Region Area

Lawyers

Rosa Barcelo

Work Department

Privacy & Cybersecurity

Position

Rosa Barcelo focuses her practice on global data privacy and cyber security. She counsels clients on data protection and privacy, including compliance with the GDPR and the ePrivacy Directive. She helps companies develop global privacy compliance programs that harmonize GDPR with other international laws such as US privacy legislation (eg., CCPA/CPRA). She regularly advises organizations on structuring international data transfers using SCCs and BCRs, completing Data Protection Impact Assessments, drafting data processor agreements, advising on personal data breaches, and carrying out lead authority assessments.

Rosa’s practice has particular focus on cutting-edge IT issues, and she has a wealth of experience counselling clients on privacy in the electronic communications sector (both number dependent and independent services). She has additional skill in data privacy issues related to AI and machine learning, autonomous vehicles, marketing, programmatic advertising, and online tracking technologies.

Rosa’s previous experience includes her role as Deputy Head of Unit of the Cybersecurity and Digital Privacy Unit of DG CONNECT in the European Commission, where she led legislative deliberations over the proposed e-Privacy Regulation. Rosa’s work with the office of the EDPS focused on a wide range of ICT-related issues. Rosa worked closely with national supervisory authorities participating in the former Article 29 Working Party (now the European Data Protection Board). Rosa has also worked in academia and as a private lawyer in the Brussels offices of various international law firms, where she advised on EU privacy and data protection issues, as well electronic commerce and technology laws.

Rosa is a frequent lecturer on data protection, privacy and cybersecurity. In addition, she is a correspondent for the Journal of Computer Law Review International and is acting Chairwomen of the Brussels Chapter of the International Institute of Communications. She teaches a data protection certification course at the Institute of Public Administration (EIPA) in Maastricht.

Rosa previously served on the European board of the International Association of Privacy Professionals.