As part of our Where Law meets (your) Business series, we showcase the many ways people at Erasmus School of Law put their expertise to work, each shaping their own business - whether that means leading research, supporting students and staff, or bridging law and practice. We sat down with Larisa to talk about her life’s path, research, her ambitions as a data protection lawyer, and why she loves working in the field of cybersecurity.
For Larisa Munteanu, one question has always led to the next. What started with an interest in law grew into a fascination with technology, business, and cybersecurity. Ultimately bringing her from Romania to Erasmus School of Law. Instead of following a set path, Larisa has carved out her own, driven by curiosity and a passion for bridging legal research with real-world challenges.
"I wanted to see how the law actually works in practice"
Larisa’s fascination with law began in Romania. After earning her Bachelor’s degree in Law, she pursued a Master’s degree that deepened her interest in Cyber Law and International Law, setting the course for her research. Winning the Best International Future Lawyer Award 2022 also confirmed her interest in international environments.
Long before entering the legal field, Larisa honed her analytical skills as a National Olympic in logical reasoning, an experience that sharpened her ability to spot patterns and approach complex issues from multiple angles. That same mindset shaped her approach to law, driving her to dissect legal texts and question how regulations function in practice.
The idea of pursuing a PhD wasn’t just an academic ambition; it was something she saw up close. “My mother was doing her PhD at the same time,” she shares. “It gave me a glimpse of what a PhD really entails - the hard work, the collaboration, and the constant reworking of ideas and arguments.” Seeing that process firsthand strengthened her decision to pursue a PhD herself, ultimately leading her to Erasmus School of Law.
Before starting her PhD, Larisa gained experience as a data protection officer, something she considers crucial to the research she does today. “I wanted to see how the law actually works in practice before analysing it academically,” she explains.
That practice-based approach led her to a fascinating and somewhat alarming discovery: cybercriminals have found ways to exploit GDPR data subject access requests as a disguise for malware attacks. “It’s an ingenious but dangerous tactic,” she says. “A company receives what looks like a legitimate request for accessing personal data. But hidden inside the request is malware. The moment someone in HR or compliance opens it, hackers can access the company’s system.”
This type of attack raises a major legal question: can a company refuse a GDPR request if they suspect foul play? “Right now, the legal framework is vague,” Larisa says. “My research focuses on finding solutions - whether through clearer interpretation of GDPR or policy adjustments.” As a facilitator, being part of the Sectorplan SSH-breed, provides valuable opportunities and interdisciplinary feedback. “I benefit from the collaborative environment that strengthens my work and broadens my perspective".
Shaping decision and sharing knowledge
In addition to her PhD research, Larisa has shared her expertise at the highest levels of European law. She was invited to deliver training sessions at the Court of Justice of the European Union (CJEU), covering data protection in the EU Digital Single Market and copyright law. These sessions were part of a broader training program aimed at strengthening the expertise in new regulations of key staff from the Court of Justice of the European Union.
Larisa’s research has already made its mark at the Court of Justice of the European Union (CJEU). Her case note on Case 307/22 was officially cited in the doctrine section of an EU indexed decision - the only contribution in English. “I wasn’t expecting it at all,” she says. “It was a surprise to see my work embedded in the court’s decision.”
"For me Law Meets Business is about making law work in the real world"
When asked what the ESL slogan Law Meets Business means to her, Larisa is quick to clarify: “It’s not just about business law. It is about any area of law that shapes real-world practice.” Many areas of law impact businesses, from data protection to AI regulation. Even her own work, technology law, isn’t traditionally seen as business law, but it has significant consequences for companies.
Her own career is a prime example. As a researcher, a consultant, and a business owner herself, she’s constantly moving between legal theory and practical application. “For me, Law Meets Business means making law work in the real world,” she says. “Not just writing about it, but using it to solve real problems.”
That drive to connect law to real-world issues shines through even in the smallest details. “I actually read Terms & Conditions before clicking ‘accept,’” she laughs. “I write them for work, so I like seeing how others do it.”
What’s next?
With a few more years left on her PhD, Larisa hopes her research will help businesses defend themselves against cyber threats without falling into legal gray zones. “I want to go beyond just analysing the problem, I want to contribute to actual solutions,” she says.
In the meantime, she continues balancing academia and practice, always keeping an eye on the latest legal developments in technology. “With new regulations, evolving threats, and constant innovation, this field never stands still,” she says. “And that’s exactly why I love it.”
- PhD student
