Privacy Engineering Research and the GDPR: A Trans-Atlantic Initiative


Workshop Description

A multidisciplinary research approach to understanding privacy is needed and deploying new privacy-aware approaches may require changes in existing technology systems, in business processes, in regulations, and in laws, as stated in the US National Privacy Research Strategy. When the EU’s GDPR becomes fully applicable on 25 May 2018, many data protection requirements will be seen in a new perspective. Among other aspects, “data protection by design and by default” will become an explicit legal obligation. Organizations who are processing personal data have to apply privacy engineering so that their systems implement data protection principles and integrate the necessary safeguards.

With this event, we aim to determine the relevant state of the art in privacy engineering; in particular, we will focus on those areas where the “art” needs to be developed further. The goal of this trans-Atlantic initiative is to identify open research and development tasks, which are needed to make the full achievement of the GDPR’s ambitions possible. See full agenda here.

When: Friday, November 10, 2017 from 9:30 – 17:00

Where: University of Leuven, Parthenonzaal (Mgr. Sencie Instituut MSI 1 03.18) Erasmusplein 2, 3000 Leuven, Belgium

Click here to find more detailed information about how to get to the University of Leuven and other practical matters.

Featured Speakers and Panelists

  • Giovanni Buttarelli, European Data Protection Supervisor
  • Wojciech Wiewiorowski, Assistant European Data Protection Supervisor
  • Norman Sadeh, Professor of Computer Science and Co-Director, Privacy Engineering Program, Carnegie Mellon University (CMU)
  • Claudia Diaz, Professor at the COSIC research group of the Department of Electrical Engineering (ESAT), KU Leuven
  • Josep Domingo-Ferrer, Professor of Computer Science, Chairholder of the UNESCO Chair in Data Privacy, and ICREA-Acadèmia Researcher, Universitat Rovira i Virgili
  • Jaap-Henk Hoepman, Professor in the Digital Security group at the Institute for Computing and Information Sciences and Scientific Director of the Privacy & Identity Lab, Radboud University Nijmegen
  • Naomi Lefkovitz, Senior Privacy Policy Advisor in the Information Technology Lab at the National Institute of Standards and Technology, U.S. Department of Commerce
  • Simon Hania, Vice President Privacy & Security / Corporate Privacy Officer, TomTom

Event Agenda:

This full-day session will include:

  • A Review of the state of the art – including current solutions
  • A panel discussion focused on current research in the field
  • Break-out sessions focusing on “key challenges” and identifying opportunities for research and development
  • Presentation of findings from break-out sessions and suggestions for next steps

Who should attend:

  • Privacy Engineering Researchers
  • Privacy Engineers
  • Practitioners responsible for data governance and protection



Call for Participation

This workshop aims at bringing together those who are working at the forefront of research on adapting data processing strategies, developing privacy engineering, and practitioners applying these technologies. The workshop will include a Key Note presentation, a panel discussion reviewing the current landscape followed by breakout sessions to address relevant themes, such as the ones mentioned below (but not limited to them). To encourage a diverse set of attendees, we ask those who are interested in attending the workshop to provide a one-page submission that includes the following information (no specific format required):

Biosketch. One to two paragraphs introducing who you are and your background, including whether you come from industry, the public sector, academia, or other (please specify).

Theme. The theme that most strongly resonates with you, why, and your stated position on this theme. It may be related to a project you are already working on, a project you recently concluded or a project you intend to start. Please explain in what sense you are well-positioned to help address this theme.

Influence. Please describe how you would be influential within your respective community, for example by disseminating the workshop outcomes after the conclusion of the workshop, implementing certain measures, etc.

Please send submissions to [email protected]. *Submissions are now due 5 October, 2017. Submissions will be reviewed by the workshop program organizers — Jules Polonetsky, CEO Future of Privacy Forum; Achim Klabunde, IPEN/European Data Protection Supervisor; Bettina Berendt, Professor in the Computer Science Department at the University of Leuven/DTAI; and Norman Sadeh, Professor of Computer Science and Co-Director, Privacy Engineering Program, Carnegie Mellon University (CMU) — and your attendance will be accepted based on the goal to ensure a diverse set of attendees and the relevance to the workshop themes and goals. Participation is free of charge.

Possible Workshop Themes to be discussed include, but are not limited to:

  • “State of the art”: How is the state of the art of privacy engineering defined and who defines it? What PET tool boxes can be used for developers, corporate decision makers and supervisory bodies? What data-driven risk assessment frameworks for implementing Privacy by Design in data science and big data analytics already exist? How can these be improved?
  • Consent: There are detailed parameters for obtaining valid consent under the GDPR and the future ePrivacy Regulation, creating important challenges for sectors such as ad technology, mobile apps, connected cars, and smart devices.  What can engineering contribute, and what should solutions look like?
  • De-identification: How can different levels of de-identification techniques be used or further developed to effectively advance the obligations under the GDPR?
  • Transparent and interpretable processing: How can data mining and machine learning methods be made transparent and interpretable? For revealing the logic ‘behind the algorithm’ and accountability: what exactly should be revealed and how? How can we ensure these methods correspond to GDPR requirements and are understandable to the relevant groups of users?
  • Challenges arising from development and deployment practice: How can PETs and data protection by design methodologies be integrated into existing software development approaches (especially agile software development)? With software production and use phases collapsing, users are integral to experimentation, developers are users themselves, and usability becomes central. Different requirements may be commensurate, complementary, and contradictory. How can we design and evaluate for users and for a democratic society?

You can find information about accommodation at For other questions regarding the venue, please contact the local organiser, Bettina Berendt, at peg2[email protected]

This workshop is supported in part by the National Science Foundation under Grant No. 1654085