Skip to main content

Trinity College Dublin, The University of Dublin

Trinity Menu Trinity Search

Between the Lines: Maria Grazia Porcedda

Between the Lines asks researchers about the process of writing a book. Dr Maria Grazia Porcedda reflects on the process behind writing Cybersecurity, Privacy and Data Protection in EU Law.

When did you first come up with the idea for the book?

My interest in the relationship between cybersecurity, privacy and data protection began when I visited Silicon Valley as part of a Study Tour while studying for a Master’s at the University of Bologna. I was intrigued by the fact that personal information was treated as fungible currency and that safeguarding it was seemingly not a priority. That was a time when the clash between security and liberties was high on the political agenda and cloud computing – something we now take for granted – was as hot a topic as Artificial Intelligence is today!

Upon my return I decided to write a dissertation on transatlantic data exchanges under the supervision of cybersecurity expert Professor Giampiero Giacomello and that is how I began researching these topics. Between then and the book there were many crucial formative experiences inside and outside of academia, serendipitous encounters and starter grants, such as the Ruffini Prize. But some of the book’s key ideas came from later projects that I could pursue also thanks to research supports by TCD and Enterprise Ireland.

Did you start out with the intention of writing a book about a particular topic, or did a book begin to make sense as you were researching?

This project is the expanded and revised version of the PhD thesis I defended at the European University Institute. It was naturally born as a book and I am indebted to my doctoral supervisor, EU external relations law expert Professor Marise Cremona, for strongly encouraging me to pursue this task. The published book took shape after defending the PhD thesis, while working at the University of Leeds and now at Trinity College Dublin.

What are the book’s main ideas?

The book’s main question is how cybersecurity, privacy and data protection, which I call the triad for short, are reconciled in European Union law. To answer the question I looked across the full legal spectrum and took into account the triad’s common technological environment made of data, information and cyberspace. In this way I could identify some fundamental dynamics that help us understanding how cybersecurity, privacy and data protection are reconciled in EU law.

The dynamics I identified create short-circuits in the regulation of technology, which ‘efface’ technology from the law; in other words, technology disappears from binding law. For historical reasons, laws addressing cyberspace and digital technologies do not have a say on the selection of technologies that will be used to implement the law. The technological implementation of the law, and how technology affects rights, is left to mechanisms that are more informal and voluntary. These mechanisms cannot, on their own, meet the law’s goals of reconciling business or state interests with a high level of protection of rights, including privacy and data protection. Higher courts such as the Court of Justice of the European Union cannot redress this shortcoming because they must interpret laws as they are: they cannot engage with technology if it has been effaced from the law. What is more, by determining what technologies will be used in practice, such extra-legal mechanisms influence our enjoyment of privacy and data protection and also of cybersecurity.

Consequently, the relationship between cybersecurity, privacy and data protection ends up being decided on a case-by-case basis, depending on the technologies used in practice. This reality challenges our ability to choose a unified approach that can deliver high levels of protection of cybersecurity, privacy and data protection and decide on the level of reconciliation we want. To get the best of both worlds, we need for the law to engage with its technological implementation, and this is an inherently political process.

What did writing a book allow you to do that wouldn’t have been possible in another medium eg. journal article?

The scale of the project is too big for a single article or a series of articles and to demonstrate the argument I had to engage in extensive legal analysis, for which a book is the most appropriate format.

How did you decide which publisher to place the book with?

I was advised by my mentors and jury members to choose Hart Publishing, an imprint of Bloomsbury, as a well-regarded legal publisher. The publisher proposed to include the monograph in the new series Hart Studies in Information Law and Regulation.

How long did it take to write?

Taking into account two international moves and a pandemic, the book has been in the making for six years, although the time lag helped to incorporate a new vision as well as the very relevant legal developments that have taken place since.

Did you ever experience any moments of writer’s block? What did you do to overcome this?

Yes, I found myself staring at the white page on multiple occasions! To help my writing I used the pomodoro technique, whereby a writing session is divided into six 25’ blocks with small breaks between each block. Sometimes what I needed was to do additional research, but other times I needed to take breaks and lean on my partner, family and friends. I also benefitted from the support of my excellent commissioning editor, Dr Roberta Bassi, who stepped in to offer reassurance and help many times.

What advice would you give someone thinking about writing a book?

I think it depends on the discipline and career stage. In Law there is an expectation to write books and the first monograph tends to be the published version of the PhD thesis. In that case, I’d advise to make full use of the advice of the jury and the peer-reviewers. Otherwise, I would suggest them to ask themselves why they are writing a book, so that they can choose the best format for their audience and the publisher to approach.

But more than anything I’d suggest to clear their desks and resist the temptation to pursue multiple (writing) projects,  because ultimately it will be the book that suffers. Given the pressures of contemporary academia, it is already hard enough to find the time for doing research! Also, set a comfortable deadline for yourself, two or three years to begin with. Good publishers keep in touch regularly with authors and can adjust to early or late submissions. Last but definitely not least, take breaks and enjoy life.

If you could go back in time and give yourself one piece of advice before you started writing, what would that be?

It’d be probably something along the lines of ‘be kind to yourself: this is a huge undertaking!’


Maria Grazia Porcedda

Dr Maria Grazia Porcedda is Assistant Professor in Information Technology Law at the School of Law of Trinity College, Dublin. She teaches and researches on privacy, data protection, cybersecurity, cybercrime and surveillance in EU law. Maria Grazia is the Principal Investigator in the Provost PhD Awards 2021 on legal responses to cybercrime in Ireland and a member of the MSC ITN PROTECT. She is a member of the ADAPT Centre, BILETA, the ESC, PSAI and the SLS and sits on the ethics board of VIGILANT. She is a legal expert in new technologies with the European Data Protection Board.

Orcid : 0000-0002-9271-3512