8 th international conference 21 22 23 January 2015  Brussels Belgium C o m p u t e r s , P r i va c y & Data protection data protection on the move

www.CPDPconferences.org FOREWORD

Dear participants of CPDP, dear colleagues, dear friends,

I am very happy to welcome you to Brussels for the 8th time to discuss and share experiences during the Comput- ers, Privacy & Data Protection conference! Over the last year, privacy has never been more pertinent, and with the policy response to the attacks in Paris promoting yet more surveillance the right to privacy is once again under threat. Where are we heading? Will 2015 be the year of privacy? Will it be the year of the data protection reform? CPDP2015 will provide a forum for professionals from all disciplines to engage in a cutting edge discussion of the most pressing and interesting political and scientific debates around data protection and privacy. As always, CPDP addresses a broad audience and will be organizing a number of interesting and entertaining side events. We are happy to invite you to many stimulating debates, workshops and of course our art exhibition FACELESS. I am hoping for interesting discussions, challenging ideas and look forward to meeting old and new friends.

Warm wishes,

Paul De Hert

ABOUT CPDP

CPDP is a non-profit platform originally founded in 2007 by research groups from the Vrije Universiteit Brussel, the Université de Namur and Tilburg University. In the following years the Institut National de Recherche en In- formatique et en Automatique and the Fraunhofer Institut für System und Innovationsforschung joined the platform which now includes 22 academic centers of excellence from the EU, the US and beyond. As a world-leading multidisciplinary conference, CPDP offers the cutting edge in legal, regulatory, academic and technological development in privacy and data protection. Within an atmosphere of independence and mutual respect, CPDP gathers academics, lawyers, practitioners, industry, policy-makers, computer scientists and civil society from all over the world. This platform takes place in Brussels, offering a unique and relevant arena to exchange ideas and discuss the latest emerging issues and trends. This multidisciplinary formula has served to make CPDP one of the leading data protection and privacy conferences in Europe and around the world.

The 8th edition of CPDP will be bigger than ever and features 70 challenging panels covering a wide range of current debates. CPDP2015 is “on the move”, and includes topics such as mobile technologies, border sur- veillance, big data, encryption, privacy and innovation, revenge porn, cybersecurity and of course the EU data protection reform. In light of recent developments we would also like to draw your attention to our panels on EU-US relations and the regulation of government surveillance as well as those on cross-border data flow.

2 Computers, Privacy & Data Protection Data Protection on the move 3 8 th international conference 21 22 23 January 2015  Brussels Belgium Computers, Privacy GENERAL CONGRESS INFORMATION & Data protection

tration. In case you would like to change your badge, CPDP web APP d ata please proceed to the registration desk. protection For direct access to the programme: download the Please ensure your badge is visible for the duration on the move App via http://m.twoppy.com/CPDP/ of the conference. www.CPDPconferences.org INFORMATION DESK Offlinetags: Choose your We provide general information about the congress privacy preferences at CPDP 2015! and inquiries about Brussels at the information desk In your conference bag, you will find a set of four in La Ruelle which is located just inside the main en- CONTENTS coloured buttons, called #offlinetags. By attaching trance. one of these to your clothing, you can signalise what you want to be done with photos which may be taken INTERNET LOGIN AND PASSWORD FOREWORD 3 Wednesday 21 January 2015 16 of you. Login: CPDP ABOUT CPDP 3 CPDP2015 PANELS AT GRANDE HALLE 16 • Red („No photos, please“) stands for the request Password: CPDP2015 GENERAL CONGRESS INFORMATION 5 CPDP2015 PANELS AT PETITE HALLE 19 not to take any photos of you. RESTAURANTS CLOSE TO LES HALLES 6 CPDP2015 PANELS AT LA CAVE 22 • Blue („Blur me“) expresses that you want your face Maison Des Arts CONFERENCE BOOKS 6 CPDP2015 PANELS AT MAISON DES ARTS 26 to be made unrecognizable before uploading/ For access to Maison des Arts use the staircase locat- MAPS OF LES HALLES & MAISON DES ARTS 32 CPDP2015 PANELS AT MDA CELLAR 28 sharing photos somewhere. ed at the end of La Ruelle. • Yellow („Don’t tag“) indicates that you are fine with NOTE: Access only with official congress badge. Award Ceremonies at CPDP2015 7 Thursday 22 January 2015 30 photos being uploaded/shared but that you don’t EPIC CHAMPION OF FREEDOM AWARD 7 CPDP2015 PANELS AT GRANDE HALLE 30 want these photos to be subject to name tagging MEETING PLAZA JUNIOR SCHOLAR AWARD 7 CPDP2015 PANELS AT PETITE HALLE 35 or face recognition. You are welcome to Le Village (located in the Grande SOCIAL ENGINEERING CHALLENGE 2014 7 CPDP2015 PANELS AT LA CAVE 37 • Green (“Upload me”) stands for an acceptance of Halle) where you can meet your colleagues for net- CPDP2015 PANELS AT maison des arts 40 all uploading, sharing, and tagging. working during the coffee breaks, lunch and cocktail Organisation of CPDP2015 8 Learn more at: http://offlinetags.net/en reception and where you can find our sponsors in a CORE PROGRAMMING COMMITTEE 8 Friday 23 January 2015 43 small exhibition. Do not hesitate to visit the booths and EXTENDED PROGRAMMING COMMITTEE 8 CPDP2015 PANELS AT GRANDE HALLE 43 TAXI meet our CPDP sponsors. SCIENTIFIC COMMITTEE 8 CPDP2015 PANELS AT PETITE HALLE 46 Please do not ask at the information desk to call a taxi During the sessions Le Village is closed (silent room!) LOGISTICS AND REGISTRATION 9 CPDP2015 PANELS AT LA CAVE 48 for you, please do this yourself. The companies like to The bar in La Ruelle stays open for drinks (cashbar). logistical and administrative support 9 CPDP2015 PANELS AT maison des arts 50 know your name and phone number to avoid people Switch off your phone during all sessions please. CPDP2015 PANELS AT MDA CELLAR 52 getting into the taxi you ordered. CPDP2015 GRIDS Taxi Verts T +32 2 349 49 49 MEZANINNE Wednesday 21 January 2015 10 CPDP2015 Side Events 53 On the Mezzanine (The Balcony) we provide a Thursday 22 January 2015 12 TUE 20 JAN 2015 54 tourist information terrace where you can have your lunch or breaks. Friday 23 January 2015 14 WED 21 JAN 2015 55 For tourist information about Brussels please go to the Entrance via the staircases in Le Village. THU 22 JAN 2015 56 VISITBRUSSEL concierge desk which is located in Le During the sessions the balcony is a silent room! CPDP2015 Sponsors LOGOS 33 FRI 23 JAN 2015 56 Village. Switch off your phone during all sessions please. WED 28 JAN 2015 56 CPDP2015 Sponsors 58 EXHIBITION FACELESS 57 UPDATES AND CONGRESS NEWS NAME BADGE THANK YOU 63 Please find the information at the registration desk, in- You will receive a name badge upon arrival with the CONFERENCE PARTNERS 64 formation desk and the screens in the venue or on the dates of attendance. This is according to your regis- homepage: http://www.cpdpconferences.org

4 Computers, Privacy & Data Protection Data Protection on the move 5 RESTAURANTS CLOSE TO LES HALLES Award Ceremonies at CPDP2015

• La Cueva De Castilla (Spanish) • La Mamma (Authentic Italian Food) EPIC CHAMPION OF FREEDOM AWARD Place Colignon 14, 1030 Brussels Place Saint Josse 9, 1210 Brussels +32 02 241 81 80 +32 (0)2 230 53 00 The award is given annually to one individual outside of the United States who has shown great courage and Open: 12-14.30 and 18.30-23.00 Open: 12.00-16.00 and 18.30-23.30 dedication in the defense of privacy. Previous recipients of the award include Prof. Stefano Rodota, Italy (2009), • Senzanome (Italian)(more expensive) • Les Dames Tartine (Old-Fashioned luxury) Hon. Michael Kirby, Australia (2010), MEP Sophie In’t Veld, Holland (2011), Jennifer Stoddart, Canada (2012), Max rue Royale Sainte Marie 22, 1030 Brussels Chaussée de Haecht 58, 1210 Brussels Schrems, Austria (2013) and MEP Jan Philipp Albrecht, Germany (2014). +32 (0)2 223 16 17 Make a reservation! +32 (0)2 218 45 49 Open: 12-13.30 and 19.00-21.00 Open: lunch and supper The jury consists of: Alessandro Acqusiti, Carnegie Mellon University (US); Ross Anderson, University of Cambridge • Brasserie De Groene Ezel (Belgian Cuisine) • Café Bota (Italian) (UK); Colin Bennett, University of Victoria (CA); Simon Davies LSE/The Privacy Surgeon (UK); David Flaherty, Infor- rue Royale Sainte Marie 11, 1030 Brussels rue Royale 236, 1210 Brussels mation and Privacy Commission British Columbia (former Commissioner) (CA); Pamela Jones Harbor, US Federal +32 (0)2 217 26 17 +32 (0)2 226 12 28 Trade Commission (former Commissioner) (US) Deborah Hurley, EPIC C (US); Kristina Irion, IVIR-UvA (NL); Rebecca Open: 11.30-14.30 and 18.30-23.00 Open: 12-14.30 and 18.30-23.00 MacKinnon Global Voices Online (US); Gary Marx, MIT (US); Pablo G. Molina, Georgetown University (US); Paul de Hert, Vrije Universiteit Brussel (BE); Marc Rotenberg, EPIC (US).

