ESRs secondments at AGCM, GPDP and VUB

In this special edition of our blog posts, seven of our ESRs write about their experiences and insights they made during their secondments. ESR Cristian Lepore and Aizhan Abdrassulova share their secondment experiences in this post.


The Autorità Garante della Concorrenza e del Mercato (AGCM) is the Italian competition authority and is responsible for enforcing rules against anti-competitive agreements among undertakings, abuses of dominant positions, and concentrations that have anti-competitive effects.

ESR Cristian Lepore at the AGCM

During a one-month secondment at the Italian competition authority in Rome, I focused on various analytical and research tasks related to data management, online privacy, and information acquisition from major gatekeepers, such as Google, Facebook, and Amazon.

Activities were as follows:

  1. Data Analysis and Tool Development:

We firstly examined two distinct datasets, Orbis and Pitchbook. The analysis was streamlined by the following Python program (published on GitHub): This tool foresees its value in uncovering correlations within the datasets and enhancing the understanding of database differences.

  1. Information Solicitations and Online Privacy:

We investigated the information requests made during website access by key gatekeepers. While most of these requests aligned with established policies, we raised concerns about data collection through HTML scripts embedded in websites, which could impact online privacy. Additionally, we evaluated cookies and potential vulnerabilities that gatekeepers could use to acquire additional information. The results indicates that most of the information collected by gatekeepers came from open sessions with websites or mobile devices, where access keys (and personal identifiers) were periodically changed, maintaining a weak link to individuals, which is generally positive. For a clear view of the field, we conducted a comprehensive review of academic literature, revealing that while it’s technically possible to collect more information than allowed, most of this information relies on changing keys and has a limited connection to users.

  1. Network Traffic Analysis:

We used network traffic analysis to trace login tokens from web portals and cookies. However, some of the traffic was encrypted and required third-party authorization for access. As a result, the analysis was limited to the size of plaintext packets, revealing a significant surplus of information compared to web portals mandate.

In conclusion, my secondment at the Market Authority was an enlightening experience that significantly contributed to the understanding of the challenges associated with data protection and online privacy. The work conducted has laid a strong foundation for future studies and initiatives in this dynamic and evolving field.


The Garante per la protezione dei dati personali (GPDP) is the Italian Data Protection Authority and responsible for monitoring the application of the GDPR.


ESR Aizhana Abdrassulova at VUB and GPDP

ESR Aizhana completed her first academic secondment at the Vrije Universiteit Brussel (VUB) in the spring of 2023. This experience turned out to be very fruitful for her. During her stay, Aizhana expanded her knowledge of her topic, she had several offline meetings with Professor Gloria Gonzalez Fuster, discussing the topic of her research. Aizhana also participated in several seminars for the university’s doctoral students. She attended the doctoral seminar ‘With great power comes great responsibility: proportionality within the use of facial recognition technology’ and “ALTEP-DP case law round up” about the conflict of interests – the right to be forgotten versus freedom of expression.

On May 24-26, one of the most ambitious scientific events, organized by Professor Paul de Hert, took place in Brussels – CPDP 2023: Ideas that drive our digital world. The sponsors and speakers were representatives of prominent companies such as European Data Protection Supervisor (EDPS), Apple, Mozilla, Google, Microsoft, Uber, Tik Tok and others. Aizhana carried out volunteer activities at this conference. She helped with logistics and organization (duty in the halls during sessions, as well as registration of conference guests). In her free time from volunteering, she attended Conference sessions.

Furthermore, Aizhana attended the scientific event “Brussels Privacy Hub – EU Digital Finance Seminar Series: Session 3 Cryptocurrencies, decentralized finance, and data protection: an unsolvable problem?”.

The second non-academic secondment is currently taking place at the Italian Data Protection Authority GPDP in Rome. Over the past two months of secondment, Aizhana had several meetings with Dr. Roberto Lattanzi, discussing the directions of her research.

There was an acquaintance with colleagues, as well as with the work of the organization. Aizhan is studying an EDPB-EDPS Joint Opinion 5/2021 on the proposal for a Regulation of the European Parliament and of the Council laying down harmonized rules on artificial intelligence (Artificial Intelligence Act), which the Organization is currently working on.

