Lee Andrew Bygrave

Image of Lee Andrew Bygrave
Norwegian version of this page
Phone +47 22859339
Room 444
Username
Visiting address Karl Johans gt. 47 Domus Academica
Postal address Postboks 6706 St. Olavs plass 0130 Oslo

Background

Lee A. Bygrave was born in 1963. He was awarded a Doctorate of Laws (dr. juris) at the University of Oslo in 2000. Prior to this, he was awarded the degrees of Bachelor of Arts (Honours) in 1985 and Bachelor of Laws (Honours) in 1989 – both from the Australian National University, Canberra. He is currently Professor at the Department of Private Law, University of Oslo.

Within the Department of Private Law, Lee is currently Director of the Norwegian Research Center for Computers and Law. He is additionally an academic affiliate of the Centre for Health, Law and Emerging Technologies (HeLEX) at the University of Oxford, and research associate (formerly founding co-director) of the Cyberspace Law and Policy Centre (now ‘Community’) at the University of New South Wales, Sydney.

His teaching appointments range across numerous institutions, including the universities of Vienna, Stockholm, Tilburg, Tartu, Tel Aviv, New South Wales and Oslo. At the latter, Lee is one of the principal teachers of the LL.M. program in Information and Communications Technology (ICT) Law. He is also in charge of teaching English law of contract.

He currently heads a major research project at the NRCCL: VIROS (‘Vulnerability in the Robot Society’), which canvasses legal and ethical implications of AI-empowered robotics. The project is funded by the Research Council of Norway.

Lee has published extensively within the field of data protection law where his two principal books on the subject – Data Protection Law: Approaching Its Rationale, Logic and Limits (Kluwer 2002) and Data Privacy Law: An International Perspective (Oxford University Press 2014) – are widely acknowledged as standard international texts. He is additionally co-editor and co-author of a comprehensive article-by-article analysis of the EU General Data Protection Regulation – The EU General Data Protection Regulation (GDPR): A Commentary (Oxford University Press 2020). His data protection scholarship has been cited with approval by the Court of Justice of the European Union.

Lee has also conducted pioneering analyses of:

  • the ways in which information concepts are (mis)understood and (mis)used in law,
  • the use of contract as a tool for governing internet infrastructure and online transactions,
  • the legal-regulatory framework for automated decision-making,
  • cognitive sovereignty as a key interest threatened by the opacity of machine-learning processes,
  • the privacy implications of digital rights management systems,
  • the use of ‘design-based’ regulatory techniques for integrating legal values into information systems architecture, and
  • legal rules on cybersecurity.

Lee is founding co-editor of Oslo Law Review, and sits on the editorial boards of Computer Law & Security Review (Elsevier), Internet Policy Review (Humboldt Institute for Internet and Society) and International Data Privacy Law (Oxford University Press).

Special fields

• Privacy and data protection law
• Internet governance
• Information security
• Computer crime
• Intellectual property law
• Private international law
• Alternative dispute resolution

