Wednesday 22 january 2014


download the full programme here to read offline







academic ••• policy •••

organised by Fordham University (US)

Chair Joel Reidenberg, Princeton/Fordham (US)

Moderator Robert Gellman, Independent Privacy Expert (US)

Panel Romain Bircher, International Committee for the Red Cross (CH), Christopher Mikkelson, Refugees United (DK), Hiroshi Miyashita, Chuo University (JP), Tim Schwartz, Missing Persons Community of Interest (US), Nigel Snoad, Google (UK)


When natural disasters strike, government agencies, humanitarian organizations, private companies and others, collect information about missing persons to share with friends and relatives and in order to provide emergency services. The Missing Persons Community of Interest, a group of volunteers, companies, non-profits and humanitarian organizations, is well-underway in the development of a set of technical protocols to enable information sharing across different data systems. These systems face an uncertain legal landscape. This panel will address the privacy and data protection issues associated with the development of the data sharing systems used to assist in locating missing persons, in particular:

  • What are the different organizations doing with personal information to help missing persons?
  • How does privacy law affect the sharing of missing person data, especially across national borders?
  • What can be done to facilitate the development of missing persons information systems consistent with privacy laws and responsibilities?


10.00 - Coffee break

10.30 – EU Data Protection Reform: Fixing the last bugs

policy ••••••

organised by CPDP

Chair Marie-Hélène Boulanger, EC DG Justice (EU)

Moderator Peter Schaar, European Academy for Freedom of Information and Data Protection (DE)

Panel Thomas Boué, BSA/The Software Alliance (BE), Hielke Hijmans, European Data Protection Supervisor (EU), Christopher Kuner, Wilson, Sonsini, Goodrich & Rosati (BE), Mario Oetheimer, Fundamental Rights Agency (EU)


It has been two years since the Commission released the data protection reform package. Despite the widespread acknowledgement of the necessity of reform, and the generally positive reaction to the package, many of the specifics have been hotly debated. Panel participants, encompassing a broad range of actors and perspectives, will elaborate and discuss the main technical problems still facing the reform. The panel will consider questions/issues such as:

  • Which aspects/mechanisms of the reform are still viewed as problematic, and by whom?
  • What shape do these problems take?
  • What is/will be the consequence of these pro-blems?
  • What alternative solutions have been proposed?



business ••• policy •••

organised by the Office of the Information and Privacy Commissioner Ontario, Canada

Chair Stewart Dresner, Privacy Laws and Business (UK)

Moderator Monique Altheim, The Law Office of Monique Altheim (US)

Panel Joan Antokol, Park Legal LLC (CA), Andre Delaforge, Natural Security (FR), Ann Cavoukian/Michelle Chibba, Office of the Information and Privacy Commissioner of Ontario (CA), Antonio Kung, Trialog (FR)


The momentum behind Privacy by Design (PbD) has been growing over the past several years. PbD was not developed as a theoretical concept of data protection, but meant to be a practical approach for implementation. We are now at the stage where market leaders and regulators are demonstrating ways to translate the principles of PbD into more prescriptive requirements, specifications, standards, best practices, and operational performance criteria. The participants on this panel will discuss the work being done to give concrete, meaningful operational effect to the principles of Privacy by Design.

  • Overview of PbD – where it started, how it has progressed, and where it is heading
  • Compliance aspects of PbD – how PbD can help organisations optimize compliance with the new EU data protection regulation
  • Business impacts of PbD – how PbD can help organisations fulfill their business objectives
  • Challenges in implementing PbD – what they are, why they exist, and how organisations can address them
  • Operationalizing PbD – recommendations, practical advice, and tools for organizations


13.00 - Lunch


policy ••••••

organised by CPDP

Chair Christopher Docksey, EDPS (EU)

Moderator Nikolaj Nielsen, EU Observer (BE)

Panel Anna Fielder, Privacy International (UK), Françoise Le Bail, EC DG Justice (EU), Philippos Mittleton, Permanent Representation of Greece (GR), Wojciech Wiewiórowski, GIODO (PL)


Following from the technical panel at 10.30, this panel will take a broader perspective and consider the current political context of data protection reform. With speakers representing the EU institutions, national DPAs and civil society, the panel will attempt to shed light on the key actors, constellations and drivers affecting further progress. The panel will consider questions/issues such as:

  • Who are now the main actors pushing/delaying the reform process?
  • What are their positions and how do they compare with each other?
  • What are the key debates influencing the reform?
  • What is the outlook for the reform package?


