Vagelis Papakonstantinou

Vagelis Papakonstantinou
Vrije Universiteit Brussel | VUB · Law Science Technology and Society (LSTS)

Professor, LSTS, Vrije Universiteit Brussel

About

92
Publications
14,310
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
817
Citations
Citations since 2017
32 Research Items
651 Citations
2017201820192020202120222023020406080100120140
2017201820192020202120222023020406080100120140
2017201820192020202120222023020406080100120140
2017201820192020202120222023020406080100120140
Introduction
Vagelis Papakonstantinou is professor at the Faculty of Law and Criminology, Vrije Universiteit Brussel (VUB), the scientific coordinator of VUB's Cyber and Data Security Lab (CDSL), and a member of VUB's Research Group on Law, Science, Technology & Society (LSTS). He is a member (alternate) of the Hellenic Data Protection Authority. During 2013-2016 he has served as a member of the Board of Directors of the Hellenic Copyright Organisation. (Personal website: https://vpapakonstantinou.com)

Publications

Publications (92)
Article
Full-text available
The recent adoption by the European Parliament of the Digital Services Act means that, when it comes into effect, it will formally introduce into EU law the term ‘online platforms’. In effect, between the Digital Services Act and the Digital Markets Act, a comprehensive framework for the regulation of online platforms is being introduced into EU la...
Chapter
Full-text available
Currently cybersecurity concerns are often perceived as exclusively pertaining to states and organisations. All current regulatory instruments either in effect or in the legislative process are addressed to Member States and (large or important) organisations in the EU. For individuals, on the other hand, cybersecurity is seen as a service to be in...
Article
Full-text available
EU regulatory initiatives on technology-related topics has spiked over the past few years. On the basis of its Priorities Programme 2019-2024, while creating “Europe fit for the Digital Age”, the EU Commission has been busy releasing new texts aimed at regulating a number of technology topics, including, among others, data uses, online platforms, c...
Article
Full-text available
Surveillance technology is more and more used in educational environments, which results in mass privacy violations of kids and, thus, the processing of huge amount of children’s data in the name of safety. Methodology used is doctrinal, since the focus of this research was given in the implementation of the legal doctrine of data protection law in...
Article
Full-text available
The end of the second decade of the 21st century has been the best of times for EU's cybersecurity law and policy: Its NIS Directive has been transposed into all Member States’ national law, creating a new administrative structure at EU and Member State level and mandating relevant policies and strategies to update and harmonise those that were alr...
Article
Full-text available
Critical infrastructures are vital for the functioning of modern societies. Over the last decades the number, variety and complexity of critical infrastructures have increased significantly; So has their exposure to different types of threats that vary from natural disasters and human errors to theft or even terrorist attacks. During the last two d...
Chapter
Full-text available
This Encyclopedia brings together jurists, computer scientists, and data analysts to map the emerging field of data science and law for the first time, uncovering the challenges, opportunities, and fault lines that arise as these groups are increasingly thrown together by expanding attempts to regulate and adapt to a data-driven world. It explains...
Article
Full-text available
The concept of “Critical Infrastructures” is constantly evolving in order to reflect current concerns and to respond to new challenges, especially in terms of (cyber)security and resilience. Protection of critical infrastructures against numerous threats has therefore developed into a high priority at national and EU level. During the last two deca...
Article
Full-text available
On 19 November 2019 the Council of Europe hosted an international conference, immediately preceding the annual plenary meeting of its Committee of Convention 108, on “Convention 108+ and the future data protection global standard”. One of the authors made a presentation on “Comparing the EU and Council of Europe approach to Big Data”, and it is its...
Book
This commentary covers all topics and critical aspects elicited by the new European General Data Protection Regulation and its interpretation. The commentary focuses on the regulation itself, including cross-references to further provisions (eg the Police and Criminal Justice Data Protection Directive, the E-Privacy-Directive or the former Data Pro...
Chapter
Full-text available
This book is motivated, to a large extent, by some recent troubling developments in public discourse, namely the developments in information and disinformation practices. From the beginning of history, various and diverse means or channels of communication have been used to inform, misinform (unintentionally) and disinform (deliberately). However,...
Book
Full-text available
Το νέο βιβλίο του Βαγγέλη Παπακωνσταντίνου «Start-Up Greece: Πως η Ελλάδα θα γίνει το επόμενο Start-Up Nation» προτείνει ένα νέο μοντέλο του επιχειρείν στο οποίο θα μπορούσε να βασιστεί η ανάπτυξη τα επόμενα χρόνια. Κυκλοφόρησε το νέο βιβλίο του Βαγγέλη Παπακωνσταντίνου «Start-Up Greece: Πως η Ελλάδα θα γίνει το επόμενο Start-Up Nation» από τις εκ...
