Brussels Privacy Symposium 2023

Understanding the EU Data Strategy Architecture: Common Threads - Points of Junction - Incongruities November 14, 2023 @ 9:00 am - 5:00 pm (CET)


brussels graphic for socialebwebsite

The seventh edition of the Brussels Privacy Symposium will take place on Tuesday, 14 November 2023, jointly presented by the Brussels Privacy Hub of Vrije Universiteit Brussel (VUB) and the Future of Privacy Forum (FPF). This year’s topic is “Understanding the EU Data Strategy Architecture: Common Threads – Points of Junction – Incongruities”.

The Brussels Privacy Symposium is a global convening of practical, applicable, substantive privacy research and scholarship, bringing together policymakers, academic researchers, civil society and industry representatives. This year’s program will focus on how the EU data strategy package overlaps, interacts, supports or creates tension with provisions within the GDPR. More specifically, the Symposium will provide a forum for in-depth discussions on key principles of the upcoming EU AI Act, the Digital Services Act (DSA), the Digital Markets Act (DMA), in addition to other relevant acts from the Data Strategy package, and their interaction(s) with the existing personal data protection framework created by the GDPR. 

This event will be held in live, in-person-only format.






8:30 am –
9:20 am CET

Welcome Coffee and Registration

9:20 am –
9:30 am CET

Introduction from Co-Hosts


  • Jules Polonetsky, Future of Privacy Forum
  • Prof. Gianclaudio Malgieri, Leiden University & Brussels Privacy Hub 

9:30 am –
9:45 am CET

Keynote I

Details to come!

9:45 am –
10:45 am CET

Panel I – Shifting the Paradigm? Dispelling the Push for Access to Data in the Data Strategy Package

Facilitating access to data seems to be a leitmotif of the Data Strategy package, regardless of whether the data is personal or not. This can be seen from including specific legal requirements for very large online platforms to provide access to data to researchers and supervisory authorities under the Digital Services Act (DSA); and from imposing extensive and real time data portability obligations and interoperability obligations to gatekeepers in the Digital Markets Act (DMA), to facilitating access to data held by public authorities in the Data Governance Act (DGA), and creating specialized European data spaces to pool data. Questions of whether this represents a paradigm shift away from the strict rules regulating personal data processing, including making it available, under the GDPR, are essential in order to make sense of the new data regulatory framework in the EU. 

At the same time, individual “consent” seems to transform into a gatekeeper itself, ensuring access to personal data across services, platforms, authorities and NGOs – if we look at the provisions of the DMA and the DGA. This panel will discuss how data access and consent rules in the Data Strategy package are reconciled with the provisions of the GDPR.


  • Christina Michelakaki, Future of Privacy Forum


  • Corinna Schulze, SAP 
  • Mathias Vermeulen, AWO Agency
  • Anna Buchta, EDPS 

10:45 am –
11:15 am CET

Coffee Break

11:15 am –
12:15 pm CET

Panel II – A network of Impact Assessments: from the GDPR to the DSA and the AI Act

This panel aims to shed light on the different risk-based impact assessment provisions embedded in key EU digital regulations such as Article 34 of the DSA, and the Fundamental Rights Impact Assessment in the EU Parliament version of the Artificial Intelligence Act (AIA). Additionally, it will explore the intersection between the new legislation and the GDPR‘s Article 35 to evaluate data protection implications and with already existing “Human Rights Impact Assessment” models existing around Europe (like in the Netherlands).

The panel will feature experts in the field who will present their analysis and engage in a stimulating discussion, providing a deeper understanding of the approaches to impact assessments and their implications for stakeholders across the evolving sphere of EU digital regulation. By unraveling these intricacies, the panel aims to facilitate constructive dialogue and offer an opportunity to learn about the different types of impact assessments, their interconnectedness, and their relation to the GDPR. Moreover, key considerations for conducting an impact assessment will be discussed.

The panel will be of interest to anyone who is involved in the development or implementation of the EU digital strategy, including policymakers, regulators, businesses, and civil society organizations. It will explore the following questions:

  • What are the different types of impact assessments applicable?
  • What are the key considerations for conducting an impact assessment?
  •  Is the DPIA different from a Fundamental Rights Impact Assessment?


