Homo Digitalis has the honor to host the interview of Nikos Theodorakis, a Greek who excels at both academic and professional level in Europe and America. Mr. Theodorakis is an associate professor at the University of Oxford and a partner at Stanford University, while at the same time practicing law at an American law firm and has served as a consultant to international organizations.

As perceived, he is best suited to talking about the importance of personal data on our business activities, business and everyday life, and we thank him warmly for the interview he gave us.

– You’ve started your academic career in Trade Law, but for some years now you’ve turned to Personal Data and Privacy Protection Law. Is there any relation between trade and personal data?

Undoubtedly! Personal data, which are frequently called the “oil” of the 21st century, is an integral part of every commercial activity. Either as the very centre of online services, or assisting at the contractual supply of goods, personal data is the driving force behind every commercial activity. In the past, trade was a relatively decentralised procedure, however, nowadays, data is used in every commercial activity. Therefore, to me, the transition, in fact the conjugation, from trade law to personal data protection law was a rational and probably necessary choice, taking into consideration the every-increasing importance of data.

– You are working both as a professor and researcher in some of the most important universities internationally and as a lawyer in a large law firm. How is it possible to combine an academic career with practising law?

I have to admit that is a very demanding combination, among other things because it entails frequent travelling between Oxford, Brussels, Athens and New York for academic and professional contributions. However, this “balancing act” really satisfies me as every sector offers you something different: academy is a forum for the exchange of ideas, where you constantly learn, horizontally from your colleagues and vertically from your students, while dealing with legal issues, which need further examination and resolution from the scientific community. Practicing law is more intense, active and pressing as you are requested to solve your client’s problem as soon as possible, in a practical way, while the legal strategy you create is dynamic. The combination of these two contrary occupations makes me evolve, so for now the weariness is certainly worth trying out!

– You are cooperating with very important universities in the US. What is their stance towards GDPR? Should we feel lucky that it exists in Europe or does it simply cause more problems?

The truth is that the Regulation has been largely discussed in the academic community and the legal community in the US, due to the large number of American firms that operate in Europe, through their physical or web presence, and due to the extraterritorial application of the regulation, under conditions. I can say that the dialogue during the last years on the other end of the Atlantic was really productive; actually in recent discussions I had with my colleagues at the law schools of Stanford and Columbia universities, I observe an increasing interest and knowledge on the subject. In fact the Regulation led to an intensive debate of respective initiatives of federalist nature in USA. The first indications have already appeared at the new consumer protection legislation of California and the Cloud Act.

– What do you think is the level of compliance with the GDPR for Greek companies and organisations? Where do we stand comparatively with other countries?

This is a complicated question because we have to distinguish between companies, which have fully complied and those which have taken the basic measures required, probably superficially, leading to a “compliance theatre”. One of the Regulation’s negative effects is that the market has been flooded with professionals who were not experts and were promising that they could help a company to comply fully with the Regulation at a very low cost. However, this is a process that takes time, total structural adjustment regarding the use of data and creation of a substantial way of thinking in support of the data protection. I would say that the minority of companies has substantially complied, a large majority has superficially complied –which leaves for possible risks- and finally a big percentage of companies hasn’t complied at all yet – which is very dangerous.

– Which is the role of the citizens in achieving companies’ and organisation’s compliance with the GDPR?

The role of civil society is to be aware and show interest in their rights -as the right to be forgotten and to portability- and exercise them in good faith if they have any doubt or question about how companies process their data. Citizens are the best guardians of this new legislation, as they have to use their strength for improvement and transparency in the use of data. They could also be organised in a coordinated manner, through an organisation like Homo Digitalis, and condemn possible infringed behaviour to the competent body of our country, the Greek Data Protection Authority.

– Can the conferred by the GDPR rights help Greek citizens in practice?

Certainly, as citizens can exercise a series of rights, which give them more and substantial control of their data. The user’s increased control on his data was one of the main reasons, which led to the Regulation, in view of the fact that companies collect and process a wealth of data for us from various sources; accordingly the user must control who is processing his/her data, why and where it is transferring this data. Overall, the rights that the Regulation offers result in augmented transparency and accountability for using Greeks -and European- citizens’ data.

– Both as a professor and a researcher, so as a lawyer you come up against new challenges. Which of them do you think that we will face in Greece and what would you like to be the action of an organisation like Homo Digitalis according to them?

I believe that in the foreseeable future we will face challenges such as data leakage and networks confidentiality breach, massive hacking in conjunction with ransom demands extortion in cryptocurrency, lack of companies’ ability to cope efficiently with users’ requests for exercising their rights, spot checks from prosecution authorities and complexity on how blockchain and artificial intelligence interact, or conflict with the Regulation. An organisation like Homo Digitalis can adopt working documents and organise workshops for the examinations of these challenges.

– How do you expect the relation of technology and human in the future?

It is a fact that the relation between technology and human will continue to be made increasingly complex through the evolution of artificial intelligence and the Internet of Things. Therefore, developments that a few decades ago were figments of scientific imagination are now much closer than we may think.