Gorlikowska

Global Head of Privacy, Digital & AI Governance, Prosus Group

Monika Tomczak-Górlikowska is the Global Head of Privacy, Digital & AI Governance for the Prosus Group – a multinational consumer internet group with headquarters in Europe and one of the largest technology investors in the world. Monika also serves as a member of the Board of Directors of the International Association of Privacy Professionals (IAPP). Monika began her career at the Legal Service of the General Secretariat of the Council of the EU in Brussels. She is now based in Amsterdam and previously was the Senior Data Privacy Legal Counsel at Shell International Limited in London. Monika is a licensed attorney (adwokat) with over 25-years in practice. Prior to her in-house tenures she was in private practice, including at the offices of Miller, Canfield in Poland. She holds a Master of European Law degree (LLM cum laude) from the Law Department of the College of Europe in Brugge (Belgium). Monika has also served as Co-Chair of the Steering Committee of the Forum on International Privacy Law and a member of the IAPP European Advisory Board. Monika is also hexalingual: she speaks English, French, Spanish, Italian, Polish and Portuguese fluently.

Pablo Trigo Kramcsák

PhD Researcher, VUB

Pablo Trigo Kramcsák is a PhD researcher in the Law, Science, Technology and Society Research Group (LSTS) at the Vrije Universiteit Brussel (VUB). His PhD research explores the legitimate interest as a suitable legal ground for processing AI training datasets, considering the potential impacts on data subjects’ rights. He is also a researcher at the Centre for Information Technology Law Studies within the Faculty of Law at the University of Chile, delving into the dynamics of data protection laws, cross-border data flows, and digital trade. Pablo obtained his LLB degree from the Pontifical Catholic University of Chile and holds an LL.M. degree in International Law from the University of Heidelberg and the University of Chile.

Wojciech Wiewiórowski

European Data Protection Supervisor

European Data Protection Supervisor (EDPS) since December 2019.

Adjunct professor in the Faculty of Law and Administration of the University of Gdańsk. He was among others adviser in the field of e-government and information society for the Minister of Interior and Administration, the Director of the Informatisation Department at the Ministry of Interior and Administration. He also represented Poland in committee on Interoperability Solutions for European Public Administrations (the ISA Committee) assisting the European Commission.

The Inspector General for the Protection of Personal Data (Polish Data Protection Commissioner) 2010-2014 and the Vice Chair of the Working Party Art. 29 in 2014. In December 2014, he was appointed as Assistant European Data Protection Supervisor while in December 2019 he became the new Supervisor.

His areas of scientific activity include first of all Polish and European IT law, processing and security of information, legal information retrieval systems, informatisation of public administration, and application of new IT tools (semantic web, legal ontologies, cloud, blockchain) in legal information processing.

Gabriela Zanfir-Fortuna

Vice President for Global Privacy, FPF

Dr. Gabriela Zanfir-Fortuna is a globally recognized data protection law expert, with 15 years of experience in the field split between Europe and the U.S., spanning academia, public service, consulting and policy. She currently is Vice President for Global Privacy at the Future of Privacy Forum, a global non-profit headquartered in Washington DC, coordinating FPF’s offices and partners in Brussels, Tel Aviv, Singapore, Nairobi, and New Delhi, and leading the work on global privacy and data protection developments related to new technologies, including AI. She is also a founding Advisory Board Member of Women in AI Governance, and an affiliated researcher to the LSTS Center of Vrije Universiteit Brussel.

Dr. Zanfir-Fortuna worked for the European Data Protection Supervisor and is a member of the Reference Panel of the Global Privacy Assembly – the international organization reuniting data protection authorities around the world, as well as a member of the T20 engagement group of the G20 under Brazil’s Presidency in 2024.

She was elected to be part of the Executive Committee of ACM’s Fairness, Accountability and Transparency (FaccT) Conference (2021-2022). Her scholarship on the GDPR is referenced by the Court of Justice of the EU, and in 2023 she won the Stefano Rodota Award of the Council of Europe for the paper “The Thin Red Line: Refocusing Data Protection Law on Automated-Decision-Making“, alongside her co-authors. Dr. Zanfir-Fortuna holds a PhD in Law with a thesis on the rights of the data subject under EU Data Protection Law, and an LLM in Human Rights (University of Craiova).