Privacy, Law and Data Governance

We live in an increasingly data-driven environment (society, economy, government, administration) where the blooming computational ability joined with an ever-expanding data gathering possibility are at the heart of new technologies and innovation. Personal and non-personal data borders become diaphanous. Datasets tend to be increasingly mixed and the goals of data use incredibly complex. Today data are pivotal in the interactions between individuals, between individuals and economic actors, between economic players themselves and individuals, economic players and public entities and the State as such. All those interactions are shaped by establishing who may collect, access, use, or disseminate data.
For these reasons, determining the applicable legal regimes and defining modes of data governance defines not only economic relationships but also the core of democratic values and civil liberties.

At the national and supranational level there are may regulatory layers encompassing fundamental rights and liberties protection (e.g. constitutional protection of privacy freedom of expression, economic liberties and democratic protection); horizontal and vertical regimes such as data protection law, responsible research and innovation, non-personal data regimes, open data and cloud computing, data sharing/pooling, AI, blockchain, facial recognition, and the internet of things. All of them contribute to define the local and global legal infrastructure required by data governance, revolving around the main pillars of personal and non-personal data protection and impacting both on the role of platforms, information society services and consumer protection.
We approach these legal framework with an holistic approach understanding that the same facts are covered by multiple legal norms and can be read in multiple ways by different stakeholders. For instance, managing and preventing personal data breaches for a company (Data Controller), is a cost to minimize in the traditional cybersecurity paradigm, but for data subjects the same data breach is an assault to their fundamental rights.

Our approach enables the synthesis of concurring and sometimes competing interests and legal frameworks. It is our conviction that our approach increases the value of data enabling their use and reuse in a clear framework respecting EU values and legal constraints; it makes them F.A.I.R. and makes it fair for all stakeholders; it operationalizes technical correctness and legal fairness of data production, use, reuse.