Milos Novovic

Hi there! I'm Miloš.

I teach tech and contract law.

About me

Hi! I’m Miloš Novović, and I work as an Associate Professor of Law at BI Norwegian Business School.

I live in Oslo, Norway, where I wrote my PhD in law. I love teaching about international commercial contracts, privacy, and anything tech-related. I also love talking (see my podcast or TEDx talk and podcast), writing articles (some are here), and occasionally getting some project-based work done on the ground.

Basically, I am a technology nerd who loves negotiating tech contracts.

I’m Miloš Novović, an associate professor of law at BI Norwegian Business School.

I teach courses on the GDPR, digital compliance and platform liability. I am also interested in commercial contracts, and teach courses on international commercial and arbitration law.

I hold a PhD in law from the University of Oslo, an LL.M. from the George Washington University, and a BSc. from University of Montenegro.

In addition to my academic pursuits, I’ve spent several years helping major Norwegian and international companies with privacy and IT contract-related matters. Needless to say, I am also a huge technology geek, and love learning how stuff works 🙂

My classes

Legal Tech

A course on privacy and data protection, intellectual property law and AI.

Privacy and the GDPR

An Executive course covering all aspects of the General Data Protection Regulation (GDPR). Taught in Norwegian.

Digital Compliance

An Executive course on data protection, security, marketing and IT contract law. Taught in Norwegian.

International Commercial Law

A course on negotiating, drafting and enforcing international commercial agreements. It also covers arbitration and dispute settlement.

My publications

Digital Services Act Commentary

I have just published a major book: an article-by-article commentary of the EU Digital Services Act. The DSA reforms the field of online platform liability, and introduces significant new obligations on information society service providers. 

Privacy Labels, App Store and the GDPR

This paper examines whether Privacy Nutrition Labels which Apple requires on the App Store help enhance transparency.

My PhD thesis

In my doctoral thesis, I examine how big platforms license user's copyrighted works through their Terms of Service agreements.

My work

GDPR

I have been working with data protection and privacy for a while now, and I am interested in (nearly) everything related to the field.
At this moment, I am focusing on the ways in which the GDPR affects the freedom to conduct business and freedom of contract.

DSA and AI

Right now, I am looking into the questions of platform regulation under the Digital Services Act, as well as regulation of AI in the AI Act.
I am particularly interested in how the rules on AI will affect big and smaller businesses, how they interact with the GDPR and other rules, and which compliance risks they entail.

Commercial contracts

Negotiating and interpreting contracts is always fun, as is learning about differences in national contract laws. Right now, I am looking into how choosing to litigate the disputes arising out of a contract in one country, without fully understanding its mandatory rules (such as those on privacy), can subvert the expectations of the contractual parties.

Consulting and training

I (occasionally) provide teaching and consulting services for businesses and public organizations. If you are looking for a crash course on the GDPR, guidance on negotiating tech contracts, or insights into the use of AI, drop me a line!

My podcasts and talks

Grumpy GDPR

Listen the latest episode of Grumpy GDPR, a podcast where I discuss the latest and greatest GDPR news together with Rie Aleksandra Walle – in the grumpiest way possible. 

My TEDx talk

Papers, training and resources

App Store Privacy Labels

Here is an article where I explore how Privacy Nutrition Labels posted in App Stores affect users and developers. My core argument is that privacy labels found in the app stores do not satisfy the GDPR transparency requirements, but that they still contribute to internal compliance.

(Novović, Miloš. Privacy nutrition labels, App Store and the GDPR: Unintended consequences?", Journal of Data Protection & Privacy, Henry Stewart Publications, 2023)

Arbitrability of GDPR disputes

In this article, I argue that private judges (arbitrators) must be, under the EU and international law, allowed to rule on GDPR compensation claims. I claim that this is not necessarily problematic.

(Novović, Miloš. "Arbitrability of Data Protection Disputes: Personal Data, Personalized Justice?", European Review of Contract Law, vol. 19, no. 3, 2023)

Copyright Tourism

In this article, I argue that the EU Court of Justice has created unexpected problems when it ruled that copyright disputes can be filed in any EU country where the content can be accessed from.

(Novović, Miloš. Fighting European ‘Copyright Tourism’: Lessons from Defamation Laws, European Review of Private Law, 2019)

Licensing of User-Generated Content

In my PhD thesis, I address the questions relating to mass-scale copyright licensing agreements which users enter into when they sign up for big online services.

(Novović, Miloš. Licensing of User-Generated Content: How Online Platforms Exploit Users’ Copyrighted Works, University of Oslo, 2018)

Get in touch

    Privacy and cookies

    This website places a single cookie necessary to render the webpage and pause/resume videos.

    The only personal information I process is your IP address, which is only stored if there is a flagged security incident (in which case it is deleted after 6 months).

    My website is hosted on servers in Belgium. I use no tracking or profiling technologies.

    You can always ask me to give you access to, correct, or delete your personal data; or object to the way I am using it.

    You are always free to lodge a complaint with the authorities. Feel free to contact me anytime you’d like; all of my contact information is on the homepage! :)

    My name is Milos Novovic, and I am the person who decided how your data is used on this website. You can always contact me using the contact forms on this website, or via my email (mn******@la*.edu).

    This website places a single, necessary cookie on your device. It simply tracks whether you have an active session on the website (in order to render the website theme and allow you to pause/resume videos). The cookie is deleted as soon as your session expires. Here is what it looks like:

    elementor|{“__expiration”:{},”activeSession”:true}|

    Your IP address is processed in order to be able to run this website securely. Under normal circumstances, it is deleted when you close your browsing session. If an automated system detects abnormal traffic from your IP address (consistent, for instance, with cyberattacks), your IP address will be stored for a period of 6 months. The legal basis for this processing is legitimate interest.

    All the material is hosted on the page itself, and there are no analytical or tracking tools. The website is hosted by Elementor Cloud, on their servers in Belgium. Elementor uses a caching service called Cloudflare, which makes it faster to render webpages. Both services operate as intermediaries under the eCommerce Directive, and data processors under the GDPR. They are not allowed to use your personal data for any of their own purposes.

    You can always ask me to gain you access, correct, or delete your personal data. You can also object to the processing of your IP address for security purposes, in which case I will assess the claim based on your individual situation. Automatic decision-making does not take place on this website.

    You always have the right to lodge a complaint with a supervisory authority. You have no obligation to contact me with your concerns (but as a privacy nerd, I would very much like it if you did!).