I am a Research Director in computer science within the
PRIVATICS team
at
Inria.
From September 2021 to December 2022, I was a
Senior Privacy Fellow at the French Data Protection Authority (CNIL), where I conducted interdisciplinary research for the French regulator of the EU laws that protect personal data.
I am currently an External Expert for the EU Commission for its implementation of the EU Digital Services Act. The DSA regulates online intermediaries and platforms such as marketplaces, social networks, content-sharing platforms, app stores, and online travel and accommodation platforms. Its main goal is to prevent illegal and harmful activities online and the spread of disinformation.
Research
My research area is online privacy, where I
develop computational techniques and technologies powered by these techniques, to evaluate Web applications in measuring, quantifying and understanding privacy risks and detecting potential violations with the law, in order to ensure privacy and respect human rights of Internet users. I take an multidisciplinary approach applying computer science methods and collaborating with scholars in law and design. My research follows three main themes:
- Web Privacy Measurements -
through large-scale, automated web measurements, we uncovered how companies collect and process personal data of Web users. Our studies on
web tracking detection and our browser extension ERNIE help privacy regulators detect complex cookie-synchronisation mechanisms on websites. Our IEEE Security&Privacy paper on detection of misbehaving cookie banners at scale has led to 3 complaints being filed to the CNIL in 2019.
- Application of GDPR and ePrivacy - together with legal scholars, I investigate how EU Data Protection law should apply to new Web tracking technologies and to collection of user consent online. Our joint article in a Law and Technology (TechReg) journal with the great Cristiana Santos (Utrecht University, NL) shows how expertise in law and computer science can help interpret the law in the light of today's technologies.
- Dark patterns and user manipulation - with the design scholar Colin M. Gray (Purdue University, US) and Cristiana Santos, we study how user interfaces impact the decision making of the users on the Web. Our ACM CHI paper on dark patterns and legal requirements for cookie banners was the first interdicsiplinary paper among computer scientist, legal scholar and researcher in design and received a Best of ACM CHI Honorable Mention.
When I choose a research direction, I am particularly driven by the impact my research can make on society. In the field of privacy and data protection, I seek to inform and enlighten discussions of policy makers by providing them with the cutting-edge research in computer science, law and design disciplines, thanks to my collaborations with international scholars in these fields.
Service (recent)
Awards
- Rising Star award, Women at Privacy NGO for my transdisciplinary research at Inria, 2023.
- Student Paper Honorary Mention by the Future of Privacy Forum’s Privacy Papers for Policymakers, 2023.
- Best of ACM CHI Honorable Mention, ACM SIGCHI Conf. on Human Factors in Computing Systems, 2021.
- Award for PhD Supervision and Research (PEDR) of Inria, Mar 2021 - Feb 2025.
- ANR JCJC personal grant (a French equivalent to NSF CAREER award), Dec 2018 - Dec 2022.
- Award for PhD Supervision and Research (PEDR) of Inria, Mar 2017 - Feb 2021.
- PhD grant of the Italian Government with the Best Score among applicants, 2008.
Recent Highlights
- [External Expert] I am an External Expert for the EU Commission for its implementation of the EU Digital Services Act.
- [Keynote] I gave a Keynote presentation at the Privacy Enhancing Technologies Symposium (PETS), Bristol, UK, July 2024.
- [Keynote] I gave a Keynote presentation at the Mapping and Governing the Online Worls (MGOW), Ascona, Switzerland, June 2024.
- [Paper] Our paper that introduces a common ontology of dark patterns definitions has been accepted for publication at the ACM CHI 2024!
- [New post] With Inria colleagues, we have written a story about my scientific journey since I started working on Web tracking more than 10 years ago!
- [Workshop accepted] Our workshop on Mobilizing Research and Regulatory Action on Dark Patterns and Deceptive Design Practices is accepted at the ACM Conference on Human Factors in Computing Systems (CHI 2024)!
- [Paper] Our new paper that demonstrates impact of dark patterns on future consent decisions is accepted at USENIX Security 2024!
- [Award] I received the Rising Star award from W@Privacy for my transdisciplinary research at Inria!
- [Keynote] I gave a Keynote presentation at the Annual Conference of l’Association Française d’Économie du Droit (AFED), Nice, October 2023.
- [Organization] I moderated the panel "Dark Patterns: Definitions and Evidence for Regulators" [Video], co-presided the CNIL-Inria Privacy Protection Award and participated in the "Dark patterns fighters - unite!" workshop [Video] at CPDP conference, May 2023.
- [Invited talk] Presented at UK Cyber Security & Privacy Seminar Series our work on technical and legal perspectives of Web Privacy, April 2023. [Video]
- [Invited talk] Presented at Harvard's Beyond the FTC: Two Worlds Apart! Closing Gap b/w Regulating EU Consent and User Studies, March 2023. [Video]
- [Paper] Our new ontology of dark patterns knowledge is accepted at ACM CHI 2023! [Video]
- [Recognition] Our paper on cookie respowning with browser fingerpritning received an Honorary Mention by the Future of Privacy Forum’s Privacy Papers for Policymakers, 2023.
- [Expertise] I am an invited expert in the European Data Protection Board (EDPB) Pool of Experts since 2023.
- [Invited talk] Presented at the EPFL SPRING lab, Lausanne, Switzerland, January 2023.
- [Program Committee] I serve in the PC of
Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb 2023) at NDSS and Workshop on Technology and Consumer Protection (ConPro 2023) at IEEE S&P.