Article
In this article, we provide an overview of the literature on chilling effects and corporate profiling, while also connecting the two topics. We start by explaining how profiling, in an increasingly data-rich environment, creates substantial power asymmetries between users and platforms (and corporations more broadly). Inferences and the increasingl...
Article
The NIS Directive is the first horizontal legislation undertaken at EU level for the protection of network and information systems across the Union. During the last decades e-services, new technologies, information systems and networks have become embedded in our daily lives. It is by now common knowledge that deliberate incidents causing disruptio...
Article
The European Public Prosecutor’s Office (the ‘EPPO’) necessarily processes personal data in order to fulfil its mission; As such, it falls squarely within the European Union (EU) data protection regulatory landscape. However, because the EU data protection regulatory landscape itself is currently found at a crossroads, an analysis of the EPPO data...
Presentation
Full-text available
Awarding legal personality to software.
Article
Over the past few years big data analytics have forcefully entered the mainstream. Admittedly, modern life would be inconceivable without the services afforded by this type of processing in the field of electronic communications. At the same time public administrations are increasingly discovering the benefits of big data analytics afforded to them...
Article
The NIS Directive is the first horizontal legislation undertaken at EU level for the protection of network and information systems across the Union. During the last decades e-services, new technologies, information systems and networks have become embedded in our daily lives. It is by now common knowledge that deliberate incidents causing disruptio...
Presentation
Full-text available
Is the GDPR EU's (if not the world's) panacea against all digital evil? Can it assume the role of a constitution for the digital? I believe that such a mission largely exceeds its scope, and that other legal means (most pertinently, the award of legal personality to computer programs) would serve our purposes better.
Article
Saudi Arabia grants nationality to an AI robot; the first “clash of robots” took place in Japan; and, Bill Gates suggests that robots start paying taxes. We believe that these developments justify new legal fiction interventions. Software has long now exceeded the intellectual property boundaries. It is no longer merely property; it has assumed lif...
Article
Full-text available
The right to data portability is one of the most important novelties within the EU General Data Protection Regulation, both in terms of warranting control rights to data subjects and in terms of being found at the intersection between data protection and other fields of law (competition law, intellectual property, consumer protection, etc.). It con...
Book
Full-text available
The book presents timely and needed contributions on privacy and data protection seals as seen from general, legal, policy, economic, technological, and societal perspectives. It covers data protection certification in the EU (i.e., the possibilities, actors and building blocks); the Schleswig-Holstein Data Protection Seal; the French Privacy Seal...
Article
Saudi Arabia grants nationality to an AI robot; the first “clash of robots” took place in Japan; and, Bill Gates suggests that robots start paying taxes. We believe that these developments justify new legal fiction interventions. Software has long now exceeded the intellectual property boundaries. It is no longer merely property; it has assumed lif...
Article
The die is cast. At the time of drafting this paper the so-called Brexit, the exit of the UK from the EU, seems like a certainty after the poll results of 23 June 2016. Within such historic, indeed seismic, developments data protection seems but a minor issue, a footnote to a world-changing chapter waiting to be written. Yet, from our modest vantag...
Article
The EU faces substantive legislative reform in data protection, specifically in the form of the General Data Protection Regulation (GDPR). One of the new elements in the GDPR is its call to establish data protection certification mechanisms, data protection seals and marks to help enhance transparency and compliance with the Regulation and allow da...
Article
The five-year wait is finally over; a few days before expiration of 2015 the “trilogue” that had started a few months earlier between the Commission, the Council and the Parliament suddenly bore fruit and the EU data protection reform package has finally been concluded. As planned since the beginning of this effort a Regulation, the General Data Pr...
Article
Allegedly the Police and Criminal Justice Data Protection Directive (henceforth, the “Directive”) is the little-known, much overlooked part of the EU data protection reform package that stormed into the EU legislative agenda towards the end of 2015. Its counterpart, regulating all other personal data processing activities, the General Data Protecti...
Book
H έλλειψη ενός εγχειριδίου με αντικείμενο τον ν. 4072/2012, ο οποίος κάλυψε μεταξύ άλλων και το Δίκαιο των Σημάτων αντικαθιστώντας τον προϊσχύοντα για δεκαπέντε και πλέον έτη ν. 2239/1994, και οι δυσχέρειες που αυτή δημιουργεί στην πρακτική ώθησε τους συγγραφείς στη συγγραφή αυτού του βιβλίου. Το βιβλίο έχει τη μορφή κατ’ άρθρου σχολιασμού. Όπου απ...
Article
