dpialab flyer18 web p1 0023

The Brussels Laboratory for Data Protection & Privacy Impact Assessments, or d.pia.lab, connects basic, methodological and applied research, provides training and delivers policy advice related to impact assessments in the areas of innovation and technology development. Whilst legal aspects of privacy and personal data protection constitute our core expertise, the Laboratory mobilises other disciplines including ethics, philosophy, surveillance studies and science, technology & society (STS) studies. Established in November 2015, the Laboratory constitutes a part of and builds upon the experience of the Research Group on Law, Science, Technology & Society (LSTS) at the Vrije Universiteit Brussel (VUB), Belgium.

The d.pia.lab Network brings together experts from all over the world to exchange knowledge, viewpoints and developments on privacy and data protection impact assessments. The Laboratory also invites academics, researchers, practitioners and activists to work together as Visiting Scholars.

Our research projects






Advise logo little         PIAF logo    Candid     



fortika logo      logo iris full horizontal.jpg.pagespeed.ce.V9b m47KBW


Visiting Scholars Programme

The Brussels Laboratory for Data Protection & Privacy Impact Assessments (d.pia.lab) established the Visiting Scholars Programme in January 2018. Within this scheme, the Laboratory invites academics, researchers, practitioners and activists from multiple disciplines to spend time in Brussels, to participate in the academic life therein and to conduct research about impact assessments in the areas of innovation and technology development. Visiting Scholars will be based at the Research Group on Law, Science, Technology, Society (LSTS) at the Faculty of Law and Criminology of the Vrije Universiteit Brussel (VUB), of which the Laboratory constitutes a part of and builds upon its experience and expertise.

Please find the description of the programme and the terms of application here.

Visiting Scholars

Screenshot 2018 03 16 09.19.46

Alexandra Aslanidou holds a Bachelor in Law (LLB) from the faculty of Law, Economics and Political Sciences of Aristotle University of Thessaloniki,Greece (2009). Her previous work experience includes practicing law in law offices in Greece, handling civil and criminal law cases. She participated in seminars focused on data protection, e-commerce and legal technology. Her main research interests include privacy, data protection, intellectual property rights, European law.

Period of visit: February - August 2018.




Screenshot 2018 04 29 11.33.37

Anna Johnston is one of Australia’s most respected experts in privacy law and practice. After serving as Deputy Privacy Commissioner for NSW, Anna founded Salinger Privacy in 2004 to offer specialist privacy consulting services.  Salinger Privacy provides advice on managing privacy risks to clients including tech start-ups, established businesses and government agencies.  Salinger Privacy also offers a suite of privacy compliance tools including template policies and procedures, checklists, and eBooks including Demystifying De-identification and the Privacy Officer’s Handbook.  Anna holds a first class honours degree in Law and was admitted as a Solicitor of the Supreme Court of NSW in 1996, but no longer practices as a solicitor.

Period of visit: June - July 2018.



The research project of Claudia Quelle concerns the risk-based approach in the General Data Protection Regulation. She is particularly interested in the relation between the risk-based approach and the objective of the GDPR to protect the fundamental rights of natural persons. Her research topics include the risk-based approach under the GDPR, the relationship between risk management and what it means to have rights, the "subjectivity" or value-ladenness of decisions about risk, and the role of individual control in data protection and privacy.

Period of visit: May - June 2018.


The d.pia.lab network brings together multiple stakeholders (academia, policy making, regulators, consultancy, etc.) from all over the world with a view to exchange knowledge, viewpoints and developments on privacy and data protection impact assessments. Members have access to an internal mailing list.

Membership upon invitation only. To request an invitation, please contact the Laboratory’s Director, This email address is being protected from spambots. You need JavaScript enabled to view it..