  • Gianclaudio Malgieri, Leiden University & Brussels Privacy Hub



Details to come!

12:15 pm –
1:30 pm CET

Lunch Break

1:30 pm –
2:30 pm CET

Panel III – What future then for data enforcement in Europe?

The GDPR, with its cooperation and consistency mechanism under the One-Stop-Shop, created one of the most complex and multi-layered enforcement structures in EU law. In fact, five years after the GDPR became applicable, the European Commission proposed new rules to reform this system on its margins, looking primarily at modifying national administrative procedures. With the data strategy legislative package, the EU legislator shifted focus and added to a dispersed enforcement model across the EU Member States a centralized enforcement model, reserving competences for the European Commission to enforce the DSA in relation to VLOPs and VLOSEs, and the DMA. 

The Data Strategy package is also significantly enhancing the web of national supervisory authorities that might have a word to say about data, algorithms, AI and the digital world. At the same time, Data Protection Authorities will continue dealing with any and all processing of personal data, including those that underpin the scope of application of all other laws in the Data Strategy package. To complicate matters further, recent rulings by national and European courts have ascertained the ability of antitrust authorities to make their own findings based on issues concerning the processing of personal data, thus laying the first brick towards the possible creation of a super authority dedicated to the data economy, tackling it from different points of view, all intertwined.


  • Gabriela Zanfir-Fortuna, Future of Privacy Forum


Details to come!

2:30 pm –
3:00 pm CET

Coffee Break

3:00 pm –
4:00 pm CET

Breakout Workshops – Have your say: How do the different proposals of the Data Strategy package interact, overlap, or create tension with key provisions of the GDPR?

After hearing from leading experts on the topic of the Symposium, attendees will be invited to share their own thoughts, in more restricted focus groups on how to define and address the common threads, incongruities and points of juncture of the Data Strategy package. From the DSA to the DMA, DGA, AI Act and the GDPR, what are some of the implementation challenges related to the different elements of the Data Strategy package? How does the Data Strategy package interact with ongoing challenges related to emerging technologies, including, but not limited to, Generative AI? Does the Data Strategy package allow for further protection of fundamental rights in the digital space, including for vulnerable individuals?

4:00 pm –
4:30 pm CET

Workshop Report Outs

4:30 pm –
4:45 pm CET

Closing Keynote

4:45 pm –
5:00 pm CET

Closing Remarks


Anna Buchta

Head of Unit Policy and Consultation, European Data Protection Supervisor (EDPS)

Anna Buchta is Head of the Policy & Consultation Unit at the European Data Protection Supervisor (EDPS). She coordinates the work of the EDPS on providing advice to the European Commission and other EU institutions and bodies on legislative and policy proposals relevant to data protection. She has extensive experience in data protection and privacy regulations, institutional law and litigation before the Court of Justice. She represented the EDPS in a number of cases before the CJEU, including Opinion 1/15 PNR Canada and, recently, a number of data retention cases. She is one of the institutional rapporteurs on EU data protection for the FIDE2020 Conference. Previously, Anna worked at the European Commission, among others on data privacy in electronic communications. Before that, she was a researcher at the Interdisciplinary Centre for Law and ICT (ICRI, currently CITIP) at KU Leuven (Belgium) and worked as a lawyer in private practice. Anna has a master’s degree in Law from the University of Warsaw (Poland) and a Master of Laws (LL.M.) degree from the KU Leuven (Belgium).

Gianclaudio Malgieri

Associate Professor, VUB

Gianclaudio Malgieri is an Associate Professor of Law and Technology at the EDHEC Business School in Lille (France), where he conducts research at the Augmented Law Institute and teaches Data Protection Law, Intellectual Property Law, ICT Law and Business Law. He is also Editorial Board Member of Computer Law and Security Review and Attorney at Law.

He obtained a PhD in Law at the Law, Science, Technology and Society (LSTS) Research Centre of the Vrije Universiteit Brussel, where he is Affiliated Researcher and where he was Work Package Leader of the EU H2020 PANELFIT Project, for the development of Legal & Ethical Guidelines on Data Processing in Research. His PhD thesis (defended in August 2020) focused on the notion of data subjects in the GDPR, in particular on the vulnerable data subjects. He also conducts research on automated decision-making, privacy and fundamental rights, surveillance, data ownership, intellectual privacy, consumer law. In the 2019 he is the only European scholar to receive the Future of Privacy Award. He is also external expert of the European Commission for the ethics and data protection assessment of EU research proposals.

