CPDP1

CPDP2017

programMe

CPDP2017 will stage more than 60 panels and workshops with a stimulating mix of academics, practitioners, regulators and advocates, as well as multiple side events such as open debates, PechaKucha performances and artistic interventions. Please note that this is a preliminary version of the programme which is still in its early stages. Accordingly, some panels may change or be rescheduled.

07.30 - Registration in La Cave

08.15 - Welcome coffee in Le Village

08.30 - WELCOME AND INTRODUCTION IN GRANDE HALLE

wednesday 25 january 2017 • LA CAVE

8.45 - BEYOND ENCRYPTION - NEW POWERS AND NEW PROBLEMS

academic •• policy ••• business •

organised by CPDP

Chair Patrick Penninckx, Council of Europe (INT)

Moderator Gus Hosein, Privacy International (UK)

Panel Glyn Moody, Ars Technica (UK), Catherine Van De Heyning, University of Antwerp (BE), Pat Walshe, Privacy Matters (UK)

The crypto wars continue to simmer and deserve renewed pressure and attention. Yet governments are not standing still while end to end cryptography is deployed by just a few companies. Rather they are exploring and using new powers, notably hacking. This includes orders in companies to assist with hacking, such as the Technical Service Notes in the new U.K. legislation and as we saw arise in a form with the Apple v FBI fight and the NSO Group story in Bahrain and Mexico. What are and should be the boundaries of these new powers?

  • Crypto wars
  • Law Enforcement (LE) hacking
  • What is currently allowed?
  • What should be the limits?

10.00 - Coffee break

10.30 - Online advertising: Data Protection and Privacy concerns of users, industry and regulators

academic •• policy •• business ••

organised by TYPES project

Chair Townsend Feehand, IAB Europe (BE)

Moderator Nikolaos Laoutaris, Telefónica and Data Transparency Lab (ES)

Panel John W. Byers, Boston University (US), Christopher W. Clifton, Purdue University (US), Will DeVries, Google (US), Pedro Martin Jurado, Spanish Ministry of Industry (ES), Claire Levallois-Barth, Telecom ParisTech (FR)

The lack of awareness of citizens regarding the management of personal information and their increasing concern regarding privacy and data protection pose a serious risk for the sustainable economic growth of online services. In 2015, the Eurobarometer study revealed that 63% of EU citizens do not trust online businesses (search engines, online social networks, e-mail services), more than half of the citizens neither like providing personal information in return for free services, nor appreciate the use of their personal data for targeted advertising. These numbers implicitly demand for more transparency over the use of personal data in online services. The recently adopted General Data Protection Regulation (GDPR) aims at easing the current situation by enhancing users’ control over their personal data. In light of the concerns this situation raises for online advertising sector, the panel will address the following questions:

  • What are the main concerns of citizens in relation to the use of their personal data?
  • What are the most illustrative examples of an intrusive-discriminative usage of collected personal data?
  • What does differentiate a “good guy” from a “bad guy” in AdTech? What is the role of self-regulation?
  • Do we have the right technological and human resources to monitor and enforce the GDPR?

11.45 - THE LAW AND SCIENCE OF DE-IDENTIFICATION

academic •• policy ••• business •

organised by Future of Privacy Forum

Chair tbd

Moderator Kelsey Finch, FPF (US)

Panel Claude Castelluccia, INRIA (FR), Simon Hania, TomTom (NL), Alessandro Spina, EMA (UK), Sophie Stalla-Bourdillon, University of Southampton (UK)

De-identification—the process of modifying personal data to ensure that data subjects are no longer identifiable—is one of the primary measures that organizations use to protect privacy. Over the past few years, however, computer scientists and mathematicians have demonstrated that de-identification is not foolproof. At the same time, organizations around the world necessarily continue to rely on a wide range of technical, administrative and legal measures to reduce data identifiability. The GDPR recognizes the concept of pseudonymization, albeit with limited legal implications compared to its stricter relative, anonymization. This session draws on The Brussels Privacy Symposium, which has generated scholarship on technical, policy, economic and ethical aspects of the de-identification debate.

  • Hear a panel of interdisciplinary experts discuss the technology, law and policy of de-identification.
  • Consider practical implementations of privacy protective data sharing.
  • Discuss key GDPR terms such as anonymisation, pseudonymisation and personal data.
  • Assess identifiability as a spectrum of states as opposed to a binary approach.

