AI & Machine LearningGlobalGlobal Legislation

Brussels Privacy Symposium 2025

A Data Protection (R)evolution? October 14, 2025 @ 9:00am - 6:00pm CEST

Overview

We invite you to register for the ninth edition of the Brussels Privacy Symposium, taking place at Les Ateliers des Tanneurs on Tuesday, 14 October 2025. This event is jointly presented by the Brussels Privacy Hub of Vrije Universiteit Brussel (VUB) and the Future of Privacy Forum (FPF). The theme of this year’s conference, “A Data Protection (R)evolution?,” focuses on the impact of the competitiveness and simplification agenda of the European Commission on digital regulation, including data protection.

The Brussels Privacy Symposium is a global convening of practical, applicable, substantive privacy research and scholarship, bringing together policymakers, academic researchers, civil society, and industry representatives. The programming of the Symposium has drawn attention over the past two editions to the complexity, overlap and often incongruence of the various new EU legislative acts in the digital realm, on top of the GDPR. This complexity is now at the heart of an effort by the European Commission, with support from the EU Council, to simplify the digital regulation acquis. At the same time, the push for competitiveness in the age of AI and the unpredictable geopolitical landscape might lead to a full data protection (r)evolution, with increased appetite to reopen the GDPR or, at least, to clarify its interplay with the AI Act. The Symposium this year will carve paths forward for all these pressing debates.  

This event will be held in live, in-person-only format. Stay up-to-date here – more details to follow.

In the interim, be sure to view the the Brussels Privacy Symposium Report 2024. It highlights key takeaways and offers practical and actionable insights on the complex interplay between the different elements of the EU data strategy architecture. 

PRESENTED BY

vub brussels privacy hub logo
presented by logos for brussels privacy symposium nov. 11, 2022 (2)

REGISTRATION INFORMATION

REGISTER HERE! This event will be held in live, in-person-only format.

TICKET TYPES:

Active FPF Members & EU Council Members enjoy complimentary registration for the 9th Annual Brussels Privacy Symposium.

How to Register:

  • Use your company email address when registering. Our system will recognize your membership. An email with the complimentary registration code has been sent to all eligible member organizations.
  • Didn’t get your complimentary registration code? No worries! Just email us at [email protected], and we’ll assist you.

Enjoy Complimentary Access! If you’re a non-member from academia, advocacy, or government, you’re eligible for a free ticket.

Please note: Complimentary tickets are limited in number. Once capacity is reached, only standard registration at $175 will be available.

How to Register:

  • Use your affiliated organization’s email address when signing up to validate your complimentary ticket.
  • Pro Tip: Make sure your email matches your organization. Registrations with unapproved emails will be automatically canceled during our review process.

Join the Conversation! We offer competitive rates for corporate, law firm and trade association attendees:

  • 📅 Standard Rate: $175 (sales end October 1, 2025 at 11:59 EST)

Questions or Need Help?
Contact us anytime at [email protected]. We’re here to make your registration experience seamless. We can’t wait to see you in person at our 9th Annual Brussels Privacy Symposium


Agenda

AGENDA

Time

Event

Speakers

9:00 am –
9:30 am CET

REGISTRATION

Check-In, Welcome Coffee & Light Bites

9:30 am –
9:35 am CET

WELCOME REMARKS

CO-HOSTS

  • Dr. Gabriela Zanfir-Fortuna, VP for Global Privacy, Future of Privacy Forum
  • Prof. Sophie Stalla-Bourdillon, co-Director, Brussels Privacy Hub

9:35 am –
10:00 am CET

OPENING KEYNOTE

To be announced!

10:00 am –
10:45 am CET

PANEL I – A Data Protection (R)evolution?