Finally, during an offline meeting of the organization’s employees, Aizhana presented her research. Aizhan has access to the library directly next to the office, which makes it possible to study new sources of literature.

ESRs secondments at Université Paul Sabatier III, Scuola Superiore Sant’Anna and Tellu

In this special edition of our blog posts, seven of our ESRs write about their experiences and insights they made during their secondments. In this post, ESR Barbara and Xengie share their secondment experiences.

ESR Barbara Lazarotto at Paul Sabatier III Toulouse

Barbara’s secondment at Université Paul Sabatier III in Toulouse proved to be an invaluable experience, propelling her research to a multidisciplinary field. This immersive collaboration with experts from the field of data science, allowed Barbara to explore the transformative potential of data commons in fostering open and collaborative data access.

Central to her secondment was a comprehensive case study on the creation of a data commons for electric-powered devices. This hands-on approach enabled Barbara to delve into the intricate details of data governance and data sharing mechanisms, gaining a profound understanding of the challenges and opportunities associated with data commons implementation. The multidisciplinary environment at Université Paul Sabatier III provided Barbara with a unique perspective, exposing her to a wide spectrum of research methodologies and data analysis techniques. This cross-disciplinary exposure enriched her own research, enabling her to expand her focus beyond legal considerations and delve into the data science aspects of data commons.

Barbara’s secondment at Université Paul Sabatier III marked a pivotal moment in her research trajectory. The exposure to diverse perspectives, the hands-on experience with data commons implementation, and the exploration of a multitude of use cases have undoubtedly shaped her understanding of the topic and fueled her passion for advancing the field of data commons research.

The LeADS Partners


Tellu is an SME experiencing significant growth since 2017, going from 5 employees in 2017 currently being 17 employees expecting to be 25 employees end of 2020. Tellu main offering includes TelluCloud an eHealth and welfare integration platform for connectivity, device management, edge computing, data gathering, data processing, and presentation as well as SaaS solutions for remote patient monitoring, video based supervision, and Personnel safety. The platform offers complete management and trustworthy execution and processing across the IoT, edge, and cloud space.

ESR Xengie Doan at SSSA and Tellu

ESR9, Xengie Doan, went to visit Scuola Superiore Sant’Anna (SSSA) Pisa in February and March 2023 under the supervision of Professor Francesca Chiaromonte. They are a statistician who works with biomedical data and other types of data. While the data collected in Xengie’s research is largely qualitative data with a small sample size, it was interesting to explore methods to analyze it and ideate on how it would be different with large data.  This coincided with the Statistical Learning & Large Data, Modules 1 and 2 courses which Xengie attended. Classes covered a large span of methods to cover the overall concepts, then going over examples in R at the end. This would help with code examples for any future analyses. It was very interesting to get insight into different statistical learning and large data methods from an expert in the field.

The industry secondment is at Tellu, where Xengie is currently visiting until November 2023. They have a use case where a patient and their next-of-kin consents to help with some of the responsibilities that traditionally healthcare personnel would do 100% of the time. This is relevant to their topic studying collective consent models. Some activities include reviewing policies or consent forms and documentation to create methods and tools to improve the consent process. Interviews will be then carried out to validate those methods and tools based on feedback from members of the company. As the secondment is still ongoing, insights are still pending but should be shared in a paper next year.

ESRs Secondments at BY.TE, AGCM, MMI and University of Luxemburg

In this special edition of our blog posts, seven of our ESRs write about their experiences and insights they made during their secondments.

Secondments enable ESRs to engage with prominent academics and practitioners at both partner universities and research institutes as well as industrial and regulatory entities. ESRs gain practical experience in how their research might translate into real-life problems encountered by businesses. At the same time, ESRs will be able to complement their research with practical experiences gained throughout the secondment and adapt their research projects accordingly. Finally, they also constitute an invaluable networking opportunity and grant our ESRs the possibility to identify possible career paths. Whether in the academic, regulatory, or industry sectors.

Each ESR will complete two secondments: one at a beneficiary (universities and research institutes) and one at the partners (industry or regulatory bodies) of the LeADS project.

