CPDP2017 will stage more than 70 panels and workshops with a stimulating mix of academics, practitioners, regulators and advocates, as well as multiple side events such as open debates, PechaKucha performances and artistic interventions. Some last-minute changes are always possible.

Download the full version of the programme here (PDF, 32 MB). Registered particpants will receive a hard copy in their registration pack on-site.

07.30 - Registration in La Cave

08.15 - Welcome coffee in Le Village


wednesday 25 january 2017 • LA CAVE


academic •• policy ••• business •

organised by CPDP

Chair Patrick Penninckx, Council of Europe (INT)

Moderator Gus Hosein, Privacy International (UK)

Panel Seda Gürses, ESAT-KU Leuven (BE), Glyn Moody, Ars Technica (UK), Catherine Van De Heyning, University of Antwerp (BE), Pat Walshe, Privacy Matters (UK), Phil Zimmermann, TU Delft (NL)

The crypto wars continue to simmer and deserve renewed pressure and attention. Yet governments are not standing still while end to end cryptography is deployed by just a few companies. Rather they are exploring and using new powers, notably hacking. This includes orders in companies to assist with hacking, such as the Technical Service Notes in the new U.K. legislation and as we saw arise in a form with the Apple v FBI fight and the NSO Group story in Bahrain and Mexico. What are and should be the boundaries of these new powers?

  • What is next for the crypto wars?
  • How are companies dealing with Law Enforcement hacking?
  • What is currently allowed under law and beyond?
  • Should and can we regulate government hacking?

10.00 - Coffee break

10.30 - Online advertising: Data Protection and Privacy concerns of users, industry and regulators

academic •• policy •• business ••

organised by TYPES project

Chair Townsend Feehand, IAB Europe (BE)

Moderator Nikolaos Laoutaris, Telefónica and Data Transparency Lab (ES)

Panel John Byers, Boston University (US), Christopher Clifton, Purdue University (US), Will DeVries, Google (US), Pedro Martin Jurado, Spanish Ministry of Industry (ES), Claire Levallois-Barth, Telecom ParisTech (FR)

The lack of awareness of citizens regarding the management of personal information and their increasing concern regarding privacy and data protection pose a serious risk for the sustainable economic growth of online services. In 2015, the Eurobarometer study revealed that 63% of EU citizens do not trust online businesses (search engines, online social networks, e-mail services), more than half of the citizens neither like providing personal information in return for free services, nor appreciate the use of their personal data for targeted advertising. These numbers implicitly demand more transparency around the use of personal data in online services. The recently adopted General Data Protection Regulation (GDPR) aims at easing the current situation by enhancing users’ control over their personal data. In light of the concerns this situation raises for the online advertising sector, the panel will address the following questions:

  • What are the main concerns of citizens in relation to the use of their personal data?
  • What are the most illustrative examples of an intrusive-discriminatory usage of collected personal data?
  • What differentiates a “good guy” from a “bad guy” in AdTech? What is the role of self-regulation?
  • Do we have the right technological and human resources to monitor and enforce the GDPR?


academic •• policy ••• business •

organised by Future of Privacy Forum

Chair Claudia Diaz, KU Leuven (BE)

Moderator Kelsey Finch, FPF (US)

Panel Claude Castelluccia, INRIA (FR), Simon Hania, TomTom (NL), Alessandro Spina, EMA (UK), Sophie Stalla-Bourdillon, University of Southampton (UK)

De-identification—the process of modifying personal data to ensure that data subjects are no longer identifiable—is one of the primary measures that organizations use to protect privacy. Over the past few years however, computer scientists and mathematicians have demonstrated that de-identification is not foolproof. At the same time, by necessity, organisation around the world continue to rely on a wide range of technical, administrative and legal measures to reduce data identifiability. The GDPR recognizes the concept of pseudonymization, albeit with limited legal implications compared to its stricter relative, anonymization. This session draws on The Brussels Privacy Symposium, which has generated scholarship on technical, policy, economic and ethical aspects of the de-identification debate.

  • Hear a panel of interdisciplinary experts discuss the technology, law and policy of de-identification.
  • Consider practical implementations of privacy protective data sharing.
  • Discuss key GDPR terms such as anonymisation, pseudonymisation and personal data.
  • Assess identifiability as a spectrum of states as opposed to a binary approach.

