“Data protection needs to be addressed from the very start”

Chiara Tanteri, who is from Italy, is a mathematician by training. She obtained a Master’s degree in mathematics in Rome before completing a PhD at EPFL. But she’s also someone who enjoys new professional challenges. After spending a year as a postdoc, Tanteri decided to look for a job in the private sector. She soon found one at a software development company, trading in her mathematics equations for IT systems.

Nearly ten years later, and after a stint as a senior manager in the Vaud cantonal government, Tanteri took an opportunity to return to EPFL. She applied for and got a position as the deputy head of IT, which brought her back to our Lausanne campus in 2011. “I’d always felt a special bond with EPFL and was happy to come back,” she says. Tanteri was appointed head of IS Governance and Planning in 2015, and in 2020 she decided to specialize in data protection. “I thought about it for a while before making that change,” she says. “I was a little concerned because I don’t have a legal background – but that was also something that motivated me to take the leap. Today I have no regrets. Data protection is a really interesting field and I’m always learning something new.”

In November 2020, Tanteri took up her current post as EPFL’s data protection officer. She reports to the School’s legal affairs department, but the support she provides to our community is independent. “I shall act with complete independence in performing my tasks – that’s important to point out because it’s a legal requirement,” she says. Much of Tanteri’s job relates to regulatory compliance. She’ll be instrumental in helping our School prepare for the updated version of Switzerland’s Federal Act on Data Protection when it goes into effect on 1 September 2023. This new version is very similar to the EU General Data Protection Regulation, which was adopted in 2018.

Spreading the word about best practices

Tanteri has created a data protection section on EPFL’s website that explains key concepts along with the obligations associated with Switzerland’s new law. All this is backed by numerous examples related specifically to EPFL. The section also outlines best practices for applying data protection concepts on the job and what to do if there’s a data protection breach. “Right now I’m putting the final touches on an online training course on data protection. It’ll be available in November, in both French and English,” she says.

Tanteri also provides an advisory service, helping data controllers at EPFL conduct impact assessments for their administrative tasks or research projects. Here the goal is to uphold the rights of people whose personal data are processed. “If your project will involve personal data, then data protection needs to be addressed from the very start,” she explains. “Do we meet the legal criteria for being able to process personal data? What kind of personal data will we collect? What data-protection measures will we implement? Who will be able to access which data? And what will we do to prevent hacking and breaches? I’m fully aware that it’s not enough to just tell people they have to comply with a new data protection law. What we need is a change in our organizational culture, which can only be done one step at a time.”

Serving the EPFL community

A wide range of personal data processing is done at our School, whether for administrative purposes (the personal data of our staff and students, for example) or for research projects, such as with images taken by drones, medical data collected for research trials, or information obtained from social media. “I’m really impressed by the many different research projects at EPFL that involve personal data,” says Tanteri. “One reason why I took this job was to get back into the world of research and contribute in my own way. But now, instead of solving equations, I tackle different kinds of problems. The solutions I find have to be very pragmatic and sometimes entail making compromises and bringing in some creativity. It’s this part of the challenge that I particularly enjoy.”