Award ceremony Thursday 22 January 2015 at 18.15 in Le Village

JUNIOR SCHOLAR AWARD

The junior scholar award is a new award at CPDP, which is generously supported by Google. The winning paper is selected from the papers written by junior scholars who have already been selected from the general CPDP call for papers. The jury consists of: Ronald Leenes, Tilburg University (NL), Franziska Boem, University of Münster (DE), Mi- chael Birnhack, Tel Aviv University (ISR), Ivan Szekely, Central European University (HU), and Jess Hemerly, Google CONFERENCE BOOKS (US). The award recognizes outstanding work in the field of privacy and data protection.

Award ceremony Friday 23 January 2015 at 13.00 in Le Village Books based on papers presented at previous CPDP conferences: • Gutwirth, S., Y. Poullet, P. De Hert, C. de Terwangne, and S. Nouwt, eds. Reinventing Data Protection? Dordre- SOCIAL ENGINEERING CHALLENGE 2014 cht: Springer, 2009. (http://www.springer.com/law/international/book/978-1-4020-9497-2) • Gutwirth, S., Y. Poullet, and P. De Hert, eds. Data Protection in a Profiled World. Dordrecht: Springer, 2010. (http://www.springer.com/law/international/book/978-90-481-8864-2?changeHeader) Cybercrime is increasing rapidly all around the globe. Methods such as phishing, scamming, and hacking are be- • Gutwirth, S., Y. Poullet, P. De Hert and R. Leenes eds. Computers, Privacy and Data Protection: an Element of coming more sophisticated. To counteract this pervasive problem, organisations have investigated technical solutions Choice. Dordrecht: Springer, 2011. (http://www.springer.com/law/international/book/978-94-007-0640-8) as well as awareness programs for employees and customers. As social engineering - tricking the human element • Gutwirth, S., R. Leenes, P. De Hert and Y. Poullet, European Data Protection: In Good Health? Dordrecht: Spring- of security - is a key factor in 92% of industrial espionage attacks (Verizon), the human factor is attracting increas- er, 2012. (http://www.springer.com/law/international/book/978-94-007-2902-5) ing media attention. However, systematic analysis of the social engineering problem is still rare, and scientists and • Gutwirth, S., R. Leenes, P. De Hert and Y. Poullet, European Data Protection: Coming of Age Dordrecht: Spring- practitioners from diverse research disciplines are trying to understand the mechanisms behind it more holistically. er, 2012. (http://www.springer.com/law/international/book/9-) The TREsPASS project launched the first social engineering challenge in 2014, inviting participants to think of creative • Gutwirth, S., R. Leenes and P. De Hert, Reloading Data Protection, Dordrecht: Springer, 2014. (http://www. social engineering scenarios, countermeasures and tests. After selection by a professional jury, the award winning springer.com/law/international/book/978-94-007-7539-8) proposal will be announced at the CPDP conference in Brussels, Belgium, on January 22, 2015, and the winner will • Gutwirth, S., R. Leenes and P. De Hert, Reforming European Data Protection Law, Dordrecht: Springer, 2015 receive the €750 prize. (http://www.springer.com/law/international/book/978-94-017-9384-1) Award ceremony Thursday 22 January 2015 8.45 at La Cave

6 Computers, Privacy & Data Protection Data Protection on the move 7 • Denis DUEZ (Facultés Universitaires Saint-Louis, FUSL) Organisation of CPDP2015 • Marit HANSEN (Independent Centre for Privacy Protection, ULD) • Gus HOSEIN (London School of Economics and Political Science) CORE PROGRAMMING COMMITTEE • Marc LANGHEINRICH (University of Lugano) • Emilio MORDINI (Centre for Science, Society and Citizenship) • Charles RAAB (University of Edinburgh) • Paul DE HERT (Vrije Universiteit Brussel LSTS, Tilburg University TILT) • Marc ROTENBERG (Georgetown University Law Center) • Rosamunde VAN BRAKEL (Vrije Universiteit Brussel LSTS) • Ivan SZEKELY (Eotvos Karoly Policy Institute, OSA Archivum) • Dara HALLINAN (Fraunhofer Institute for Systems and Innovation Research ISI) • Alessia TANAS (Vrije Universiteit Brussel LSTS) • Efrain CASTANEDA-MOGOLLON (Vrije Universiteit Brussel LSTS) • Ann-Katrin HABBIG (Vrije Universiteit Brussel FRC) LOGISTICS AND REGISTRATION • Laura JACQUES (Vrije Universiteit Brussel FRC)

Knmg Congresbureau/Royal Dutch Medical Association Mercatorlaan 1200, 3528 BL Utrecht – T +31 30 28 23 203 EXTENDED PROGRAMMING COMMITTEE [email protected] – www.knmg.nl/congresbureau Rika Strik – Conference Director Babette Cuppé – Conference Manager • Ronald LEENES (Tilburg University TILT) Marjolein Kamerbeek - Conference Manager • Julia Muraszkiewicz (Vrije Universiteit Brussel, FRC) Monique Venema – Project Manager • Dennis HIRSCH (Capital University Law School) Olaf Holdrinet – Conference Assistant • Omer TENE (International Association of Privacy Professionals) Marienelle Reyns – Conference Assistant • Malavika JAYARAM (Berkman Center for Internet and Society) Arjan Weij – ICT Manager SCIENTIFIC COMMITTEE

• Paul DE HERT (Vrije Universiteit Brussel LSTS, Tilburg University TILT) • Serge GUTWIRTH (Vrije Universiteit Brussel LSTS) • Mireille HILDEBRANDT (Radboud Universiteit Nijmegen, Erasmus logistical and administrative support • Universiteit Rotterdam & Vrije Universiteit Brussel LSTS) • Yves POULLET (University of Namur FUNDP, CRID) • Claire LOBET (University of Namur FUNDP, CRID) • Antoinette ROUVROY (University of Namur FUNDP, CRID) • Cécile DE TERWANGNE (University of Namur FUNDP, CRID) • Bert Jaap KOOPS (Tilburg University TILT) • Ronald LEENES (Tilburg University TILT) • Daniel LE MÉTAYER (Institut National de Recherche en Informatique et en Automatique INRIA) • Michael FRIEDEWALD (Fraunhofer Institut für System- und Innovationsforschung ISI) • Rocco BELLANOVA (Peace Research Institute Oslo PRIO, Vrije Universiteit Brussel LSTS) DESIGN & website • Caspar BOWDEN (Independent Privacy Researcher) • Lee BYGRAVE (University of Oslo) • Willem DEBEUCKELAERE (Belgian Data Protection Authority) © Nick Van Hee – www.nickvanhee.be • Claudia DIAZ (Katholieke Universiteit Leuven ESAT)