15.15 - Coffee break

15.30 - Internet Governance for (privacy experts) beginners

academic • business • policy ••••

organised by the Council of Europe

Chair Lee Bygrave, University of Oslo (NO)

Moderator Ben Wagner, University of Pennsylvania (US)

Panel Pat Walshe, GSMA (UK), Christine Runnegar, Internet Society (CH), Meryem Marzouki, Centre National de la Recherche Scientifique (FR), Sophie Kwasny, Council of Europe (FR)


The Internet is an aggregate of a vast range of ideas, technologies, resources and policies developed on the assertion of freedom and through collective endeavours in the common interest. It provides a space of freedom, facilitating the exercise and enjoyment of fundamental rights, participatory and democratic processes, and social and commercial activities. We ‘live’ on-line: read, buy, share pictures, apply for jobs, listen to music, etc. and at each of those moments of our lives, our personal data is processed.

The Internet governance discussions taking place in different fora contribute to shape common views on the evolution and the use of the Internet. The workshop will explore the intersection between internet policy making and application on the one hand, and privacy policy and enforcement on the other hand.

  • What is Internet governance (definition, issues at stake, actors, objectives)?
  • Where is it happening (universal, regional, and national initiatives)?
  • What are the links between internet governance discussions and privacy?
  • What is the added-value of the participation of privacy experts in those discussions?



business ••••• policy •

organised by the International Association of Privacy Professionals (IAPP)

Chair Henriette Tielemans, Covington & Burling (BE)

Moderator Omer Tene, International Association of Privacy Professionals (IAPP)(IT)

Panel Vivienne Artz, Citi (UK), Tobias Bräutigam, Nokia (FI), Simon Hania, TomTom (NL), Philippe Renaudière, European Commission (EU)


Most large and medium size organisations, in business and government, recognise the importance of establishing a privacy office to take charge of data protection and management. Yet, increasingly, privacy needs transcend the privacy office and become an essential part of the skill set of HR professionals, IT and data security personnel and financial managers. This means that privacy training has become essential not only for privacy professionals but also for employees in other parts of the organisation. Join this interactive panel discussion to: 

  • Explore what this new scale of engagement means for a privacy association 
  • Consider the essential elements of a privacy programme for non-privacy professionals
  • Identify the likely effects for individuals’ and consumers’ privacy. 



18.00 - Cocktail sponsored by IAPP


18.30 - Award ceremony Multidisciplinary Privacy Award






08.45 - Law Enforcement, Profiling and Social Media

academic ••• policy •••

organised by EMSOC

Chair Mathias Vermeulen, Vrije Universiteit Brussel (BE)

Moderator Gary Marx, MIT (US)

Panel Alba Bosch, EDPS (EU), Francesca Bosco, United Nations Interregional Crime and Justice Research Institute (INT), Ahmed Ghappour, University of Texas at Austin (US), Sadhbh McCarthy, Centre for Irish and European Security (IE)


The automated collection of large amounts of (personal) data is one of the most important technological challenges to the protection of the right to privacy and the protection of personal data. Law enforcement and intelligence agencies are increasingly mining  social networking sites in order to detect unexpected (communication) patterns between users. This panel will address different profiling techniques that are currently being used by these security actors and will examine their impact on the protection of privacy and the protection of personal data.

  • How does profiling using social media work?
  • How are law enforcement agencies using social media to profile people?
  • What is the legal framework, and what are the challenges to this framework, posed by social media profiling?
  • How do data protection authorities assess the challenges of social media profiling?


