Brussels Privacy Symposium 2022

Vulnerable People, Marginalization and Data Protection November 15, 2022 @ 8:30 am - 5:45 pm CET

Overview

brussels privacy symposium save the date 8.3.22 1

The sixth edition of the Brussels Privacy Symposium will take place on November 15, 2022, jointly presented by the Brussels Privacy Hub of Vrije Universiteit Brussel (VUB) and the Future of Privacy Forum (FPF). This year’s topic is “Vulnerable People, Marginalization and Data Protection”. This year’s event will be held in-person at Les Ateliers des Tanneurs, Rue des Tanneurs 58-62, 1000 Brussels Belgium.

The Brussels Privacy Symposium is a global convening of practical, applicable, substantive privacy research and scholarship, bringing together policymakers, academic researchers, civil society and industry representatives. This year they will explore to what extent data protection and privacy law protect and empower vulnerable and marginalized people. They will also debate how to balance the right to privacy with the need to process sensitive personal information in order to uncover and protect against biases and marginalization.  

This will also be the occasion to officially launch a new joint project: “VULNERA,” the International Observatory on Vulnerable People in Data Protection, co-led by the Brussels Privacy Hub and the Future of Privacy Forum. The observatory aims to promote a mature debate on the multifaceted connotations that the notion of human “vulnerability” and “marginalization” may assume in the data protection and privacy domains.

REGISTRATION CLOSED

Agenda

Time

Event

Speakers

8:30 am –
9:20 am CET

Registration, welcome, and breakfast

9:20 am –
9:30 am CET

Introduction from Co-Hosts

Co-Hosts

  • Jules Polonetsky, Future of Privacy Forum
  • Prof. Gianclaudio Malgieri, VUB

9:30 am –
10:00 am CET

Keynote I

Prof. Scott Skinner-Thompson, University of Colorado Law School

10:00 am –
11:00 am CET

Panel I: The role and concept of vulnerability and marginalization under data protection law: who is vulnerable and how should they be protected?

When understanding how data protection and privacy law puts safeguards in place to protect the rights of vulnerable and marginalized people, it is crucial to start with understanding who are the vulnerable and marginalized individuals and groups that need protection. Data protection laws in Europe and around the world identify “special categories of personal data” or “sensitive data” – usually designating protected categories of individuals and groups. Non-discrimination or civil rights laws advance their own protected categories of people. This panel will discuss how to define vulnerability and marginalization in a way that is relevant for the data-driven society, before exploring what are the actual mechanisms in privacy and data protection law to ensure protection of vulnerable and marginalized people. It will also touch on the tension between the need to provide enhanced protection for sensitive data and the need to rely on sensitive data to counter bias and discrimination.

Moderator: Katerina Demetzou, Future of Privacy Forum

Confirmed Speakers:

  • Malavika Raghavan, LSE/Future of Privacy Forum
  • Kim Smouter, ENAR
  • Quirine Eijkman, Dutch Human Rights Council
  • Joanna Szumanska, European Commission

11:00 am –
11:30 am CET

Coffee Break

11:30 am –
12:00 pm CET

Keynote II

 

  • Hera Hussain, Chayn

12:00 pm –
1:00 pm CET

Panel II: Assessing data processing impacts on vulnerable and marginalized populations: what is the role of harms, and can we measure them without processing sensitive information?

Analyzing the impact of data technologies on vulnerable and marginalized people is a crucial and problematic task. The question is: “vulnerable to what?” The notion of “harm” to fundamental rights (used even in the draft AI Act to define vulnerable people) is problematic in legal terms, in its ambiguous position between quantifiable damages and less significant effects. The DPIA in the GDPR might be a good tool to face human vulnerabilities in the data protection framework but there is still little guidance on how particular forms of vulnerabilities might be addressed and mitigated through that tool. What are the best practices to assess the impact of data processing taking into account human vulnerabilities?

