Victor Morel

Victor Morel

PhD in Computer Science / Researcher in privacy & security

Chalmers University of Technology

Biography

On the job market, looking for a position as a researcher or consultant in privacy/security (or any other topic at the interplay of technology and law) in Oslo, NO.

Victor Morel holds a PhD in computer science from Inria - Privatics. His research interests include privacy and data protection, interplay of technology and law, the articulation between AI and privacy, usability and Human-Computer Interactions, applied cryptography and security, and ethics of technology in a broad manner. He carries out applied research on topics blending privacy and security with recent technological developments, such as AI, IoT, or the modern web. He studies how this intertwining impacts society, and whether regulations can provide an adequate response to the new challenges raised. On a personal level, he appreciates sober, hackable, and accessible technology that works.

He is currently working as a research associate (researcher) in the Security & Privacy Lab at Chalmers University of Technology. He is also a selected member of the EDPB’s support pool of experts, and a keynote speaker.

Besides his academic activities, he is a member of FELINN’s collegiate council, a French non-profit (“association loi 1901”) defending decentralization, privacy, and free software through popular education.

Interests

  • Privacy/data protection
  • Interplay law - technology
  • Privacy and AI
  • Usability/HCI
  • Applied Cryptography (PETs)
  • Networks and Information Security
  • Ethics of technology

Education

  • Qualification Maître de Conférence (MCF) Section 27 (computer science), 2022

  • PhD in Computer Science, 2020

    INSA de Lyon - Inria

  • Master Thesis, 2016

    Uppsala University

  • Engineer Degree, 2016

    Polytech' Lyon

Recent Posts

Building secure software for operational technologies applications with forensics readiness in mind

Handout of the slides and lecture notes of my trial lecture at Kristiania University of Applied sciences

Against backdoors in end-to-end encrypted communications

With two colleagues, we initiated an open letter to argue against the introduction in Sweden of backdoors in end-to-end encrypted messaging apps, followed by a popular article in the Swedish press.

Call for views on “consent or pay” business models

The UK DPA, ICO, recently called for views on “consent or pay” business models. Here is our feedback.

The reason behind Meta's last move

Meta just rolled a new way to address legal compliance in the EU: leave people with a choice to either subscribe or have their data collected. I have a pretty good idea as to why, and guess what: they’re not doing it out of good heart.

Master thesis proposals

Living page for my master thesis proposals.

Recent Publications

Quickly discover relevant content by filtering publications.

AI-driven Personalized Privacy Assistants: a Systematic Literature Review

In recent years, several personalized assistants based on AI have been researched and developed to help users make privacy-related …

'I will never pay for this' Perception of fairness and factors affecting behaviour on 'pay-or-ok' models

The rise of cookie paywalls (‘pay-or-ok’ models) has prompted growing debates around the right to privacy and data …

'I'm not for sale' -- Perceptions and limited awareness of privacy risks by digital natives about location data

Although mobile devices benefit users in their daily lives in numerous ways, they also raise several privacy concerns. For instance, …

To Be or Not to Be (in the EU): Measurement of Discrepancies Presented in Cookie Paywalls

Cookie paywalls allow visitors to access the content of a website only after making a choice between paying a fee (paying option) or …

Legitimate Interest is the New Consent – Large-Scale Measurement and Legal Compliance of IAB Europe TCF Paywalls

Cookie paywalls allow visitors of a website to access its content only after they make a choice between paying a fee or accept …

Projects

CoIoT

CoIoT is a project to manage consent in the IoT. It takes the form of an Android app enabling the definition of data subject privacy policies to automatically interact with IoT devices according to the user’s choices.

CyberSecIT

CyberSecIT will develop a practical, secure and privacy-enhancing solution regaining control for end-users and companies over their IoT ecosystems while enjoying all the benefits that come from automated data analysis and autonomous privacy-preserving security monitoring.

Map of Things

Map of Things is a map to visualize devices in the smart city collecting personal data, please mail me for comments or feature request.

Talks & Press

Legitimate Interest is the New Consent – Large-Scale Measurement and Legal Compliance of IAB Europe TCF Paywalls

Invited talk to the CNIL (the French DPA) regarding our work on cookie paywalls.

Of cookies and paywalls

Invited talk to the Citi lab.

Of cookies and paywalls

Invited talk to the Privaski seminar in the Alps.

Cristiana Santos and Victor Morel: The problem with CMPs and TCF-based cookie paywalls

What is wrong with “consent walls” in the news media? What role do CMPs have in the deceiving practices of their customers? Who …

``Automated Privacy Decisions: Usability vs. Lawfulness'' with Simone Fischer-Hübner & Victor Morel

Today, Debra welcomes Victor Morel, PhD and Simone Fischer-Hübner, PhD to discuss their recent paper, “Automating Privacy …

Teaching & Service

Academic service

  • Program Committee Member ACM CCS 2026.
  • Program Co-Chair IWPE 2025 (former PC member).
  • Program Committee Member Annual Privacy Forum 2024-2025.
  • Program Committee Member PoPETS 2023-2025.
  • External Reviewer PoPETS 2021-2022.
  • Program Committee Member and session chair IFIP Summer school 2023.

I also do external reviews for venues such as S&P, WWW, ESORICS, etc.

Teaching

Current(-ish)

I will start as lecturer at Kristiania University of Applied Sciences in 2026.

At Chalmers, I teach:

  • Cryptography (lecturer)

I used to teach in:

  • Advanced programming in python (lecturer)

I also supervise master theses, 11 successful defenses so far, on topics spanning over applied cryptography, web security, privacy measurements, and privacy engineering.

Past lives

At UGA (2020), I taught a full-time duty in Databases (fr and en).

At Insa de Lyon (2016-2019), I have taught:

  • Genetic Algorithms and Project Management (fr),
  • Computer basics: Networks and Security (fr),
  • Algorithmic and Programming 4 (fr & en).

At Uppsala University (2016), I was a teacher assistant in Database Design I (en).