Lee Andrew Bygrave

Image of Lee Andrew Bygrave
Norwegian version of this page
Phone +47 22859339
Room 444
Visiting address Karl Johans gt. 47 Domus Academica
Postal address Postboks 6706 St. Olavs plass 0130 OSLO


Lee A. Bygrave was born in 1963. He was awarded a Doctorate of Laws (dr. juris) at the University of Oslo in 2000. Prior to this, he was awarded the degrees of Bachelor of Arts (Honours) in 1985 and Bachelor of Laws (Honours) in 1989 – both from the Australian National University, Canberra. He is currently Professor at the Department of Private Law, University of Oslo.

Within the Department of Private Law, Bygrave is currently Director of the Norwegian Research Center for Computers and Law. He is additionally a research associate (formerly founding co-director) of the Cyberspace Law and Policy Centre at the University of New South Wales, Sydney.

His teaching appointments range across numerous institutions, including the universities of Vienna, Stockholm, Tilburg, Tartu, New South Wales and Oslo. At the latter, Bygrave is one of the principal teachers of the LL.M. program in Information and Communications Technology (ICT) Law. He is also in charge of teaching English law of contract.

For the past three decades, Bygrave has been deeply involved in research and policy development of ICT regulation. He has functioned as expert advisor on various aspects of ICT regulatory policy for the European Commission, Nordic Council of Ministers, Computer Science and Technology Board of the US National Academies, UK House of Lords Committee on the Constitution, Norwegian Government, Telenor, and Internet Corporation for Assigned Names and Numbers.

Bygrave has published particularly extensively within the field of privacy/data protection law where his two principal books on the subject – Data Protection Law: Approaching Its Rationale, Logic and Limits (Kluwer Law International, 2002) and Data Privacy Law: An International Perspective (Oxford University Press, 2014) – are widely acknowledged as standard international texts.

Much of his current research focuses on internet regulation. He is co-author and principle editor of Internet Governance: Infrastructure and Institutions (Oxford University Press, 2009), and he heads a major research project, “Security in Internet Governance and Networks: Analysing the Law”, with funding from the Norwegian Research Council and UNINETT Norid AS. His most recent book – Internet Governance by Contract (Oxford University Press, 2015) – critically examines the contractual frameworks for the development and use of internet infrastructure.

Bygrave serves on the editorial boards of Oslo Law Review, Computer Law & Security Review (Elsevier), Internet Policy Review (Humboldt Institute for Internet and Society) and International Data Privacy Law (Oxford University Press).

Special fields

• Privacy and data protection law
• Internet governance
• Information security
• Computer crime
• Intellectual property law
• Private international law
• Alternative dispute resolution