8 Computers, Privacy & Data Protection Data Protection on the move 9 Wednesday 21 January 2015 21.1 Grande Halle Petite Halle La Cave Maison des Arts 21.1 7. 3 0 Registration in La Cave Registration in La Cave 7. 3 0 8.30 WELCOME AND INTRODUCTION by Paul De Hert 8.30 8.45 TO BE OR NOT TO BE (Anony- IMPLICATIONS OF THE CJEU COMBINING PRIVACY IN THE commercial opportunities for 8.45 mous)? ANONYMITY IN THE AGE JUDGEMENT OF 8 APRIL 2014 ON WORKPLACE WITH INFORMATION DESIGNING PRIVACY IN: EMBEDDING OF BIG AND OPEN DATA DATA RETENTION SECURITY MEASURES PRIVACY IN ORGANISATIONAL organised by INRIA organised by CPDP organised by ICRI KULeuven PRACTICES organised by CRISP 10.00 Coffee break Coffee break Coffee break Coffee break 10.00 10.30 THE EU-US INTERFACE: BENTHAM GOES TO SCHOOL: CRYPTO WARS RELOADED? PRIVACY I SPY WITH MY FLY: When video 10.30 IS IT POSSIBLE? SURVEILLANCE AND STUDENT TECHNOLOGIES, CYBERSECURITY Surveillance goes mobile organised by Information Society Project PRIVACY IN THE CLASSROOM GOVERNANCE AND GOVERNMENT organised by the PARIS Project at Yale Law School organised by CPDP ACCESS TO DATA BOILING THE FROG: ROUNDTABLE 10.30 organised by CPDP ON (PRIVACY) IMPACT ASSESSMENTS AS A RESPONSE TO (SMART) SUR- 11. 45 CROSS BORDER DATA FLOWS: A LEARNING HEALTH CARE SYSTEM: VEILLANCE organised by Advise Project WHERE DO WE STAND? SECONDARY USE OF HEALTH DATA IN and VUB-IES in Cellar, till 13.00 organised by CPDP RESEARCH (1) organised by FEDERA/ Dynamic Data Obscurity MONITORING THE NET FOR VIOLENT 11. 45 COREON until 13.15 organised by CPDP EXTREMIST MATERIAL 13.00 Lunch Lunch organised by the VOXPOL Project 14.00 Latin America: At the Vanguard A LEARNING HEALTH CARE SYSTEM: Lunch Lunch 13.00 of Data Protection, in face of SECONDARY USE OF HEALTH DATA IN PRIVACY PLATFORM EVENT – PRIVACY Beyond the Hype? So What! 14.00 technological risks organised by RESEARCH (2) AND COMPETITION IN THE DIGITAL The Rise and Mobilisation of CPDP and Jaume I University organised by FEDERA/COREON ECONOMY Starts at 13.00 till 14.30 Smart CCTV 15.15 Coffee break Coffee break organised by Sophie in ‘t Veld, MEP organised by TU Berlin 15.30 USER’S CONTROL OVER THEIR DATA: OPPORTUNITIES AND RISKS OF BIG Coffee break Coffee break IS PRIOR CONSENT THE BEST WAY DATA IN DISEASE SURVEILLANCE USING ICT FOR ENVIRONMENTAL La vie Privée: Un droit fonda- 14.00 TO MONITOR? organised by the Robert Koch Institute REGULATION: OVERLAPS BETWEEN mental! organised by La Ligue des organised by CPDP PRIVACY AND ENVIRONMENTAL LAW Droits de L’Homme Event in French, organised by National University of in Cellar, from 14.00 till 16.00 16.45 LGBT+ & DIGITAL RIGHTS PRIVACY OF THE GENOME: Ireland Galway PhD sessions 15.30 organised by the Council of Europe CHALLENGES BEYOND TRADITIONAL MEDICAL RECORDS Privacy by analogy: PhD sessions 16.45 organised by École polytechnique Lessons from copyright law, Fédérale de Lausanne environmental law, consumer 18.00 Cocktail sponsored by Deloitte in Le Village protection law and compliance with financial regulations 18.30 vernissage art exhibition @ De Markten organised by IViR UvA 20.30 A NEW KID IN TOWN: SCIENCE FICTION, LEGAL FRAMEWORKS AND THE CHALLENGES OF ROBOPRIVACY organised by Univeristy of Turin 18.00 @ De Markten 18.30 Coffee Breaks, Lunch and Cocktails will be served in Le Village, which is located in the Grande Halle PECHA KUCHA 20.20

10 Computers, Privacy & Data Protection Data Protection on the move 11 Thursday 22 January 2015 22.1 Grande Halle Petite Halle La Cave Maison des Arts 22.1 7. 4 5 Registration in La Cave Registration in La Cave 7. 4 5 8.45 ACCOUNTABLE ORGANISATIONS By invitation only CYBERCRIME SOCIAL ENGINEERING UNDERSTANDING THE DATA 8.45 DESERVE BENEFITS FROM BIG DATA BREAKFAST ANALYSIS CHALLENGE PROTECTION AND PRIVACY REGULATORS Starts at 8.00 organised by the TREsPASS Project ISSUES SURROUNDING HUMAN organised by CPDP organised by the Byte Project & CPDP TRAFFICKING organised by CPDP 10.00 Coffee break Coffee break Coffee break Coffee break 10.00 10.30 ENGINEERING PRIVACY INTO PUBLIC AND PRIVATE USE: LOCATION PRIVACY: WHAT REVENGE PORNOGRAPHY: 10.30 THE INTERNET AN ONLINE SPHERE IN COPYRIGHT? PROBLEMS, WHICH SOLUTIONS? LEGAL AND POLICY ISSUES organised by EDPS organised by FWO project organised by COSIC KU Leuven & LSTS- organised by CPDP & University of VUB Strathclyde 11. 45 DATA PROTECTION AUTHORITIES EXPLORATION OF THE ADEQUACY CAN AUTOMATED PROCESSING WHEN PORN AND PRIVACY COLLIDE: 11. 45 AND DATA PROTECTION OFFICERS: OF PRIVACY PROTECTION LAW OF MAKE PRIVACY NOTICE/CHOICE WHO IS TRACKING YOUR DIRTY THEIR RELATIONSHIPS FEDERAL STATES: COULD THE STATE MORE EFFECTIVE FOR USERS, LITTLE SECRET? organised by CPDP OF CALIFORNIA QUALIFY FOR BUSINESSES AND DPAs? organised by University of Luxembourg ADEQUACY STATUS? organised by Fordham University and University of Münster organised by CPDP 13.00 Lunch Lunch Lunch Lunch 13.00 14.00 EU DATA PROTECTION REFORM: COOPERATION BETWEEN DATA The Price To Be Left Alone: Feminist perspectives on privacy 14.00 Have we found the right PROTECTION AUTHORITIES: THREATS, Can The Market Yield Privacy? and personal data protection balance between fundamental CHALLENGES AND OPPORTUNITIES organised by University of Washington organised by CPDP rights and economic interests? organised by European Commission organised by CPDP JRC-IPSC 15.15 Coffee break Coffee break Coffee break Coffee break 15.15 15.30 THE EMERGENCE OF PRIVACY DPO ON THE GROUND: THE RIGHT TO BE FORGOTTEN - PhD sessions 15.30 COMPANIES: PRIVACY AS A KEY CHALLENGES OF THE EU REFORM EUROPEAN AND INTERNATIONAL COMPETETIVE ADVANTAGE FOR PRIVACY PROFESSIONALS PERSPECTIVES organised by Fraunhofer ISI organised by CEDPO organised by Tilburg University and Chuo University 16.45 BETWEEN TWO COMMISSIONS: COMPLAINTS HANDLING AND HOW PRIVACY INNOVATORS ARE PhD sessions 16.45 THE EUROPEAN COMMISSION MEETS LITIGATION BY DPAs TRYING TO SEIZE THE BUSINESS THE FEDERAL TRADE COMMISSION organised by CRIDS University of OPPORTUNITY OF PERSONAL DATA organised by IAPP Namur and EDPS PROTECTION organised by LSEC and the IPACSO project 18.00 Cocktail SPONSORED BY EPIC in Le Village 18.00 18.15 Award Ceremonies EPIC 18.00 19.30 public debate “Discrimination and big data” @ deBuren 19.30

Coffee Breaks, Lunch and Cocktails will be served in Le Village, which is located in the Grande Halle Coffee Breaks, Lunch and Cocktails will be served in Le Village, which is located in the Grande Halle

