Rosa Barcelo co-chairs the firm’s global Data Privacy & Cybersecurity Practice. She counsels clients on data protection and privacy, including compliance with the GDPR and the ePrivacy Directive. Her expertise includes advising organizations on structuring international data transfers, BCRs, completing Data Protection Impact Assessments, drafting data processor agreements and carrying out lead authority assessments. Rosa’s practice has particular focus on cutting-edge ICT issues, including AI, machine learning, autonomous vehicles, programmatic advertising and online tracking technologies.

    Rosa has nearly 20 years of experience in European data protection and privacy, including expertise in compliance, enforcement and policy. Her experience covers diverse sectors and is drawn from working in private practice, as well as in public service with the European Data Protection Supervisor (EDPS) and the European Commission.

    Prior to joining the firm, Rosa was Deputy Head of Unit of the Cybersecurity and Digital Privacy Unit of DG CONNECT in the European Commission, where she led legislative deliberations over the proposed e-Privacy Regulation.

    During her tenure with the European Commission, Rosa held other privacy and data protection-related roles, including in the Data Protection Unit, where she was responsible for international data transfer issues (BCRs, adequacy decisions and EU-US Safe Harbor).

    Rosa’s work with the office of the EDPS focused on a wide range of ICT-related issues. In these roles, Rosa worked closely with national supervisory authorities participating in the former Article 29 Working Party (now the European Data Protection Board).

    Rosa has also worked in academia and as a private lawyer in the Brussels offices of various international law firms, where she advised on EU privacy and data protection issues, as well electronic commerce and technology laws.

    Rosa is a frequent lecturer on data protection, privacy and cybersecurity. In addition, she is a correspondent for the Journal of Computer Law Review International and is currently serving on the European board of the International Association of Privacy Professionals.

    Award Mouse thought multimedia interface book medal screen monitor


    • King's College, London, Postgraduate Diploma, EU Competition Law, 2002
    • University of the Balearic Islands, Ph.D., Law, 1999
    • University of Notre Dame de la Paix, Ph.D., 1999
    • University of the Balearic Islands, Law Degree, 1991


    • Belgium, Dutch Brussels Bar EU-List, 2018
    • Balearic Islands, 1999


    • English
    • French
    • Spanish
    • Catalan

    {{}} {{insights.source}} {{insights.type}}
    {{blog.title}} {{blog.source}}


    Speaking Engagements

    • Moderator, “Tracking Walls: Can Websites Deny Access to Individuals Who Deny Consent?” IAPP Europe Data Protection Congress, Brussels, Belgium, November 21, 2019.
    • Panelist, “The new European privacy framework: 360º vision. Convention 108, e-Privacy Regulation, e-Evidence,” Spanish Professional Association of Privacy (APEP), VII APEP National Privacy Congress, Valencia, Spain, June 3-4, 2019.
    • Panelist, “Towards Assessing the Risk in Personal Data Breaches”, EDPS-ENISA Conference, 4 April 2019.
    • Instructor, Privacy Law, University of Amsterdam (Institute for Information Law).
    • Instructor, Data Protection Certification Course, Maastricht University (EIPA).
    Award Mouse thought multimedia interface book medal screen monitor