David Rodriguez

David Rodriguez

I am Assistant Professor and Ph.D. in Privacy Engineering at the Universidad Politécnica de Madrid (UPM), specializing in Cybersecurity and Data Protection.

David Rodríguez Torrado

Welcome! I’m Assistant Professor and Ph.D. in Privacy Engineering at the Universidad Politécnica de Madrid (UPM), working within the STRAST research group (Real-Time Systems and Service Architecture for Telematics). My research focuses on the automated assessment of privacy and data protection compliance in ICT systems, especially in the context of Android mobile apps and GDPR regulation.

🎓 About me

Since 2023, I teach Software Analysis and Design (ADSW) to second-year students at the Escuela Técnica Superior de Ingenieros de Telecomunicación, where I cover topics like software design, concurrent programming, and complexity analysis in Java.

Between 2021 and 2023, I worked as a Research Assistant at UPM, contributing to the nationally funded research project AutoGDPR, focused on automating the assessment of GDPR compliance, by doing privacy policy analysis and data flow auditing. Today, I continue this work as my main research line.

I currently serve as Publicity Chair for the International Workshop on Privacy Engineering (IWPE 2025), where I help coordinate outreach, promotion, and community engagement for the event.

🌍 International Research Collaboration

  • Escuela Politécnica Nacional (Ecuador), since 2024
    Co-researcher in an international project on the automated annotation of legal texts, in collaboration with Prof. Danny S. Guamán and Prof. José Estrada.
    • Demonstrated that GPT-4o can perform multi-label, multi-class annotation of privacy policies with performance close to 80–90% of human annotators, greatly reducing manual effort.
    • The results are currently under review for publication (Preprint DOI: 10.21203/rs.3.rs-5799153/v1), and the annotated corpora will be made publicly available upon acceptance of the article.
  • ETH Zurich (Switzerland), since 2024
    Research collaborator in an interdisciplinary project led by Prof. Stefan Bechtold and LL.M. Luka Nenadic at the Center for Law & Economics.
    • (Ongoing) Empirical research on on large-scale multilingual analysis of privacy policies to evaluate changes following the enforcement of the New Federal Act on Data Protection (nFADP).
  • King’s College London (UK), since 2024
    Visiting Ph.D. student at the Department of Informatics, collaborating with Prof. William Seymour and Prof. Jose Such.
    • Conducted research on automated policy compliance in conversational AI systems, including the development of a framework to evaluate chatbot behaviors against organizational policies.
    • Research contributed to a joint publication currently under review.
  • Carnegie Mellon University (USA), since 2022
    Visiting Ph.D. student at the School of Computer Science (2023), hosted by Prof. Norman Sadeh.
    • Focused on automating the analysis of privacy policies using Large Language Models.
    • Research collaboration resulted in seven joint publications, including papers at PETS and high impact journals.
  • ETH Zurich (Switzerland), since 2022
    Research collaborator in an interdisciplinary project led by Prof. Amit Zac and Prof. Stefan Bechtold at the Center for Law & Economics.
    • Contributed to empirical research on large-scale automated GDPR compliance auditing.
    • Co-authored a working paper in progress: “The Court Speaks, But Who Listens? Automated Compliance Review of the GDPR” (CLE Working Paper Series 01/2024).
      DOI: 10.3929/ethz-b-000664943

🧪 Ph.D. Research

Ph.D. in Privacy Engineering, Universidad Politécnica de Madrid (UPM).
Defended on July 8, 2025, with the highest honors (cum laude) and international doctorate distinction.

Thesis title: Contributions to the Automated Assessment of Mobile Applications’ Compliance with Privacy and Data Protection Requirements

My research addresses three key layers of analysis in mobile privacy:

  • What applications do: I perform dynamic and static analyses of Android apps to identify privacy-impacting behavior, using tools like Frida and mitmproxy.
  • What applications say they do: I apply LLMs and NLP techniques to evaluate privacy policies at scale and detect inconsistencies with behavior.
  • Who receives the data: I investigate data recipients and cross-border transfers using network monitoring and IP geolocation strategies.

The outcomes of this work have been published in leading venues like PETs, Computing, Computers & Security, and IEEE Access.

🛠️ Research Projects

I actively contribute to research projects such as:

  • CEDAR (Horizon Europe): Developing tools for improving public governance transparency, with a focus on knowledge graphs, data modeling and entity resolution.
  • AutoGDPR: Designing technical solutions to automate GDPR compliance assessment, with public impact in press and academia.

👨🏻‍🏫 Teaching

Since 2023, I lecture in the second-year undergraduate course Software Analysis and Design, where I guide students through core software engineering techniques including:

  • Software design and debugging fundamentals.
  • Algorithm design and analysis, including sorting, dictionary structures, and graph algorithms.
  • Concurrent programming using threads, with emphasis on mutual exclusion, synchronization, and deadlock prevention.
  • Complexity analysis and architectural design of telecommunication systems.
  • Team-based software development, version control, and lab exercises linked to real-world communication software challenges.

🎤 Presentations

I’ve presented my research at various international venues, including:

  • Paper presentation at Privacy Enhancing Symposium 2025 (PETs)
  • Invited talk at Queen Mary University of London in 2024
  • 🥈 Second Best Presentation Award at IWPE 2023 (IEEE EuroS&P Workshop)
  • Poster at CyLab Partners Conference 2023 (Carnegie Mellon University)
  • 🥇 Best Presentation Award at IWPE 2022 (IEEE EuroS&P Workshop)
  • Poster at SECRYPT 2022 in Lisbon

🧠 Skills

  • Privacy Engineering: GDPR, compliance automation, policy analysis
  • Software Development: Python, Java, Git, UML, software design patterns
  • Program Analysis: Frida, mitmproxy, static/dynamic analysis
  • NLP & LLMs: Privacy policy classification, prompt engineering
  • Academic Communication: Paper writing, teaching, conference presentations
  • Languages: Spanish (native), English (C1 certified)

📄 Find out more

You can explore my:

Feel free to contact me by email or connect through Google Scholar, ORCID, or ResearchGate.