10.00 - Coffee break


business •• policy ••••

organised by European Union Agency for Network and Information Security (ENISA)

Chair Steve Purser, ENISA (EU)

Moderator Claudia Diaz, KU Leuven (BE)

Panel François Thill, Luxemburg Ministry of the Economy and Foreign Trade (LU), Kai Rannenberg, Goethe University Frankfurt (DE), Simone Fischer-Hübner, Karlstad University (SE), Trevor Hughes, International Association of Privacy Professionals (US), Ann-Sofie Ronnlund, EC DG Connect (EU)


The users of online services are expressing serious privacy concerns even though recent studies indicate that these concerns are not reflected in their daily practice online. Such a discrepancy could be addressed by investing in the education of users regarding personal data protection. In its “Cyber security Strategy of the European Union: An Open, Safe and Secure Cyberspace” the European Commission highlights the need for measures in order to “Step up national efforts on NIS education and training” including enhanced skills and competence for IT security and personal data protection. The objective is to establish trust - from the users’ perspective - in the online environment.

Stakeholders are invited to participate in the discussion and focus their attention on education and training initiatives, future challenges and on collaborative solutions. The panel will consider:

  • Training on network and information security (NIS) and personal data protection
  • Existing and possible certification programs: the NIS driving licence, privacy professionals certification
  • NIS and data protection basic training for staff working in public administrations
  • Privacy e-learning solutions
  • What’s next? Is the above enough?”



business ••• policy •••

organised by CPDP

Chair Kush Wadwha, Trilateral Research (UK)

Moderator Laura Juanes Micas, Yahoo! (US)

Panel Joseph Alhadeff, Oracle (US), Bruno Gencarelli, EC DG Justice (EU), Apar Gupta, Advani & Co. (IN)


With the advancement of biometrics projects, outsourced service centres and technology development centres, the data landscape in India is complex, requiring an understanding of legal initiatives from many other regions, across industry sectors. This panel will include views from the perspectives of research, industry, policy and civil society. Among the topics we expect to discuss are:

  • Views on the history of privacy protection initiatives in India
  • Impacts of regulations from outside India
  • The outlook for changes to India’s regulatory environment, and
  • How European data protection policy may be useful as a model for the future of DP in India


13.00 - Lunch

13.30 - Privacy Platform - Secure Science: Research and Data Protection: Will the proposals for new EU data protection legislation impede medical, social or historical research?

organised by Sophie in 't Veld, Member of the European Parliament (NL)

Hosted by Sophie in 't Veld, Member of the European Parliament (NL)

Panel Giulia Barrera, Directorate of Archives in Rome (IT), Corrette Ploem, University of Amsterdam Academic Medical Center (NL), Barry Ryan, Market Research Society (UK), Paul Timmers, EC DG Connect (EU)


The proposal for a new EU Data Protection Regulation, aimed at replacing the current Data Protection Directive, has sparked much debate as to how to strike the balance between the control of the data subject over their own personal data, and the possibility for data controllers to process data. Central to this debate is the legal basis for the processing of personal data. Is the processing authorised on the basis of a provision in national or European law, is there a legitimate interest for processing (and how to define and limit legitimate interest), or does the controller first need to establish the (explicit) consent of the data subject? For some data processing purposes this balance has been easier to strike than for others. During the deliberations in the European Parliament, the medical and historical research communities in particular have raised concerns that the ambitions of the Commission and Parliament to establish strong data subject rights might risk the effectiveness of research projects. To further explore these concerns, and to try to find the right balance between data subject control and processing for research purposes, this edition of the European Parliament’s Privacy Platform is dedicated to Secure Science: Research and Data Protection.

The panel will consider questions/issues such as:

  • The panel will explore the possible consequences of the new Data Protection Regulation for academic and commercial research.
  • The fields of medical and historical research will be discussed in detail.
  • What would be the impact of, respectively, the Commission proposal for a new Data Protection Regulation and the position adopted by the responsible European Parliamentary committee on 21 October 2013?
  • Talking points will be, among others, the specific concerns regarding the concept of explicit consent, the right to deletion and the special regime for medical research (Articles 81 and 83 of the proposed Regulation).