Previously, he was lecturer of Data Protection Law and Intellectual Property for undergraduate and professional courses at the University of Pisa and S.Anna School of Advanced Studies. He was also Training Coordinator for the Brussels Privacy Hub from 2018 to 2020.

He got an LLM with honours at the University of Pisa (2016) and a JD with honours at S.Anna School of Advanced Studies of Pisa (2017). He was visiting student at the London School of Economics (2013), World Trade Institute of the University of Bern (2014), École Normale Superieure de Paris (2015) and Oxford University (2018).

He has authored more than 45 publications including articles in leading international law reviews, the Italian Handbook of Personal Data Protection and the editing of a Special Issue on Computer Law and Security Review. He published in English and Italian, and some works were translated in French and Chinese.

He is peer reviewer of Computer Law and Security Review; International Data Privacy Law; Federal Law Review, Big Data and Society; Journal of the Association for Information Science and Technology; Opinio Juris in Comparatione.

Corinna Schulze

Director, EU Government Relations, Global Corporate Affairs , SAP

Corinna Schulze is Director, EU Government Relations, Digital Government at SAP since 2014. In her current position, Corinna is responsible for public policy matters related to the Digital Single Market, Data Protection and Security. Corinna holds a law degree with the University of Münster, Germany and her bachelor law degree with the district court of Düsseldorf.

Mathias Vermeulen

Public Policy Director, AWO

Mathias oversees AWO’s public policy work. He is a legal and public policy expert in information technology law, digital rights and emerging technologies, with a focus on EU-law. Mathias previously worked as a strategic advisor for the Mozilla Foundation and Luminate, where he advised both organisations on their campaigning and public policy strategies related to countering online disinformation, ad tech and online content regulation.

Prior to that, he worked for five years in the European Parliament on a wide range of digital policy issues, including the EU’s copyright reform, online content regulation, the EU cybersecurity Act, digital trade chapters of trade agreements, and the recast of the EU’s export control regime of dual use items.

Mathias was a Research Fellow at the Centre for Law, Science, Technology and Society at the Vrije Universiteit Brussel, where he is still an associate fellow, and the European University Institute in Florence, where he managed and participated in a number of large European research projects that focused on the legal and ethical challenges of the use of new technologies.

Mathias has more than a decade experience working more broadly at the intersection of human rights and security policies. He worked as the main advisor to the UN special Rapporteur on human rights and counterterrorism, Prof. Dr. Martin Scheinin for three years, and started his professional career with internships at the Special Procedures Unit of the UN High Commissioner for Human Rights and at the International Commission of Jurists in Geneva. He also worked as a consultant for a number of organisations, including the Belgian Standing Intelligence Oversight Committee, the European Parliament, and a variety of think tanks and NGOs.

He holds a Ph.D. in European privacy and data protection law from the Vrije Universiteit Brussel, and has a joint European Masters in Human Rights and Democratization from the European Inter-University Centre in Italy and the University of Hamburg.

Christina Michelakaki

Policy Fellow, Global Privacy, FPF

Christina Michelakaki is a Policy Fellow for Global Privacy at the Future of Privacy Forum (FPF). She is following global trends in data protection and privacy laws around the world but also focuses on European and national case law, recent academic research, guidelines, and decisions from the European Data Protection Board and national Data Protection Authorities and actively monitors the activity of EU institutions around privacy and data protection, including Communications and Proposals of the European Commission and legislative reports from the European Parliament and the Council of the EU. She has been conducting extensive research on Data Protection by Design and by Default and was one of the principal authors of an FPF Report pertaining to this matter. Her research interests also revolve around fundamental rights and Artificial Intelligence.

Christina has a legal background and holds an LL.M on Information Technology, Media & Communications Law from the London School of Economics (LSE) (2022, London), where she wrote her thesis on Automated decision-making and the “right to an explanation” under the GDPR. She is an EU qualified lawyer and a member of the Thessaloniki Bar Association in Greece.