Tags: China, USA, Brazil, Russia


  • Bygrave, Lee Andrew (2019). Minding the Machine v2.0: The EU General Data Protection Regulation and Automated Decision Making, In Karen Yeung & Martin Lodge (ed.),  Algorithmic Regulation.  Oxford University Press.  ISBN 9780198838494.  Kapittel 11.  s 246 - 260
  • Mascalzoni, Deborah; Bentzen, Heidi Beate; Ljøsne, Isabelle Sylvie Budin; Bygrave, Lee Andrew; Bell, Jessica; Dove, Edward S.; Fuchsberger, Christian; Hveem, Kristian; Mayrhofer, Michaela Th.; Meraviglia, Viviana; O'Brien, David R.; Pattaro, Cristian; Pramstaller, Peter P.; Rakic, Vojin; Rossini, Alessandra; Shabani, Mahsa; Svantesson, Dan Jerker B.; Tomasi, Marta; Ursin, Lars Øystein; Wjst, Matthias & Kaye, Jane (2019). Are Requirements to Deposit Data in Research Repositories Compatible With the European Union's General Data Protection Regulation?. Annals of Internal Medicine.  ISSN 0003-4819.  170(5), s 332- 334 . doi: 10.7326/M18-2854
  • Bygrave, Lee Andrew (2018). Legal Scholarship on Data Protection: Future Challenges and Directions, In Élise Degrave; Cécile de Terwangne; Séverine Dusollier & Robert Queck (ed.),  Law, norms and freedoms in cyberspace / Droit, normes et libertés dans le cybermonde: Liber Amicorum Yves Poullet.  Larcier.  ISBN 978-2-8079-0346-3.  chapter.  s 493 - 504
  • Bygrave, Lee Andrew (2017). Data Protection by Design and by Default : Deciphering the EU’s Legislative Requirements. Oslo Law Review.  ISSN 2387-3299.  4(2), s 105- 120 . doi: 10.18261/issn.2387-3299-2017-02-03 Full text in Research Archive.
  • Bygrave, Lee Andrew (2017). Hardwiring Privacy, In Roger Brownsword; Eloise Scotford & Karen Yeung (ed.),  The Oxford Handbook of Law, Regulation and Technology.  Oxford University Press.  ISBN 9780199680832.  Kapittel 31.  s 754 - 775
  • Bygrave, Lee Andrew & Mendoza, Isak Esteban Sveinhaug (2017). The Right not to be Subject to Automated Decisions based on Profiling, In Tatiana-Eleni Synodinou; Philippe Jougleux; Christiana Markou & Thalia Prastitou (ed.),  EU Internet Law: Regulation and Enforcement.  Springer.  ISBN 978-3-319-64954-2.  4.  s 77 - 98
  • Myhre, Sonja; Kaye, Jane; Bygrave, Lee Andrew; Aanestad, Margunn; Ghanem, Buthaina; Mechael, Patricia & Frøen, Frederik (2016). eRegistries: governance for electronic maternal and child health registries. BMC Pregnancy and Childbirth.  ISSN 1471-2393.  16 . doi: 10.1186/s12884-016-1063-0 Full text in Research Archive.
  • Bygrave, Lee Andrew (2015). Information Concepts in Law: Generic Dreams and Definitional Daylight. Oxford Journal of Legal Studies.  ISSN 0143-6503.  35(1), s 91- 120 . doi: 10.1093/ojls/gqu011
  • Medeiros, Francis Augusto & Bygrave, Lee Andrew (2015). Brazil's Marco Civil da Internet: Does it live up to the hype?. Computer Law and Security Review.  ISSN 0267-3649.  31(1), s 120- 130 . doi: 10.1016/j.clsr.2014.12.001
  • Bygrave, Lee Andrew (2014). Data Privacy Law and the Internet: Policy Challenges, In Normann Witzleb; David Lindsay; Moira Paterson & Sharon Rodrick (ed.),  Emerging Challenges in Privacy Law: Comparative Perspectives.  Cambridge University Press.  ISBN 9781107041677.  Chapter 12.  s 259 - 289
  • Bygrave, Lee Andrew (2013). Contract vs. statute in Internet governance, In Ian Brown (ed.),  Research Handbook on Governance of the Internet.  Edward Elgar Publishing.  ISBN 978 1 84980 502 5.  kapittel 8.  s 168 - 197
  • Bygrave, Lee Andrew (2013). Data Protection vs. Copyright, In Dan Jerker B. Svantesson & Stanley Greenstein (ed.),  Internationalisation of Law in the Digital Information Society: Nordic Yearbook of Law and Informatics 2010–2012.  Ex Tuto Publishing.  ISBN 978-87-92598-22-6.  kapittel 4.  s 55 - 75
  • Bygrave, Lee Andrew (2013). Personvern som lettvekter, I: Marius Stub; Ida Hjort Kraby (red.),  Forsker og formidler. Festskrift til Erik Magnus Boe på 70-årsdagen 17. april 2013.  Universitetsforlaget.  ISBN 978-82-15-02201-7.  kapittel 5.  s 88 - 109
  • Bygrave, Lee Andrew (2013). The Data Difficulty in Database Protection. European intellectual property review.  ISSN 0142-0461.  35(1), s 25- 33

View all works in Cristin

  • Bygrave, Lee Andrew & Schartum, Dag Wiese (2016). Personvern i informasjonssamfunnet: En innføring i vern av personopplysninger. Fagbokforlaget.  ISBN 9788245020342.  359 s.
  • Bygrave, Lee Andrew (2015). Internet Governance by Contract. Oxford University Press.  ISBN 978-0-19-968734-3.  192 s.
  • Bygrave, Lee Andrew (2014). Data Privacy Law: An International Perspective. Oxford University Press.  ISBN 978-0-19-967555-5.  233 s.
  • Bygrave, Lee Andrew (2014). Jon Bing: En Hyllest/A Tribute. Gyldendal Norsk Forlag A/S.  ISBN 9788205468504.
  • Schartum, Dag Wiese; Bekken, Anne Gunn Berge & Bygrave, Lee Andrew (red.) (2014). Jon Bing En hyllest///A tribute. Gyldendal Norsk Forlag A/S.  ISBN 9788205468504.  441 s.