15.15 - Coffee break

15.30 - Personal Data in Medical Research with Electronic Health Records

academic ••• policy •••

organised by Linked2Safety

Chair Solvita Olsena, European Association of Health Law (LV)

Moderator Sjaak Nouwt, Royal Dutch Medical Association (NL)

Panel Athos Antoniades, University of Cyprus (CY), Zsuzsanna Belenyessy, EDPS (EU), Stefaan Callens, KU Leuven (BE), Panagiotis Gkouvas, Ubitech (GR), Norbert Graf, University Hospital Homburg (DE)


Electronic Health Records (EHRs) contain an increasing wealth of medical information. They have the potential to help significantly in advancing medical research, as well as improve health policies, providing society with additional benefits. However, the European healthcare information space is fragmented due to the lack of legal and technical standards, cost effective platforms, and sustainable business models. What are the current technical, legal and ethical challenges while trying to advance clinical practice and accelerate medical research by providing pharmaceutical companies, healthcare professionals and patients with an innovative secure semantic interoperability framework? How might the proposed Data Protection Regulation influence high level medical information technology research?

  • What is the role of Data Protection in medical research and in relation to Electronic Health Records
  • How can medical research (including with genetic data) be conducted to comply with Data Protection legislation?
  • What is the role of Data Protection Authorities regarding medical research with Electronic Health Records?
  • How will the proposed model of a General Data Protection Regulation influence patient privacy in medical research?



academic •• business •• policy ••

organised by the Joint Research Centre of the European Commission, Institute for the Protection and Security of the Citizen (EC JRC IPSC)

Chair Mariachiara Tallacchini, EC JRC IPSC (EU)

Moderator Mario Romao, Intel Europe (BE)

Panel Annibale Biggeri, Università degli studi di Firenze (IT), Barbara Prainsack, King’s College London (UK), Anne Wright, Carnegie Mellon University (US)


Despite their having been used for a long time to monitor personal fitness and health, wearable devices are now increasingly perceived and shaped as new empowering tools. Not only are individuals enabled to create and make sense of their own data for knowledge and decisions related to a variety of physical and psychological measures, but they can also collaborate and share their data with others (lay people and experts) for social purposes connected to health and the environment. The session will provide an opportunity to discuss and reflect on the scientific, ethical and legal aspects of this emerging and rapidly changing field.

  • What are the current practices and trends surrounding wearable devices in the US and the EU? How is industry reacting/coping with the new tendencies towards DIY?
  • What about the quality of knowledge? How can individually supplied data become comparable, reliable and validated?   
  • Are privacy and data protection hindering collaborative experiences?
  • How will the EU draft regulations on medical and in vitro devices affect the field?






8.45 - The Constitutionality of Data Retention: Discussing the case before the ECJ

organised by CPDP

Chair Simon Davies, Independant Privacy Advocate (UK)

Moderator Andreas Krisch, EDRi/AK Vorrat (AT)


There has been no piece of European legislation which has sparked more intense debate as to the privacy/security distinction than the Data Retention Directive. After more than 6 years of the Directive being in force, these debates have reached a head with the constitutionality of the Directive facing a challenge before the European Court of Justice. This session will take the shape of a structured debate considering the case and the underlying tensions it bring to the fore. In order to stimulate a fruitful and productive debate, audience members are asked to familiarize themselves with case documents in advance of the session. The session will consider questions/issues such as:

  • What are the issues of law involved – is anything missing?
  • What are the substantial issues involved – is anything missing?
  • What are the possible repercussions of the case?



organised by TUBerlin, SIAM project and EPINET project


This full day session focuses on the need for, and the practice of, Technology Impact Assessments (TIAs) with regard to novel technologies such as those used in security measures and grid applications. An increasing demand to include perspectives on the wider changes of the socio-political fabric of our societies creates a particular tension between normative and empirical approaches.