As the impact of the competitiveness and simplification agenda of the European Commission continues to reverberate across Brussels, the EU, and beyond, a timely exchange on the role and evolution of data protection law is necessary. While acting as the cornerstone of the EU Digital Rulebook, the GDPR is part of a broader framework of digital laws which, over time, have emerged as being at odds with Europe’s landmark data protection rules. The specific challenges posed by AI systems and services entering the EU market, as well as the broader promise of innovation, are arguably the primary drivers of increasing momentum to “re-open” the GDPR. WIth this in mind, expert panelists will address:

  • Stock-taking: What is the role of the GDPR and data protection law in the EU Digital Rulebook?
  • With overarching digital regulatory “simplification” in mind, how do we foresee data protection law evolving to meet the challenges posed by AI systems?
  • What lessons can be learned from other jurisdictions in the ways they have approached balancing rights protection with economic growth?
  • Do the current rules allow SMEs and SMCs to flourish and, if not, what do they need from the data protection (r)evolution?

MODERATOR:

  • Bianca-Ioana Marcu, Managing Director for Europe, Future of Privacy Forum

PANELISTS:

  • Itxaso Domínguez de Olazábal, Policy Advisor, EDRi
  • Claude Moraes, Member of the UK House of Lords
  • Olivier Micol, Head of the Data Protection Unit, DG JUST, European Commission
  • Panelist: To be announced

10:45 am –
11:15 am CET

COFFEE BREAK

11:15 am –
11:30 am CET

LIGHTNING TALK #1

Speaker to be announced soon!

11:30 am –
12:15 pm CET

PANEL II – Between a Rock (AI Act) and a Hard Place (GDPR)?

The points of tension and overlap between the AI Act and GDPR have been central to the digital regulatory simplification discussion. Untangling the weeds at the intersection between the two laws remains crucial for understanding pathways towards convergence and harmonisation. On the one hand remains the question of which GDPR legal basis is most appropriate for the training of AI systems, and on the other hand the use of sensitive data for bias detection and correction (Article 10(5) AI Act) in AI systems seems at odds with Article 9 GDPR. In this context, the conversation from Panel I will be deepened in this Panel II with key questions including:

  • What have we learned from the guidance of Data Protection Authorities on the application of the GDPR to the development and deployment of AI systems? 
  • What are the key elements of emerging practice(s) for training AI systems, including GPAI models, in ways that comply with the GDPR and respect its principles? 
  • To what extent is it possible to rely on technical and policy tools, including anonymisation, to resolve legal tensions between the GDPR and AI Act?

MODERATOR:

  • Prof. Sophie Stalla-Bourdillon, Co-Director, Brussels Privacy Hub

PANELISTS:

  • Lorelien Hoet, Director EU Government Affairs, Microsoft
  • Panelist: To be announced
  • Panelist: To be announced
  • Panelist: To be announced

12:15 pm –
1:15 pm CET

LUNCH BREAK

Sponsored by Prosus

1:15 pm –
2:15 pm CET

BREAKOUT WORKSHOPS – HAVE YOUR SAY!

TOPIC 1The Right to an Explanation: from the GDPR to the AI Act 

TOPIC 2 -From Theory to Practice: How would you change the GDPR?

TOPIC 3 – Agentic AI under the GDPR and the EU AI Act 

TOPIC 1 FACILITATOR:

  • Prof. Gianclaudio Malgieri, Leiden University

 

TOPIC 2 FACILITATORS:

  • Bárbara Lazarotto, Marie-Sklodowska Curie Action’s Fellow, VUB
  • Pablo Trigo Kramcsák, PhD Researcher, VUB

 

TOPIC 3 FACILITATORS: 

  • Vincenzo Tiani, EU Senior Counsel, Future of Privacy Forum
  • Monika Tomczak-Gorlikowska, Global Head of Privacy, Digital & AI Governance, Prosus Group

2:15 pm –
2:30 pm CET

REPORTING BACK FROM WORKSHOPS

Join us back in plenary as we share key learnings and take-aways from the Breakout Workshops.