The LeADS Partners

ΒΥΤΕ COMPUTER S.A. is a Greek Information Technology and Communications (ICT) Integrator company with a dynamic presence of over 30 years in the Greek ICT Market and a focus on the private sector. BYTE has 3 business segments: 1) systems Integration, 2) custom software application development, and 3) value-added services, including consulting, project management, and training services.


The Autorità Garante della Concorrenza e del Mercato (AGCM) is the Italian competition authority and is responsible for enforcing rules against anti-competitive agreements among undertakings, abuses of dominant positions, and concentrations that have anti-competitive effects.

ESR Tommaso Crepax at BY.TE and AGCM

In the last eight months, the journey of Tommaso Crepax Ph.D. in the LeADS project has become a challenging exploration into the web of data portability within the EU digital market. Two pivotal secondments during this odyssey—one at BY.TE software company in Athens and the other at the esteemed Italian Competition Authority (AGCM) in Rome—have proven instrumental in shaping the trajectory of his research.

His secondment at BYTE in Athens was an enlightening experience, spanning two months immersed in the world of cutting-edge software development. The technical issues of his research—determining specific formats for seamless data porting—found his solution through the lens of BY.TE’s work on electronic health records (EHRs). The health information systems they adeptly navigated provided a rich canvas of examples, allowing them to address challenges and nuances in his thesis, specifically through the adaptation of EHR formats to datasets created through the use of commercial software. Witnessing firsthand how BY.TE tackled the intricacies of EHRs not only broadening his understanding of data formats but also offering practical solutions that enhanced the robustness of his research.

The AGCM secondment in Rome provided a different but equally vital perspective. Engaging with cases where data portability emerged as a critical issue underscored the real-world implications of his theoretical framework. The interplay between data protection and competition, a recurring theme in his thesis, revealed itself with striking clarity. AGCM’s expertise and the cases they delved into reaffirmed the significance of balancing these two pillars in the ever-evolving digital landscape. The experience deepened his appreciation for the legal intricacies surrounding data portability, illuminating the regulatory challenges faced by businesses and authorities alike.

BY.TE and AGCM, with their unique perspectives, have not only enriched his academic pursuits but have also contributed invaluable insights to the ongoing discourse on unchaining data portability in the EU digital market. The lessons learned from Athens and Rome will undoubtedly shape the future landscape of data legality and portability –as will the amazing people he has met on his personal journey.


MMI is a Pisa-based company whose mission is to enable surgeons around the world to address unmet needs and achieve better outcomes for microsurgical procedures. MMI offers an innovative robotic platform that’s mobile, easy to set up, compatible with existing surgical microscopes, and has a small footprint.


ESR Christos Magkos at MMI and University of Luxemburg

Upon visiting the MMI institute in Pisa, Christos Magkos encountered a very positive and vibrant environment. He both helped in organizing the data management cycle and experienced at full length how clinical trial data is collected and processed, leading to translational and actionable results. This was pertinent to his personal research as it is centered around personal health data analytics, and experiencing it at such a high level was extremely fruitful and interesting.

At the University of Luxembourg, he became part of a team of interdisciplinary researchers, all of whom were offering unique perspectives in the domain of legal and ethical data science. As of now, he is in collaboration with a UL-based researcher, and along with Dr. Gabriele Lenzini, he hopes to be part of a paper on the caveats that AI-assisted coding may pose in cybersecurity.

Unraveling the Threads of Progress: Barbara’s Insightful Challenge to Technocentrism at 4S Conference

On November 08, 2023, Barbara Lazarotto virtually attended the Society for Social Studies of Science 2023 Conference, a conference that focused on Science, Technology, and Society and Science and Technology Studies that took place in Honolulu, Hawaii.

Barbara presented her research titled “The history of datafication and the rise of the concept of smart”, a presentation which aimed to draw the historical roots of datafication, tracing it back to the Industrial Revolution. Throughout her presentation, Barbara unraveled the intricate web of beliefs that have given rise to “technological solutionism” and the phenomenon of “smart governments.”