Moderator: Gianclaudio Malgieri, Leiden eLaw, LSTS, VUB (BPH)

Confirmed Speakers:

  • Helena Koning, Mastercard
  • Tanya Krupiy, Newcastle Law School 
  • Sarah Chander, EDRi
  • Dale Sunderland, Irish DPC

1:00 pm –
2:30 pm CET

Lunch

2:30 pm –
3:30 pm CET

Panel III: Protecting preventively and proactively: promoting participation, mitigating risks and adjusting design

One of the criticisms against the previous Data Protection Directive 95/46, was its reactive approach to harm to individuals. The GDPR and the new generation data protection laws around the world it inspired aim to offer a different, proactive approach by introducing tools and processes that prevent (high) risks to the rights and freedoms of natural persons from materializing: risk assessments and DPIAs, data protection by design and by default and the encouragement of individuals’ participation are only a few of these tools. This panel will explore whether and how proactive approaches in the GDPR and other modern data protection laws like Brazil’s LGPD can guarantee a more effective protection for vulnerable people, notably in the design of widely-used online services and tools.

Moderator: Sebastião Barros Vale, Future of Privacy Forum 

Confirmed Speakers:

  • Alessandra Calvi, VUB
  • Rafael Zanatta, Data Privacy Brasil
  • Adam Bargroff, TTC Labs (Meta)
  • Grace Mutung’u, Open Society Foundation (East Africa)

3:30 pm –
4:00 pm CET

Coffee Break

4:00 pm –
5:15 pm CET

Have your say: What is vulnerability, why and how to address it?

After hearing from leading experts on the topic of the Symposium, attendees will be invited to share their own thoughts, in more restricted focus groups on how to define and address vulnerabilities under EU data protection law: is the current approach focused on the protection of special categories of data, minors and consent freedom, in addition to risk assessments and accountability, fit for purpose? What other marginalized individuals or groups are not – and should be – considered in the GDPR? And is prohibiting the processing of personal data related to their specific attributes the best option to protect them from harm and discrimination?

  • “What does it mean to be vulnerable? Exploring power imbalances online and offline” – Katerina Demetzou, FPF
  • “Vulnerable consumers and data power: lessons from the DSA and DMA” – Muhammed Demircan, BPH
  • “Vulnerability in the context of AI: ensuring fairness and mitigating biases” – Vincenzo Tiani, BPH
  • “Mitigating vulnerability and/or its effects through data protection law” – Hunter Dorwart, FPF

Moderator: Alessandra Calvi, BPH

Confirmed Speakers:

  • Katerina Demetzou, FPF
  • Muhammed Demircan, VUB
  • Vincenzo Tiani, VUB
  • Hunter Dorwart, FPF

5:15 pm –
5:45 pm CET

Closing Remarks

  • Gabriela Zanfir-Fortuna, FPF
  • Wojciech Wiewiórowski, EDPS

5:45 pm –
7:30 pm CET

Cocktail Reception

Speakers

Adam Bargroff

Privacy and Public Policy Manager, TTC Labs at Meta

Adam Bargroff, PhD, is a Privacy and Public Policy Manager at Meta & TTC Labs.  He previously worked in academia and non-profits to build education partnerships for digital and 21st century skills development. He also spent time at the European Commission and Dublin City Council on innovation aspects of the digital agenda.

Sebastião Barros Vale

EU Policy Counsel, FPF

Sebastião Barros Vale serves as the EU Policy Counsel at the Future of Privacy Forum (FPF), where he is following and analyzing privacy and data protection European and national case law, recent academic research, guidelines, and decisions from the European Data Protection Board and national Data Protection Authorities. He actively monitors the activity of EU institutions around privacy and data protection, including Communications and Proposals of the European Commission and legislative reports from the European Parliament and the Council of the EU.

He completed a traineeship at the Cabinet of EU Commissioner Věra Jourová, where he contributed to the 1st Annual Review of the EU-US Privacy Shield and to the Commission Guidance on the applicability of the General Data Protection Regulation (GDPR). As a qualified lawyer in Portugal, he practiced at the ICT practice area of Vieira de Almeida e Associados, assisting clients from the healthcare, retail, energy and financial sectors in complying with the GDPR and other privacy-related laws. Just before joining FPF, he worked as an in-house privacy expert at Johnson & Johnson.

