Computers Privacy and Data Protection conference (CPDP) kicks off this week in Brussels, and the theme this year is “The Internet of Bodies”. The conference will gather 400 speakers for 80 panels to set the stage for the privacy and data protection conversation in Europe for 2018. And this is such an important year for data protection – not only the General Data Protection Regulation becomes applicable in May, but also the text of the new ePrivacy Regulation will likely be finalized.
Given the global impact of developments in EU data protection and privacy regulation, the Future of Privacy Forum is taking part in the conversation, aiming to drive understanding between the privacy cultures in the US and the EU.
If you’re in Brussels this week, don’t miss out the panels and events we’ll take part in, listed chronologically:
Cross-border data transfers: effective protection and government access, in particular in the transatlantic context
Tuesday, January 23, 18.00, Petite Halle
The Brussels Privacy Hub and the Privacy Salon will be hosting an exclusive launch event for the 11th edition of CPDP on 23 January 2018. This year’s launch will be an Evening Roundtable on “Cross-border Data Transfers” starting at 18.00, which will be followed by a cocktail.
The EU data protection regime claims that cross-border data transfers should not prejudice the level of protection individuals are entitled to. However, enforcing this claim in a cross-border context is not evident, especially since the EU data protection rules should also give effective remedies against governments of third countries, where EU jurisdiction is only indirect. This problem is widely recognised and in the last years the CJEU has set high standards in Schrems I, C-362/14 and Opinion 1/15 PNR Canada. The roundtable will address the latest developments and relevant court cases and discuss the contributions of the various actors, including Privacy Advocates, Data Protection Authorities, Companies and Governments.
Renate Nikolay, Head of Cabinet of Commissioner Vĕra Jourová, DG JUST, European Commission, Max Schrems, noyb and Gabriela Zanfir-Fortuna, FPF EU Policy Counsel, will discuss about the latest developments in cross-border transfers and the outlook for 2018. The discussion will be moderated by Omer Tene, VP of IAPP and FPF Senior Fellow.
Wednesday January 24, 8.45, Grand Halle
FPF CEO, Jules Polonetsky, is speaking in a panel on “Physical tracking” together with Anna Fielder, Trans Atlantic Consumer Dialogue (UK), Mathieu Cunche, INSA Lyon (FR), Monica McDonnell, Informatica (UK). The panel is organized by INRIA, Chaired by Daniel Le Métayer, INRIA and moderated by Gloria González Fuster, VUB (BE).
Tracking people in the physical world, through a variety of sensors, cameras, and mobile devices, is now common but it is becoming increasingly controversial. Knowing human dynamics such as crowd sizes, paths or visit durations are extremely valuable information for many applications. It offers great prospects to retailers or for urban planning. More generally, the extension to the physical world of the tracking already in place on the internet and the lack of control or even awareness of individuals raise serious questions. The goal of this panel is to discuss in a multidisciplinary way the issues raised by physical tracking, including the following questions:
- Is it possible to enhance individuals’ control over their information (including information, consent and “do not track” options) in the context of physical tracking?
- What recommendations could be made regarding the ePrivacy Regulation and the implementation of the GDPR to ensure better protection against physical tracking?
- Can self-regulation initiatives such as the Future of Privacy Forum code of conduct help improve the situation?
Privacy engineering, lingua franca for transatlantic privacy
Wednesday, January 24, 11.45, La Cave
The Future of Privacy Forum is organizing a panel that aims to contribute to the essential transatlantic privacy debate by focusing on privacy engineering and the role it could play as “lingua franca” between the US and the EU privacy and data protection worlds. Privacy engineering is more important than ever in a time where accountability is significantly transferred to the creators of data centric systems. The state of the art of privacy engineering will be discussed with leading experts from the US and Europe, focusing on the latest solutions for embedding privacy safeguards in processing systems from their design stage, but also for quintessential issues such as de-identification, data portability, encryption, user control over data.
- How big of a role does privacy engineering have for enhancing privacy of individuals/ users/consumers/digital citizens? Should it bear most of the “burden”? With whom else should privacy engineering share the “burden”?
- Could privacy engineering become a lingua franca of the US and EU privacy worlds? Is it already in this position?
- Is privacy by design achievable on a mass scale? Which are the factors that would facilitate the overall adoption of privacy by design?