CV

Tags: China, USA, Brazil, Russia

Publications

  • Bygrave, Lee Andrew (2022). Cyber Resilience versus Cybersecurity as Legal Aspiration. In Jančárková, Tat’ána; Visky, Gabor & Winther, Ingrid (Ed.), 2022 14th International Conference on Cyber Conflict: Keep Moving. IEEE (Institute of Electrical and Electronics Engineers). ISSN 978-9916-9789-0-0. p. 27–44.
  • Bygrave, Lee Andrew (2022). Machine Learning, Cognitive Sovereignty and Data Protection Rights with Respect to Automated Decisions. In Ienca, Marcello; Pollicino, Oreste; Liguori, Laura; Stefanini, Elisa & Andorno, Roberto (Ed.), The Cambridge Handbook of Life Science, Information Technology and Human Rights. Cambridge University Press. ISSN 9781108775038. p. 166–188. doi: 10.1017/9781108775038.016. Full text in Research Archive
  • Bygrave, Lee Andrew (2021). Security by Design: Aspirations and Realities in a Regulatory Context. Oslo Law Review. ISSN 2387-3299. 8(3), p. 126–177. doi: 10.18261/olr.8.3.2. Full text in Research Archive
  • Bygrave, Lee Andrew & Yeung, Karen (2021). Demystifying the modernized European data protection regime: Cross-disciplinary insights from legal and regulatory governance scholarship. Regulation & Governance. ISSN 1748-5983. doi: 10.1111/rego.12401. Full text in Research Archive
  • Bygrave, Lee Andrew (2021). The ‘Strasbourg Effect’ on data protection in light of the ‘Brussels Effect’: Logic, mechanics and prospects. Computer Law and Security Review. ISSN 0267-3649. 40. doi: 10.1016/j.clsr.2020.105460. Full text in Research Archive
  • Bygrave, Lee Andrew (2020). Article 25: Data protection by design and by default. In Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Ed.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. p. 571–581.
  • Bygrave, Lee Andrew (2020). Article 22: Automated individual decision-making, including profiling. In Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Ed.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. p. 522–542.
  • Bygrave, Lee Andrew & Tosoni, Luca (2020). Article 4(26): International organisation. In Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Ed.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. p. 303–308.
  • Bygrave, Lee Andrew (2020). Article 4(21): Supervisory authority. In Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Ed.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. p. 265–271.
  • Bygrave, Lee Andrew & Tosoni, Luca (2020). Article 4(18): Enterprise. In Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Ed.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. p. 246–252.
  • Bygrave, Lee Andrew & Tosoni, Luca (2020). Article 4(15): Data concerning health. In Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Ed.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. p. 217–224.
  • Bygrave, Lee Andrew & Tosoni, Luca (2020). Article 4(14): Biometric data. In Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Ed.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. p. 207–216.
  • Bygrave, Lee Andrew & Tosoni, Luca (2020). Article 4(13): Genetic data. In Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Ed.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. p. 196–206.
  • Bygrave, Lee Andrew & Tosoni, Luca (2020). Article 4(11): Consent. In Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Ed.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. p. 174–187.
  • Bygrave, Lee Andrew & Tosoni, Luca (2020). Article 4(8): Processor. In Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Ed.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. p. 157–162.
  • Bygrave, Lee Andrew & Tosoni, Luca (2020). Article 4(7): Controller. In Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Ed.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. p. 145–156.
  • Bygrave, Lee Andrew (2020). Article 4(4): Profiling. In Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Ed.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. p. 127–131.
  • Tosoni, Luca & Bygrave, Lee Andrew (2020). Article 4(2): Processing. In Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Ed.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. p. 116–122.
  • Bygrave, Lee Andrew & Tosoni, Luca (2020). Article 4(1): Personal Data. In Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Ed.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. p. 103–115.
  • Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (2020). Background and Evolution of the EU General Data Protection Regulation (GDPR). In Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (Ed.), The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISSN 9780198826491. p. 1–47.
  • Bygrave, Lee Andrew (2019). Minding the Machine v2.0: The EU General Data Protection Regulation and Automated Decision Making. In Yeung, Karen & Lodge, Martin (Ed.), Algorithmic Regulation. Oxford University Press. ISSN 9780198838494. p. 246–260. doi: 10.1093/oso/9780198838494.003.0011.
  • Mascalzoni, Deborah; Bentzen, Heidi Beate; Ljøsne, Isabelle Sylvie Budin; Bygrave, Lee Andrew; Bell, Jessica & Dove, Edward S. [Show all 21 contributors for this article] (2019). Are Requirements to Deposit Data in Research Repositories Compatible With the European Union's General Data Protection Regulation? Annals of Internal Medicine. ISSN 0003-4819. 170(5), p. 332–334. doi: 10.7326/M18-2854. Full text in Research Archive
  • Bygrave, Lee Andrew (2018). Legal Scholarship on Data Protection: Future Challenges and Directions. In Degrave, Élise; de Terwangne, Cécile; Dusollier, Séverine & Queck, Robert (Ed.), Law, norms and freedoms in cyberspace / Droit, normes et libertés dans le cybermonde: Liber Amicorum Yves Poullet. Larcier. ISSN 978-2-8079-0346-3. p. 493–504.
  • Bygrave, Lee Andrew & Mendoza, Isak Esteban Sveinhaug (2017). The Right not to be Subject to Automated Decisions based on Profiling. In Synodinou, Tatiana-Eleni; Jougleux, Philippe; Markou, Christiana & Prastitou, Thalia (Ed.), EU Internet Law: Regulation and Enforcement. Springer. ISSN 978-3-319-64954-2. p. 77–98. doi: 10.1007/978-3-319-64955-9_4.
  • Bygrave, Lee Andrew (2017). Hardwiring Privacy. In Brownsword, Roger; Scotford, Eloise & Yeung, Karen (Ed.), The Oxford Handbook of Law, Regulation and Technology. Oxford University Press. ISSN 9780199680832. p. 754–775.
  • Bygrave, Lee Andrew (2017). Data Protection by Design and by Default : Deciphering the EU’s Legislative Requirements. Oslo Law Review. ISSN 2387-3299. 4(2), p. 105–120. doi: 10.18261/issn.2387-3299-2017-02-03. Full text in Research Archive

View all works in Cristin

  • Kuner, Christopher; Bygrave, Lee Andrew & Docksey, Christopher (2020). The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press. ISBN 9780198826491. 1393 p.