Sebastião holds an LL.M in EU Law from the College of Europe (2016, Belgium), where he wrote his thesis on alternative international data transfer mechanisms after the invalidation of the EU-US Safe Harbour Decision by the Court of Justice of the European Union. Two notable papers he published focused on the interplay between the GDPR and the EU’s DIrective on digital payment services (PSD2), and on how European anti-discrimination, consumer, and data protection rules shield consumers against pervasive online price personalization.

Alessandra Calvi

Researcher, VUB

Alessandra Calvi is a PhD candidate in the LSTS and in the d.pia.lab at VUB since August 2019 and in the Equipes Traitement de l’Information et Systèmes (ETIS) lab at CY Cergy Paris Université (CYU) since September 2021. Her research interests include the relationships between data protection law and technology, gender/discrimination issues and sustainability.

In October 2021, she was entrusted with a research mandate on the EUTOPIA-funded interdisciplinary project ‘Enhancing the inclusiveness of smart cities: reinterpreting Data Protection Impact Assessment (DPIA) under the General Data Protection Regulation (GDPR) through intersectional gender lenses’ between VUB and CYU, under the joint supervision of the legal scholar Prof. Paul De Hert and the computer scientist Prof. Dimitris Kotzinos.

Between 2019 and 2021, Alessandra was involved in the projects PERSONA and STARII. The former, aimed at developing an integrated impact assessment method for border control technologies; the latter, at supporting small and medium-sized enterprises in their compliance with the GDPR. In parallel, she also served as managing director and event coordinator of the Brussels Privacy Hub.

Alessandra holds an LLM in International and European law – Data law (summa cum laude) awarded by the VUB Institute of European Studies, where she obtained an outstanding master thesis award for her work “Interrelationships between EU data protection law and the circular economy – Data protection and environmental challenges raised by the Internet of Things”.

Her professional experiences include a traineeship in the IT Policy team of the European Data Protection Supervisor and legal clerkships at the Tribunal of Pavia (Labour law section) and criminal law firms.

Sarah Chander

Senior Policy Advisor, EDRi

Sarah leads EDRi’s policy work on Artificial Intelligence (AI) and specifically the EU’s AI Regulation. She also works on issues of discrimination in a digital context, migration-related technologies, and works on a process of decolonising the digital rights field alongside the Digital Freedom Fund (DFF). She looks to make links between the digital and other social justice movements. Sarah has experience in racial and social justice and previously worked at the European Network Against Racism (ENAR) on a wide range of topics including anti-discrimination law and policy, intersectional justice, state racism, racial profiling and police brutality. She was actively involved in movements against immigration detention.

Katerina Demetzou

Policy Counsel for Global Privacy, FPF

Katerina Demetzou is a Policy Counsel for Global Privacy at the Future of Privacy Forum. She is working to further understanding of the state of play and global trends in data protection and privacy laws around the world, with their impact on the rights of individuals and on various technologies and digital services.

Since 2016, Katerina has conducted research under the supervision of Prof. Mireille Hildebrandt as a PhD Candidate at the Radboud Business Law Institute (OO&R) and is a member of the Interdisciplinary Hub for Security, Privacy and Data Governance (iHUB), both situated at the University of Radboud of Nijmegen in the Netherlands. Her research focuses on the legal qualification of the concept of high risk as a legal requirement for performing Data Protection Impact Assessments (DPIA) under Article 35 of the GDPR. She has authored and co-authored articles on the nature and the role of risk under the GDPR. Her research interests also revolve around fundamental rights and Artificial Intelligence.

Prior to starting her PhD, Katerina worked as a legal and policy trainee for the European Data Protection Supervisor in Brussels being part of the Policy and Consultation Unit, as well as for the Hellenic Data Protection Authority in Athens, Greece.

Katerina obtained her law degree from the National and Kapodistrian University of Athens (2012, Greece) and she holds an LL.M. on ‘Law and Technology’ from the University of Tilburg (2015, Netherlands).