Workshop Facilitators

2:30 pm –
2:50 pm CET

HONORED GUEST SPEAKER TALK

Prof. Norman Sadeh, Carnegie Mellon University

2:50 pm –
3:20 pm CET

COFFEE BREAK

3:20 pm –
3:35 pm CET

LIGHTNING TALK #2

Ylja Remmits, Head of Projects, Algorithm Audit

3:35 pm –
4:20 pm CET

PANEL III – Data Protection Authorities in the Spotlight: Pathways for Harmonisation

Over the last two years in particular, Data Protection Authorities (DPAs) across the EU have emerged as some of the most vocal regulators on the application of data protection law to AI systems. As many published specific guidance on the interplay between the GDPR and AI Act, others have focused on enforcing the GDPR in AI contexts. While the AI enforcement landscape is very much still developing, it is already possible to map some of the most prominent issues identified by DPAs. With the overarching question of digital regulatory simplification in mind, this all-DPAs panel will address provocative questions and share ideas for pathways towards harmonisation and cooperation. Questions include:

  • Is data protection law the “real” AI regulator? If so, what are the implications for the AI Act? 
  • What have we learned from DPAs’ AI guidance and enforcement of the GDPR in AI contexts so far?
  • Is there a case to be made for better harmonisation across the EU data protection landscape, and is this a question that can be solved by reopening the GDPR?

 

MODERATOR:

  • Dr. Gabriela Zanfir-Fortuna, VP for Global Privacy, Future of Privacy Forum

PANELISTS:

  • Sarah Artola, Juriste, CNIL
  • Guido Scorza, Member of the Board, Italian Data Protection Authority (Garante)
  • Sven Stevenson, Director Coordination Supervision on Algorithms (DCA), Dutch DPA
  • Panelist: To be announced

4:20 pm –
4:40 pm CET

“IN DIALOGUE”

Continuing the “In Dialogue” series, with Supervisor Wojciech Wiewiórowski and Prof. Gianclaudio Malgieri.

SPEAKERS:

  • Prof. Gianclaudio Malgieri, Leiden University
  • Wojciech Wiewiórowski, European Data Protection Supervisor

4:40 pm –
4:45 pm CET

CLOSING REMARKS

Thank you from the Organisers.

CO-HOSTS

  • Bianca-Ioana Marcu, Managing Director, Future of Privacy Forum
  • Prof. Gianclaudio Malgieri, Honorary Director, Brussels Privacy Hub

4:45 pm –
6:00 pm CET

BITES & COCKTAIL RECEPTION

We invite you to close the 9th edition of the Brussels Privacy Symposium with us, and join us for cocktails.

Speakers

Itxaso Domínguez de Olazábal

Policy Advisor, EDRi

I​​txaso Domínguez de Olazábal (she/her), PhD, is a Policy Advisor at European Digital Rights (EDRi), specialising in data protection with a focus on commercial surveillance. Her work examines the intersection of technology, surveillance, and content governance, highlighting the need to protect both individual and collective rights, particularly for vulnerable communities within and beyond Europe. She has extensive experience in digital rights, including at 7amleh, where she addressed the extraterritorial impact of EU digital laws and corporate responsibility in violating rights across the Global Majority. In addition to her role at EDRi, Dr Domínguez de Olazábal is a professor of international relations and geopolitics.

Lorelien Hoet

Director EU Government Affairs, Microsoft

Lorelien Hoet is Director of EU Government Affairs at Microsoft. In this role, she deals notably with European questions regarding privacy, law enforcement, content regulation and telecommunications policies. Before joining Microsoft in 2018, she worked as a legal executive at Proximus, holding different positions including Head of Legal Consumer business, and at Orange where she worked as Director of Regulatory Affairs. She holds an LL.M from KU Leuven and was also active as attorney at the bars of Brussels and Stockholm.

Bárbara Lazarotto

Marie-Sklodowska Curie Action’s Fellow, VUB

Barbara Lazarotto is a PhD researcher at the Law Science Technology and Society research group at the Vrije Universiteit Brussel. She is a Marie-Skloswska Fellow at Horizon 2020 Legality Attentive Data Scientists – LeADS Project.

