pdpEcho is coordinated by Gabriela Zanfir-Fortuna. Readers will find here news, comments and analyses on current data protection and privacy issues.

All opinions expressed here are that of the author alone and they do not engage in any way any of her previous or current employers.

Contact: gabrielazf@pm.me 

LinkedIn  Twitter


Gabriela Zanfir-Fortuna is a thought leader in transatlantic privacy. She is currently based in Detroit, Michigan, sharing her time among policy work, consulting and research. Gabriela is Senior Counsel for the Future of Privacy Forum, a think-tank based in Washington DC, where she leads the work on European privacy law and policy and its impact on all focus areas of the FPF, including de-identification, AI, mobility, adtech and education. She is also independently consulting different types of organizations, from universities to multinationals and nonprofits on their privacy compliance programs. Gabriela is Associated Researcher of LSTS at Vrije Universiteit Brussel (since September 2017) and she is a project scientist for the Institute for Software Research of Carnegie Mellon University, supporting the IoT Privacy Infrastructure project with privacy law and policy advice (since March 2019).

Before moving to the US in 2016, Gabriela worked for the European Data Protection Supervisor in Brussels and she participated to the work of the Article 29 Working Party. At the EDPS, Gabriela worked for both the ‘Supervision and Enforcement’ and ‘Policy and Consultation’ Units. Notably, she represented the EDPS in various subgroups of the Article 29 Working Party, being a member of the drafting team of WP29 that assessed the EU-US Privacy Shield. Gabriela worked on international data transfers, international relations, EU large scale IT-systems (particularly, the Schengen Information System), case-law overviews. She was a member of the Court team and she was part of the EDPS team advising the EU legislator on the GDPR.

Gabriela has the European equivalent of a JD degree from the University of Craiova (2009), in her Romanian hometown. She continued her legal studies at the same university with an LLM in Human Rights obtained with a dissertation focusing on the fundamental right to personal data protection (2010) and a PhD in law (2013) with a thesis on the rights of the data subject and their adjudication in civil law. In 2015, C. H. Beck published her book on the rights of the data subject, available HERE. She obtained the inaugural “Junior Scholar Award” at the Computers, Privacy and Data Protection conference in Brussels, 2014, for a paper in which she deconstructs the right to be forgotten into its prerogatives and she “reveals” that this particular right is present in EU data protection laws since the ’70s.

Selective list of publications:

Commentary on Articles 10, 11, 12, 21 and 82 GDPR in Commentary on General Data Protection Regulation, edited by C. Kuner, C. Docksey and L.A. Bygrave, Oxford University Press, forthcoming 2019. See an excerpt here, including the commentary on Article 11.

Data Protection and Competition Law: The Dawn of ‘Uberprotection’, Research Handbook on Privacy and Data Protection Law: Values, Norms and Global Politics, Gloria González Fuster, Rosamunde van Brakel and Paul De Hert (eds.), Edward Elgar Publ’g 2019 (Forthcoming).

How CJEU’s Privacy Spring construed the human rights shield in the digital age“European judicial systems as a challenge for democracy“, Intersentia, Cambridge-Antwerp-Portland, 2015.

Tracing the right to be forgotten in the short history of data protection law: The “new clothes” of an old rightpresented at the Computers, Privacy and Data Protection Conference, Brussels, 22-34 January 2014. [ ~ received the CPDP Junior Scholar Award 2014]

Regândirea dezvoltării în generaţii a reglementărilor protecţiei datelor personale [Rethinking the generational development of personal data protection laws] , Revista Română de Drept European (Romanian Journal of European Law) [Wolters Kluwer], No. 1, 2014.

Forgetting about consent. Why the focus should be on suitable safeguards in data protection law, presented at CPDP 2013, and published in S. Gutwirth, R. Leenes, P. de Hert (eds.), Reloading Data Protection. Multidisciplinary Insights and Contemporary Challenges, Springer, Heidelberg, Londra, New York, 2014, pp. 237-257.

What Happens in the Cloud Stays in the Cloud or why the Cloud’s Architecture should be transformed in Virtual Territorial Scope, presented at the Harvard Institute for Global Law and Policy (IGLP) Conference, 3-4 June, 2013, at Harvard University.

Consent in new EU DP framework: New approaches, Privacy Laws & Business (PL&B) International Report, Issue 122, aprilie 2013, pp. 28-30.

The Right to Data Portability in the Context of the EU Data Protection Reform, International Data Privacy Law (Oxford University Press), vol. 2, nr. 3/2012, pp. 149-162.

Big Brother in a Post-communist Era. Radiography of the Protection of Private Life in a European Romania, Revue de Sciences Politiques, nr. 35/2012, pp. 330-351.

Invocarea şi aplicarea directivelor Uniunii Europene în dreptul intern (The claiming and application of European Union’s directives in national law) – an article published in 3 parts – co-authored with Mihaela Mazilu-Babel, Pandectele Române (edited by Wolters Kluwer Romania), No. 3/2013, pp. 82-102; No. 4/2013, pp. 88-110; No. 5/2013, pp. 75-96.

Curtea Constituţională a României şi procedura întrebărilor preliminare. De ce nu? (The Constitutional Court of Romania and the preliminary rulings procedure. Why not?), Revista Română de Drept European (Romanian Journal of European Law, edited by Wolters Kluwer Romania), No. 5, 2011, 82-97.


If you find information on this blog useful and would like to read more of it, consider supporting pdpecho here: paypal.me/pdpecho.

10 responses to “About

  1. Pingback: The problem with the Privacy Shield challenges: do the challengers have legal standing? | pdpEcho

  2. Pingback: Even if Brexit-UK adopts the GDPR, it will be left without its “heart” | pdpEcho

  3. Pingback: A million dollar question, literally: Can DPAs fine a controller directly on the basis of the GDPR, or do they need to wait for national laws? | pdpEcho

  4. Pingback: FPF Welcomes New Fellows - Future of Privacy Forum

  5. Pingback: Will the ePrivacy Regulation overshadow the GDPR in the age of IoT? | pdpEcho

  6. Pingback: CJEU in Manni: data subjects do not have the right to obtain erasure from the Companies Register, but they do have the right to object | pdpEcho

  7. Pingback: Gabriela Zanfir-Fortuna, CJEU in Manni: data subjects do not have the right to obtain erasure from the Companies Register, but they do have the right to object | Afaceri juridice europene - European Legal Affairs. blog

  8. Pingback: Exam scripts and examiner’s corrections are personal data of the exam candidate (AG Kokott Opinion in Nowak) | pdpEcho

  9. Dear Gabriela,
    Congratulations on this interesting initiative and the great content you always produce.

    We should talk one day.
    Lucio Scudiero


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.