Quirine Eijkman

Member, Dutch Human Rights Council

Quirine Eijkman is a Senior-Researcher/Lecturer at the Centre for Terrorism and Counterterrorism (CTC), Faculty Campus The Hague, Leiden University. She also works as a surveillance expert for Amnesty International Dutch section. Previously she worked for the ICCT-the Hague, the Human Rights Committee of the Dutch Advisory Council on International Affairs, the Netherlands Institute of Human Rights (SIM), Utrecht University, and at the International Humanitarian Law Department of the Netherlands Red Cross. Currently, she is a Member of the Board of Advisors of the Dutch Platform on Civil Rights, the Dutch Helsinki Committee and the Dutch Section of the International Commission of Jurists (‘NJCM’) of which between 2005 and 2011 she was the (vice) President. She teaches Master courses in Security & the Rule of Law and International Crisis and Security Management. Her research focuses on the (side) effects of security governance for human rights and the rule of law.

Hera Hussain

Founder and CEO , Chayn

Hera has years of experience supporting survivors and is responsible for oversight of the project, as well as being our Safeguarding Lead. Born in Scotland, raised in Pakistan and living in the UK, Hera knew from early on she wanted to empower women. Hera was on the Forbes 30 Under 30 and MIT Technology Review’s Innovators Under 35 list and was awarded the British Empire Medal by Her Majesty the Queen. Hera speaks English, Urdu, and Punjabi.

Helena Koning

Senior Managing Counsel Privacy & Data Protection, Mastercard

Helena Koning is Mastercard’s Europe Data Protection Officer (DPO) overseeing the protection of personal data in the European Economic Area (EEA), and leads the Global Privacy Compliance Assurance program to ensure Mastercard continues to comply with the global privacy laws and regulations. She has been with the company since June 2017.

Prior to joining Mastercard, Ms Koning worked as Senior Privacy Officer at Standard Chartered and at ADP in Singapore, where she led their Privacy Compliance Program and outreach activities for the Asia Pacific Region. Prior to that, Ms Koning worked as General Counsel at the Dutch Data Protection Authority in the Netherlands, where she managed the legal department responsible for enforcement, litigation and compliance. Ms Koning started her career as an international attorney working in Allen & Overy’s Amsterdam and New York offices assisting clients with competition law and finance matters.

Ms Koning graduated from Leiden University in business and international law and was admitted to the Amsterdam bar. She is a Certified Information Privacy Professional (CIPP/A and CIPM) and was a member of the IAPP Asia Advisory Board. She served as an expert on the B2G Data Sharing Expert Group establishing recommendations for the European Commission on data sharing.

Tanya Krupiy

Lecturer in Digital Law, Policy & Society, Newcastle Law School

Tanya has expertise in international human rights law, international humanitarian law and international criminal law and is particularly interested in exploring what societal impact new technologies create and how the norms of public international law can remain relevant in light of technological developments. Tanya has expertise in artificial intelligence, robotic and digital technologies and enjoys carrying out interdisciplinary research.

Tanya holds a Master of Laws with distinction in public international law from the London School of Economics and Political Science. Tanya gained a Doctor of Philosophy in law from the University of Essex. Taya received funding from the Social Sciences and Humanities Research Council of Canada to carry out a postdoctoral fellowship at McGill University in Canada. Thereafter, she was a postdoctoral fellow at Tilburg University. Tanya received internal funding for three consecutive years at Tilburg University. Tanya has published with various publishers. Oxford University Press, University of Toronto, University of Melbourne, European University Institute in Florence, Elsevier and Brill among others feature her work. Tanya acts as a peer reviewer for the following journals: Computer Law and Security Review, and New Explorations: Studies in Culture and Communication.

Gianclaudio Malgieri

Associate Professor, VUB

Gianclaudio Malgieri is an Associate Professor of Law and Technology at the EDHEC Business School in Lille (France), where he conducts research at the Augmented Law Institute and teaches Data Protection Law, Intellectual Property Law, ICT Law and Business Law. He is also Editorial Board Member of Computer Law and Security Review and Attorney at Law.

