In the aftermath of large-scale data breaches and illegal processing of personal data, it has become apparent that data protection legal obligations need to be backed-up by robust technological protection measures. The principles of data protection by design and default, as enshrined in GDPR, can broadly support this approach, however the practical implementation of these principles is far from advanced. Software developers lack best practice examples, while data controllers struggle to select the appropriate solutions for their processing operations in a market flooding with software of disputable quality. In the light of new technological challenges, such as advanced tracking techniques and autonomous agents, the aim of the panel is to discuss how technology can be shaped around GDPR requirements and focus on specific best (and bad) practices in the field.
• What is the notion of ‘by design’ and how can technologies be ‘shaped’ to support data protection?
• Which technologies can help implement data minimisation and transparency?
• What is the role of pseudonymisation as a privacy by design technique?
• What is the role of the default settings?
• What are the broader challenges of defining data-driven solutions that support human rights and ethics?