academic ••••• policy •

Chair Mireille Hildebrandt, Erasmus University Rotterdam/Radboud University Nijmegen/Vrije Universiteit Brussel (NL/BE)

Moderator David Wright, Trilateral Research and Consulting (UK)

Panel Serge Gutwirth, Vrije Universiteit Brussel (BE), Niels van Dijk, Vrije Universiteit Brussel, (BE), Roger Clarke, Australian National University (AU), Mireille Hildebrandt, Erasmus University Rotterdam/University of Nijmegen/Vrije Universiteit Brussel, (NL/BE)


This panel focuses on presentation rather than discussion. It targets the question of how legal and empirical impact assessments differ and what it means to frame law and social science through the lens of an ecology of practices. Further questions addressed will be:

  • What are the gains and the risks of technology impact assessments in the broad sense?
  • • What is the difference between a PIA and a DPIA and should we applaud the legal obligation to do a DPIA?
  • • How can we assess the impact on a right, as compared to the impact on the substance of a right?
  • • Do technologies have normative impact, and what does this mean for courts and legislators?




academic •••• business • policy •

Chair Mireille Hildebrandt, Erasmus University Rotterdam/Radboud University Nijmegen/Vrije Universiteit Brussel (NL/BE)

Moderator Leon Hempel, Technische Universität Berlin (DE)

Panel Ian Brown, Oxford Internet Institute (UK), Julie Cohen, Georgetown University (US), Roger Clarke, Australian National University (AU), Paul de Hert, Vrije Universiteit Brussel/Tilburg University (BE/NL), Kristrun Gunnarsdottir, Lancaster University (UK), Dariusz Kloza, Vrije Universiteit Brussel (BE), Charles Raab, University of Edinburgh (UK), Sarah Spiekerman, Vienna University of Economics and Business (AT), Stefan Verschuere, Belgian Privacy Commission (BE), Brian Wynne, Lancaster University (UK)


This panel aims to focus on discussion rather than presentation; the questions raised here shall have an “explorative” character rather than pursuing a well-established academic debate. The panel will confront the issues of legal and technological normativity, participatory social research and ethical standards. The question to be addressed is:

  • How can TIA approaches on the legal, technical as well as on the socio-organisational level go hand in hand to address common regulative paradoxes between legal norms and socio-technical practices?


13.00 - Lunch break

14.00 - From theory to Practice: Integrated TIAs and their Computational Support

academic ••• business •• policy •

Chair Mireille Hildebrandt, Erasmus University Rotterdam/University of Nijmegen/Vrije Universiteit Brussel (NL/BE)

Moderator Rasmus Nielsen, Danish Board of Technology (DK)

Panel Leon Hempel/ Hans Lammerant, Technische Universität Berlin/Vrije Universiteit Brussel (DE/BE), Christian Geminn, Universität Kassel (DE), Ronald Grau/ Graeme Jones, Kingston University London (UK), Kjetil Rommetveit, University of Bergen (NO)


This session will turn the perspective from theory to practice. We will demonstrate a method for the concretisation of legal requirements as an instrument to design and evaluate security technologies and measures. The focus is on a participatory assessment toolkit developed within the SIAM FP7 project, which will be related to some of the first findings of the integrated technology assessments developed within the EPINET FP7 project.

  • This session will engage with the issues discussed during the previous sessions and show how assessment criteria can be interfaced with an ICT Assessment System, and how legal conditions can be interfaced with engineering requirements.
  • Finally, the attempt to provide computational support will be discussed from the perspective of an integrated TIA to detect added value, missing links and to other issues of future research.


15.15 - Coffee break


academic ••• policy •••

organised by the ENFORCE Project

Chair Sergio Mascetti, University of Milan (IT)

Moderator Anna Monreale, University of Pisa (IT)

Panel Cédric Burton, Wilson Sonsini Goodrich & Rosati (BE), Henri Kujala, Nokia (FI), Annarita Ricci, University of Bologna (IT), Manolis Terrovitis, Athena (GR), Jeroen van den Hoven, Delft University of Technology (NL)


We are currently experiencing an explosion in the volume of data that are created by moving objects and their users. Location information is registered either explicitly, by users of location based social networks, or implicitly by GPS trackers on vehicles and RFID tags on moving objects. Often, this data can also be inferred by specific actions, like credit card charges in physical stores and usage of RFID cards in mass transit systems. The widespread availability of RFID chips and developments in wireless communications have resulted in a digitized environment where user and object movement very often leave a digital trace.