He obtained a PhD in Law at the Law, Science, Technology and Society (LSTS) Research Centre of the Vrije Universiteit Brussel, where he is Affiliated Researcher and where he was Work Package Leader of the EU H2020 PANELFIT Project, for the development of Legal & Ethical Guidelines on Data Processing in Research. His PhD thesis (defended in August 2020) focused on the notion of data subjects in the GDPR, in particular on the vulnerable data subjects. He also conducts research on automated decision-making, privacy and fundamental rights, surveillance, data ownership, intellectual privacy, consumer law. In the 2019 he is the only European scholar to receive the Future of Privacy Award. He is also external expert of the European Commission for the ethics and data protection assessment of EU research proposals.

Previously, he was lecturer of Data Protection Law and Intellectual Property for undergraduate and professional courses at the University of Pisa and S.Anna School of Advanced Studies. He was also Training Coordinator for the Brussels Privacy Hub from 2018 to 2020.

He got an LLM with honours at the University of Pisa (2016) and a JD with honours at S.Anna School of Advanced Studies of Pisa (2017). He was visiting student at the London School of Economics (2013), World Trade Institute of the University of Bern (2014), École Normale Superieure de Paris (2015) and Oxford University (2018).

He has authored more than 45 publications including articles in leading international law reviews, the Italian Handbook of Personal Data Protection and the editing of a Special Issue on Computer Law and Security Review. He published in English and Italian, and some works were translated in French and Chinese.

He is peer reviewer of Computer Law and Security Review; International Data Privacy Law; Federal Law Review, Big Data and Society; Journal of the Association for Information Science and Technology; Opinio Juris in Comparatione.

Grace Mutung'u

Coordinator, Open Society Foundation (East Africa)

Grace is a researcher on tech policies in Africa. Her interests include digital transformation, content policy, data governance and digital ID. She has written and participated in shaping laws and regulations on elections and technology in Kenya. Grace is also coordinating Open Society Foundation’s digital ID working group and is based in Nairobi, Kenya.

Jules Polonetsky

Chief Executive Officer, FPF

Jules serves as CEO of the Future of Privacy Forum, a Washington, D.C.-based non-profit organization that serves as a catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies. FPF is supported by the chief privacy officers of more than 200 leading companies, several foundations, as well as by an advisory board composed of the country’s leading academics and advocates. FPF’s current projects focus on AI and Ethics, Connected Cars, Health, Research Data, Smart Communities, Ad Tech, Youth, Ed Tech, Privacy Legislation and Enforcement, and Global Data Flows.

Jules also serves as Chairman of the International Digital Accountability Council and as Co-Chairman of the Israel Tech Policy Institute.  Jules is co-editor of The Cambridge Handbook of Consumer Privacy, published by Cambridge University Press (2018). More of his writing and research can be found at the www.fpf.org and on Google Scholar and SSRN.

Jules’s previous roles have included serving as Chief Privacy Officer at AOL and at DoubleClick, as Consumer Affairs Commissioner for New York City, as an elected New York State Legislator and as a congressional staffer, and as an attorney.

Jules has served on the boards of a number of privacy and consumer protection organizations including TRUSTe, the International Association of Privacy Professionals, and the Network Advertising Initiative. From 2011-2012, Jules served on the Department of Homeland Security Data Privacy and Integrity Advisory Committee. Jules is a member of The George Washington University Law School Privacy and Security Advisory Council. He also currently sits on the Advisory Boards of Open DP | Harvard University Privacy Tools Project and the California Privacy Lab (University of California).

Malavika Raghavan

Senior Fellow, FPF

Malavika Raghavan is a lawyer working on interdisciplinary research in India, focusing on the impacts of digitization on the lives of lower-income individuals. Her work since 2016 has focused on the regulation and use of personal data in service delivery by the Indian State and private sector actors, often enabled by expansive State-supported technical and regulatory architectures. Malavika founded and led the Future of Finance Initiative for Dvara Research (an Indian think tank) in partnership with the Gates Foundation from 2016 until 2020, anchoring its research agenda and policy advocacy on emerging issues at the intersection of technology, finance, and inclusion.