12 Computers, Privacy & Data Protection Data Protection on the move 13 Friday 23 January 2015 23.1 Grande Halle Petite Halle La Cave Maison des Arts 23.1 7. 4 5 Registration in La Cave Registration in La Cave 7. 4 5 8.45 Staying Ahead of the Wave: By invitation only DRONES AT THE MARGINS: RPAS ASSESSING THE SOCIETAL IMPACT 8.45 from Cyber Security to Cyber IRISS BREAKFAST MEETING APPLICATIONS FOR COMMUNITY OF AUTOMATED BORDER CONTROL Resilience Starts at 8.00 AND CITIZEN-LED APPLICATIONS GATES organised by CPDP organised by IRISS project organised by European Commission organised by ABC4EU project JRC-IPSC 10.00 Coffee break Coffee break Coffee break Coffee break 10.00 10.30 “We give up – please fix the WHO BEST WATCHES ONLINE PRIVACY VERSUS FREEDOM GOVERNING CREDIT SCORING: 10.30 interwebz” - Privacy, predict- THE WATCHERS? OF SPEECH: BALANCING RIGHTS IN DATA PROTECTION, ALGORITHMS & ability and “prescribed by law” organised by CPDP THE EUROPEAN CONTEXT SURVEILLANCE after the CJEU Google/Spain organised by Vrije Universiteit organised by IRISS project and UPC Telekabel cases Amsterdam Promises and Pitfalls of Genetic 10.30 organised by CPDP Data organised by CPDP and CNIL in Cellar, from 10.30 till 12.00 11. 45 LAW ENFORCEMENT AND INTERNET JUDICIAL ACTIVISM IN THE FIELD OF DO-IT-YOURSELF PRIVACY NEIGHBOURHOOD WATCH: 11. 45 JURISDICTION DATA PROTECTION LAW: A THREAT PROTECTION: EMPOWERMENT OR TOWARDS SECURITY SELF-MAN- organised by CPDP TO THE EUROPEAN REGULATOR? BURDEN? AGEMENT OF INTERPERSONAL AND organised by Maastricht University organised by Forum Privacy and COMMUNITY RELATIONS? Self-Determined Life in the Digital World organised by IRISS Project 13.00 Lunch Lunch Lunch Lunch 13.00 13.00 Award ceremony junior scholar award 13.00 14.00 Surveillance by Intelligence SMART PHONES AND CITIZENS’ ATTITUDES TO PRIVACY, PRIVACY IN COMPUTER SCIENCE 14.00 Agencies - After Snowden, and LAW ENFORCEMENT SURVEILLANCE and security (1) EDUCATION After Charlie organised by CPDP organised by the PRISMS and SurPRISE organised by University of Ulm organised by CPDP and University of Projects Passau 15.15 Coffee break Coffee break Coffee break Coffee break 15.15 15.30 REVIEWING INTELLIGENCE Cross-border flow of CITIZENS’ ATTITUDES TO PRIVACY, ETHICS OF THE SECURITY 15.30 SERVICES, DATA COLLECTION AND personal information for SURVEILLANCE and security (2) RESEARCHER EU/US RELATIONS financial services organised by the PRISMS and SurPRISE organised by the P5 and IPATCH organised by CPDP organised by Korea University Projects projects

16.45 CONCLUDING NOTES CONCLUDING NOTES in Grande Halle CONCLUDING NOTES in Grande Halle CONCLUDING NOTES in Grande Halle 16.45 by Giovanni Buttarelli

17.0 0 Cocktail sponsored by Brussels Privacy Hub in Le Village 17.0 0 21.00 Privacy Party with Data concert 21.00

Coffee Breaks, Lunch and Cocktails will be served in Le Village, which is located in the Grande Halle Coffee Breaks, Lunch and Cocktails will be served in Le Village, which is located in the Grande Halle

14 Computers, Privacy & Data Protection Data Protection on the move 15 W between the regulatory regimes. Key issues to be dis- • What does it mean to regulate cross border data E

E Wednesday 21 January 2015 cussed include: transfers in light of the Internet and ubiquitous com- LL D A

NES puting? CPDP2015 PANELS AT GRANDE HALLE • Can we identify commonalities between EU and • What regulatory approaches are being used E H

D US approaches to data regulation? around the world? D AY AT G • Are commonalities substantive, or procedural? • What prospects are there for an international trea- • How can regulation go beyond the duality person- 08.30 - WELCOME AND INTRO- • Can the development of compliance activities be ty or solution in this area? al data/anonymous data? RAN DUCTION BY PAUL DE HERT successfully delegated to private industry? • How can we avoid increasing international con- • Are free trade agreements the appropriate venue flicts caused by the extraterritorial application of

RAN 10.00 - Coffee break 8.45 - TO BE OR NOT TO BE (ANON- for discussing increased harmonization between data protection law? YMOUS)? ANONYMITY IN THE the US and EU? 10.30 - THE EU-US INTERFACE: IS IT G AT AY D

AGE OF BIG AND OPEN DATA 13.00 - Lunch D E H POSSIBLE? academic •• policy •• business •• 11.45 - CROSS-BORDER DATA FLOW: academic •• policy ••• business • NES

A organised by INRIA WHERE DO WE STAND? 14.00 - LATIN AMERICA: AT THE VAN-

organised by Information Society Project at D LL

Chair Daniel Le Métayer, INRIA (FR) policy •••••• GUARD OF DATA PROTECTION, E

E Yale Law School

Moderator Benjamin Nguyen, INSA Centre organised by CPDP IN FACE OF TECHNOLOGICAL W Chair Frederik Zuiderveen Borgesius, University Val de Loire (FR) Chair Christopher Kuner, Vrije Universiteit Brussel RISKS of Amsterdam (NL) Panel Josep Domingo-Ferrer, UNESCO Chair (BE) academic •• policy •• business •• Moderator Joan Antokol, Park Legal LLC (US) in Data Privacy (SP), Mark Elliot, University of Moderator Malavika Jayaram, Harvard organised by CPDP and Jaume I University Panel Margot Kaminski, The Ohio State Univer- Manchester (UK), Antoinette Rouvroy, University of University (US) Chair Artemi Rallo Lombarte, Jaume I University sity Moritz College of Law (US), Joel Reidenberg, Namur, CRIDS (BE), Vincent Toubiana, CNIL (FR) Panel Colin Bennett, Victoria University (CA), (ES) Fordham University School of Law (US), David Danilo Doneda, Rio de Janeiro State University Moderator Danilo Doneda, Rio de Janeiro Thaw, University of Pittsburgh (US) and Pierluigi Anonymisation is seen as an essential prerequisite for (BR), Bruno Gencarelli, European Commission State University (BR) Perri, University of Milan (IT), Joris van Hoboken, the development of big data and open data because (EU), Hosuk Lee-Makiyama, ECIPE/Economic Panel Ana Brian Nougrères, Estudio Jurídico Bri- University of Amsterdam/New York University it is the only way to allow the disclosure of large da- Information Daily (BE/CN) ann y Asociados (UR), Pablo Palazzi, Universidad (NL/US), Eduardo Ustaran, Hogan Lovells Interna- tasets while preserving individuals’ privacy. However, de San Andrés (AR), Ximena Puente de la Mora, tional (UK) what do we mean exactly by anonymisation, and The transfer of data across borders has become cru- Instituto Federal de Acceso a la Información y what could be considered as a truly anonymous da- cial to the functioning of society, and to the global para la Protección de Datos (MX), Paulina Silva, The EU and the United States have vastly different ap- taset? Is it possible to ensure that “anonymised” data economy. However, global transfers of data also Carey y Cía (CL) proaches to data privacy and data security. In light of cannot be de-anonymised one day? If not, can we make data subject to misuse, whether by companies EU attempts at data protection reform and the ongoing draw a line between anonymous and personal data? or intelligence agencies. This also leads to uncertainty In recent years, Latin America has not only experi- negotiations of the Transatlantic Trade and Investment How should data utility be taken into account? These about which protections apply, and different countries enced incredible developments in the right to data Partnership (TTIP), this panel will discuss whether it is questions are under considerable debate and the an- have taken different approaches to the protection of protection but has also experienced a growing possible to build a working cross-border interface be- swers are of strategic importance. Addressing these privacy. The problems this causes for international awareness of the need to protect personal informa- tween EU and US data protection regimes. issues interdisciplinarily is essential. This panel will data transfers between the EU and US have been dis- tion in face of technological progress and the risks The panel will explore differences and identify com- gather computer scientists, statisticians and lawyers cussed at length. However, the focus on the EU-US this brings: In April 2014, the NetMundial (a global monalities between the EU and US approaches, with to contrast and discuss their views on anonymisation. relationship has obscured the fact that data are being multi-stakeholder meeting on the future of Internet gov- an eye to both the protection of civil liberties and to The panel will also provide the opportunity to pres- transferred between many other countries, and that ernance) was held in São Paulo. It was here where practical questions faced by organizations seeking to ent and discuss Opinion 05/2014 of the Article 29 data transfers have become a global phenomenon. Brazil introduced the “first Constitution of theI nternet”. fulfil compliance obligations. It will discuss to what ex- Working Party on anonymisation techniques. This panel takes a global perspective in exploring After a constitutional reform in 2014, Mexico is cur- tent data protection should be housed in governments some of the the key issues concerning the protection rently approving a new General Data Protection Act versus delegated to private industry. It will ask whether • What is anonymous data? of cross-border data flows, focusing in particular on that introduces regulatory developments with global free trade agreements such as the TTIP are an appro- • How can data be anonymised in practice? the following questions: scope (child protection, cloud computing, accounta- priate venue for discussing increased harmonization • What are the limitations of anonymisation? bility, etc.). Recent judgments before Argentine courts

