Back to Portfolio
Legal Thoughts

Articles &
Reflections

Case commentaries, EU law deep-dives and notes from the academic and professional world. I write to understand the law better — and to share what I learn along the way.

No articles found for this category.
Digital Law
The AI Act Is Law: What Changes for European Citizens?
5 May 2025 7 min read
AI Act Privacy Regulation
The world's first comprehensive AI regulation has entered into force. I analyse the practical implications for fundamental rights and privacy across the EU.

Regulation EU 2024/1689 — better known as the AI Act — officially entered into force on 1 August 2024, with a phased application running until 2026. It is the first normative instrument in the world to comprehensively regulate artificial intelligence, and its impact will be profound for both businesses and citizens.

A Risk-Based Classification

The heart of the AI Act is its risk-based structure. AI systems are classified into four categories: unacceptable risk (prohibited), high risk (subject to stringent obligations), limited risk (transparency obligations) and minimal risk (no specific obligations).

Among the prohibited systems are, for example, social scoring systems operated by public authorities, and technologies involving subliminal manipulation. This reflects the European Union's founding values of dignity and individual autonomy.

"The AI Act is not merely a technical text. It is a declaration of values: Europe chooses to regulate before it is too late."

What Changes for the Ordinary Citizen?

For citizens, the most tangible changes concern transparency. When interacting with an AI system — a chatbot, a recommendation engine, a recruitment tool — individuals will have the right to know that artificial intelligence is being used, and to receive comprehensible explanations about automated decisions that affect them.

Particularly significant is the regime applicable to high-risk systems in sectors such as education, employment, public services and access to credit. In these areas, citizen protections are at their highest: mandatory human oversight, activity logging, and conformity assessments.

A Critical Reflection

The AI Act is an important step, but not without tensions. The main one is between innovation and protection: the obligations for high-risk systems are burdensome, and there is a real risk that European SMEs will be disadvantaged compared to large non-EU players. The Commission will need to carefully balance these interests during implementation.

As a law student specialising in EU law, I find it fascinating to observe how the European legislature is attempting — for the first time — to build a legal framework for technologies that evolve faster than the legislative cycle. The result is imperfect, but necessary.

M
Martina Caradonna
LL.B. Candidate · University of Bologna
Case Commentary
CJEU C-300/21: Non-Material Damage Under GDPR Is Not Automatic
18 April 2025 5 min read
GDPR CJEU Compensation
The Court of Justice clarified that a GDPR breach alone is not enough to claim compensation. The claimant must prove actual and concrete damage.

In its judgment of 4 May 2023 in case C-300/21 (UI v Österreichische Post AG), the Grand Chamber of the Court of Justice of the European Union clarified a heavily debated point in legal scholarship: a GDPR infringement alone does not automatically give rise to the right to compensation for non-material damage.

The Case and the Preliminary Reference

An Austrian citizen discovered that his political affiliation had been inferred by a postal company through algorithms, and the data sold to political parties. He sought compensation for non-material damage caused by the GDPR breach. The contested point: was it sufficient to demonstrate the infringement, or was proof of actual concrete damage also required?

"The mere infringement of the GDPR is not sufficient to confer a right to compensation. The applicant must demonstrate that they have suffered material or non-material damage as a result of that infringement." — CJEU, C-300/21

Three Cumulative Conditions

The Court reaffirmed that, under Article 82 GDPR, the right to compensation requires three cumulative conditions: (1) an infringement of the Regulation, (2) material or non-material damage suffered by the data subject, and (3) a causal link between the infringement and the damage. The infringement is necessary but not sufficient.

Critical Reflection: A Necessary Balance

The judgment is sound from a systematic perspective. A contrary interpretation would have transformed the GDPR into an instrument of automatic compensation, with the risk of a wave of opportunistic claims. However, a practical question remains open: how does one prove non-material damage such as anxiety or loss of control over one's data? The Court leaves this assessment to national courts, which could generate fragmented application across the EU.

M
Martina Caradonna
LL.B. Candidate · University of Bologna
Reflections
Erasmus and Comparative Law: Learning the Law by Looking Elsewhere
2 March 2025 6 min read
Erasmus Comparative Law Portugal
Six months in Lisbon taught me that the law is not universal. Every legal system tells a different cultural story. Here is what I brought back home.

When I left for Lisbon on the Erasmus+ programme, I expected to study the same things in a different language. I was wrong. My time at the Faculty of Law at the University of Lisbon showed me how deeply rooted the law is in a people's culture, history and way of thinking.

Portuguese Law and Its Roots

The Portuguese legal system, like the Italian one, belongs to the civil law family with Roman roots. And yet the differences are more striking than the similarities. The Portuguese Civil Code of 1966, still in force, is the product of a doctrinal tradition distinct from Italy's — more influenced by German law and the thought of Manuel de Andrade.

