Enrico Ferraris | AIGP, CIPM, CIPT - Privacy & Tech Counsel

Profile

Qualified lawyer and technology counsel with 10+ years of post qualification experience, bridging the gap between complex legal frameworks and digital innovation.
Currently serving as Head of Product Privacy & Ethics at PagoPA, leading the data protection and AI compliance strategy for Italy’s critical digital public infrastructures and citizen-facing services. Possesses deep expertise in data protection, AI governance and intellectual property, with a specific focus on the software development lifecycle and open source. Combines legal acumen and lateral thinking with a broad range of IT skills.
Appointed External Expert for the City of Turin's Ethics Board for Emerging Technologies and member of the Steering Committee for the Ph.D. in Law at the University of Milan.

2023 oct - PresentHead of Product Privacy & Ethics (PagoPA, Rome, Italy)
Lead a team of specialized privacy and technology counsels, overseeing privacy compliance of Italy’s critical digital public infrastructures, serving millions of citizens. The team orchestrates Privacy by Design principles across the entire software lifecycle for major national platforms, including the citizens' companion mobile app (IO app), the Italian EU Digital Identity Wallet solution (IT-Wallet), the digital payment platform (pagoPA), the digital notifications platform (SEND), and the interoperability platform for public administrations.
Provide strategic legal advice and guidance on data protection, artificial intelligence and open source software, contributing to the development of the corporate governance and strategy for artificial intelligence.
2022 apr - 2023 sepProfessional Privacy & Tech Counsel (PagoPA, Rome, Italy)
Prior to current leadership role, partnered directly with engineering and product teams to identify, analyse, and mitigate legal and privacy risks, throughout the product lifecycle. Focused specifically on electronic identification, digital payments and customer experience monitoring, delving into cryptography, pseudonymization and anonymization techniques. Responsibilities included conducting rigorous compliance reviews for new products and features and authoring Data Protection Impact Assessments (DPIAs).
2015 nov - 2022 marQualified lawyer & Data Protection Officer (Turin Bar Association, Italy)
Litigated civil, tax and administrative cases, and advised individuals, public bodies and private companies on data protection, freedom of information, tech law, property law and inheritance matters. Concurrently, served as the Data Protection Officer (DPO) for both the Turin and Asti Notary Councils from 2018 to 2022. During legal practice, served as an appointed member of the Turin Bar Council's Scientific Commission (2016-2017) and the Informatics Commission (2019-2022).
2010 jan - 2015 octEarly career
Began legal career with comprehensive training in civil law and notary practice, as a Trainee Notary at Studio Notarile Ferraris and, subsequently, as a Trainee Lawyer at Studio Legale Valas in Turin, Italy.

2025 AIGP - Artificial Intelligence Governance Professional (IAPP - International Association of Privacy Professionals)
2025 CIPM - Certified Information Privacy Manager (IAPP - International Association of Privacy Professionals)
2023 CIPT - Certified Information Privacy Technologist (IAPP - International Association of Privacy Professionals)

Conferences, Lectures and Seminars

2025-11-11Law and Technology (Naples, Italy)
Lecture (online) to the 5G Academy, organised by the University of Naples Federico II.
2025-10-03The (gen)ethical code of privacy (Rogoredo, Italy)
Panel discussion at the "Wired Next Fest 2025 Trentino" conference organised by Wired Italia.
2025-02-27The state of Legal Tech in Italy (2025) (Turin, Italy)
Seminar (online) organised by the University of Turin Law Department under the project "TuTeLa Turin Tech & Law: a lab for social good".
2024-10-22The Data Nexus: Sharing, Protecting and Reusing Data in the Public Administration (Padua, Italy)
Round table discussion at the "City Vision - General states of smart cities" conference.
2024-10-22AI in the City: opportunities and risks of urban digital transformation (Padua, Italy)
Round table discussion at the "City Vision - General states of smart cities" conference.
2024-10-14Data strategy: between privacy and cybersecurity (Milan, Italy)
Panel discussion at the "Legal Tech Report: The Legal Future in Italy" conference organised by 4CLegal and Gruppo24ore during Milano Digital Week 2024.
2024-09-20Digital public services and citizens (Turin, Italy)
Panel discussion at the "Digital PA Summit Piemonte" conference organised by Torino Legal Hackers and SpaghettETH.
2024-03-25The state of Legal Tech in Italy (2024) (Turin, Italy)
Seminar (online) organised by the University of Turin Law Department under the project "TuTeLa Turin Tech & Law: a lab for social good".
2024-03-18Enabling technologies and sustainability for the smart city (Turin, Italy)
Panel discussion at the "Use and reuse of data in the urban context" conference organised by the University of Turin Law Department under the project "TuTeLa Turin Tech & Law: a lab for social good", in cooperation with Data Valley.

