I am a Tenured Inria Research Scientist in computer science within the PRIVATICS team at Inria. From September 2021 to December 2022, I was a Senior Privacy Fellow at the French Data Protection Authority (CNIL), where I conducted interdisciplinary research for the French regulator of the EU laws that protect personal data.

Research

My research area is online privacy, where I develop computational techniques and technologies powered by these techniques, to evaluate Web applications in measuring, quantifying and understanding privacy risks and detecting potential violations with the law, in order to ensure privacy and respect human rights of Internet users. I take an multidisciplinary approach applying computer science methods and collaborating with scholars in law and design. My research follows three main themes:

• Web Privacy Measurements - through large-scale, automated web measurements, we uncovered how companies collect and process personal data of Web users. Our studies on web tracking detection and our browser extension ERNIE help privacy regulators detect complex cookie-synchronisation mechanisms on websites. Our IEEE Security&Privacy paper on detection of misbehaving cookie banners at scale has led to 3 complaints being filed to the CNIL in 2019.
  
  
• Application of GDPR and ePrivacy - together with legal scholars, I investigate how EU Data Protection law should apply to new Web tracking technologies and to collection of user consent online. Our joint article in a Law and Technology (TechReg) journal with the great Cristiana Santos (Utrecht University, NL) shows how expertise in law and computer science can help interpret the law in the light of today's technologies.
  
  
• Dark patterns and user manipulation - with the design scholar Colin M. Gray (Purdue University, US) and Cristiana Santos, we study how user interfaces impact the decision making of the users on the Web. Our ACM CHI paper on dark patterns and legal requirements for cookie banners was the first interdicsiplinary paper among computer scientist, legal scholar and researcher in design and received a Best of CHI Honorable Mention (top 5%).

When I choose a research direction, I am particularly driven by the impact my research can make on society. In the field of privacy and data protection, I seek to inform and enlighten discussions of policy makers by providing them with the cutting-edge research in computer science, law and design disciplines, thanks to my collaborations with international scholars in these fields.

Open positions

• [Post-Doc position] Research topic: Online Tracking and Subject Access Rights of online users (see details).

Service (recent)

• Usenix Security 2023, vice-Chair of USENIX Security Symposium.
• ConPro 2023, Program committee of Workshop on Technology and Consumer Protection.
• MADWeb 2023, Program committee of Workshop on Measurements, Attacks, and Defenses for the Web.
• CNIL-INRIA Privacy Award 2022, co-President with François Pellegrini (CNIL).
• Privacy Research Day 2022 at the CNIL, co-organizer with the LINC team.
• APVP (French workshop on Privacy Protection), Steering committee member since 2022.
• PETs 2022, Editorial Board/Program committee of Privacy Enhancing Technologies Symposium.
• IEEE S&P (Oakland) 2021, Program committee of IEEE Symposium on Security and Privacy.
• PETs 2021, Editorial Board/Program committee of Privacy Enhancing Technologies Symposium.
• ConPro 2021, Program committee of Workshop on Technology and Consumer Protection.
• MADWeb 2021, Program committee of Workshop on Measurements, Attacks, and Defenses for the Web.
• ... full list of service

Awards

• Best of ACM CHI Honorable Mention, ACM SIGCHI Conf. on Human Factors in Computing Systems, 2021.
• Award for PhD Supervision and Research (PEDR) of Inria, Mar 2021 - Feb 2025.
• ANR JCJC personal grant (a French equivalent to NSF CAREER award), Dec 2018 - Dec 2022.
• Award for PhD Supervision and Research (PEDR) of Inria, Mar 2017 - Feb 2021.
• LabEx postdoctoral fellowship, France, 2012.
• PhD grant of the Italian Government with the Best Score among applicants, 2008.
• MSc Scholarship of the Ukrainian Government (given to up to 1% of students), 2006.

Highlights

• [Program Committee] I will be serving in the PC of Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb 2023) at NDSS and Workshop on Technology and Consumer Protection (ConPro 2023) at IEEE S&P.
• [Recognition] Our paper on Dark Patterns and consent was covered by the OECD report on Dark commercial patterns in 2022 [LINK]
• [Program Vice Chair] I am serving as a Program Vice Chair for 2023 USENIX Security Symposium!
• [Award Chair] I will be serving as Award Co-Chair of CNIL-Inria Privacy Protection Award 2022!
• [Recognition] Our work on Dark patterns and legal compliance of Consent is cited in the EU Commission study "Behavioural study on unfair commercial practices in the digital environment-Dark patterns and manipulative personalisation" [LINK]
• [Paper] Our paper on dark patterns and manipulation of website publishers by CMPs is accepted at PoPETs 2022. Congratulations, Imane!
• [Paper] Our paper on cookie respawning with browser fingerprinting is accepted at PoPETs 2022. Congratulations, Michael!
• [Recognition] Our work on Dark Patterns and the Legal Requirements of Consent Banners was covered by the UK Competition & Markets Authorithy (CMA) in 2022 [LINK]
• [Keynote] I gave a keynote at the Designing Security for the Web workshop (SecWeb'21)
  
• [New job] I have joined the LINC lab of the CNIL as a Senior Privacy Fellow!
  
