Back to Basics: How Data Protection Principles Apply to AI Systems

  • Panel
  • Maritime
  • Thursday 22.05 — 11:50 - 13:05

Organising Institution

CPDP

Belgium

  • Academic 2
  • Business 2
  • Policy 2
One of the most confronting challenges facing regulators, researchers, and public and private sector organizations today is determining the when, why, and how of the application of fundamental data protection principles to AI systems. The question is not only whether personal data is processed by such systems, but also of how foundational principles such as lawfulness, fairness, and transparency are challenged by the way such systems operate. Complex AI systems, particularly when forming part of a broader product or service, also invite us to determine how requirements around data minimization and accuracy can be assured, and how individual rights can be fulfilled.

Questions to be answered

  1. How and where do AI systems challenge the principles of lawfulness, fairness and transparency?
  2. Can the data minimization principle ever be reconciled with the extent of data processing required for training AI models?
  3. Consent or legitimate interest?
  4. To what extent can data subject rights still be protected and respected, and are there any tools that can help?

Moderator

Gabriela Zanfir-Fortuna

Future of Pivacy Forum - United States

Dr. Gabriela Zanfir-Fortuna is a globally recognized data protection law expert, with 15 years of experience in the field split between Europe and the U.S., spanning academia, public service, consulting and policy. She currently is Vice President for Global Privacy at the Future of Privacy Forum, a global non-profit headquartered in Washington DC, coordinating FPF’s offices and partners in Brussels, Tel Aviv, Singapore, Nairobi, and New Delhi, and leading the work on global privacy and data protection developments related to new technologies, including AI. She is also a founding Advisory Board Member of Women in AI Governance, and an affiliated researcher to the LSTS Center of Vrije Universiteit Brussel. Dr. Zanfir-Fortuna worked for the European Data Protection Supervisor and is a member of the Reference Panel of the Global Privacy Assembly – the international organization reuniting data protection authorities around the world, as well as a member of the T20 engagement group of the G20 under Brazil’s Presidency in 2024. She was elected to be part of the Executive Committee of ACM’s Fairness, Accountability and Transparency (FaccT) Conference (2021-2022). Her scholarship on the GDPR is referenced by the Court of Justice of the EU, and in 2023 she won the Stefano Rodota Award of the Council of Europe for the paper “The Thin Red Line: Refocusing Data Protection Law on Automated-Decision-Making“, alongside her co-authors. Dr. Zanfir-Fortuna holds a PhD in Law with a thesis on the rights of the data subject under EU Data Protection Law, and an LLM in Human Rights (University of Craiova).

Speaker

Helena Koning

Mastercard - Belgium

Inclusive leader focused on collaboration & execution; pragmatic and optimistic personality; excellent communicator. Architect of strategic data driven change. Seasoned attorney with deep experience in European law, data protection & data governance, banking and administrative law. Experienced litigator in contract law, consumer law, competition law, IP and administrative law. Strong international experience and network (e.g., European Commission, OECD, World Bank). Appreciated speaker and coach.

Speaker

Valentina Pavel

Ada Lovelace Institute - United Kingdom

Valentina Pavel is a Senior Researcher for Law and Policy at the Ada Lovelace Institute. Valentina has a legal background with expertise in data protection and digital policy. She is a former Mozilla Fellow at Privacy International and she previously worked as a digital rights policy advisor at ApTI Romania – member of the European Digital Rights (EDRi) network, the biggest European network defending rights and freedoms online.

Speaker

Diarmuid Goulding

Irish Data Protection Commissioner - Ireland

Diarmuid Goulding is a Deputy Commissioner with the Irish Data Protection Commission. In his current role as a regulatory lawyer, he has responsibility for large-scale statutory inquiries. Diarmuid contributes to the Commission’s decision-making and enforcement functions under the GDPR, including matters concerning cross-border processing, multinational data controllers, and state bodies. Diarmuid has represented the Commission at Expert Subgroups of the European Data Protection Board, and has contributed to work on the preparation of EDPB guidelines. He holds an LL.M from University College Cork, and a Barrister-at-law degree from the King’s Inns in Dublin. Prior to joining the Data Protection Commission, Diarmuid practised as a Barrister, and has also worked with the Department of Public Expenditure, and as a Regulatory Investigator with the Office of the Information Commissioner.