13.00 - PRIVACY PLATFORM: ETHICS AND LAW IN PRIVACY [STARTS AT 13.00, TILL 14.30]

academic ••• policy •••

organised by Sophie in ‘t Veld, MEP

Chair Sophie in ‘t Veld, MEP (EU)

Panel Lokke Moerel, Morrison Foerster (NL), Hielke Hijmans, CIPL (BE)

14.30 - POPULIST POLITICS AND THE PROSPECTS FOR PRIVACY [STARTS AT 14.30, TILL 15.45]

policy •••• business ••

organised by CPDP

Chair Stewart Dresner, Privacy Laws & Business (UK)

Moderator Fanny Hidvegi, AccessNow (INT)

Panel Edward Hasbrouck, PapersPlease.org (US), Jay Stanley, ACLU (US), Wojciech Wiewiórowski, EDPS (EU), Kimon Zorbas, Nielsen (BE)

What are the implications for privacy of the growing electoral strength of populist politicians and parties within Europe and among Europe's trading partners and neighbours? What are the most important privacy-related changes we can expect from populist national leaders and governments that will affect policies, businesses, and individuals? What sectors will be most affected? How will populist politics and politicians project their power internationally in ways that impact privacy? What sorts of privacy-related domestic and international conflicts can we expect? How are businesses coping? What new academic work is being carried out, or is called for, in this area? This session will provide a forum for the panelists and the audience to share and compare our ideas, predictions, and responses to an issue that is already on many of our minds.

  • Will populist governments only intensify existing privacy issues, or also create new ones?
  • Will populism bring more problems with commercial data or with government surveillance?
  • How do populist governments identify, track, profile, and "vet" citizens and foreigners?
  • What is the future of open and closed borders and freedom of movement ("reisefreiheit)?

15.45 - Coffee break

16.00 - LEGAL CHALLENGES TO THE INTERNATIONAL TRANSFER OF DATA: PRIVACY SHIELD AND STANDARD CONTRACTUAL CLAUSES

academic • policy ••• business ••

organised by BSA | The Software Alliance

Chair Bruno Gencarelli, DG JUST (EU)

Moderator Guido Lobrano, Business Europe (EU)

Panel Thomas Boué, BSA (US), Chris Conolly, Galexia (UK), Fanny Hidvegi, AccessNow (INT), Christopher Kuner, Brussels Privacy Hub (BE)

This panel will focus on the recent legal challenges to data transfers from Europe to the rest of the world: from the Schrems II case on the use of Standard Contractual Clauses to the recent formal complaints against Privacy Shield seeking to annul the European Commission implementing decision Digital Rights Ireland and La Quadrature du Net, and what these could entail for global data transfer mechanisms. After a brief explanation of the various challenges and the transfer tools put into question, we will focus on the implications that these challenges may have if they were to succeed. This panel will allow for a timely and very topical discussion on a series of ongoing legal developments that may have a profound impact on the future of the Europe and its economy.

  • What is at stake with regard to the legal challenges to data transfers from Europe today?
  • Why is Privacy Shield qualitatively different from Safe Harbor?
  • Are SCCs and Privacy Shield comparable?
  • If both the use of SCCs and Privacy Shield are annulled, what then?

17.15 - CONSUMER CREDIT, PROFILING, AND AUTOMATED DECISION-MAKING

academic ••• policy •• business •

organised by the Institute for Information Law (IViR), University of Amsterdam (NL)

Chair Katja de Vries, VUB-LSTS (BE)

Moderator Frederik Zuiderveen Borgesius, IViR, University of Amsterdam (NL)

Panel Ralf Bendrath, European Parliament (EU), Federico Ferretti, Brunel University London (UK), Estelle Masse, AccessNow (INT), Peter van den Bosch, Dutch Credit Rating Agency (NL)

Lenders use profiling to estimate a consumer’s creditworthiness. Lenders have legitimate reasons to adapt interest rates to certain consumers, or refuse to lend to them. Increasing amounts of information (‘big data’) become available for profiling. One UK online lender uses up to 8000 data points to assess, automatically, a consumer’s creditworthiness. However, automatically deciding whether a consumer is granted credit or not brings problems. For instance, profiling-based decisions are often incorrect for a particular consumer. A second problem is the opaqueness of profiling: consumers may not know why they are denied services or why they have to pay a higher interest rate. Third, profiling can discriminate unintentionally, for instance when an algorithm learns from data reflecting biased human decisions.

  • What are the main risks of profiling and automated decisions in the context of consumer credit?
  • Are the profiling rules in the General Data Protection Regulation sufficient to protect people?
  • Should the law do more to protect people against discrimination or unfair treatment, and if so: what?
  • Are specific rules needed for profiling in the context of consumer credit?

18.30 - CoCKTAIL sponsored by EPIC IN LE VILLAGE

SPonsors AND PARTNERS 2017

Sponsors2017A

CONFERENCE PARTNERS

ConferencePartners2017

CONFERENCE PARTNERS

ConferencePartners1