View all works in Cristin

  • Bygrave, Lee Andrew (2022). Google, Amazon, Facebook ... Har personvernet på nettet en sjanse?
  • Bygrave, Lee Andrew (2022). The Legal Regulation of Automated Decision Making.
  • Bygrave, Lee Andrew (2022). Data Protection by Design and Security by Design: A Tale of Two Siblings.
  • Bygrave, Lee Andrew (2022). 'By Design' as Regulatory Mantra.
  • Bygrave, Lee Andrew (2022). Challenges of human rights in the digital domain: critical queries.
  • Bygrave, Lee Andrew (2022). Methodological Challenges in Research on the Interaction of Technology and Human Rights .
  • Bygrave, Lee Andrew (2022). Grunnleggende innføring i "common law".
  • Bygrave, Lee Andrew (2022). Vulnerability in the Robot Society (VIROS) -- and some remarks about silos, law and "regulatory conversations" .
  • Bygrave, Lee Andrew; Mahler, Tobias & Lintvedt, Mona Naomi (2022). AI Act og Norges handlingsrom .
  • Bygrave, Lee Andrew (2022). When Privacy and Data Protection Rule, What and Who loses Out?
  • Bygrave, Lee Andrew (2022). Cyber Resilience versus Cybersecurity as Regulatory Aspiration: A Case of the Hare and the Tortoise?
  • Bygrave, Lee Andrew (2021). Contract as Regulatory Mechanism in Internet Governance: A Critical Assessment.
  • Bygrave, Lee Andrew (2021). The Role of Human Oversight under the EU's Proposal for an Act on Artificial Intelligence .
  • Bygrave, Lee Andrew (2021). Security Theatre? The Law and Politics of "Security by Design".
  • Bygrave, Lee Andrew (2021). Biometri til besvær?
  • Gundersen, Martin & Bygrave, Lee Andrew (2021). Helsenorge lot innbyggere dele sensitive helseopplysninger via facebook. [Internet]. NRK.
  • Bygrave, Lee Andrew (2021). Rettslige rammer for sikkerhet på Internett.
  • Bygrave, Lee Andrew (2021). Automatiserte avgjørelser.
  • Bygrave, Lee Andrew & Langved, Åshild (2021). Telenor svarer etter Myanmar-kritikk. [Newspaper]. Dagens Næringsliv.
  • Bygrave, Lee Andrew (2021). Cognitive Sovereignty in the Era of Machine Learning and 'Big Data'.
  • Wagner, Eva; Møretrø, Trond; Moen, Birgitte; Heir, Even; Langsrud, Solveig & Kober-Rychli, Katrin [Show all 9 contributors for this article] (2020). PathoSeq: A multidisciplinary project aiming to materialize the benefits of whole genome sequencing in the food processing industry.
  • Wagner, Eva; Møretrø, Trond; Moen, Birgitte; Heir, Even; Langsrud, Solveig & Rychli, Kathrin [Show all 9 contributors for this article] (2020). PathoSeq: A multidisciplinary project aiming to materialize the benefits of whole genome sequencing in the food processing industry.
  • Bygrave, Lee Andrew (2020). Jussen rundt ansiktsgjenkjenning i korte trekk.
  • Bygrave, Lee Andrew (2020). Hvordan styrer internettet deg? Jussens rolle.
  • Bygrave, Lee Andrew (2020). European Data Protection: Is it Fit for Purpose in an Age of Algorithmic Regulation?
  • Bygrave, Lee Andrew (2020). The Schrems II judgment of the EU Court of Justice in Historical Perspective.
  • Bygrave, Lee Andrew (2019). The Emergence of Security by Design as EU Regulatory Principle.
  • Bygrave, Lee Andrew (2019). Security by Design: Its Meaning and Utility as Regulatory Principle.
  • Bygrave, Lee Andrew (2019). The Strasbourg Effect: The Potential Impact of the Council of Europe’s Modernised Convention on Data Protection outside Europe.
  • Bygrave, Lee Andrew (2019). IKT regulering av/ved avtale mekanismer.
  • Bygrave, Lee Andrew (2019). EU Data Privacy Law and Algorithmic Regulation: Critical Reflections.
  • Mahler, Tobias; Bygrave, Lee Andrew & Tørresen, Jim (2019). The VIROS Project: Vulnerability in the Robot Society.
  • Bygrave, Lee Andrew (2019). EU Data Protection Law vs. Algorithmic Regulation: Tilting at Windmills?