Jules Polonetsky

Chief Executive Officer, FPF

Jules has served for 15 years as CEO of the Future of Privacy Forum, a global non-profit organization that serves as a catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies.

Jules has led the development of numerous codes of conduct and best practices, assisted in the drafting of data protection legislation and presented expert testimony with agencies and legislatures around the world. He is an IAPP Westin Emeritus Fellow and the 2023 recipient of the IAPP Leadership Award.

Gabriela Zanfir-Fortuna

Vice President for Global Privacy, FPF

Dr. Gabriela Zanfir-Fortuna is the Vice President for Global Privacy at the Future of Privacy Forum, where she leads the work on Global privacy developments and counsels on EU data protection law and policy, working with all FPF’s offices and partners around the world. She created and curates FPF’s Global Privacy blog series.

Gabriela currently serves as a member of the Reference Panel of the Global Privacy Assembly, and she is also a member of the Executive Committee of the ACM FAccT (Fairness, Accountability and Transparency) Conference, since 2021. She is a member of the European Digital Media Observatory (EDMO) Working Group on Access to Platform Data, working on the creation of a Code of Conduct on access to platform data under Art. 40 of the GDPR.

As a data protection and privacy law expert, Gabriela recently testified for the FTC on data portability and for the European Parliament’s LIBE Committee on the EU’s proposed Data Governance Act.

Prior to moving to the US in 2016, she worked for the European Data Protection Supervisor in Brussels, being part of the team that advised the EU legislator on the GDPR during its legislative process. She dealt with both enforcement and policy matters, was a member of the EDPS litigation team appearing before the Court of Justice of the EU, as well as actively participated in the work of the Article 29 Working Party. She worked on the assessments of both the draft EU-US Privacy Shield and the draft EU-US Umbrella Agreement during her time at the EDPS and the Article 29 Working Party.

She previously served as a Program Chair (Law) for the ACM FAccT 2020 and as a member of the Program Advisory Committee for the ICDPPC 2019 Conference in Tirana. She was also a member of the Program Committee of PLSC Europe, CPDP – academic track, ACM – AIES 2020, and the ENISA Annual Privacy Forum. She served as a Project Scientist supporting the IoT Privacy Infrastructure Project within the Institute for Software Research of Carnegie Mellon University (2019 – 2020).

Gabriela holds a Ph.D. in law (2013, University of Craiova) with a thesis on the rights of the data subject from the perspective of their adjudication in civil law and an LLM in Human Rights (2010), after obtaining her law degree at the same university (2009). She is also an associated researcher with the Law, Science, Technology and Society Center at Vrije Universiteit Brussel.

Presented by

brussels privacy symposium 2023 sponsor banner v.1 9 7 23





The Brussels Privacy Symposium is a global convening of practical, applicable, substantive privacy research and scholarship, bringing together policymakers, academic researchers, civil society and industry representatives. The seventh edition of the Brussels Privacy Symposium taking place on 14 November 2023, is jointly presented by the Brussels Privacy Hub of Vrije Universiteit Brussel (VUB) and the Future of Privacy Forum (FPF).

Symposium Audience: FPF Corporate Members, Academia, and European privacy professionals. 


Silver Level Sponsorship – $5,000

  • Opportunity for promotional item and/or brochure to registrants
  • Official thank you during program by Conference leadership
  • Sponsor name and logo in event promotions and materials 
  • Company logo on event webpage with link, located on FPF website


Gold Level Sponsorship – $10,000

  • Opportunity for promotional item and/or brochure to registrants
  • Official thank you during program by Conference leadership
  • Sponsor name and logo in event promotions and materials
  • Company logo on event webpage with link, located on FPF website 
  • Dedicated sponsor table at event


Platinum Level Sponsorship – $15,000


  • Opportunity to make short remarks/announcements (2 minutes) at Symposium
  • Opportunity for (3) promotional item and/or brochure to registrants
  • Official thank you during program by Conference leadership
  • Sponsor name and logo in event promotions and materials 
  • Company logo on event webpage with link, located on FPF website 
  • Dedicated sponsor table at event
  • CEO and VP of Global Policy to share post-event sponsor thank you on LinkedIn


U-Residence VUB - 271 Boulevard Géneral Jacques, Ixelles, Bruxelles, 1050