2021-12-15The main cyber threats and how to defend against them (theory and practical cases) (Turin, Italy)
Seminar (online) at the "Dialogues in digital awareness: a secure computerized study" conference organised by the Turin Bar Association Council, Informatics Commission.
2021-10-07Writing about law: word processing and automated drafting of legal documents; interoperability and security in document transmission processes (Milan, Italy)
Lecture to the Single-cycle Master's Degree Course in Law, University of Milan, “Computer legal skills” course - Prof. Pierluigi Perri.
2021-10-06The jurist and the current technology landscape. Legal tech, cloud computing, big data (Milan, Italy)
Lecture to the Single-cycle Master's Degree Course in Law, University of Milan, “Computer legal skills” course - Prof. Giovanni Ziccardi.
2021-03-18Civic Hacking and Open Data: a democratic revolution? (Milan, Italy)
Seminar (online) organised by Legal Hackers Milan during Milano Digital Week 2021.
2021-03-10Messaging services and privacy - do we need to worry? (Verona, Italy)
Seminar (online) organised by the Verona Order of Engineers (“Cybersecurity 2021” cycle).
2021-01-22im irl – instant messengers in real life (Rome, Italy)
Webinar organised by the Cyber Saiyan Association (RomHack Conference organizer).
2020-10-22The reception of clients and participation in meetings remotely (Milan, Italy)
Lecture (online) to the Single-cycle Master's Degree Course in Law, University of Milan, “Computer legal skills” course - Prof. Pierluigi Perri.

Institutional Activity

2022-11-02Hearing at the Constitutional Aﬀairs Committee of the Senate of the Republic (Rome, online)
heard during the examination of the draft bill to convert Decree Law No. 139 of October 8, 2021 ("Capienze Decree") on the urgent provisions introduced to the Italian Personal Data Protection Code, regarding processing carried out by the public administration to perform a task in the public interest or in the exercise of oﬃcial authority and public powers.

Media appearances

2025-03-13AI in PagoPA: innovazione tecnologica al servizio dei cittadini (4C AI Portal)
2024-12-18L’anno in cui è aumentata la cittadinanza digitale con l’app IO (PagoPA blog)
2024-12-11Il “product legal counseling” nelle imprese (Next Legal podcast)
2022-11-03C'mon let's Tweet again (Rai Radio 3 Scienza)

2021-10-30Green pass rubati anche in Italia: dopo quello di Hitler, 62 codici per sfornare certificati (Open online)
2021-10-27Cosa sappiamo dei Green Pass validi di Adolf Hitler (Italian Tech)
2021-10-10P.a., privacy abolita per decreto. Esperti in allarme: “Gravissimo” (Il Fatto Quotidiano)
2021-05-15WhatsApp, scaduto l'ultimatum: chi non può più usare l'app e cosa succede (Il Giornale)
2021-05-12WhatsApp, le nuove regole per la privacy. Ecco che cosa cambia (Italian Tech)
2021-04-06Si può cercare tra i dati rubati a Facebook. Ma il Garante ordina lo stop (La Repubblica)
2021-02-24Privacy: le stanze senza muri di Clubhouse (Changes – Gruppo Unipol)
2021-02-09Nativi ma non esperti (Rai Radio 3 Scienza)
2021-02-04Whatsapp, Telegram o Signal, ecco qual è la chat più sicura: tutto quello che c'è da sapere (Agenda Digitale)
2021-01-15Addio privacy, fuga da WhatsApp (RSI - telegiornale)
2021-01-14Il Garante della privacy vuole vederci chiaro sulle nuove condizioni di Whatsapp (Wired)
2021-01-13Chat in fuga da WhatsApp: perché scegliere Telegram, Signal e le altre (La Stampa)
2021-01-12Bisogna preoccuparsi per le nuove regole sulla privacy di WhatsApp? (Il Post)
2021-01-12Un video vi ha convinto ad abbandonare WhastApp e passare a Signal? Attenti! È stato tagliato (Open online)
2021-01-04Hacker bucano Ho Mobile, ecco cosa devono fare i 2 milioni di clienti a rischio (Il Riformista)
2020-05-30Ecco come funzionerà lo scambio dei dati del contact tracing sull'app Immuni (Wired)
2020-04-03Il complicato rapporto dell'Inps con le regole sulla privacy (Wired)
2019-12-09Basta il codice fiscale per scoprire chi ha chiesto un prestito a Findomestic (Wired)
2019-10-04Diritto all'oblio e norma sul copyright. Il parere di Enrico Ferraris (Diritto Mercato e Tecnologia)
2019-09-16Cybercrime, doppia campagna per diffondere sLoad in Italia (Difesa & Sicurezza)
2019-07-10Privacy, dati personali e sicurezza: ecco come li usano le app di food delivery (Wired)
2019-06-24Il ministero della Giustizia sta condividendo online i dati personali di migliaia di persone (Wired)
2019-04-06Perché tutti questi siti del governo non rispettano la privacy europea? (Wired)
2019-03-27Riforma del copyright, cosa cambia in pratica per chi carica e condivide contenuti sul web? (Wired)