Barbara began her exploration by tracing the deep historical roots of technological determinism. From the advent of the steam engine to the information age, the belief that technology is the primary driver of innovation and societal progress has been a persistent undercurrent.

The allure of technological solutionism lies in the belief that technology holds the answers to all problems. This worldview, deeply ingrained in contemporary society, has not only influenced individual attitudes but has also permeated governmental structures, paving the way for the rise of “smart governments.”

Barbara highlighted the lack of academic consensus on the precise definition of “smart governments.” However, she explained that the prevailing understanding views it as the utilization of diverse technologies by the public sector. This includes the incorporation of sensors, artificial intelligence, and big data to enhance governmental efficiency. This techno-deterministic outlook presupposes that technology is the primary driver of improved public administration.

In conclusion, Barbara’s presentation challenged the prevailing narrative of technological determinism and its manifestation in smart governments. By advocating for a more holistic approach that recognizes the intertwined nature of technological and socio-technical factors, she urged the audience to reconsider blind faith in technology as the sole driver of progress which can taint potential mechanisms of regulation, which tend to focus on technology as the sole solutions to all problems, disregarding other potential socio-technical solutions.

Barbara’s presentation was also reflected in a paper that will soon be published.

DigiCon III: Public Use of AI and Fundamental Rights Impact Assessment

On October 19, 2023, Mitisha Gaur had the pleasure of attending DigiCon III, a conference on digital transformation and innovation, in Florence, Italy. She attended as a panelist in the roundtable on the public use of AI and during her talk focused on fundamental rights impact assessment under the EU’s proposed AI Act.

The roundtable was a lively and informative discussion on the challenges and opportunities of using AI in the public sector. We discussed the importance of ensuring that AI systems are used in a way that respects fundamental rights, such as privacy, non-discrimination, and freedom of expression. We also discussed the need for robust impact assessment processes to identify and mitigate the potential risks of AI systems.

One of the key takeaways from the roundtable was that there is no one-size-fits-all approach to fundamental rights impact assessment. The specific risks and impacts of AI systems will vary depending on the specific context in which they are used. However, there are some general principles that can be applied to all impact assessments.

First, it is important to involve a wide range of stakeholders in the impact assessment process. This includes people who will be affected by the AI system, as well as experts in relevant fields such as law, ethics, and technology. Second, it is important to consider all potential risks and impacts of the AI system, both positive and negative. This includes considering the impact on different groups of people, such as minorities and vulnerable groups. Third, the impact assessment should be conducted in a transparent and accountable manner. This means that the findings of the assessment should be made public and that stakeholders should have the opportunity to provide feedback.

The EU’s proposed AI Act is a significant step forward in the regulation of AI. The Act requires that all high-risk AI systems undergo a fundamental rights impact assessment. This is a positive development, as it will help to ensure that AI systems are used in a way that respects fundamental rights.

However, it is important to note that the AI Act is still in the proposal stage. It is important to ensure that the Act is implemented in a way that is effective and proportionate. It is also important to ensure that the Act does not stifle innovation or hinder the development of beneficial AI applications. There is shared optimism across the board about the future of AI in the public sector. AI has the potential to revolutionize the way that public services are delivered. However, it is important to use AI responsibly and ethically. The EU’s proposed AI Act is a step in the right direction, but more needs to be done to ensure that AI is used in a way that benefits all of society.

ESRs Fatma S. Doğan and Soumia El Mestari at Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases

European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases held in Turin, Italy between the 18th to the 22nd of September 2023. The conference took 5 days of insightful presentations given by researchers on machine learning and data mining. On the last day of the conference, the First Interdisciplinary Workshop on ML, Law and Society took place which aims to bring together researchers and practitioners from computer science, law, and psychology to discuss the non-functional tradeoffs, ethics, and law related to ML. The workshop started with a keynote speech given by Prof. Giovanni Comande. In his talk, Prof. Comande mentioned the ethical aspects of integrating AI and machine learning systems into our lives. He drew attention to crucial points in order to have a meaningful and lawful contribution of AI, we must also create common ethical ground rules. 