View all works in Cristin

  • Bygrave, Lee Andrew (2019). A Flawed Crusade? The EU General Data Protection Regulation in the Age of Artificial Intelligence.
  • Bygrave, Lee Andrew (2019). DP:=PDF.
  • Bygrave, Lee Andrew (2019). EU Data Privacy Law and Algorithmic Regulation: Critical Reflections.
  • Bygrave, Lee Andrew (2019). EU Data Protection Law vs. Algorithmic Regulation: Tilting at Windmills?.
  • Bygrave, Lee Andrew (2019). GDPR etter ett år: hvilke betydning har den faktisk hatt for private aktørers atferd?.
  • Bygrave, Lee Andrew (2019). IKT regulering av/ved avtale mekanismer.
  • Bygrave, Lee Andrew (2019). Muligheter og utfordringer ved økende bruk av kunstig intelligens.
  • Bygrave, Lee Andrew (2019). Security by Design: Its Meaning and Utility as Regulatory Principle.
  • Bygrave, Lee Andrew (2019). The Emergence of Security by Design as EU Regulatory Principle.
  • Bygrave, Lee Andrew (2019). The Strasbourg Effect: The Potential Impact of the Council of Europe’s Modernised Convention on Data Protection outside Europe.
  • Bygrave, Lee Andrew (2019). Transparency by Design.
  • Mahler, Tobias; Bygrave, Lee Andrew & Tørresen, Jim (2019). The VIROS Project: Vulnerability in the Robot Society.
  • Banet, Catherine & Bygrave, Lee Andrew (2018). Blockchain i energibransjen: Et juridisk perspektiv.
  • Bygrave, Lee Andrew (2018). Countering Kafka with Kafka: The Confounding Semantics of EU Data Protection Law’s Attempt to Tackle Algorithmic Regulation.
  • Bygrave, Lee Andrew (2018). Cyberspace, Security and Fundamental Rights.
  • Bygrave, Lee Andrew (2018). Data Protection by Design and by Default: Semantics, Rules and Prospects.
  • Bygrave, Lee Andrew (2018). Data Protection by Design and by Default: Understanding GDPR Article 25.
  • Bygrave, Lee Andrew (2018). EUs forordning om personopplysningsvern: Historikk, kontekst og hovedtrekk.
  • Bygrave, Lee Andrew (2018). Obscure Intelligence, Due Process and Data Protection.
  • Bygrave, Lee Andrew (2018). Public Administration as Regulatory Object in Data Protection Law.
  • Bygrave, Lee Andrew (2018). Security by Design: Semantics and Regulatory Operationalisation.
  • Bygrave, Lee Andrew (2018). Security by Design: The Emperor's New Clothes in the Cybersecurity Space?.
  • Bygrave, Lee Andrew (2018). Taming Algorithms: The Probable Impact of EU Data Privacy Law on Automated Decision Making.
  • Bygrave, Lee Andrew (2018). The EU General Data Protection Regulation and its Rules on Data Protection by Design: A Reason to Panic?.
  • Bygrave, Lee Andrew (2018). The Public Interest in Decision Making of Standards Development Organisations in Internet Governance.
  • Bygrave, Lee Andrew (2017). Building the European Data Economy: The Aspirations of Brussels.
  • Bygrave, Lee Andrew (2017). Data Protection Regulation in the EU: Impact on Australia and Other Non-European Jurisdictions.
  • Bygrave, Lee Andrew (2017). Data Protection by Design: Deciphering the EU's 'New' Data Privacy Norm.
  • Bygrave, Lee Andrew (2017). Den nye EU forordning om personopplysningsvern: Hovedtrekk og hovedutfordringer for norsk næringsliv.
  • Bygrave, Lee Andrew (2017). EU Data Developments and Privacy Implications.
  • Bygrave, Lee Andrew (2017). EU Data Policy Developments and Privacy Implications.
  • Bygrave, Lee Andrew (2017). EU Data Protection Law: A Desirable Model for Algorithmic Regulation?.
  • Bygrave, Lee Andrew (2017). EUs forordning om personopplysningsvern: En oversikt.
  • Bygrave, Lee Andrew (2017). Ensuring Right Information: Legal Controls of Information Quality.
  • Bygrave, Lee Andrew (2017). How Does and Will EU Data Protection Law Affect the European Data Economy?.
  • Bygrave, Lee Andrew (2017). Innebygd personopplysningsvern: Bakgrunn til og krav etter personvernforordningen artikkel 25.
  • Bygrave, Lee Andrew (2017). Nye krav til innebygd personvern etter EUs forordning om personopplysningsvern.
  • Bygrave, Lee Andrew (2017). Privacy and Security: Uneasy Bedfellows.
  • Bygrave, Lee Andrew (2017). Security Requirements pursuant to the EU General Data Protection Regulation.
  • Bygrave, Lee Andrew (2017). Teaching Internet Governance: Challenges and Experiences.
  • Bygrave, Lee Andrew (2017). The GDPR’s Data Export Regime: Caught between a Rock and Hard Place?.
