Welcome, my name is

Luke Crofton Arbuthnot

Aspiring Solicitor | LL.B. | LL.M. | CIPP/E

• Specialist in technology law — data protection, cybersecurity, AI governance, IP
• Certified Information Privacy Professional — academic & practical experience
• SQE1 Candidate (July 2026) — passionate about digital rights & privacy

Curriculum Vitae

About Me

I am a recent Master of Laws graduate specialised in the digital domain. I hold the International Association of Privacy Professional’s Certified Information Privacy Professional/ Europe (CIPP/E) certification. I am currently studying for the English and Welsh Solicitor’s Qualifying Exam 1 (SQE1) in July 2026.

I have a keen interest in individual privacy and cybersecurity, implementing privacy enhancing tools and methods in my daily life. I also am an avid guitarist and am PADI Rescue Diver certified.

I have academic and hands on practical, legal and GRC experience in:
  • Data Protection
  • Cybersecurity
  • AI Governance
  • Privacy
  • Intellectual Property
  • Regulatory Compliance

Experience

Intern - Security and Privacy Office (GRC) - Exact Group
Oct 2024 - Feb 2025
Letter of Recommendation

  • Conducted research on Exact’s compliance with the EU AI Act and GDPR under DPO Pia Kuijpers.

  • Delivered gap analysis report and presentation to key company stakeholders.

AI Privacy & Governance Discussion Group Leader - AI Safety Initiative Groningen
Sep 2024 - June 2025
  • Lead a discussion group on AI safety concerns with a focus on emerging data protection and privacy issues.
Chairman of the Activities Committee - Decentralized Student Law Association
June 2022 - Aug 2023

  • Chairman of the Activities Committee with competencies in planning, organising and executing academic and social events.

  • Hosted a discussion panel on privacy, cybersecurity and the law with J. Milaj-Weishaar, PhD | STeP and G.P. Mifsud Bonnici, Prof Dr | STeP.

Education

August 2025 - July 2026
BARBRI Foundations of (English & Welsh) Law & Solicitors Qualifying Exam (SQE1) Preparation Course
BARBRI SQE
August 2024 - December 2025
Master of Laws (LL.M.) in Technology Law and Innovation
University of Groningen (Rijksuniversiteit Groningen)
GPA: 8.8 Cum Laude (High First Class equivalent)

Awarded a grade of 9 for my master’s thesis on the EU transparency and targeting of political advertising Regulation. During my studies, I completed practical assignments for Deloitte, Microsoft, the Autoriteit Persoonsgegevens (Dutch Data Protection Authority), and the Dienst Wegverkeer (Netherlands Vehicle Authority). Academic work covered domains including data protection, cybersecurity, intellectual property, competition law, consumer protection, sustainable technology law, and the legal and ethical frameworks surrounding data-driven innovation.

Currently undertaking an exchange semester at National Taiwan University as part of the LL.M. programme, focusing on focusing on commercial, business, and finance law.

Extracurricular Activities:

  • Active member of Groningen Debate Society Kalliope, participating in BP debate tournaments across the Netherlands.
  • Won the Decentralized Student Law Association’s intellectual property moot court.
August 2020 - March 2024
Bachelor of Laws (LL.B.) in International and European Law - Technology Law track specialisation
University of Groningen (Rijksuniversiteit Groningen)
GPA: 7.5

Completed a broad legal education covering Dutch, European, and international law. Core areas included criminal law, contract and tort law, property law, constitutional law, comparative law, private international business law, EU law, and legal history. Additional focus areas included data protection and human rights, regulation of cybercrime, IT in the legal context, competition law in the digital market, telecommunications, intellectual property law, and law and economics.

Completed an exchange semester at University of Surrey, studying English employment and medical law, jurisprudence, and international humanitarian law.

Extracurricular Activities

  • Committee chairman and active member of Decentralized Student Law Association.
Sixth Form College
Dubai English Speaking School College
GPA: A*, A*, A, B

Certifications

Certified Information Privacy Professional/Europe (CIPP/E)
Passed the International Association of Privacy Professionals (IAPP) CIPP/E certification with a score of 442.

Projects

Privacy, Security and the Law | Personal Website & Blog
Web development Personal privacy & security
Privacy, Security and the Law | Personal Website & Blog
Designed and developed a personal professional website and blog using the Hugo static site generator. The blog focuses on practical guides to help individuals protect their personal privacy and security, alongside commentary on surveillance, privacy, and technology regulation. The site is fully GDPR compliant, with additional measures implemented to avoid processing personal data.
Click for blog
Microsoft | Zero Trust Architecture & Regulatory Compliance
GRC Legal analysis
Microsoft | Zero Trust Architecture & Regulatory Compliance
Collaborated with fellow LL.M. candidates as external consultants to Microsoft, advising on how Zero Trust Architecture (ZTA) can support compliance with the GDPR, DORA, and NIS2, tailored to GRC client contexts. Presented our findings at Microsoft, engaging in real-world legal-tech dialogue and demonstrating how compliance obligations can be embedded into system design. My primary contributions included analysing workplace surveillance risks associated with ZTA, explaining its technical implementation, and outlining practical steps for operationalising it within organisational systems and policies. Delivered these findings in both the final report and live presentation to Microsoft stakeholders.
See more
Autoriteit Persoonsgegevens | Advising on Targeted Political Advertising & its Regulation in the EU
Legal analysis Data protection Privacy
Autoriteit Persoonsgegevens | Advising on Targeted Political Advertising & its Regulation in the EU
Collaborated with a team of LL.M. candidates from the University of Groningen to analyse the societal risks and legal frameworks surrounding targeted political advertising in the EU and beyond. My contributions included researching and drafting sections on the legal regulation of political microtargeting, refining the final report, and coordinating a large multi-member team. Presented our findings at the Autoriteit Persoonsgegevens (Dutch Data Protection Authority), engaging directly with their team to discuss regulatory challenges and enforcement perspectives. This project deepened my expertise in online political advertising and its intersection with data protection law.
See more

Get in Touch

Feel free to reach out if you’d like to connect, collaborate, or just talk privacy and law.