Prof. Gianclaudio Malgieri

Honorary Director, Leiden University & Brussels Privacy Hub

An Associate Professor of Law and technology at Leiden University (the Netherlands), where he is a Board Member of the eLaw Center for Law and Digital Technologies. He is a Honorary Director of the Brussels Privacy Hub, as the Managing Editor of CLSR (Computer Law & Security Review, Elsevier), and co-leads “VULNERA“, the International Observatory of Vulnerable People in Data Protection. He is the Project leader of RESOCIAL, an NWO-funded project on vulnerability and resilience on social media and he is the author of “Vulnerability and Data Protection Law” (Oxford University Press, 2023). Gianclaudio has authored over 80 publications, including articles in leading international academic journals. His works have been cited by, inter alia, top international newspapers (The New York Times, The Washington Post, Le Monde, Politico, La Tribune) and European and International Institutions.

Bianca-Ioana Marcu

Managing Director for Europe, FPF

Bianca-Ioana Marcu is the Managing Director for Europe at the Future of Privacy Forum (FPF), where she advances thought leadership on data protection, privacy, and AI regulation from a global perspective. Leading a team of legal and policy experts in Brussels, Bianca’s work at FPF focuses on finding pathways for continued cooperation and dialogue on digital regulation, ensuring that strong respect for fundamental rights coexists alongside technology development.

Prior to joining FPF, Bianca was the Managing Director of the Computers, Privacy and Data Protection (CPDP) Conference, served as co-Director of the Belgian NGO Privacy Salon, as well as a Researcher in Law at the LSTS Research Group of the Vrije Universiteit Brussel. With an LLM in International Law, Globalisation and Human Rights from Maastricht University, Bianca’s research and publications have previously focused on Data Protection as the Last Line of Defence (Springer Nature), the legal challenges of Biometrics, Facial Recognition and the Fundamental Rights of Minors (European Law Blog), and on AI regulation from the perspective of international law (FPF).

In addition to managing the Europe office, Bianca also coordinates FPF’s presence in Africa by centering African-led expertise, fostering inclusive collaboration, and advancing the global digital regulatory dialogue by connecting local priorities with global developments. Bianca also held roles in advocacy, with a focus on gender justice, and holds a Data Protection Officer (DPO) certification from the European Centre on Privacy and Cybersecurity.

Olivier Micol

Head of the Data Protection Unit, DG JUST, European Commission

Olivier Micol is since 2016 the head of the Data protection unit within the Directorate General for Justice and Consumers of the European Commission. His tasks include monitoring the implementation of the EU data protection rules, in particular the GDPR, and the respect of these rules in all EU policies. 

Within the European Commission, he previously followed the bilateral trade relations between the EU and Asia for 12 years, in the Directorate General for Trade and in the EU Delegation in China. He also worked for 7 years in the field of consumer policy, as deputy head of the Consumer strategy unit, and subsequently as head of the Financial services and redress unit in the Directorate General for Justice and Consumers.

Prof. Norman Sadeh

Professor, Carnegie Mellon University

Norman Sadeh is a Professor in the School of Computer Science at Carnegie Mellon University (CMU). Sadeh has (co-)founded and (co-)directed several groundbreaking graduate programs at CMU. This includes the Privacy Engineering Program (co-founder and co-director,2012-present), the Ph.D. Program in Societal Computing (co-founder and co-director, 2003-2013), and the MBA track in Technology Strategy and Product Management launched jointly by the Tepper School of Business and the School of Computer Science (co-founder and director, 2005-2017). Sadeh’s current research interests include cybersecurity, online privacy, Human-AI Interaction, AI governance, mobile computing, the Internet of Things, user-oriented machine learning, language technologies, and semantic web technologies.

Sadeh is well known for his pioneering work on AI-based privacy enhancing technologies, including the development of privacy assistants, the development of automated privacy compliance tools, and the development of NLP-based privacy enhancing technologies. He has also conducted foundational work on modeling people’s privacy expectations and preferences and on privacy and security nudging. His work has been credited with influencing the development of privacy-enhancing solutions at companies that include Apple, Google and Facebook/Meta (e.g., more expressive mobile app permissions, background privacy reminders/nudges, privacy dashboards, privacy compliance tools, mobile app privacy labels). Sadeh is the lead designer of CMU’s Privacy Infrastructure for the Internet of Things (IoT). Results of his research have also informed privacy policy and activities at regulatory agencies, including the Federal Trade Commission and the California Office of the Attorney General (e.g., mobile app privacy compliance, CCPA privacy opt-out notices, IoT privacy).