  • Bygrave, Lee Andrew (2017). The Impact of the EU General Data Protection Regulation on the Internet Domain Name Community.
  • Bygrave, Lee Andrew (2017). The Right under EU Law to Object to Automated Decisions based on Profiling -- A Right for Australia?.
  • Bygrave, Lee Andrew (2016). Articles 22 and 25 of the EU General Data Protection Regulation.
  • Bygrave, Lee Andrew (2016). Asian Data Privacy Laws: Trade and Human Rights Perspectives, Graham Greenleaf, Oxford University Press, Oxford (2014). Computer Law and Security Review.  ISSN 0267-3649.  32, s 794- 795 . doi: 10.1016/j.clsr.2016.08.002
  • Bygrave, Lee Andrew (2016). Hardwiring privacy in the European digital space.
  • Bygrave, Lee Andrew (2016). Hvem styrer Internett?.
  • Bygrave, Lee Andrew (2016). Legal Use and Abuse of Information Concepts.
  • Bygrave, Lee Andrew (2016). Legislative Evaluation of Korea's Personal Information Protection Act.
  • Bygrave, Lee Andrew (2016). Minding the Machine v 2.0.
  • Bygrave, Lee Andrew (2016). The EU General Data Protection Regulation from an International Perspective.
  • Bygrave, Lee Andrew (2016). The Future of Privacy Law Scholarship: Some Brief Reflections. European Data Protection Law Review.  ISSN 2364-2831.  2(4), s 459- 460
  • Bygrave, Lee Andrew (2015). A Right to be Forgotten?. Communications of the ACM.  ISSN 0001-0782.  58(1), s 35- 37 . doi: 10.1145/2688491
  • Bygrave, Lee Andrew (2015). Digitalization and Securitization of Cyberspace: Legal Challenges.
  • Bygrave, Lee Andrew (2015). Enhancing Privacy and Security in Cyberspace: What Role for Europe?.
  • Bygrave, Lee Andrew (2015). Remedying "Multiple Accountabilities Disorder": The Case of ICANN.
  • Bygrave, Lee Andrew (2015). Rettslig grunnlag og samtykke sett fra EU.
  • Bygrave, Lee Andrew (2014). Contractual Dominions of the Internet: A Critical Assessment.
  • Bygrave, Lee Andrew (2014). EU Data Protection Reform: Parallels to the Form and Fate of the Mammoth.
  • Bygrave, Lee Andrew (2014). EUs kommende personvernforordning: Konsekvenser for forskningen.
  • Bygrave, Lee Andrew (2014). Fjerning av Internett-søkeresultater: EU-domstolens dom 13. mai 2014, sak C-131/12, Google Spain SL og Google Inc mot Agencia Española de Protección de datos (AEPD) og Mario Costeja González. Nytt i privatretten : nyhetsbrev for informasjon på det privatret.  ISSN 1501-9594.  (4), s 19- 21
  • Bygrave, Lee Andrew (2014). Internet Governance by Contract: Its Rationale, Utility and Legitimacy.
  • Bygrave, Lee Andrew (2014). Introductory reflections on the film "Terms and Conditions May Apply".
  • Bygrave, Lee Andrew (2014). Lex Facebook: A Critical Analysis of Facebook’s Terms of Service and Use.
  • Bygrave, Lee Andrew (2014). The Igov2 project in brief.
  • Bygrave, Lee Andrew (2014). The Impact of Data Privacy Law on Corporate Structures and Business Models.
  • Bygrave, Lee Andrew (2014). The Right to be Forgotten? The Recent Judgment of the CJEU.
  • Bygrave, Lee Andrew (2013). Det juridiske bakteppe for registerforskning uten samtykke, med særlig fokus på EUs forslag til ny personvernforordning.
  • Bygrave, Lee Andrew (2013). Privacy as a Cultural Value.
  • Bygrave, Lee Andrew (2013). The Predilection for Contract in Internet Governance: Boon or Bane?.
  • Bygrave, Lee Andrew (2013). Transatlantic Tensions on Data Privacy.
  • Bygrave, Lee Andrew (2012). Behandling av genetiske data etter EU sitt forslag til personvernforordning.
  • Bygrave, Lee Andrew (2012). Big Data og personvern.
  • Bygrave, Lee Andrew (2012). Contractual Aspects of Internet Governance.
  • Bygrave, Lee Andrew (2012). Data Protection versus Copyright.
  • Bygrave, Lee Andrew (2012). EU Data Protection Law and Third Countries.
  • Bygrave, Lee Andrew (2012). Globalt problem -- global regulering?.
  • Bygrave, Lee Andrew (2012). Internet Governance by Contract: Its Utility.
  • Bygrave, Lee Andrew (2012). Privacy restraints on employers' monitoring of employees' use of confidential information.
  • Bygrave, Lee Andrew (2012). Styring av Internettets domenenavnsystem: Utfordringer og utvikling.
  • Bygrave, Lee Andrew (2012). The Legal Environment for the Internet in Norway.

View all works in Cristin

Published Mar. 26, 2008 11:09 AM - Last modified Dec. 18, 2019 1:53 PM