In July 2014 ISO and IEC published a standard relating to public cloud computing and data protection. The standard aims to address the down-sides of cloud computing and the concerns of the cloud clients, mainly the lack of trust and transparency, by developing controls and recommendations for cloud service providers acting as PII processors. At the...
Technical Report
Full-text available
This in-depth analysis was commissioned by the European Parliament's Policy Department for Citizens' Rights and Constitutional Affairs at the request of the LIBE Committee. One cannot talk of a proper data protection regime in China, at least not as it is perceived in the EU. The international data protection fundamentals that may be derived from a...
Article
Full-text available
In the text that follows the authors will rst highlight some subjectively important facts that need to be kept under consideration while assessing the Court’s decision against the business model currently employed by US internet companies (section 1). In section 2 the authors will engage with Sartor’s concerns with regard to search engines being cl...
Article
Full-text available
On the 17th of February an old data protection acquaintance, the EU PNR Directive1, returned to life. On that date the Parliament’s LIBE Committee released its Report2 on its rst (re-)reading of a dra that was otherwise presumed dead since 2011, when that same Committee found it unacceptable because of fundamental rights concerns and asked the Comm...
Chapter
Smart grids are slowly becoming the future of worldwide energy generation and distribution and they promise, among other things, numerous environmental, and energy efficiency benefits to society. At the same time, however, they are capable of severely invading the inviolability of the most privacy-sensitive place—the home. Therefore, these concerns...
Chapter
Data protection is a comparatively recent field of legislative activity, regulating a relatively recent human activity. The automated processing of personal data took place only after information technology allowed it to develop in the late 1960s, first in public and subsequently in private organisations. Consequently, when the first EU data protec...
Book
This book on smart grid security is meant for a broad audience from managers to technical experts. It highlights security challenges that are faced in the smart grid as we widely deploy it across the landscape. It starts with a brief overview of the smart grid and then discusses some of the reported attacks on the grid. It covers network threats, c...
Article
The year 2010 set an important milestone in the development of data protection law in Europe: both Europe's basic regulatory texts, the EU Data Protection Directive and the Council's Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108), were placed at an amendment process, having served...
Article
At a time when cloud computing industry is developing rapidly, mainly due to the flexibility and the cost minimization cloud computing offers, ISO and IEC developed a new standard on cloud computing to deal with issues of protection of PII and security of information. The new standard aims to address the down-sides of cloud computing and the concer...
Book
Full-text available
Το βιβλίο διακρίνεται, μετά από σύντομη γενική εισαγωγή, σε δύο μέρη. Το πρώτο αναφέρεται στην εθνική νομοθεσία. Περιλαμβάνεται ο κωδικοποιημένος ν. 2472/1997 και αποφάσεις για τις οποίες έγινε κατά το δυνατό ακριβής περίληψη και παράθεση κατ’ άρθρον. Στη συνέχεια η παράθεση των νομοθετημάτων γίνεται ανά τομέα επεξεργασιών (ηλεκτρονικές επικοινωνίε...
Article
The overhaul of the EU data protection regime is a welcome development for various reasons: the 1995 Directive is largely outdated and cumbersome within an Internet (indeed, Web 2.0) environment. The 2008 Framework Decision is a practically unenforceable instrument, and even harmful in its weakness in protecting personal data. The Commission's prop...
Article
Data privacy regulation has reached a crossroads: while three out of the four intergovernmental organizations that have released relevant regulations (the OECD, the Council of Europe, and the EU) are amending their respective texts, each one is implementing its own agenda. The Internet and cloud computing are making the need for international gover...
Article
Full-text available
Museums are, in most cases, publicly-owned holders of vast amounts of information that are, by definition, open to everyone. Location restrictions, however, usually limit public access. The Internet could change this: once museums digitise their collections and upload them onto their Internet sites, online access would be possible for anyone, anywh...
Article
Full-text available
The recent release by the European Commission of the first drafts for the amendment of the EU data protection regulatory framework is the culmination of a consulting and preparation process that lasted more than two years. At the same time, it opens up a law-making process that is intended to take at least as much time. The Commission has undertake...
Article
What is the current legal data protection framework for the Area of Freedom, Security and Justice (AFSJ) personal data processing and what framework could be created in the near future? These two questions are constantly recurring in the EU data protection field, particularly after the ratification of the Lisbon Treaty. The amendment of the EU data...
Article
Full-text available