Guido Scorza

Member of the Board, Italian Data Protection Authority (Garante)

Guido Scorza is a lawyer, journalist, and adjunct professor of law in new technologies and privacy. He is a member of the Board of the Italian Data Protection Authority and formerly a Supreme Court lawyer and founding partner of the law firm E-Lex.

He has held institutional roles including Head of Legal Affairs for the Italian Digital Transformation Team, legal advisor to the Minister for Innovation, government representative at ICANN, and member of the Council of Europe’s ad hoc committee on AI regulation.

He teaches privacy, IT law, and digital rights at several Italian universities, including Roma Tre, UNINT, and Bologna.

He is the author of several books, such as Diario di un chatbot sentimentale (Luiss Press), Neuroverso (Mondadori), La privacy explained simply to young people (Mondadori), Processi al futuro (Egea), and Artificial Intelligence (Mondadori).

Prof. Sophie Stalla-Bourdillon

co-Director, Brussels Privacy Hub

Sophie Stalla-Bourdillon is co-Director of the Privacy Hub. She is also a visiting professor at the University of Southampton Law School of law, where she held the chair in IT law and Data Governance until 2022. She was Principal Legal Engineer at Immuta Research for six years. Sophie is the author and co-author of several legal articles, chapters and books on data protection and privacy. She is Editor-in-chief of the Computer Law and Security Review, a leading international journal of technology law, and has also served as a legal and data privacy expert for the European Commission, the Council of Europe, the Organisation for the Cooperation and Security in Europe, and for the Organisation for Economic Cooperation and Development.

Vincenzo Tiani

EU Senior Policy Counsel, FPF

Vincenzo Tiani is an EU Senior Policy Counsel at the Future of Privacy Forum, based in Brussels, where he primarily focuses on the intersection of data protection and AI.

Vincenzo holds an LL.M in IP and ICT Law from KU Leuven. He is an Adjunct Professor at IULM University in Milan, Italy, where he teaches copyright and data protection, and at EDHEC Business School in Lille, France, where he instructs on Digital Law and Data Regulation. Since 2022, he has been a Ph.D. candidate at the VUB University of Brussels and serves as the Programme & Dissemination Coordinator of the Brussels Privacy Hub, researching topics related to artificial intelligence and personal data protection.

Since 2017, Vincenzo has been a regular contributor to various Italian media outlets, including Wired, Vice, Il Sole 24 Ore, La Repubblica, StartupItalia, and Domani, writing about European digital policies.

Prior to joining FPF, Vincenzo’s career included roles at the European Parliament, where he focused on European Copyright reform; EDRi, an NGO dedicated to protecting citizens’ fundamental rights online; and CDT, the Center for Democracy & Technology, an international organization that safeguards fundamental rights online and works to maintain a free and innovative Internet. From October 2020 to November 2024, he worked as the Resident Partner of PANETTA Law Firm in Brussels, representing the firm.

Vincenzo has been a member of the Hermes Center for Transparency and Digital Human Rights, an Italian NGO, since 2018, where he monitors European legislative developments and their impact on fundamental rights online. In spring 2020, he was appointed to the Italian Ministry of Innovation’s Data Task Force to assess the data protection impact of Covid-19 contact tracing apps. From 2022 to 2024, he served as an External Advisor on AI and Digital issues for the office of MEP Brando Benifei, co-rapporteur of the AI Act. In 2024, he joined the OECD expert group on Data Protection and AI.

Monika Tomczak-Gorlikowska

Global Head of Privacy, Digital & AI Governance, Prosus Group

Monika Tomczak-Górlikowska is the Global Head of Privacy, Digital & AI Governance for the Prosus Group – a multinational consumer internet group with headquarters in Europe and one of the largest technology investors in the world. Monika also serves as a member of the Board of Directors of the International Association of Privacy Professionals (IAPP). Monika began her career at the Legal Service of the General Secretariat of the Council of the EU in Brussels. She is now based in Amsterdam and previously was the Senior Data Privacy Legal Counsel at Shell International Limited in London. Monika is a licensed attorney (adwokat) with over 25-years in practice. Prior to her in-house tenures she was in private practice, including at the offices of Miller, Canfield in Poland. She holds a Master of European Law degree (LLM cum laude) from the Law Department of the College of Europe in Brugge (Belgium). Monika has also served as Co-Chair of the Steering Committee of the Forum on International Privacy Law and a member of the IAPP European Advisory Board. Monika is also hexalingual: she speaks English, French, Spanish, Italian, Polish and Portuguese fluently.