In the workshop, ESRs Fatma S. Doğan and Soumia El Mestari presented their paper titled: “Techniques to achieve anonymization of health data: When are they sufficient to be considered as legally compliant?” in which they have worked together with Dr Wilhelmina Maria Botes. In the study, they discussed the European Health Data Space(EHDS) and how it relates to using health data while aiming to keep it anonymized for secondary use purposes. They analyzed that the current stage of the EHDS proposal omits important points in terms of the operation of the secondary use framework. Further, they explored that achieving anonymization of various types of health data poses different challenging points in terms of technicality.  

ESRs received thoughtful questions and feedback from the participants and also attended enriching panels and keynotes at the conference. The keynote given by Kate Crawford was also enlightening in regard to not-so-known facts about AI technologies. She remarks that environmental effects, mining rare earth minerals, and immense human labor which has been used in order to develop AI technologies are often omitted. She resembles generative AI to magic since we don’t know the cost of building it as a result of big tech companies not being transparent. To improve this field, she suggests that we should re-think the training process along with fair working conditions. Also, more research on sustainable generative AI should take place, and openness in research should be increased since we are suffering from a lack of transparency. In a way, she shed light on shadowed parts of developing AI technologies and stated that if we know the true cost of AI technologies then we could be more conscious about what we want and what we don’t want, and our needs. Lastly, she mentioned her book named, Atlas of AI in which she explored deeply what she discussed. 

ESR Barbara Lazarotto contributes to White Paper on Use and re-use of urban data in the smart city

ESR Barbara Lazarotto has contributed to a white paper on the “Use and re-use of urban data in the smart city domain”.

The white paper is the result of the co-innovation table organized by Data Valley and City Vision which aims to promote the use and reuse of urban data within smart cities.  The white paper will serve as a tool to organize smart city regulations, offer visibility to innovative solutions that aim to solve specific issues, and bring together in a single document the visions of different stakeholders in the sector. The first version of the white paper was presented in Padova on 11 October and will soon have newer versions.

The paper and work table has contributions from representatives of each company, research body, university, and political world. ESR Barbara Lazarotto explored the topic of the use and re-use of data in the smart city in the context of the European Data Strategy.

Click here to download the white paper.

ESR Onntje Hinrichs and Barbara Lazarotto at Beyond Data Protection Conference

On 21-22nd September 2023, the “Beyond Data Protection Conference: Regulating Information and Protection against Risks of the Digital Society” took place in Utrecht, The Netherlands. For 2 days, scholars from all over the world explored the challenges of data-centred legal protection against information-induced harms and considered alternatives beyond data protection. Keynotes were given by the well-known scholars Karen Yeung, Lokke Moerel, and Michael Veale. LeADS ESRs Onntje Hinrichs and Barbara Lazarotto were both present at the conference and presented their latest research.

ESR Onntje Hinrichs presented his paper on “Consumer Law as Second Vantage Point for the Protection of Consumer Data – Protecting or Polluting the Privacy Ecosystem?”  in a panel on ‘Beyond Data Protection‘. He elaborated how the regulation of data has increasingly become a regulatory concern for the (market-focussed) European consumer law, despite being anchored in the (fundamental rights-focussed) European data protection framework. Whilst authors have increasingly identified potential complementarities between both fields of law for the protection of consumer data, he argued that they might at times pursue opposite objectives. By drawing parallels with debates that surrounded the uneasy relationship between consumer and environmental policy, Onntje showed how the regulation of consumer data under consumer law potentially not only contributes to the protection but also the pollution of the privacy ecosystem. At the same time, he relied on this analogy to showcase how existing tensions between both policy areas can be overcome.

Barbara presented her paper “The Smart Government Paradox: A Critical Reflection on EU Constitutional and Data Law Landscape in Light of Techno-Solutionism” in a panel on Government data and surveillance. She explored how business to government data sharing practices can give governments superpowers which threatens the rights of citizens. She made an analysis of how the creation of multilayered data access rights in the public sector can give citizens tools to fight against smart government abuses.