16 Computers, Privacy & Data Protection Data Protection on the move 17 W have impacted decisively on Internet search engines. of all grounds, for almost 20 years, the “notice and Renato Sabbadini, International Lesbian, Gay, people. The panel also critically discusses the techno- E

E In Uruguay, new rules regulate the use of free software consent” mechanism has been fairly considered as the Bisexual, Trans and Intersex Association (CH), logical capacities available today to track individual LL D A

NES for data processing by government agencies and seek core principle for processing personal data. It should Ben Wagner, Centre for Internet & Human Rights browsing habits (e.g. porn websites) and the availabil- to implement action plans to ensure the security of in- still be considered as such. However, data subjects’ (DE) ity to use this information to discredit individuals – e.g., E H

D formation in data processing centres. unambiguous consent cannot stem from a prior, once ‘political opponents’ or ‘radicalizers’. The panel will D AY AT G and only once “ticking a box”. Practically, and insofar The digital rights and online freedoms of LGBT+ com- discuss the following issues: • What content and scope has the Brazilian law as the European Parliament focuses on “lifecycle data munities is a complex issue that has so far received RAN known as the “first Constitution of the Internet”? protection management” (art. 33-3 of EP draft regu- very limited public attention. This panel aims at initiat- • LGBT+ Communities and privacy online: complex • What are the most important technological chal- lation), consenting before collection can only be a ing the debate by focusing on the right to privacy and ethical considerations and social practices (e.g. RAN lenges faced by Data Protection Authorities in Latin starting point. At most, in an ideal world where, on freedom from surveillance online of LGBT+ communi- ‘outing’ by social networking sites, fear of bully- America? the one hand, comprehensive, intelligible and clear ties. In this context, the right to privacy online becomes ing or reprisals) G AT AY D

• How does the Ibero-American Data Protection information would be given and, on the other hand, a particularly sensitive issue, as, for many individuals, • LGBT+ content and Internet censorship, ‘propagan- D E H Network contribute to strengthening the enforce- it would be cautiously read, assessed and fully ac- the right to privacy may also be an important aspect da’ laws and bans NES

A ment capabilities of DPAs? cepted, prior consent could only trigger the first step of protecting their physical safety. The panel discusses • LGBT+ and the right to information online D LL

• What other legislative developments are happen- to control personal data and monitor its further use. In how privacy should enable the right to free speech • LGBT+ communities and government surveillance – E E

ing in Latin America that may impact on the pro- order to reconcile an “out-of-this-world-theory” of prior online (e.g., ban on ‘propaganda of non-traditional past and present (e.g. NSA tracking of porn habits W tection of personal data? consent and “real-life-best-way-to-monitor”, the panel sexual relations to minors’) as well as the impact of for discrediting) will address the following points: government surveillance which historically has been 15.15 - Coffee break used to out, blackmail, humiliate, and bully LBGT+ 18.00 - Cocktail sponsored by Deloitte • The criteria for qualification in “unambiguously 15.30 - USERS’ CONTROL OVER THEIR given” consent in the Internet of things, Big data, DATA: IS PRIOR CONSENT THE online services and opt-in partners world; CPDP2015 PANELS AT PETITE HALLE BEST WAY TO MONITOR • The legal approach data controllers should retain academic •• policy •• business •• when data subjects’ prior consent cannot either be organised by CPDP asked for or be obtained unambiguously; 8.45 - IMPLICATIONS OF THE CJEU Rights Ireland case. However, almost one year on from Chair Bojana Bellamy, Hunton & Williams (UK) • The means needed to ensure consumers’ trust, JUDGEMENT OF 8 APRIL 2014 ON the decision, there are a number of uncertainties as to Moderator Tine Larsen, National Commission through a careful and regular balancing of the DATA RETENTION what the decision means, the obligations it bestows for Data Protection (LU) legitimate interests of the data holder against the academic •• policy •• business •• on lawmakers and the consequences it will have. EU Panel Julie Brill, Federal Trade Commision (US), interests, fundamental rights and freedoms of the organised by CPDP Member States may choose opposite paths in react- Finn Myrstad, the Norwegian Consumer Council data subject; Chair Jens-Henrik Jeppesen, Centre for Democ- ing to the decision and this may bring new court cas- (NO), Marie-Charlotte Roques-Bonnet, Microsoft • The reasonable but necessary steps data control- racy and Technology (BE) es. The panel will consider the consequences of this (FR), Wojciech Rafał Wiewiórowski, EDPS (EU) lers should take so as to give effective and lasting Moderator Sylvain Métille, BCCC Avocats judgment and where Data Retention goes from here. control back to users who gave prior consent to Sàrl (CH) Are we, as consumers, disciplined and patient enough the collection of their personal data Panel Simon Davies, Privacy Surgeon (UK), • What effect has the CJEU judgment had and what to read, understand and, most of all, dig into privacy Fanny Hidvégi, HCLU (HU), Hielke Hijmans, are the consequences for other programmes (PNR issues before consenting? Does clicking “yes” before 16.45 - LGBT+ & DIGITAL RIGHTS EDPS (EU), Cecilia-Joanna Verkleij, European etc.)? signing an agreement, accessing a service or purchas- academic •• policy •• business •• Commission (EU) • What are the consequences for citizens and ser- ing a product mean that we have full understanding organised by the Council of Europe vice providers? of the data processing we consented to? Concretely, Chair Sophie Kwasny, Council of Europe (INT) There has been no piece of European legislation, • Which obligations did it place on lawmakers, in an Internet of things, big data and online “take-it or Moderator Monika Zalnieriute, Centre for which has sparked more intense debate as to the pri- have these obligations been met and is there any leave it” world, shall we still consider prior consent Internet & Human Rights (DE) vacy/security distinction than the Data Retention Direc- space for Data Retention law? as giving data subjects’ full control over their data? Panel Lara Ballard, US Department of State tive. After more than 6 years of the Directive being in • How can the recent calls for an EU Patriot Act be Article 7 of Directive 95/46 identified several legal (US), Valentina Pellizer, Association for Progres- force, these debates reached a head with the Direc- reconciled with the CJEU judgment? grounds “for making data processing legitimate”. First sive Communications & One World See (BA), tive being declared invalid by the CJEU in the Digital • Where does Data Retention go from here

18 Computers, Privacy & Data Protection Data Protection on the move 19 10.00 - Coffee break • The legal, ethical and political implications of intro- dichotomy in, among other things, new approaches that chal- W

ducing education technology in schools. • Governance of databases with patient data lenge current practices and fundamental premises in E E LL

D 10.30 - BENTHAM GOES TO SCHOOL: • Separating fact from fiction about student data use • Patient perspectives on learning healthcare and traditional public health. For example, digital epide- A NES D SURVEILLANCE AND STUDENT and abuse. the secondary use of medical data miology aims to capture, record and analyze (aggre- PRIVACY IN THE CLASSROOM gated) Internet-based and social media data using H academic •• policy ••• business • 11.45 - A LEARNING HEALTH CARE 13.15 - Lunch methods of Big data analytics and data mining to AY organised by CPDP SYSTEM: SECONDARY USE OF enhance public health surveillance. This promises to AT

Chair Rosamunde Van Brakel, Vrije Universiteit HEALTH DATA IN RESEARCH (1) 14.00 - A LEARNING HEALTH CARE improve detection of, and response to, emerging in- PETITE

PETITE Brussel (BE) TILL 13.15 SYSTEM: SECONDARY USE OF fectious diseases by minimizing reaction times to pub- AT Moderator Valerie Steeves, University of academic •• policy •••• HEALTH DATA IN RESEARCH (2) lic health events with enhanced intelligence, and to

