PhD students
Radwan Eskhita
Description
Radwan Eskhita is a PhD researcher at the Erasmus School of Law in Rotterdam, with a demonstrated expertise in the fields of data protection law and regulation, cyber law, and technology. Alongside his research work, he also works as a lecturer at Luzern University in Switzerland. Prior to this, he earned a LL.M. degree from Johannes Gutenberg-Universität in Mainz, his master’s thesis focused on the impact of GDPR on cloud providers.
Eskhita’s dissertation is particularly focused on the impact of European data protection laws on the Arabic Gulf region, as well as the extraterritorial application of EU law. He has published several research papers and articles on GDPR Effect and Digital Forensic, which can be found on his ResearchGate profile.
Melinee Kositwatanarerk
Thesis Title
Conflict of laws in private enforcement of cross-border data protection claims
Description
Melinee is a Judge at the Court of Justice of Thailand receiving a full scholarship from the Office of the Judiciary to pursue her PhD in data protection law. She graduated her Bachelor’s degree from Chulalongkorn University with the first class honors. Melinee earned two Master’s degrees, which are Master of European Intellectual Property Laws at Stockholm University with the Swedish Institute Scholarship, and Master of Laws at the University of Melbourne with the Endeavour Postgraduate Scholarship.
Her PhD research at EGSL concerns the conflict-of-law issues in cross-border data protection claims to create more legal consistency and predictability in the private enforcement. Since data collection and processing usually involves digital activities, the data protection claims then mostly carry cross-border characteristics with connection of more than one country. A single cause of action may be subject to several jurisdictions, but the interesting question is which law of which country should be the applicable law to the case. While many jurisdictions, like the EU, Thailand, New Zealand, Australia, Japan, and Brazil, all contain some extraterritorial provisions in their data protection laws trying to extend the application of their laws to cover activities beyond their territories. This kind of extraterritorial provision would undeniably cause a duplication of legal application over the same cause of action and lead to a question of its validity under the aspect of the Private International Law.
Larisa Munteanu
Thesis Title
GDPR 2.0: Reviewed legal grounds for data controllers refusing to comply with illegitimate requests in the light cyber-attacks
Description
Larisa Munteanu graduated as one of the top students from the Faculty of Law of Babeș-Bolyai University, Cluj-Napoca, Romania, where she obtained both the Bachelor’s degree and the Master’s degree on International and Comparative Business Law, with theses in the field of Technology Law. In 2021, Larisa began working as a Data Protection Lawyer and a Data Protection Officer in the UK, holding accreditations from the International Association of Privacy Professionals as a Certified Information Privacy Manager (CIPM) and Certified Information Privacy Professional for Europe (CIPP/E). Her main interests are cyber-crimes, AI and global regulations on personal data protection, passions which were reflected through her published articles and in parallel, by speaking at international conferences, webinars and podcasts. In 2022, Larisa extended her list of awards by winning the Best International Future Lawyer Award, as part of the 60th Annual Congress of the International Association of Young Lawyers, held in Singapore. She was recognised for her valuable presentation on the impact of digitalisation on the legal profession during the COVID-19 pandemic.
At the same time, as a PhD researcher at Erasmus University Rotterdam, she is looking into the sufficiency and adequacy of the EU and UK GDPR in terms of allowing data controllers to reject data protection requests submitted upon committing identity theft or as part of a malware attack. An important highlight of this project will be how the less “popular” legal provisions of the GDPR apply in practical, yet threatening cases affecting businesses and subsequently, how the post-Brexit effect influences this whole context.