Mitisha Gaur at Digital Legal Talks and LawTomation Days

 Mitisha Gaur, ESR with the LeADS Project, recently presented at which took place on the 15th of September in Utrecth, NL. Mitisha is researching predictive justice applications deployed across courts and government bodies to augment and support decision making practices as well as how such predictive justice systems interact within the legal and regulatory ecosystem. The presentation was titled Predictive Justice and human oversight under the EU’s proposed Artificial Intelligence Act. The presentation was focused on the provisions of the EU’s draft AI Act dealing with human oversight requirements. The presentation delved into an analysis of the human oversight requirements while detailing the material gaps in the human oversight strategy adopted by the draft AI Act. Finally, a specific plan focused on ensuring human oversight across 4 primary stakeholders namely (1) Developers of AI systems; (2) Deployers of AI Systems; (3) Users of the AI System and; (4) the Impact Population on whom the computational results of the AI system are applied was shared.



Subsequently on the 29th of September, Mitisha also presented her work at the LawTomation Days 2023 Conference organised by the IE Law School. The presentation titled Regulating Algorithmic Justice Applications under the EU’s proposed Artificial Intelligence Act: A Critical Analysis took a panoramic view of the provisions of the draft AI Act which are applicable to the high-risk AI systems (which includes predictive justice systems) as classified under the draft AI Act. The presentation was oriented around discussing the various compliance requirements, specifically for predictive justice application and whether they are adequate to allow for predictive justice systems being developed and deployed for perform or augment functions on behalf of public authorities and judicial bodies. The core discussion revolved around the provisions pertaining to risk management systems, fundamental rights impact assessment, transparency and provision of information, human oversight, accuracy-robustness and cybersecurity and finally the obligations of deployers of high-risk AI systems.

LeADS Working Paper Series Part VI: Data Collaboratives with the Use of Decentralised Learning – an Interdisciplinary Perspective on Data Governance

Data Collaboratives with the Use of Decentralised Learning – an Interdisciplinary Perspective on Data Governance

Maciej Zuziak (ESR 6), Onntje Hinrichs (ESR 13), and Aizhan Abdrasulova (ESR 12) are the authors of the paper “Data Collaboratives with the Use of Decentralised Learning – an Interdisciplinary Perspective on Data Governance”. The paper constitutes a collaboration across three different  LeADS Crossroads, i. e. Privacy vs Intellectual Property (Onntje) Data ownership (Aizhan) and Empowering Individuals (Maciej) as well as across disciplines: whereas Onntje and Aizhan focused their research on questions related to data ownership and how conflicted interests in data can be resolved, Maciej is examining various methods of distributed learning.

Their different research interests came together in this paper which exemplified that an interdisciplinary perspective from both law and data science is necessary to tackle urgent questions in the data-dependent economy. Finding appropriate Data Governance solutions that are capable of achieving data policy objectives while at the same time being compliant with EU law requires an interdisciplinary understanding of how both disciplines can complement each other. Their Working Paper cooperation thus perfectly exemplifies the LeADS approach. The paper was presented at this year’s ACM Conference on Fairness, Accountability, and Transparency (FAccT) in Chicago.


Abstract of the Working Paper

The endeavor to find appropriate data governance frameworks capable of reconciling conflicting interests in data has dramatically gained importance across disciplines and has been discussed among legal scholars, computer scientists as well as policy-makers alike. The predominant part of the current discussion is centered around the challenging task of creating a data governance framework where data is ‘as open as possible and as closed as necessary’. In this article, we elaborate on modern approaches to data governance and their limitations. It analyses how propositions evolved from property rights in data towards the creation of data access and data sharing obligations and how the corresponding debates reflect the difficulty of developing approaches that reconcile seemingly opposite objectives – such as giving individuals and businesses more control over ‘their’ data while at the same time ensuring its availability to different stakeholders. Furthermore, we propose a wider acknowledgement of data collaboratives powered by decentralised learning techniques as a possible remedy to the shortcomings of current data governance schemes. Hence, we propose a mild formalization of the set of existing technological solutions that could inform existing approaches to data governance issues. By adopting an interdisciplinary perspective on data governance, this article highlights how innovative technological solutions can enhance control over data while at the same time ensuring its availability to other stakeholders and thereby contributing to the achievement of the policy goals of the European Strategy for Data.