Research that she led at Dvara Research was cited by the India’s Data Protection Committee in its White Paper as well as its final report with proposals for India’s draft Personal Data Protection Bill, with specific reliance placed on such research on aspects of regulatory design and enforcement. She remains an Advisor on the Initiative’s International Advisory Board, and also serves on the Steering Committees of the Digital Identity Research Initiative (DIRI) at the Indian School of Business, and the Data Governance Network at the IDFC Institute, India. She is a member of the Asian Privacy Scholars Network.

Malavika’s previous experience includes several years with the global law firm Allen & Overy LLP in London (during which time she was seconded to the Financial Markets Law Committee established by the Bank of England) as well as stints with social impact investors Acumen and Big Society Capital. She was a 2018 fellow of the Chevening Financial Services Fellowship at King’s College London, and a 2016 fellow of the On Purpose social enterprise leadership program. Malavika holds an MPhil in Public Policy from the University of Cambridge and a B.A., LL.B.(Hons) degree from the National Academy of Legal Studies and Research (NALSAR), Hyderabad.

Scott Skinner-Thompson

Associate Professor of Law, University of Colorado Law School

Scott’s research and teaching interests are in constitutional law, civil rights, and privacy law, with a particular focus on LGBTQ and HIV issues. Bringing together these topics, his new book, Privacy at the Margins, examines how privacy can function as an expressive, anti-subordination tool of resistance to surveillance regimes. His scholarship has been published in the Georgetown Law JournalMichigan Law ReviewNorthwestern University Law ReviewUC Davis Law ReviewYale Law Journal Forum, and Columbia Law Review Online, and he served as editor of and contributing author to AIDS and the Law (Wolters Kluwer, 5th ed., 2016; 6th ed., 2020). His shorter work has appeared in Slate, Salon, The New Republic, Muftah, and elsewhere.

Prior to joining Colorado Law School in 2017, he was an Acting Assistant Professor of Lawyering at New York University School of Law. In 2014, he was selected as one of the Best LGBT Lawyers Under 40 by the National LGBT Bar Association and while in practice Scott served as co-counsel with the ACLU LGBT & HIV Project, the Center for Constitutional Rights, the Transgender Law Center, and the Transgender Legal Defense & Education Fund.

Scott clerked on the Third Circuit Court of Appeals for Judge Dolores Sloviter and for Judge Robert Chatigny of the U.S. District Court for the District of Connecticut. Scott graduated from Duke Law School, magna cum laude and Order of the Coif, in 2008, receiving both a J.D. and LL.M in International & Comparative Law. He received his B.A., magna cum laude and Phi Beta Kappa, from Whitman College in 2005.

Kim Smouter

Director, ENAR

Kim L. Smouter Umans joined ENAR in March 2022. Kim previously worked as ESOMAR’s Head of Public Affairs and Professional Standards, having joined ESOMAR in 2012. While there, he headed a small team of professional standards and public affairs experts championing the value of market, opinion and social research and data analytics.

Through his former role, he also worked to promote the interests of over 5,000 professionals and 550 companies working in the field of market, opinion and social research and data analytics, leading ESOMAR’s advocacy efforts on major policy dossiers including the General Data Protection Regulation and the ePrivacy Regulation. Kim also served a stint as Secretary General of the European Network of National Civil Society Associations. As its first Secretary General, Kim laid the foundations for securing its role and its future as one of Europe’s leading bodies defending the interests of the non-profit sector by bringing together over 20 national civil society infrastructure platforms.

He has also served in various policy roles working for the North East England Office in Brussels and in the European Parliament working in the fields of social policy, education, and employment. He holds a master’s degree in European Public Affairs and a bachelor’s degree in European Studies and is a graduate of the University of Maastricht.

Dale Sunderland

Director - Deputy Commissioner, Data Protection Commission, Ireland

Dale Sunderland was appointed Deputy Commissioner for Data Protection at Ireland’s Data Protection Commission in May 2016.
Dale has responsibility for the Commission’s Regulatory Supervision, Guidance and International Affairs functions. Previously Head of Communications and Corporate Secretariat at Ireland’s Department of Justice and Equality, he also held various positions at that department working on Irish-British immigration cooperation, EU criminal justice and policing policy, corporate governance oversight, and international, parliamentary and media affairs.