  1. Brendan Van Alsenoy, Legal advisor, the Belgian Privacy Commission; Senior affiliated researcher, the KU Leuven Centre for IT & IP Law
  2. Lahoussine AnissSecretary General, Data Protection Authority (CNDP), Morocco
  3. Heidi Beate Bentzen, PhD candidate, Centre for Medical EthicsNorwegian Research Center for Computers and Law, University of Oslo
  4. Johann ČasAustrian Academy of Sciences, Institute of Technology Assessment
  5. Roger ClarkePrincipal, Xamax Consultancy Pty LtdVisiting Professor, University of New South WalesVisiting Professor, Australian National University
  6. Gemma Galdon Clavell, Director, Eticas Research and Consulting
  7. Chris Conolly, Director, Galexia
  8. Malcolm Crompton, Managing Director, Information Integrity Solutions Pty Ltd
  9. Lorenzo Dalla Corte, PhD candidate, Tilburg UniversityTilburg Institute for Law, Technology and SocietyTU Delft, A+BE
  10. Frank Dawson, Director of Privacy Engineering & Assurance, Nokia USA
  11. Katerina Demetzou, PhD candidate, Radboud University Nijmegen
  12. Martha Eike, Senior Engineer, The Norwegian Data Protection Authority
  13. Ciara Fitzgerald, Co-director, Health Information Systems Research Centrer, Cork University Business School
  14. Michael FriedewaldHead of the ICT research group, Fraunhofer Institute for Systems and Innovation Research ISI
  15. Graham Greenleaf AM, Professor of Law & Information Systems, University of New South Wales
  16. Rob Heyman, Senior Researcher, Studies on Media, Innovation and Technology (SMIT)Vrije Universiteit Brussel
  17. Joris van Hoboken, Senior Researcher, University of AmsterdamInstitute for Information Law
  18. Anna JohnstonDirector, Salinger Privacy 
  19. Ioulia Konstantinou, PhD candidate, Vrije Universiteit Brussel, Research Group on Law, Science, Technology & Society
  20. Raymund E. Liboro, Privacy Commissioner, National Privacy Commission, Republic of the Philippines
  21. Gérard Lommel, Government commissioner for data protection in public administration, Luxembourg's State Department
  22. Ramon Miralles Lopez, Coordinator of Audit and Information Security, Catalan Data Protection Authority (APDCAT), Catalonia (Spain)

  23. Irene Kamara, PhD candidate, Tilburg UniversityTilburg Institute for Law, Technology and Society
  24. Eleni Kosta, Professor of Technology Law and Human Rights, Tilburg UniversityTilburg Institute for Law, Technology and Society
  25. Damian Mapa, Deputy Privacy Commissioner, National Privacy Commission, Republic of the Philippines
  26. Ivy D. Patdu, Deputy Privacy Commissioner, National Privacy Commission, Republic of the Philippines
  27. Claudia Quelle, PhD candidate, Tilburg UniversityTilburg Institute for Law, Technology and Society
  28. Walter Peissl, Deputy Director, Institute of Technology Assessment (ITA), Austrian Academy of Sciences
  29. Melanie Peters, Director, Rathenau Institute
  30. Jo Pierson, Associate Professor, Studies on Media, Innovation and Technology (SMIT), Vrije Universiteit Brussel
  31. Artemi Rallo, Professor, Jaume I University, former Director of the Spanish Data Protection Agency
  32. Kjetil RommetveitAssociate Professor, University of Bergen
  33. Julien Rossi, PhD candidate, COSTECHUniversité de technologie de Compiègne
  34. Paolo Sinibaldi, Data Protection Officer, European Investment Fund
  35. Jacob SuidgeestDirector, Regulation and Strategy Branch, Office of the Australian Information Commissioner
  36. Nigel WatersResearch Associate, Cyberspace Law and Policy Community, University of New South Wales
  37. Stephen WilsonManaging Director, Lockstep Consulting; PhD Candidate, University of New South Wales


Gellert, R. (2018) Understanding the notion of risk in the General Data Protection Regulation, Computer Law & Security Review vol. 34, issue 2, 279-288

Gellert, R. (2015) Data protection: a risk regulation? Between the risk management of everything and the precautionary alternative, International Data Privacy Law 01/2015; 5(1):3-19.