Ottawa (CA) organised by FEDERA/COREON academic •• policy •• business •• save costs by reducing administrative burden. How- AY Panel Michael Birnhack, Tel-Aviv University (IL), Chair Lex Burdford, Erasmus MC (NL) organised by FEDERA/COREON ever, while digitalization of infectious disease sur- H Yucel Saygin, Sabanci University of Istanbul (TR), Moderator Sjaak Nouwt, KNMG (NL) Chair Lex Burdford, Erasmus MC (NL) veillance might offer such improvements, it may also D NES A

Panel Moderator D LL Emmeline Taylor, Australian National University Joanna Forsberg, Uppsala University Sjaak Nouwt, KNMG (NL) generate epistemological debate as well as manifold E

E (AU), Omer Tene, IAPP (US) (SE), Christan Ohmann, University of Düsseldorf Panel Remco Coppen, Netherlands Institute clashes between the imperatives of public health, se- W (DE), Matti Rookus, NKI (NL), Magnus Stenbeck, for Health Services Research (NL), Ernst Hafen, curity, human rights (e.g. privacy) and social justice. The arrival of new technologies in schools and class- Karolinska Institute (SE), Evert-Ben van Veen, ETH (CH), Dennis Horgan, European Association This panel will discuss the following: rooms has been met with a mixture of enthusiasm MedLawconsult (NL) for Personalised Medicine (BE), Peter Knight, and anxiety. Governments around the world are Department of Health (UK), Tessa van der Valk, • Does the use of big data analytics present an epis- actively deploying innovative technologies, ranging The health care system uses data about health and VSOP (NL) temic shift in epidemiology? from cloud based data storage systems to adaptive creates even more data about health. These data are • Could this shift help emphasize addressing de- personalized learning platforms to CCTV cameras used and reused in the health care system and be- This panel is a continuation of the discussions started terminants of health-related states or events rather in classrooms and playgrounds. These new systems yond – e.g. as evidence for policy decisions such as in the previous panel. than focusing on perceived health risk or threat in and tools present tremendous opportunities, allowing about the risks of smoking. In the first instance, they public health? schools to enhance safety, increase measurement are available for the diagnosis and treatment of the 15.15 - Coffee break • Might the use of these new tools change priori- and accountability and tailor programs to individ- patient. However, they are also used in a secondary ty-setting in public health more broadly? ual students. At the same time, the combination of capacity to sustain a solidarity based health care 15.30 - OPPORTUNITIES AND • There are implications for privacy and discrimina- enhanced data collection with highly sensitive in- system which offers optimal quality and is sustain- RISKS OF BIG DATA IN DISEASE tion in digital epidemiology. Is it possible to limit formation about children and teens presents grave able in the long run. Examples of such secondary SURVEILLANCE rights infringements? privacy concerns. This delicate balance has recently uses are; reimbursement, planning of health care, academic •••• policy •• • How should we assess the ethical and social im- been recognized by the President of the U.S., who PMS of drugs and medical devices, quality control of organised by the Robert Koch Institute pact of digital epidemiology? launched a legislative reform proposal focusing on treatments and for medical research into the causes Chair Tim Eckmanns, Robert Koch Institute (DE) student privacy. The panelists will discuss the roll out of disease and the failures of treatments. The panel Moderator Leon Hempel, TU Berlin (DE) 16.45 - PRIVACY OF THE GENOME: of ed tech platforms in four countries, including CCTV discusses secondary use from a number of angles Panel Ciro Cattuto, ISI Foundation (IT), Jennif- CHALLENGES BEYOND TRADI- systems in Australia and Israel, a national student da- and perspectives including those of patients, of med- er Cole, Royal Holloway University of London TIONAL MEDICAL RECORDS tabase in Turkey and a cloud based interoperability ical researchers, of the law, of ethics and of govern- (UK), Martin French, Concordia University (CA), academic •• policy ••• business • solution in the U.S. They will address some of the ance. The panel will consider the following topics: Edward Velasco, Robert Koch Institute (DE) organised by École Polytechnique Fédérale legal, ethical and political implications of the ed tech de Lausanne privacy debate. The panel will, in particular, cover • Registry research and the path to personalised Public health comprises a complex system of civil so- Chair Jean-Pierre Hubaux, École Polytechnique the following topics: medicine ciety, government and private industry; these actors Fédérale de Lausanne (CH) • The concept of a learning health care system have their own perspectives and mandates. Rapid Moderator Kay Hamacher, TU Darmstadt (DE) • The deployment of education techology solutions • Autonomy versus solidarity and other values in innovation in digital technology has called for ad- Panel Jurgi Camblong, Sophia Genetics (CH), in four countries: Australia, Israel, Turkey and the health care aptations in current practice that have resonated in Emiliano De Cristofaro, University College U.S. • The (limited) value of the ‘consent or anonymise’ different ways with these actors, and have resulted London (UK), Jacques Fellay, École Polytechnique

20 Computers, Privacy & Data Protection Data Protection on the move 21 Fédérale de Lausanne (CH), Effy Vayena, Univer- also contains information about the individual’s rela- 10.00 - Coffee break • Should the right to encrypt be seen as a funda- W sity of Zurich (CH) tives. The leakage of such information can open the mental right? If so, what are the appropriate tech- E

D door to a variety of abuses and threats not yet fully 10.30 - CRYPTO WARS RELOADED? nical and legal measures to protect this right? AVE

NES Impressive advances in genome sequencing have understood. The panel aims to: PRIVACY TECHNOLOGIES, opened the way to a variety of revolutionary applica- CYBERSECURITY GOVERNANCE 11.45 - DYNAMIC DATA OBSCURITY A C tions in modern healthcare. In particular, the increas- • Raise awareness in the realm of policy setting for AND GOVERNMENT ACCESS TO academic •• policy •• business •• D

AY AT L ing understanding of the human genome, and of its re- the trade-offs between research and medical care DATA organised by CPDP lation to diseases and its response to treatments brings benefits and privacy risks academic •• policy •• business •• Chair Daniel Pradelles, Hewlett-Packard (FR) promise of improvements in preventive and personal- • Discuss and introduce potential technical solutions organised by CPDP Moderator Marty Abrams, Information

ised healthcare, as well as in public health. However, in ‘secure bioinformatics’ Chair Joanna Cavan, Interception of Communi- Accountability Foundation (US) L AT AY

because of the genome’s highly sensitive nature, this • Encourage businesses and legal practitioners to cations Commissioner’s Office U( K) Panel fukami, Chaos Computer Club (DE), Erin D A C progress raises important privacy and ethical concerns contribute their expertise Moderator Seda Gürses, NYU (US) Kenneally, Elchemy (US), Gary LaFever, Anonos