Telecommunications are privileged in being the only sector in European Union (“EU”) law benefiting from sector-specific data protection legislation. Although the (European) right to data protection is by now a fundamental right1 intended to find horizontal application into any and all fields that involve even the remotest personal data processing,...
Article
The entry into force of the Lisbon Treaty has suspended discussions over the release of a EU PNR processing system. Plans to introduce an intra-EU PNR processing system initiated since 2007, although strongly supported by the Commission and the Council, did not bear fruit before the ratification of the Lisbon Treaty and the, institutional, involvem...
Book
Δίκαιο Δεδομένων Προσωπικού Χαρακτήρα – Προστασία Λογισμικού – Βάσεις Δεδομένων – Ηλεκτρονικό εμπόριο Το παρόν αποτελεί στην ουσία τη δεύτερη έκδοση των Νομικών Θεμάτων Πληροφορικής (εκδόσεις Σάκκουλα, 2006). Ομολογουμένως, στην πρώτη έκδοση του βιβλίου μου δίστασα να δώσω τίτλο Δίκαιο Πληροφορικής, εξαιτίας των τότε συνθηκών: επιμέρους τομείς του...
Book
Εφαρμόζεται κάποιο σχέδιο για το πώς θα φτάσουμε στην Ψηφιακή Ελλάδα; Πώς δημιουργήθηκε το ισχύον νομικό πλαίσιο για τις νέες τεχνολογίες και πόσο αποτελεσματικά λειτουργεί στην πράξη; Πώς θα μπορούσαμε να κινηθούμε ασφαλέστερα και αποτελεσματικότερα προς μια πραγματική Ψηφιακή Ελλάδα; Η ανάλυση που γίνεται στο βιβλίο αυτό επιχειρεί να απαντήσει στ...
Article
After more than three years in the making, that have witnessed much controversy, several working texts and at least two altogether different versions, the Data Protection Framework Decision “on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters” (hereafter, the DPFD) was finally adopted...
Article
Seamless air commuting between the EU and the USA appears to constitute nowadays a much sought-after but nevertheless still elusive cause. The level of co operation between the two parties has had, and is still having, its best and worst days. The protection of individual privacy continues to constitute one of the causes for much controversy. In Eu...
Article
Although individual privacy is a much-esteemed right on both sides of the Atlantic, in practice its protection has engendered, within the last ten years, some serious legal and socio-economic conflicts between the United States and the European Union. Its elusive context only constitutes part of the problem’s explanation. After all, regardless whet...
Chapter
DRM systems have been implemented in the past few years by the Content Industry as the panacea against all copyright (and Intellectual Property Rights in general) infringements over the Internet. The validity of this statement shall be assessed in this analysis, identifying its strengths and record to-date and highlighting its shortcomings in an in...
Chapter
DRM systems have been implemented in the past few years by the Content Industry as the panacea against all copyright (and Intellectual Property Rights in general) infringements over the Internet. The validity of this statement shall be assessed in this analysis, identifying its strengths and record to-date and highlighting its shortcomings in an in...
Conference Paper
Intelligent environments may or may not change law as we know it. It all is a matter of perspective: are intelligent environments to be perceived as abstract, visionary notions that perhaps assist the creation of new products or even conditions, but which shall ultimately be incorporated in the known, real-world reality? Or do they themselves const...
Book
Full-text available
Προστασία Δεδομένων Προσωπικού Χαρακτήρα, Έννομη Προστασία Λογισμικού, Ηλεκτρονικό εμπόριο.
Book
Self-regulation is frequently brought forward as the preferred alternative for the regulation of the Information Society. The emergence of new ways of communicating and doing business has initiated claims for their equally new regulative treatment, that will have to go beyond existing legislative boundaries, in order to help them develop. This is a...
Article
Data matching operations have been promoted as an administrative panacea that helps to reduce costs while maximising efficiency and combating fraud. Nevertheless, they may constitute at the same time a brutal invasion into individuals’ privacy. After an extensive effort to define precisely data matching and distinguish such processing from similar...
Book
This book has been published under the European Public Law Series: Volume XXI, Vagelis Papakonstantinou, “The Legal Status of Network Software in Europe”, (105 pp.) (CD-Rom), 2002, 20 €, ISBN: 960-8057-15-9 / SET: 960- 8057-10-8.

Network

Cited By

Projects

Projects (2)
Project
We think that it is time that the dichotomy between natural and legal persons, that has served humanity so well over the past centuries, now be trisected: A new, digital person, ought to be added to it.
Archived project
The PHAEDRA II project will: - identify existing instruments and forms of co-operation and co-ordination (“best practices”) between the EU DPAs under the EU legal framework in force at the time of the project; - identify and analyse obstacles (legal and non-legal) and areas of opportunity (improvement), - analyse strategies (solutions) to enhance co-operation in other fields (Schengen co-operation, consumer protection, competition law) from which it might be possible to draw lessons for improving practical co-operation between European DPAs; - develop a set of recommendations for improving practical co-operation between European DPAs; - provide a set of practical measures to facilitate EU DPA co-operation which can be sustainable by DPAs (depository of decisions, common procedures for complaint-handling, common platform, etc).