  • Bygrave, Lee Andrew (2019). A Flawed Crusade? The EU General Data Protection Regulation in the Age of Artificial Intelligence.
  • Bygrave, Lee Andrew (2019). Muligheter og utfordringer ved økende bruk av kunstig intelligens.
  • Bygrave, Lee Andrew (2019). Transparency by Design.
  • Bygrave, Lee Andrew (2019). DP:=PDF.
  • Bygrave, Lee Andrew (2018). Taming Algorithms: The Probable Impact of EU Data Privacy Law on Automated Decision Making.
  • Bygrave, Lee Andrew (2018). Security by Design: The Emperor's New Clothes in the Cybersecurity Space?
  • Bygrave, Lee Andrew (2018). Security by Design: Semantics and Regulatory Operationalisation.
  • Bygrave, Lee Andrew (2018). Public Administration as Regulatory Object in Data Protection Law.
  • Bygrave, Lee Andrew (2018). Cyberspace, Security and Fundamental Rights.
  • Bygrave, Lee Andrew (2018). The Public Interest in Decision Making of Standards Development Organisations in Internet Governance.
  • Bygrave, Lee Andrew (2018). The EU General Data Protection Regulation and its Rules on Data Protection by Design: A Reason to Panic?
  • Bygrave, Lee Andrew (2018). Obscure Intelligence, Due Process and Data Protection.
  • Banet, Catherine & Bygrave, Lee Andrew (2018). Blockchain i energibransjen: Et juridisk perspektiv.
  • Bygrave, Lee Andrew (2018). Data Protection by Design and by Default: Understanding GDPR Article 25 .
  • Bygrave, Lee Andrew (2018). Data Protection by Design and by Default: Semantics, Rules and Prospects.
  • Bygrave, Lee Andrew (2018). EUs forordning om personopplysningsvern: Historikk, kontekst og hovedtrekk .
  • Bygrave, Lee Andrew (2018). Countering Kafka with Kafka: The Confounding Semantics of EU Data Protection Law’s Attempt to Tackle Algorithmic Regulation.
  • Bygrave, Lee Andrew (2017). EU Data Policy Developments and Privacy Implications.
  • Bygrave, Lee Andrew (2017). Building the European Data Economy: The Aspirations of Brussels.
  • Bygrave, Lee Andrew (2017). EU Data Developments and Privacy Implications.
  • Bygrave, Lee Andrew (2017). The Right under EU Law to Object to Automated Decisions based on Profiling -- A Right for Australia?
  • Bygrave, Lee Andrew (2017). Teaching Internet Governance: Challenges and Experiences.
  • Bygrave, Lee Andrew (2017). The GDPR’s Data Export Regime: Caught between a Rock and Hard Place?
  • Bygrave, Lee Andrew (2017). Privacy and Security: Uneasy Bedfellows.
  • Bygrave, Lee Andrew (2017). EU Data Protection Law: A Desirable Model for Algorithmic Regulation?
  • Bygrave, Lee Andrew (2017). Data Protection Regulation in the EU: Impact on Australia and Other Non-European Jurisdictions.
  • Bygrave, Lee Andrew (2017). Data Protection by Design: Deciphering the EU's 'New' Data Privacy Norm.
  • Bygrave, Lee Andrew (2017). Ensuring Right Information: Legal Controls of Information Quality.
  • Bygrave, Lee Andrew (2017). Security Requirements pursuant to the EU General Data Protection Regulation .
  • Bygrave, Lee Andrew (2017). Den nye EU forordning om personopplysningsvern: Hovedtrekk og hovedutfordringer for norsk næringsliv.
  • Bygrave, Lee Andrew (2017). Nye krav til innebygd personvern etter EUs forordning om personopplysningsvern.
  • Bygrave, Lee Andrew (2017). How Does and Will EU Data Protection Law Affect the European Data Economy?
  • Bygrave, Lee Andrew (2017). The Impact of the EU General Data Protection Regulation on the Internet Domain Name Community.
  • Bygrave, Lee Andrew (2017). EUs forordning om personopplysningsvern: En oversikt.
  • Bygrave, Lee Andrew (2017). Innebygd personopplysningsvern: Bakgrunn til og krav etter personvernforordningen artikkel 25.

View all works in Cristin

Published Mar. 26, 2008 11:09 AM - Last modified Aug. 17, 2022 9:29 AM