Hildebrandt, M., Gutwirth, S. (2008). Profiling the European Citizen. Cross-Disciplinary Perspectives. Springer.

Hildebrandt, M. (2013). Legal Protection by Design in the Smart Grid. Privacy, data protection & profile transparency. Smart Energy Collective.

Hildebrandt, M. (2011). Legal Protection by Design. Objections and Refutations, Legisprudence 5.2, 223-248.

Kloza, D., van Dijk, N., De Hert, P. (2015), Assessing the European approach to privacy and data protection in smart grids. Lessons for emerging technologies, in Skopik, F., Smith, P. Smart grid security: holistic and innovative solutions for a modernized grid, Elsevier, 2015.

Kloza, D. (2014) Privacy Impact Assessments as a Means to Achieve the Objectives of Procedural Justice. Jusletter IT. Die Zeitschrift für IT und Recht. Issue 20

Kloza, D. (2013). Public voice in privacy governance: lessons from environmental democracy. In E. Schweighofer, A. Saarenpää, & J. Böszörmenyi (Eds.), KnowRights 2012 Proceedings (pp. 80–97).

Van Dijk, N, Tanas, A., Rommetveit, K., Raab, C.,(2018)Right engineering? The redesign of privacy and personal data protection,International Review of Law, Computers & Technology,DOI: 10.1080/13600869.2018.1457002

Van Dijk, N., Gellert, R., Rommetveit, K., A Risk to a Right? Beyond Data Protection Risk Assessments, Computer Law & Security Review, Forthcoming

Wright, D., & De Hert, P. (Eds.). (2012). Privacy Impact Assessment (p. 523). Dordrecht, Heidleberg, London, New York: Springer.

Wright, D., Gellert, R., Gutwirth, S., & Friedewald, M. (2011). Minimizing Technology Risks with PIAs, Precaution, and Participation. IEEE Technology and Society Magazine, 30(4), 47–54. doi:10.1109/MTS.2011.943460

Goel Sanjay, Hong Yuan, Papakonstantinou Vagelis and Kloza Dariusz (2015) Smart Grid Security. SpringerBriefs in Cybersecurity, Springer-Verlag, London, 138 pp. http://www.springer.com/gp/book/9781447166627

Gellert Raphaël and Kloza Dariusz (2012) “Can privacy impact assessment mitigate civil liability? A precautionary approach”, in Schweighofer Erich, Franz Kummer and Walter Hötzendorfer (eds.) Transformation juristischer Sprachen. Tagungsband des 15. Internationalen Rechtsinformatik Symposions IRIS 2012, Österreichische Computer Gesellschaft, Vienna, pp. 497-505. http://jusletter-it.weblaw.ch/issues/2012/IRIS/jusletterarticle_1029.html

Wright David, Friedewald Michael, and Gellert Raphaël, Developing and Testing a Surveillance Impact Assessment Methodology, International Data Privacy Law 01/2015; 5(1):40-53.

Gellert Raphaël, Understanding Data Protection as Risk Regulation, Journal of Internet Law, May 2015, 18(11):3-15.

Gellert Raphaël, Mantovani Eugenio, and De Hert Paul, The EU Regulation of Nanomaterials: Smoother or Harder? The Precautionary Tool Chest as the Basis for Better Regulating Nanomaterials. In: Dolez PI, (ed), Nanoengineering:Global Approaches to Health and Safety Issues, 2015. p. 339–73.



Pleinlaan 2

1050 Elsene, Brussels


+32 2 629 24 60







About us

LSTS2016 Compact Q


Brussels Laboratory for Data Protection & Privacy Impact Assessments

Research Group on Law, Science, Technology & Society (LSTS)

Faculty of Law and Criminology

Vrije Universiteit Brussel




Go to top