In the area of civil liability, for example, the Portuguese system adopts solutions that in Italy would be considered heterodox. Culpa in contrahendo is governed differently, and the role of objective good faith has application boundaries that do not coincide with those of our Article 1375 of the Civil Code.

"The comparative lawyer does not study foreign law to copy it, but to better understand their own." — Rodolfo Sacco

What I Brought Back Home

Erasmus taught me three fundamental things. First: the law is not a closed, self-sufficient system — it is in dialogue with the society that produces it. Second: studying in a foreign language forces you to think more slowly and precisely — invaluable training for any lawyer. Third: engaging with peers from other countries reveals implicit assumptions you didn't know you held.

If you're considering Erasmus as a law student: do it. Not so much for the credits, but because you'll return seeing your own law through different eyes.

M
Martina Caradonna
LL.B. Candidate · University of Bologna
EU Law
The Digital Markets Act: A New Era for Competition in the Digital Economy?
14 February 2025 8 min read
DMA Gatekeeper Competition
The Digital Markets Act reshapes the rules of the game for large digital platforms. But is it truly an effective tool against gatekeeper power?

Regulation EU 2022/1925 — the Digital Markets Act (DMA) — came into full application in March 2024, designating six "gatekeepers": Alphabet (Google), Amazon, Apple, ByteDance (TikTok), Meta and Microsoft. For the first time, European law imposes specific, asymmetric obligations on platforms that have reached a level of market power sufficient to be labelled as "digital gatekeepers".

What Are Gatekeepers Required to Do?

The obligations are numerous and profoundly affect platform business models. Among the most significant: the prohibition on self-preferencing (promoting their own services over competitors'), the obligation to ensure interoperability for messaging services, the prohibition on combining personal data across different services without explicit consent, and the guarantee for users to uninstall pre-installed apps.

"The DMA is not competition law. It is ex ante regulation: it does not punish abuse, it prevents it by imposing structural rules."

A Critical Assessment

The DMA's approach is innovative, but it raises open questions. The main one: the gatekeeper designation is based on quantitative thresholds (turnover, number of users) that may not adequately capture effective market power in emerging sectors such as generative AI. Apple and Google are already challenging certain decisions before the EU General Court. The coming years will be decisive in determining whether the DMA is a genuine revolution or an unfulfilled promise.

M
Martina Caradonna
LL.B. Candidate · University of Bologna
International Law
Brussels I bis and Digital Platforms: Do the Jurisdictional Rules Still Hold Up?
10 January 2025 9 min read
Private Int'l Law Brussels I bis Thesis
The Brussels I bis Regulation was born in a pre-digital era. Do its connecting factors — domicile of the defendant, place of performance — really hold up against global online platforms?

This article previews some themes from my LL.B. thesis. Regulation EU 1215/2012 (Brussels I bis) is the main European private international law instrument governing civil and commercial jurisdiction. It entered into force in 2015, but its connecting factors trace back to the Brussels Convention of 1968 — an era in which the internet did not yet exist.

The Problem of the "Defendant's Domicile"

The general jurisdiction criterion is the defendant's domicile (Article 4). In the case of a digital platform like Meta or Google, the domicile is typically in Ireland (European headquarters). Does this mean that an Italian consumer whose rights are violated by Facebook must — in principle — sue before an Irish court?

In reality, the Regulation provides special jurisdiction rules for consumer contracts (Articles 17–19) that allow an undertaking to be sued in the country of the consumer's residence. But these rules have precise requirements, and their application to digital platforms has generated significant interpretive litigation.

"Private international law is a twentieth-century tool being asked to regulate twenty-first-century relationships. Adaptation is urgent."

Proposals de Lege Ferenda

In my research, I explore the possibility of introducing a jurisdictional criterion based on "qualified digital presence" — an idea already discussed in legal scholarship that finds some echo in Commission reform proposals. The aim is to ensure that European citizens can enforce their rights before accessible courts, without the complexity of private international law becoming a practical barrier to justice.

M
Martina Caradonna
LL.B. Candidate · University of Bologna
Categories
Digital Law 2
Case Commentaries 1
EU Law 1
Reflections 1
International Law 1
Show All 5
Recent Posts
01
The AI Act Is Law: What Changes for European Citizens?
5 May 2025
02
CJEU C-300/21: Non-Material Damage Under GDPR Is Not Automatic
18 April 2025
03
Erasmus and Comparative Law: Learning the Law by Looking Elsewhere
2 March 2025
About the Author
M
Martina Caradonna
LL.B. Candidate · University of Bologna

I write about EU law, digital regulation and international law. These reflections grow out of my studies, internships and curiosity about a law that is always changing.

→ View Full Portfolio