Victor Morel

Victor Morel

PhD in Computer Science / Postdoc Researcher

Chalmers University of Technology

Biography

I am on the job market, looking for a position as a researcher or consultant in privacy/security (or any other topic at the interplay of technology and law) in Oslo, NO.

Victor Morel holds a PhD in computer science from Inria - Privatics. His research interests include privacy and data protection, interplay of technology and law, usability and Human-Computer Interactions, applied cryptography and security, and ethics of technology in a broad manner. He appreciates sober, hackable, and accessible technology that works.

He is currently working as a postdoctoral researcher in the Security & Privacy Lab at Chalmers University of Technology on privacy engineering, usable privacy, and compliance. He is also a selected member of the EDPB’s support pool of experts.

Besides his academic activities, he is a member of FELINN’s collegiate council, a French non-profit (“association loi 1901”) defending decentralization, privacy, and free software through popular education.

Interests

  • Privacy/data protection
  • Interplay law/technology
  • Usability/HCI
  • Applied Cryptography (PETs)
  • Networks and Information Security
  • Ethics

Education

  • Qualification Maître de Conférence (MCF) Section 27 (computer science), 2022

  • PhD in Computer Science, 2020

    INSA de Lyon - Inria

  • Master Thesis, 2016

    Uppsala University

  • Engineer Degree, 2016

    Polytech' Lyon

Recent Posts

Building secure software for operational technologies applications with forensics readiness in mind

Handout of the slides and lecture notes of my trial lecture at Kristiania University of Applied sciences
Aug 14, 2025 7 min read

Against backdoors in end-to-end encrypted communications

With two colleagues, we initiated an open letter to argue against the introduction in Sweden of backdoors in end-to-end encrypted messaging apps, followed by a popular article in the Swedish press.
Apr 17, 2025 5 min read

Call for views on “consent or pay” business models

The UK DPA, ICO, recently called for views on “consent or pay” business models. Here is our feedback.
Apr 17, 2024 1 min read

The reason behind Meta's last move

Meta just rolled a new way to address legal compliance in the EU: leave people with a choice to either subscribe or have their data collected. I have a pretty good idea as to why, and guess what: they’re not doing it out of good heart.
Nov 13, 2023 4 min read
The reason behind Meta's last move

Master thesis proposals

Living page for my master thesis proposals.
Oct 8, 2023 1 min read
See all posts

Recent Publications

Quickly discover relevant content by filtering publications.

'I will never pay for this' Perception of fairness and factors affecting behaviour on 'pay-or-ok' models

The rise of cookie paywalls (‘pay-or-ok’ models) has prompted growing debates around the right to privacy and data …
Preprint PDF

'I'm not for sale' -- Perceptions and limited awareness of privacy risks by digital natives about location data

Although mobile devices benefit users in their daily lives in numerous ways, they also raise several privacy concerns. For instance, …
Preprint

To Be or Not to Be (in the EU): Measurement of Discrepancies Presented in Cookie Paywalls

Cookie paywalls allow visitors to access the content of a website only after making a choice between paying a fee (paying option) or …
Preprint

Legitimate Interest is the New Consent – Large-Scale Measurement and Legal Compliance of IAB Europe TCF Paywalls

Cookie paywalls allow visitors of a website to access its content only after they make a choice between paying a fee or accept …
Preprint DOI

Putting a Padlock on Lambda – Integrating vTPMs into AWS Firecracker

When software services use cloud providers to run their workloads, they place implicit trust in the cloud provider, without an explicit …
Preprint
See all publications

Projects

CoIoT

CoIoT is a project to manage consent in the IoT. It takes the form of an Android app enabling the definition of data subject privacy policies to automatically interact with IoT devices according to the user’s choices.

CyberSecIT

CyberSecIT will develop a practical, secure and privacy-enhancing solution regaining control for end-users and companies over their IoT ecosystems while enjoying all the benefits that come from automated data analysis and autonomous privacy-preserving security monitoring.

Map of Things

Map of Things is a map to visualize devices in the smart city collecting personal data, please mail me for comments or feature request.

Talks & Press

Legitimate Interest is the New Consent – Large-Scale Measurement and Legal Compliance of IAB Europe TCF Paywalls

Invited talk to the CNIL (the French DPA) regarding our work on cookie paywalls.
Oct 15, 2024 —
PDF

Of cookies and paywalls

Invited talk to the Citi lab.
Mar 18, 2024 —
PDF

Of cookies and paywalls

Invited talk to the Privaski seminar in the Alps.
Mar 13, 2024 —
PDF

Cristiana Santos and Victor Morel: The problem with CMPs and TCF-based cookie paywalls

What is wrong with “consent walls” in the news media? What role do CMPs have in the deceiving practices of their customers? Who …
Nov 7, 2023 —
Cristiana Santos and Victor Morel: The problem with CMPs and TCF-based cookie paywalls

``Automated Privacy Decisions: Usability vs. Lawfulness'' with Simone Fischer-Hübner & Victor Morel

Today, Debra welcomes Victor Morel, PhD and Simone Fischer-Hübner, PhD to discuss their recent paper, “Automating Privacy …
Sep 12, 2023 —
``Automated Privacy Decisions: Usability vs. Lawfulness'' with Simone Fischer-Hübner & Victor Morel
See all talks

Teaching & Duties

Program Co-Chair IWPE 2025 (former PC member).

Program Committee Member PoPETS 2023-2025.

External Reviewer PoPETS 2021-2022.

Program Committee Member and session chair IFIP Summer school 2023.

I also do external reviews for venues such as S&P, WWW, ESORICS, etc.

At Chalmers, I teach:

  • cryptography (junior course assistant / lecturer)

I used to teach in:

  • advanced programming in python (TA and lecturer)

I also supervise master theses, 6 successful defenses so far, 2 in process, and 3 more planned, on topics spanning over applied cryptography, web security, privacy measurements (cookie paywalls), and privacy engineering.

At UGA (2020), I taught a full-time duty in Databases (fr and en).

At Insa de Lyon (2016-2019), I have taught:

  • Genetic Algorithms and Project Management (fr),
  • Computer basics: Networks and Security (fr),
  • Algorithmic and Programming 4 (fr & en).

At Uppsala University (2016), I was a teacher assistant in Database Design I (en).

Contact