While, on one hand, location information constitutes valuable information, on the other hand it often poses a threat to the privacy of users – whose location is monitored or recorded. The disclosure of a user’s position to third parties is a violation of user privacy by per se, but this is just the tip of the iceberg: Automatic reasoning about location data can reveal a user’s habits, home and work addresses, political or sexual orientation and much more. The challenge is how to make it possible to collect and use location data, and to deploy all related services, while safeguarding the human right to privacy and without violating legal norms on data protection.

  • Which are the main differences and challenges in personal data protection when location and movement data is involved?
  • Which are the problems and opportunities arising through the presence of movement data?
  • Personal data protection is a multi-disciplinary issue. Which result, from a different research area than yours, would help your research the most?
  • Suppose you could express a wish and ask a researcher in a field different from yours to conduct some research. What would you ask for?


16.45 - Monetizing Privacy and Data Protection: can privacy be profitable?

business ••••• policy •

organised by LSEC & IPACSO –project

Chair Zeta Dooly, WIT – TSSG (IE)

Moderator Ulrich Seldeslachts, LSEC (BE)

Panel John Grant, Palantir (US), Richard Harrison, (UK), Nicola Jentzsch, DIW Berlin (DE), Filip Maertens, Arguslabs (BE), Bruno Segers, Irispact (BE), Alex van Eesteren, IXQuick (NL)


Similar to security, privacy is considered as being a cost to most organizations. Today, it is still more profitable to gain money through the use of individuals’ personal and private data, than it is to protect them. However, some innovative for profit companies are trying to make a business out of ensuring privacy. The main purpose of this panel is to discover the business models, challenges, pitfalls and best practices of privacy related innovative companies, whilst identifying innovative services and technologies. Individuals will be able to learn from potential solutions and additional costs to preserve their right to privacy. Privacy and Security Officers and company representatives will be able to learn how to integrate these business models into their own service platforms and to cooperate with these innovative services. Policy makers will learn how to identify the challenges of the privacy imbalance, recognize how to support innovation in this domain and learn they must seek ways to support organizations in promoting privacy, rather than simply focusing on repressive enforcement measures. Key themes covered by the panel will be:

  • Identifying the drivers and challenges to privacy innovation
  • Identifying the market interest in privacy
  • Identifying privacy protecting tools and solutions.


20.20 - 22:20 PECHA KUCHA





LA Maison des Arts

10.00 - Coffee Break


academic ••• business • policy ••

organised by CPDP

Chair Michael Nagenborg, University of Twente (NL)

Moderator Michael Dizon, University of Tilburg (NL)

Panel Christian Horchert, Chaos Computer Club (DE), Tim Jordan, Kings College London (UK), Bert-Jaap Koops, University of Tilburg (NL), Saskia Sell, Freie Universitaet Berlin (DE), Representative of the Hacker Community


Hackers are known to highly value privacy. The German hacker association, Chaos Computer Club, expressly includes respect for and protection of other people’s private data among the tenets of their hacker ethics. There is an obvious incongruity then for hackers to be portrayed as one of the biggest threats to privacy and data protection today. One security industry report even states that hacktivists were responsible for 58% of all data breaches in 2011. This panel brings together experts from different disciplines to discuss the relationship between hacker ethics and privacy.