that need to be addressed. Indeed, besides carrying Panel Luc Beirens, Deloitte and former head of (US), Shaul Levi, AVG Innovation (NL) NES AVE information about a person’s genetic condition and 18.00 - Cocktail in Grande Halle Belgian Federal Computer Crime Unit (BE), Gus D E their predisposition to specific diseases, the genome Hosein, Privacy International (UK), Bart Preneel, It is impossible to have an Information Age without in- KULeuven (BE), Ot van Daalen, Digital Defence formation. Improvements in medical research, econom- W (NL) tbc ic growth, education, and other benefits from analysis of data require use of robust data sets. However, dan- CPDP2015 PANELS AT LA CAVE The recent announcement by the British Prime Minister gers to individuals and society are also present. We David Cameron expressing his plans to ban encryp- must have systems of control that are workable, rigor- tion if he is re-elected is the latest popular indicator ous, and granular to ensure fundamental rights are pro- 8.45 - COMBINING PRIVACY IN THE security measures in order to protect their information that we may be witnessing a second round of the tected in connection with the use of this data. Current WORKPLACE WITH INFORMA- assets. Company information is stored on, or made crypto-wars. The most recent of these debates was data protection control mechanisms are not sufficient. TION SECURITY MEASURES available via, the company’s databases and net- rekindled after Apple, Google and Facebook-owned Dynamic Data Obscurity is an approach to the future academic ••• policy • business •• works. This information is accessible by using mobile WhatsApp announced that they would enable en- mix of policy and technology that encourages trust organised by the Interdisciplinary Centre for devices – whether or not furnished by the employ- cryption on mobile phones that afford “absolute priva- by improving security and privacy to enable more Law and ICT (ICRI) KU Leuven er – from multiple places inside or outside compa- cy” guarantees to their customers. While such privacy protective, productive and controlled use of data. This Chair Yung Shin Van Der Sype, (ICRI) KU Leuven ny premises. For this reason, the implementation of enhancing technologies have been freely available session is focused on giving definition to the vision and (BE) security measures requires a careful balancing of all for years, the backing of such technologies by corpo- will be highly participatory with the audience. Moderator Estelle Masse, Access Now (BE) legitimate interests at stake. The debate in the panel rations with large user bases has attracted reaction- Panel Frank Hendrickx, KU Leuven (BE), Walid will highlight the core issues regarding privacy and ary responses from government agencies in the US • How to use policy and technology to restore con- Maalej, University of Hamburg (DE), Nigel Moss, data protection in the workplace. In particular the and elsewhere under the rubric of “going dark”. In this fidentiality to an observational world? Coca-Cola Enterprises (UK), Stephanie Raets, panel will focus on: panel, participants from civil society, companies, gov- • Can the full value of big data be realized until we Claeys & Engels (BE) ernment agencies, and academics will be asked to can selectively take the “person” out of personal • The balance between privacy and data protection critically engage with the current terms of the debate: data in a trustworthy manner? The workplace is typically a place where privacy and the rights and freedoms of others, • The true value of the Internet of Things (IoT) will not and data protection are challenged by competing in- • The importance of a sanctioning risk for employers • What is the role of user-centric encryption for pri- be things but the value it creates for people – how terests. The panel will highlight the issues surrounding to move beyond mere compliance, vacy and for trust in online services? can we maximize this value without betraying the the balancing of employer security-related interests • The complications associated with data transfers • How does the desire to provide customers with people who generate it? with the reasonable privacy expectations of employ- to third countries, strong encryption interact with the responsibility • Observational data gets more terrifying and more ees. • The impact of the proposed General Data Protec- of companies to implement cybersecurity govern- promising every day – can we obscure the person While the value of information increases, humans are tion Regulation on the privacy protection of em- ance and resilience frameworks in cooperation from the data so we all can “have our cake but still considered as the weakest link in a company’s ployees. with government agencies? control who gets to eat it?” security chain. Thus, companies are required to take • What is the “crypto-paradox”?

22 Computers, Privacy & Data Protection Data Protection on the move 23 13.00 - Lunch Brussel (BE) 16.45 - Privacy by analogy: and potentially facilitate policy learning. Scholars and W Moderator Rónán Kennedy, National Univer- Lessons from copyright policymakers have increasingly relied on analogies E

D 13.00 - PRIVACY PLATFORM EVENT: sity of Ireland Galway (IE) law, environmental law, from other sectors of regulation in developing ways AVE

NES PRIVACY AND COMPETITION IN Panel Guido Gorgoni, University of Padua consumer protection law to address the challenges privacy and data protection THE DIGITAL ECONOMY (IT), Martina Hennessy, Environmental Protection and compliance with face in the EU and elsewhere. This panel compares A C TILL 14.30 Agency (IE), Andrew Jackson, An Taisce (IE), financial regulations issues in data protection regulation with analogous D

AY AT L policy •••••• Michael Lang, National University of Ireland academic •• policy •••• policy developments in the fields of copyright law, organised by Sophie in ‘t Veld, MEP (EU) Galway (IE), Burkhard Schafer, University of organised by the Institute for Information Law environmental law, consumer protection law and com- Chair Sophie in ‘t Veld, MEP (EU) Edinburgh (UK) (IViR), University of Amsterdam (NL) pliance with financial regulations. These fields display

Panel Giovanni Buttarelli, EDPS (EU), Morten Chair Kristina Irion, IViR (NL) important similarities with certain challenges at hand, L AT AY

Messerschmidt, MEP (EU), Sophie Moonen, Environmental regulators are making increasing use Moderator Serge Gutwirth, Vrije Universiteit such as accountability, consumer empowerment, en- D A C European Commission (EU) Kevin Voges, AFAS of information and communications technology (ICT) Brussel (BE) forcement and governance. The panel draws on these

Personal (NL) for many aspects of their activities. This data is of Panel Egbert Dommering, IViR (NL), Dennis analogies in order to develop new insights about data NES AVE value to regulators, citizens, and non-governmental Hirsch, Capital University Law School (US), Anna protection law and policy, and so to inform the discus- D E The construction of the EU’s digital market makes it ev- organisations. ICT has an important role in surveil- Fielder, Privacy International (UK), Jyn Schultze- sion about a modern and effective approach to data ident that privacy is an increasingly important factor lance and monitoring. The Commission has assigned Melling, Allianz SE (DE) protection regulation and governance. W in competitiveness and competition policy. Not only it a critical role in order to achieve energy efficiency • How could a modern and effective approach to might privacy-friendly businesses have a competitive since 2009. By providing real-time and highly gran- In spite of being heralded as one of the most pro- data protection regulation and governance be in- edge over other companies, privacy rights and data ular information, these may enable cheaper, faster, gressive legal regimes worldwide, EU data protection formed by experiences in other policy areas? protection deserve a central place in thinking about and better environmental protection. However, this regulation is legitimately criticized for its ineffective- • Which critical issues faced by EU data protection competition rules and policies in the digital market. use of technology also creates risks for the privacy of ness. The scale and magnitude of online personal regulation arise in a comparable way in other pol- The panel of speakers in this edition of the Privacy individuals. Whereas these concerns (massive data- data processing is widely perceived as a disruptive icy areas? Platform will focus on issues such as data portability bases, geo-located data, and constant surveillance) challenge that would require an evolution in the tactics • How could a particular cross-sectoral comparison and company mergers with implications for privacy. have been widely studied in many spheres of govern- and means of data protection regulation. The draft facilitate policy learning? Are policy responses ment activity, little or no attention has been devoted general data protection regulation aims to modernize transferable? • Why is privacy important for the EU digital econ- to this specific field. This panel explores the issues the approach by introducing measures that would • For which of these critical issues does the draft EU omy? that result, with contributions from lawyers, informa- strengthen individuals’ rights and reinforce compliance data protection regulation cement path-dependen- • How should we think about privacy from a com- tion systems scholars, non-governmental agencies by data controllers through enhanced accountability cy in policy responses or bring about regulatory petition law and policy perspective? and environmental regulators. In particular, the panel obligations. innovation? • How can data portability enhance competitive- will discuss: Considering that regulation is a means of achieving ness in the EU? policy objectives, a comparative perspective may be 18.00 - Cocktail in Grande Halle • What are the current policy developments in the • What is the current state of affairs in the use of able to offer insights into data protection regulation overlapping fields of privacy and competition? ICTs for environmental regulation (e-regulation)? • What are the overlaps and conflicts in the protec- 15.15 - Coffee break tion of privacy and the protection of the environ- ment? 15.30 - USING ICT FOR ENVIRON- • How does this use of ICT conform with the EU’s MENTAL REGULATION: OVER- policy of Responsible Research and Innovation? LAPS BETWEEN PRIVACY AND • What is the role of ICTs in innovation policies, ENVIRONMENTAL LAW and in particular for energy efficiency I( CT4EE)? academic •• policy •• business •• organised by National University of Ireland Galway Chair Raphaël Gellert, Vrije Unversiteit

24 Computers, Privacy & Data Protection Data Protection on the move 25 W CPDP2015 PANELS AT MAISON DES ARTS citizens? 14.00 - BEYOND THE HYPE? SO E

D • Where does society draw the limits for the use of WHAT! THE RISE AND MOBILI-

NES mobile surveillance? SATION OF SMART CCTV

8.45 - COMMERCIAL OPPORTUNITIES • What is the role of regulation in commercialising academic ••• policy ••• ARTS ES D

AY AT MAISON D FOR DESIGNING PRIVACY IN: privacy? 11.45 - MONITORING THE NET FOR organised by TU Berlin EMBEDDING PRIVACY IN VIOLENT EXTREMIST MATERIAL Chair Lucas Melgaço, Vrije Universiteit Brussel ORGANISATIONAL PRACTICES 10.00 - Coffee break academic •• policy •• business •• (BE) academic •• policy •• business •• organised by VOXPOL Project Moderator Inga Kroener, Trilateral Research organised by CRISP 10.30 - I SPY WITH MY FLY: WHEN Chair Pete Fussey, University of Essex (UK) & Consulting (UK) Chair William Webster, University of Stirling VIDEO SURVEILLANCE GOES Moderator Maura Conway, University Col- Panel Ebroul Izquierdo, Queen Mary Universi- (UK) MOBILE lege Dublin (IE) ty of London (UK), Norma Moellers, Humboldt