13.00 - European Parliament Privacy Platform - Ethics and Law in Privacy [STARTS 13.00, ENDS 14.30]

academic • policy ••• business ••

organised by Sophie in ‘t Veld, MEP

Moderator Sophie in ‘t Veld, MEP (EU)

Panel Hielke Hijmans, CIPL (BE), Brendon Lynch, Microsoft (US), Lokke Moerel, Morrison Foerster (NL), Paul Nemitz, DG Just (EU)

The panel will explore the role of ethics in qualifying open norms in the GDPR and in interpretation of privacy legislation by courts. Furthermore, how can companies and organisations implement their Corporate Social Responsibility policies in terms of privacy?


policy •••• business ••

organised by CPDP

Chair Fanny Hidvegi, AccessNow (BE)

Moderator Stewart Dresner, Privacy Laws & Business (UK)

Panel Edward Hasbrouck, PapersPlease.org (US), Jay Stanley, ACLU (US), Wojciech Wiewiórowski, EDPS (EU), Kimon Zorbas, Nielsen (BE)

Nationalist and populist politicians and parties are gaining electoral strength within Europe and among Europe’s trading partners and neighbors. Businesses, activists, and government officials concerned with privacy all want to know what privacy-related changes we can expect from these leaders, parties, and governments; what sectors will be most affected; and what responses are called for from the privacy community. These governments may have characteristic domestic policies and practices that affect privacy. They also may project their power internationally in ways that impact privacy. The panelists in this session are activists, business executives, and government officials who can speak from their ongoing direct engagement in privacy work with nationalist and populist governments. This session will provide a forum for the panelists and the audience to share and compare our ideas, predictions, and responses to a global phenomenon that is already on many of our minds.

  • Will nationalist and populist governments only intensify existing privacy issues, or also create new ones?
  • Will nationalism and populism bring more problems with commercial data or with government surveillance?
  • How do nationalist and populist governments identify, track, profile, and “vet” citizens and foreigners?
  • What is the future of open and closed borders and freedom of movement?

15.45 - Coffee break


academic • policy ••• business ••

organised by BSA | The Software Alliance

Chair Guido Lobrano, Business Europe (EU)

Moderator Ralf Sauer, European commission (EU)

Panel Thomas Boué, BSA (US), Chris Conolly, Galexia (UK), Fanny Hidvegi, AccessNow (BE), Christopher Kuner, Brussels Privacy Hub (BE)

This panel will focus on the recent legal challenges to data transfers from Europe to the rest of the world: from the Schrems II case on the use of Standard Contractual Clauses to the recent formal complaints against Privacy Shield seeking to annul the European Commission implementing decision – Digital Rights Ireland and La Quadrature du Net – and what these could entail for global data transfer mechanisms. After a brief explanation of the various challenges and the transfer tools put into question, we will focus on the implications that these challenges may have if they were to succeed. This panel will allow for a timely and very topical discussion on a series of ongoing legal developments that may have a profound impact on the future of the Europe and its economy.

  • What is at stake with regard to the legal challenges to data transfers from Europe today?
  • Why is Privacy Shield qualitatively different from Safe Harbor?
  • Are SCCs and Privacy Shield comparable?
  • If both the use of SCCs and Privacy Shield are annulled, what then?


academic ••• policy •• business •

organised by the Institute for Information Law (IViR), University of Amsterdam (NL)

Chair Katja de Vries, VUB-LSTS (BE)

Moderator Frederik Zuiderveen Borgesius, IViR, University of Amsterdam (NL)

Panel Ralf Bendrath, European Parliament (EU), Federico Ferretti, Brunel University London (UK), Estelle Masse, AccessNow (BE), Peter van den Bosch, Dutch Credit Rating Agency (NL)

Lenders use profiling to estimate a consumer’s creditworthiness. Lenders have legitimate reasons to adapt interest rates to certain consumers, or refuse to lend to them. Increasing amounts of information (‘big data’) become available for profiling. One UK online lender uses up to 8000 data points to assess, automatically, a consumer’s creditworthiness. However, automatically deciding whether a consumer is granted credit or not brings problems. For instance, profiling-based decisions are often incorrect for a particular consumer. A second problem is the opaqueness of profiling: consumers may not know why they are denied services or why they have to pay a higher interest rate. Third, profiling can discriminate unintentionally, for instance when an algorithm learns from data reflecting biased human decisions.

  • What are the main risks of profiling and automated decisions in the context of consumer credit?
  • Are the profiling rules in the General Data Protection Regulation sufficient to protect people?
  • Should the law do more to protect people against discrimination or unfair treatment, and if so: what?
  • Are specific rules needed for profiling in the context of consumer credit?

18.30 - CoCKTAIL sponsored by EPIC IN LE VILLAGE

SPonsors AND PARTNERS 2017