Tommaso is an Early-Stage Researcher at Scuola Superiore Sant’Anna and a Ph.D student of the National Doctorate in Artificial Intelligence. His background in regulation of and by technology finds its academic roots at the Tilburg Institute for Law and Technology, where he graduated cum laude as Master’s student, and in which he subsequently worked as lecturer and program coordinator. Before joining Liderlab, he was associate researcher at the KU Leuven Center of IP and IT law in the “privacy engineering” cluster. His areas of expertise encompass privacy, cyber-security and data protection of information systems, which he both studied in theory as well as applied in practice in EU funded Horizon 2020 projects. In his research, he loves to work side-by-side with data scientists, computer scientists and information engineers, whom in the years granted him the title of “legal engineer”.
Project Title: Unchaining data portability potentials in a lawful digital economy
Objectives: In Graef’s words, “to study how to apply or develop the law, legal scholars need to make themselves acquainted with industry initiatives as well as the way products and services work from a more technical perspective. A reality-check with the ‘law in practice’ as well as with insights from other disciplines is necessary to make a proper analysis”. In my project, I will be taking Graef’s advice quite literally and delve into the elicitation and documentation of privacy requirements for the design of data portability tools and information systems.
In this context, this research has the following objectives:
(1) to systematize and synthesize existing legal and technical knowledge on data portability (both EU and US); to understand the potential of data portability in the context of the digital economy; (2) to analyze the historical reasons for data portability’s existence today; (3) to individuate venues for unchaining known and hidden potentials of data portability:
(a) law (GDPR, DGA, DSA, DMA, EHDS; ePrivacy Regulation, AI Act); (b) technology (models for information sharing, e.g., PIMS; data spaces, e.g. GAIA-X and similar); (c) market (competition, innovation); (d) ethics and society (personal data control, informational self-determination, trust in intermediaries, “data altruism”); (4) to elicit and document the privacy requirements for the design of tools for data portability; (5) to embed data portability privacy requirements into existing projects (Data Transfer Project).