- [Recognition] Our paper on Dark Patterns and consent was covered by the OECD report on Dark commercial patterns in 2022 [LINK]
- [Program Vice Chair] I am serving as a Program Vice Chair for 2023 USENIX Security Symposium!
- [Award Chair] I will be serving as Award Co-Chair of CNIL-Inria Privacy Protection Award 2022!
- [Recognition] Our work on Dark patterns and legal compliance of Consent is cited in the EU Commission study "Behavioural study on unfair commercial practices in the digital environment-Dark patterns and manipulative personalisation" [LINK]
- [Paper] Our paper on dark patterns and manipulation of website publishers by CMPs is accepted at PoPETs 2022. Congratulations, Imane!
- [Paper] Our paper on cookie respawning with browser fingerprinting is accepted at PoPETs 2022. Congratulations, Michael!
- [Recognition] Our work on Dark Patterns and the Legal Requirements of Consent Banners was covered by the UK Competition & Markets Authorithy (CMA) in 2022 [LINK]
- [Keynote] I gave a keynote at the Designing Security for the Web workshop (SecWeb'21)
- [New job] I have joined the LINC lab of the CNIL as a Senior Privacy Fellow!
- [Paper] Our paper presenting ERNIE browser extension has been accepted to ACM WPES'21. Congrats, Vera and Imane!
- [HDR defense] I defended my HDR entitled "Protecting Privacy of Web Users"!
- [Paper] Our paper on legal role of CMPs under GDPR is accepted at Annual Privacy Forum (APF'21)!
- [Invited speaker] I was an invited speaker at the TILTing Perspectives 2021.
- [Award] Our paper got an Best of CHI Honorable Mention at ACM CHI 2021!
- [Keynote] I was a keynote speaker at the “Security and Privacy” track of ICT.OPEN.
- [Recognition] Our work on Dark Patterns and the Legal Requirements of Consent Banners was covered by the Norwegian Consumer Council (Forbrukerrådet)! [LINK]
- [Paper] Paper with Colin M. Gray and Cristiana Santos is accepted at ACM CHI 2021!
- [Paper] Paper with
Cristiana Santos published at TechReg legal journal!
- [Feedback to regulator]
Happy to share our feedback with Cristiana Santos to the Italian DPA ‘Garante Privacy’.
- [Feedback to regulator] Submitted our feedback on GDPR controllers and processors to the EDPB.
- [Runner-up] Our presentation with Cristiana Santos is a runner-up for the Best HotPETs 2020 talk! [Video]
- [Award Chair] will be serving as Award Co-Chair of CNIL-INRIA Privacy Protection Award 2020!
- [Program Committee] I serve in the PC of IEEE Security & Privacy (Oakland) 2021!
- [Paper] paper on cookie purposes IWPE 2020!
- [Paper] Our paper on purposes and the need for consent accepted at APF 2020!
- [Feedback to the regulator] Submitted our opinion on the draft recommendation of the CNIL on "cookies and other trackers".
- [Paper] Our paper on misbehabior of cookie banners accepted at IEEE Security & Privacy 2020!
- [Paper] Our survey on browser fingerprinting is accepted at ACM Transactions on the Web (ACM TWEB) journal!
- [Invited talk] I gave an invited talk at the Mozilla Security Research Summit 2019.
- [Paper] Our paper on tracking via invisible pixels and filter lists accepted at PETs 2020!
- [Project] DATA4US project accepted under Inria "Exploratory actions" program.
- [Keynote] I gave a keynote at the French Privacy workshop APVP 2019.
- [Award Chair] I co-chair CNIL-INRIA Privacy Protection Award 2019! [Video]
- [Program Committee] I serve in the PC/Editorial Board of PETs 2020!
- [Project meeting] We just had our first ANR JCJC PrivaWeb project meeting with legal scholars and NGOs!
- [Paper] Our paper on Security Analysis of GDPR Subject Access Request Procedures is accepted at APF 2019!
- [MOOC] The session 3 of MOOC “Protection de la vie privée dans le monde numérique” is open!
- [Program Committee] I am serving in the PC/Editorial Board of PETs 2019, IEEE EuroS&P 2019, IEEE SecDev 2019 and MADWeb 2019.
- [Paper] Our paper accepted at WPES@ACM CCS 2018: "To Extend or not to Extend: on the Uniqueness of Browser Extensions and Web Logins" - congrats Gabor et al!
- [Keynote] I gave a keynote at the scientific days of UCA Adacemy RISE/EUR DS4H scientific days 2018.
- [Interview] I gave an interview for Nice Matin on privacy protection on the Web, 2018.
- [Invited lecture] I made an invited lecture at RESCOM 2018 summer school.
- [Program Chair] I was serving as a Co-Chair of l'Atelier sur la Protection de la Vie Privée (APVP 2018).
- [Tutorial] With Pierre Laperdrix, we gave a tutorial on Web Tracking technologies presented at TheWeb Conference (WWW 2018).
- [Invited speaker] I was an invited speaker at the Transparency of information systems workshop, 2018.
- [Paper] Our paper accepted at The Web Conference (WWW 2018).
- [Guest Lectures] I gave guest lectures on Online Tracking in 2017 at
- [Media coverage] Our browser experiment is covered by TheRegister.co.uk,
CNIL, and
DCloudNews.
- [Invited talk] I gave an invited talk at the EU Parliament meeting on ePrivacy Regulation [LINK].
- [Experiment] Our browser experiment is translated into French and CNIL has published an article about our experiment!
Contact
PRIVATICS team, Inria Sophia Antipolis
2004 route des Lucioles, B.P. 93,
06902 Sophia Antipolis cedex, France
Office F129 (Fermat building)