Specifically, the panel delves into the following themes and issues:

  • How do different actors understand and frame “hacking,” “hacker,” and “hacktivism”?
  • Does the idea of a “hacker ethic” still offer a fruitful perspective for differentiating and evaluating different types of “hacking”?
  • How to address the tensions between privacy and other hacker values such as transparency, freedom of access, and openness?
  • What are the legal and social implications of the hacker motto “privacy for the weak, transparency for the powerful” on privacy and data protection laws, technology regulation, and governance of the networked society?



academic ••••••

organised by the IRISS project

Chair Reinhard Kreissl, IRKS (AT)

Moderator Ben Hayes, Statewatch (UK)

Panel Kirstie Ball, Open University (UK), Pete Fussey, University of Essex (UK), Hille Koskela, University of Turku (FI), Minas Samatas, University of Crete (GR)


Online Surveillance has become a pervasive element of modern societies. Analyses of the effects of surveillance frequently focus on privacy infringements from a legal perspective: what are citizens’ rights to privacy and how are they affected by surveillance. This panel will broaden the focus and take the citizens’ perspective into account by looking at surveillance from below. The contributions will present a number of case studies demonstrating how laypersons react to surveillance, how they perceive surveillance measures and how surveillance is integrated into their daily lives. Different forms of resilience towards surveillance and adverse events will be discussed and presented to demonstrate resilient reactions of a rather mundane kind. The panel will address the following issues: 

  • To what extent can resilience against surveillance be applied as an analytical framework to better understand the inner workings of a surveillance society?
  • How do citizens understand surveillance? How do they use it for their own purpose? 
  • What forms of resilience can emerge at the level of the ordinary citizens? Are fatalism and ignorance forms of resilience? 


13.00 - Lunch


academic •• business •• policy ••

organised by IRISS and CPDP

Chair Antonella Galetta, Vrije Universiteit Brussel (BE)

Moderator Xavier L'hoiry, University of Sheffield (UK)

Panel David Lenaerts, Deloitte (BE), Bernhard Rieder, University of Amsterdam (NL), Janneke Sloetjes, Bits of Freedom (NL) , Steve Wood, Information Commissioner’s Office (UK)


In the information age data can be processed swiftly and at a large scale – perfectly suited for surveillance purposes. The recent PRISM scandal gives us a clue as to how our personal data could be, and actually are, processed regardless of the data subject’s rights and interests. Although the right of access to personal data is considered as ancillary within ARCO rights, it represents – for the data subject – the first step in gaining effective control over his data. After having given a visual representation of the impact of data leaks and of their consequences, the panel will address the question of how data subjects exercise access rights. While doing so, it will identify the main obstacles and limitations towards the practical operationalisation of this right.

  • How much of our personal data do we give away online/offline every day?
  • How can data subjects have access to data that concern them and so exercise their access rights?
  • What are the main limitations and difficulties towards the operationalization of this right?
  • How do data controllers engage in ensuring citizens’ access to their data?
  • How can we strengthen access rights?


15.15 - Coffee break

15.30 - Academic/PhD Sessions: Right to be Forgotten

Chair Bert-Jaap Koops, Tilburg University (NL)


  • Ten Reasons Why the ‘Right to be Forgotten’ should be Forgotten by Christiana Markou.
  • Tracing the right to be forgotten in the short history of data protection law: The “new clothes” of an old right by Gabriela Zanfir.
  • Information Privacy and the “Right to be Forgotten”: An Exploratory Survey of Public Opinion and Attitudes by Clare Doherty and Michael Lang.
  • Purpose Limitation and Fair Re-use by Merel Koning.


16.45 - Academic/PhD Sessions: Renewing Privacy & Data Protection

Chair Ronald Leenes, Tilburg University (NL)


  • Evolution or revolution? Steps forward to a new generation of data protection regulation by Attila Kiss and Gergely László Szőke.
  • Enabling Privacy by Design in Medical Records Sharing by Jovan Stevovic, Eleonora Bassi, Alessio Giori, Fabio Casati and Giampaolo Armellin.
  • Privacy in security research? On the framing of a European conflict by Matthias Leese.



SPonsors 2014




conference partners



item28 item27 item26 item25 item24 item23 item22 item21 item20 item19 item18 item17 item16 item11 item10 item9 item8 item7 item6 item5 item4 item3