He holds graduate and postgraduate honours qualifications in Business Studies and Public Management.

Joanna Szumanska

Policy Assistant, European Commission

Wojciech Wiewiorowski

European Data Protection Supervisor, EDPS

Before his appointment, he served as Assistant European Data Protection Supervisor from 2014 to 2019 and as Inspector General for the Protection of Personal Data at the Polish Data Protection Authority, a position which he had held since 2010. He was also Vice Chair of the Working Party Article 29 Group.

Rafael Zanatta

Research Director and Professor, Data Privacy Brasil Research Association and Data Privacy Brasil

Rafael Zanatta is the Research Director of the Data Privacy Brasil Research Association and professor at Data Privacy Brasil. Master and PhD student at the University of São Paulo. Master in Law and Economics from the University of Turin. Alumni of the Privacy Law and Policy Course at the University of Amsterdam. He was coordinator of the digital rights program at the Brazilian Institute for Consumer Protection (2015-2018), project leader at InternetLab and researcher at the Fundação Getulio Vargas Law School. At Idec, he was representative of Anatel’s Committee for the Defense of Telecommunications Users and a member of the work group on Technology and Consumption of the Ministry of Justice. He actively participated in the construction of the General Law for the Protection of Personal Data (Law 13.)

Dr. Gabriela Zanfir-Fortuna

Vice President for Global Privacy, FPF

Dr. Gabriela Zanfir-Fortuna is the Vice President for Global Privacy at the Future of Privacy Forum, where she leads the work on Global privacy developments and counsels on EU data protection law and policy, working with all FPF’s offices and partners around the world. She created and curates FPF’s Global Privacy blog series.

Gabriela currently serves as a member of the Reference Panel of the Global Privacy Assembly, and she is also a member of the Executive Committee of the ACM FAccT (Fairness, Accountability and Transparency) Conference, since 2021. She is a member of the European Digital Media Observatory (EDMO) Working Group on Access to Platform Data, working on the creation of a Code of Conduct on access to platform data under Art. 40 of the GDPR.

As a data protection and privacy law expert, Gabriela recently testified for the FTC on data portability and for the European Parliament’s LIBE Committee on the EU’s proposed Data Governance Act.

Prior to moving to the US in 2016, she worked for the European Data Protection Supervisor in Brussels, being part of the team that advised the EU legislator on the GDPR during its legislative process. She dealt with both enforcement and policy matters, was a member of the EDPS litigation team appearing before the Court of Justice of the EU, as well as actively participated in the work of the Article 29 Working Party. She worked on the assessments of both the draft EU-US Privacy Shield and the draft EU-US Umbrella Agreement during her time at the EDPS and the Article 29 Working Party.

She previously served as a Program Chair (Law) for the ACM FAccT 2020 and as a member of the Program Advisory Committee for the ICDPPC 2019 Conference in Tirana. She was also a member of the Program Committee of PLSC Europe, CPDP – academic track, ACM – AIES 2020, and the ENISA Annual Privacy Forum. She served as a Project Scientist supporting the IoT Privacy Infrastructure Project within the Institute for Software Research of Carnegie Mellon University (2019 – 2020).

Gabriela holds a PhD in law (2013, University of Craiova) with a thesis on the rights of the data subject from the perspective of their adjudication in civil law and an LLM in Human Rights (2010), after obtaining her law degree at the same university (2009). She is also an associated researcher with the Law, Science, Technology and Society Center at Vrije Universiteit Brussel.

Gabriela is a contributor-author to ‘The EU General Data Protection Regulation – A Commentary‘, edited by C. Kuner, C. Docksey and L.A. Bygrave, Oxford University Press, 2020 (on Articles 13, 14, 15, 21 and 82). She is also the author of the volume ‘Protecția Datelor Personale. Drepturile Persoanei Vizate‘, C.H. Beck, Bucharest, 2015.

Presented by

2022 bps sponsorship info sheet 9 28 22 v.2