The guest speakers are Simon Hania, Tomtom (NL), Naomi Lefkovitz, NIST (US), Seda Gürses, KU Leuven (BE), Ari Ezra Waldman, New York Law School (US). The panel is Chaired by Achim Klabunde , EDPS (EU) and moderated by Gabriela Zanfir-Fortuna.
Data processing beneficial to individuals: the use of legitimate interests
Wednesday, January 24, 14.15, Area 42 Grand
In today’s age of the Internet of Things, Artifi cial Intelligence (AI), cloud computing, mobile devices, advanced analytics and profi ling, it is becoming ever more diffi cult to obtain valid consent to process an individual’s personal data. More organisations are therefore looking to use the legitimate interest ground to process personal data, while at the same time struggling with its correct application. The balancing test needs to be completed, a good overview of potential benefi ts to individuals when processing their personal data needs to be produced and an ethical assessment needs to be maintained. All this to ensure that the risks of the data processing for the individual are minimised. This panel will discuss various approaches to the use of legitimate interest and the pros and cons of leveraging the benefi ts to individuals to process personal data.
- What needs to be done to use legitimate interest as a ground for processing personal data under GDPR?
- How do you balance benefi ts to individuals against risks to their rights and freedoms?
- How does the balancing test contribute to ethical data processing?
Paul Breitbarth, Nymity (NL), Dominique Hagenauw, Considerati (NL), Leonardo Cervera Navas, EDPS (EU), and Gabriela Zanfir-Fortuna, FPF (US) will speak about using legitimate interests of a controller or a third party as lawful ground for processing under EU data protection law. The panel is organized by Nymity, Chaired by Raphaël Gellert, Tilburg University (NL) and moderated by Aurélie Pols, Mind Your Privacy (ES).
Can citizenship of the target ever be a justified basis for different surveillance rules?
Thursday, January 25, 8.45, Grande Halle
This panel, organized by Georgia Institute of Technology, will examine the topic of whether the nationality of an individual under surveillance (the “target”) is and should be relevant to the legal standards for surveillance.
Legislation in effect today, in countries including the United States and Germany, applies stricter protections for national security surveillance of a nation’s own citizens than for foreigners. To date, there has been no systematic discussion of whether and on what basis those stricter standards might be justified. Some writers have asserted a “universalist” position, that national security surveillance must apply identically to both citizens and non-citizens. This panel will provide a description of current law and practice. It will then discuss and debate whether, and in what circumstances if any, it may be justified to apply different surveillance standards based on whether the individuals under surveillance have citizenship or other significant connections to the country undertaking the surveillance
Peter Swire, Georgia Institute of Technology and FPF Senior Fellow, Joseph Cannataci, UN Special Rapporteur on the Right to Privacy (INT), Mario Oetheimer, Fundamental Rights Agency (EU) and Thorsten Wetzling, Stiftung NV (DE) will discuss, in a panel moderated by Amie Stepanovich, Access Now (US) and Chaired by Wendy Grossman, Independent Journalist (US).
Privacy by Design, Privacy Engineering
Thursday, January 25, 19.30 (preceded by a cocktail at 18.30), Grande Halle
“Privacy by Design, Privacy Engineering” is a side event organized by the European Data Protection Supervisor and supported by FPF and Qwant, that will explore the role of privacy by design in the current privacy landscape.
Giovanni Buttarelli, EDPS, Jules Polonetsky, CEO, Future of Privacy Forum, Marit Hansen, Data Protection Commissioner, ULD Schleswig-Holstein, Eric Léandri, Co-founder and CEO Qwant will discuss privacy by design in a panel moderated by Seda Gurses, KU Leuven.
The GDPR introduces the obligation of data protection by design and by default. This is a very important step ahead and a challenge for many organisations, but it cannot be the end of the road. For technology to serve humans, a broader view on privacy and ethical principles must be taken into account in its design and development. The panel will discuss the perspectives of businesses and regulators which are the principles that they see as important in this context, and which are the approaches of their own organisations, and their demands and recommendations for other stakeholders.
Saturday, January 27, 9.15
Peter Swire, Georgia Institute of Technology and FPF Senior Fellow, and Jesse Woo, Georgia Institute of Technology, will have their paper discussed at PLSC Europe, “Understanding Why Nationality Matters for Surveillance Rules”.