• [Paper] Our paper presenting ERNIE browser extension has been accepted to ACM WPES'21. Congrats, Vera and Imane!
• [HDR defense] I defended my HDR entitled "Protecting Privacy of Web Users"!
  
• [Paper] Our paper on legal role of CMPs under GDPR is accepted at Annual Privacy Forum (APF'21)!
• [Invited speaker] I was an invited speaker at the TILTing Perspectives 2021.
• [Award] Our paper got an Best of CHI Honorable Mention at ACM CHI 2021!
• [Keynote] I was a keynote speaker at the “Security and Privacy” track of ICT.OPEN.
• [Recognition] Our work on Dark Patterns and the Legal Requirements of Consent Banners was covered by the Norwegian Consumer Council (Forbrukerrådet)! [LINK]
• [Paper] Paper with Colin M. Gray and Cristiana Santos is accepted at ACM CHI 2021!
• [Paper] Paper with Cristiana Santos published at TechReg legal journal!
• [Feedback to regulator] Happy to share our feedback with Cristiana Santos to the Italian DPA ‘Garante Privacy’.
• [Feedback to regulator] Submitted our feedback on GDPR controllers and processors to the EDPB.
• [Runner-up] Our presentation with Cristiana Santos is a runner-up for the Best HotPETs 2020 talk! [Video]
• [Award Chair] will be serving as Award Co-Chair of CNIL-INRIA Privacy Protection Award 2020!
• [Program Committee] I serve in the PC of IEEE Security & Privacy (Oakland) 2021!
• [Paper] paper on cookie purposes IWPE 2020!
• [Paper] Our paper on purposes and the need for consent accepted at APF 2020!
• [Feedback to the regulator] Submitted our opinion on the draft recommendation of the CNIL on "cookies and other trackers".
• [Paper] Our paper on misbehabior of cookie banners accepted at IEEE Security & Privacy 2020!
• [Paper] Our survey on browser fingerprinting is accepted at ACM Transactions on the Web (ACM TWEB) journal!
• [Invited talk] I gave an invited talk at the Mozilla Security Research Summit 2019.
• [Paper] Our paper on tracking via invisible pixels and filter lists accepted at PETs 2020!
• [Program Committee] I am serving in the PC of the Security and Privacy Track of TheWeb conference 2020!
• [Project] DATA4US project accepted under Inria "Exploratory actions" program.
• [Keynote] I gave a keynote at the French Privacy workshop APVP 2019.
• [Award Chair] I co-chair CNIL-INRIA Privacy Protection Award 2019!
• [Program Committee] I serve in the PC/Editorial Board of PETs 2020!
• [Project meeting] We just had our first ANR JCJC PrivaWeb project meeting with legal scholars and NGOs!
• [Paper] Our paper on Security Analysis of GDPR Subject Access Request Procedures is accepted at APF 2019!
• [MOOC] The session 3 of MOOC “Protection de la vie privée dans le monde numérique” is open!
• [Program Committee] I am serving in the PC/Editorial Board of PETs 2019, IEEE EuroS&P 2019, IEEE SecDev 2019 and MADWeb 2019.
• [Paper] Our paper accepted at WPES@ACM CCS 2018: "To Extend or not to Extend: on the Uniqueness of Browser Extensions and Web Logins" - congrats Gabor et al!
• [Keynote] I gave a keynote at the scientific days of UCA Adacemy RISE/EUR DS4H scientific days 2018.
• [Interview] I gave an interview for Nice Matin on privacy protection on the Web, 2018.
• [Invited lecture] I made an invited lecture at RESCOM 2018 summer school.
• [Program Chair] I was serving as a Co-Chair of l'Atelier sur la Protection de la Vie Privée (APVP 2018).
• [Tutorial] With Pierre Laperdrix, we gave a tutorial on Web Tracking technologies presented at TheWeb Conference (WWW 2018).
• [Invited speaker] I was an invited speaker at the Transparency of information systems workshop, 2018.
• [Paper] Our paper accepted at The Web Conference (WWW 2018).
• [Guest Lectures] I gave guest lectures on Online Tracking in 2017 at
  • CMU (Pittsburgh, remotely),
  • SKEMA business school (Valbonne),
  • Higher School of Economics (Moscow),
  • Oles Gonchar Dnipro National University (Dnipro),
  • Kyiv Polytechnic Institute (Kyiv).
• [Media coverage] Our browser experiment is covered by TheRegister.co.uk, CNIL, and DCloudNews.
• [Invited talk] I gave an invited talk at the EU Parliament meeting on ePrivacy Regulation [LINK].
• [Experiment] Our browser experiment is translated into French and CNIL has published an article about our experiment!

Contact

PRIVATICS team, Inria Sophia Antipolis
2004 route des Lucioles, B.P. 93,
06902 Sophia Antipolis cedex, France
Office F129 (Fermat building)