Pablo Trigo Kramcsák

PhD Researcher, VUB

Pablo Trigo Kramcsák is a PhD researcher in the Law, Science, Technology and Society Research Group (LSTS) at the Vrije Universiteit Brussel (VUB). His PhD research explores the legitimate interest as a suitable legal ground for processing AI training datasets, considering the potential impacts on data subjects’ rights. He is also a researcher at the Centre for Information Technology Law Studies within the Faculty of Law at the University of Chile, delving into the dynamics of data protection laws, cross-border data flows, and digital trade. Pablo obtained his LLB degree from the Pontifical Catholic University of Chile and holds an LL.M. degree in International Law from the University of Heidelberg and the University of Chile.

Wojciech Wiewiórowski

European Data Protection Supervisor

European Data Protection Supervisor (EDPS) since December 2019.

Adjunct professor in the Faculty of Law and Administration of the University of Gdańsk. He was among others adviser in the field of e-government and information society for the Minister of Interior and Administration, the Director of the Informatisation Department at the Ministry of Interior and Administration. He also represented Poland in committee on Interoperability Solutions for European Public Administrations (the ISA Committee) assisting the European Commission.

The Inspector General for the Protection of Personal Data (Polish Data Protection Commissioner) 2010-2014 and the Vice Chair of the Working Party Art. 29 in 2014. In December 2014, he was appointed as Assistant European Data Protection Supervisor while in December 2019 he became the new Supervisor.

His areas of scientific activity include first of all Polish and European IT law, processing and security of information, legal information retrieval systems, informatisation of public administration, and application of new IT tools (semantic web, legal ontologies, cloud, blockchain) in legal information processing.

Gabriela Zanfir-Fortuna

Vice President for Global Privacy, FPF

Dr. Gabriela Zanfir-Fortuna is a globally recognized data protection law expert, with 15 years of experience in the field split between Europe and the U.S., spanning academia, public service, consulting and policy. She currently is Vice President for Global Privacy at the Future of Privacy Forum, a global non-profit headquartered in Washington DC, coordinating FPF’s offices and partners in Brussels, Tel Aviv, Singapore, Nairobi, and New Delhi, and leading the work on global privacy and data protection developments related to new technologies, including AI. She is also a founding Advisory Board Member of Women in AI Governance, and an affiliated researcher to the LSTS Center of Vrije Universiteit Brussel.

Dr. Zanfir-Fortuna worked for the European Data Protection Supervisor and is a member of the Reference Panel of the Global Privacy Assembly – the international organization reuniting data protection authorities around the world, as well as a member of the T20 engagement group of the G20 under Brazil’s Presidency in 2024.

She was elected to be part of the Executive Committee of ACM’s Fairness, Accountability and Transparency (FaccT) Conference (2021-2022). Her scholarship on the GDPR is referenced by the Court of Justice of the EU, and in 2023 she won the Stefano Rodota Award of the Council of Europe for the paper “The Thin Red Line: Refocusing Data Protection Law on Automated-Decision-Making“, alongside her co-authors. Dr. Zanfir-Fortuna holds a PhD in Law with a thesis on the rights of the data subject under EU Data Protection Law, and an LLM in Human Rights (University of Craiova).

THANK YOU TO OUR SPONSORS!

SPONSORSHIP AVAILABLE AS OUTLINED BELOW

fpf sponsorship prospectus singles brussels privacy symposium r2 (2)

Location

atelier des tanneurs brussels image

Les Ateliers des Tanneurs - Rue des Tanneurs 60A, 1000 Bruxelles, Belgium