Moderator Geoffrey Bowker, University of academic •• policy •• business •• Panel Ian Brown, Oxford Internet Institute (UK), Universität Berlin (DE), Daniel Neyland, Gold- D MAISON AT AY D

ES ARTS California Irvine (US) organised by the PARIS Project Sadhbh McCarthy, Centre for Irish and Euro- smiths University of London (UK), Leon Hempel, Panel John Borking, Borking Consultancy (NL), Chair Fanny Coudert, KU Leuven (BE) pean Security (IE), TJ McIntyre, Trinity College TU Berlin (DE) NES

Casey Chappelle, Vodafone (UK), Tom Ilube, Moderator Jos Dumortier, Time.lex (BE) Dublin (IE), Robindra Prabhu, Norwegian Board D E Call Credit Group (UK), Jason Pridmore, Erasmus Panel Mathias Bousset, Thales (FR), Nathalie of Technology (NO) The reliability and reach of digital technology has W University (NL) Grandjean, University of Namur (BE), Daniel Le increased and changed the nature of surveillance. Métayer, INRIA (FR), Jay Stanley, ACLU (US) The objective of this panel is to discuss the ethics There has been considerable interest in the develop- The need to design privacy into technological de- and politics of the day-to-day monitoring of the Net ment of ‘smart’ or ‘intelligent’ CCTV systems, with the velopment and deployment is well understood and Not only are video surveillance systems becoming for violent extremist material – including material in- rise of ‘smart’ surveillance and sophisticated video has resulted in concepts and approaches like ‘Pri- smarter (facial recognition, tracking software) and citing racial hatred from extreme right wing groups analytics featuring prominently in popular and ac- vacy by Design’ and ‘Privacy Enhancing Technol- more wide-ranging (infra-red, high sensitivity equip- (including fascist political movements in Europe), and ademic discussion. However, there has been little ogies’. Although these approaches are well estab- ment etc.). Video surveillance is now becoming mo- material “glorifying” and recruiting individuals to ter- consensus on the extent to which these systems and lished, they are arguably hampered by being too bile thanks to the miniaturization of cameras. While rorism. It will discuss the monitoring activities of po- technologies fulfil the promises of advanced surveil- prescriptive and relatively unsympathetic to complex these developments bring numerous advantages, lice, intelligence agencies, the Internet industry, and lance and improved privacy when compared to con- organizational settings and processes. Recently, they also raise new challenges. In order to show the private groups and individuals – including the use of ventional video surveillance. This session will address these approaches have been complemented by a ambivalent character of these technologies, this pan- information fusion and information technology analy- some of the ‘hype’ surrounding the rise and mobilisa- drive to commercialise privacy, to place a monetary el will explore, from different perspectives, the issues sis techniques to acquire, integrate, process, analyse, tion of ‘smart’ CCTV. The panel will explore ‘smart’ value on privacy and to demonstrate how privacy raised by police use of wearable cameras. “Police and manage the diversity of content available. These CCTV technologies, their development, functionality can represent a commercial opportunity. Whilst this body cameras” were initially meant to increase the issues have important long-term academic and pol- and limits, ethical and societal concerns, and consid- perspective places added value on the concept of accountability of police, especially in relation to their icy implications, but also contemporary resonance er what the future might hold. privacy it does little to ensure privacy is a value em- use of force against citizens. They act as silent and given the role extremist content is playing in some The panel will thus discuss: bedded in organizational processes and practices objective witnesses. Still, their implementation raise EU member states, and current conflicts in Syria, Iraq • The state of the art of visual surveillance, ‘Smart’ – and privacy friendly technologies are only likely a number of concerns in terms of their efficiency as and Gaza. The panel will discuss, in particular: CCTV to emerge from environments where privacy is a an accountability mechanism, their conditions of use • Developments in data and video analytics cherished value. This panel takes the strengthening and their broader impact on society. Amongst others, • Social media and Internet communications sur- • Privacy and ethics concerns related to ‘Smart’ of privacy a step further by exploring how it can be the panel will consider the following questions: veillance CCTV deeply embedded into organizational settings and • Privatised law enforcement and human rights • Future developments in video surveillance the interrelated regulatory environment. • What is the impact of the miniaturization of sur- • Counter-terrorism and foreign fighters veillance devices on society? • The function, capability and role of data fusion 15.15 - Coffee break • How can the value of privacy be commercial- • What are the requirements for police body-worn ised? cameras to function as an accountability mecha- 13.00 - Lunch • How can the value of privacy be embedded into nism? organizational processes and practices? • Can privacy by design offer some guarantees to

26 Computers, Privacy & Data Protection Data Protection on the move 27 W 15.30 - ACADEMIC/PHD SESSIONS 16.45 - ACADEMIC/PHD SESSIONS Since our interest lies more in “method” than “sub- • Contexte historique et survol des dispositions ap- AR E LL D academic •• policy •• business •• academic •• policy •• business •• stance”, we chose impact assessments – in particular plicables en matière de vie privée E NES organised by CPDP organised by CPDP privacy impact assessments – as a means to address • Tensions entre vie privée et politiques sécuritaires Chair Ronald Leenes, Tilburg University (NL) Chair Laurent Beslay, European Commission the societal challenges posed by (smart) surveillance. • Données personnelles : situation actuelle et droits D

AY AT MAISON D (EU) To that end a diverse group of stakeholders, includ- des internautes • Addressing the Human Factor in Data Access by ing representatives from policy-making, public admin- • Sécurité des données et cryptographie C ARTS ES Felix Ritchie and Richard Welpton • Tracing the enactment of suspicion in ANPR po- istration, industry, academia, law enforcement and • A Precautionary Approach to Big Data Priva- lice practices. Following privacy by design in civil society share their experience and views. For several years, we have witnessed the multiplica- cy by Edward Felten, Joanna Huey and Arvind sensor networks by Vlad Niculescu-Dinca and tion and strengthening of security measures justified Narayanan Jason Pridmore • Why have stakeholders opted-in for (privacy) im- by the fight against terrorism and criminal behavior, • Privacy as Agency & the Techno-Social Jurisdic- • Towards the Panoptic City? CCTV Proliferation in pact assessment? among others, on the web. Some of these meas- tion of the Individual by Lisa Lucile Owens the Public Spaces of Brussels and Copenhagen • Why (not) for any other type of similar approach? ures clearly endanger respect for the privacy of citi- D MAISON AT AY ES ARTS • Behavioural Advertising and the New ‘EU Cook- by Pauline De Keersmaecker and Corentin Debal- • How do they conduct these impact assessments? zens and create a strong tension between two funda- D ie Law’ as a Victim of Business Resistance and lieul • What problems do they face? mental liberties: the right to security and the right to

Lack of Official Determination by Christiana • Europe v. Facebook: An Imbroglio of EU Data • How efficient do they consider them? privacy. What are the rights and tools available to NES D Markou Protection Issues by Liane Colonna citizens to protect their privacy? What balance can E • Police Databases and the Fight Against ‘Politi- 14.00 - LA VIE PRIVÉE: UN DROIT be found between the political will to strengthen se- W cally Motivated Crime’ in Germany by Daniel FONDAMENTAL! curity measures, the need to better protect citizens’ Guagnin and Niklas Creemers EVENT IN FRENCH. finishes at 16.00 and web users’ personal data and compelling re- • The Innovation of Privacy by Ignacio Cofone academic •• policy •• business •• spect for the fundamental right to privacy? The panel organised by La Ligue des Droits de will consider: 18.00 - Cocktail in Grande Halle L’Homme Chair David Morelli, Ligue des droits de • The historical background and the applicable pri- l’Homme (BE) vacy rules CPDP2015 PANELS AT MAISON DES ARTS CELLAR Panel Franck Dumortier, University of Namur • The tensions between privacy and security poli- (BE), François Koeune, Université catholique de cies Louvain (BE), Laurie Phillips, Ligue des droits de • Personal data: the current status and rights of Inter- 10.30 - BOILING THE FROG: ROUND- Piatrik, Queen Mary University of London (UK), l’Homme (BE) net users TABLE ON (PRIVACY) IMPACT Kostas Rantos, Eastern Macedonia and Thrace • Data security and cryptography ASSESSMENTS AS A RESPONSE Institute of Technology (GR), Claude Tetelin, Depuis plusieurs années, on assiste à la multiplication TO (SMART) SURVEILLANCE French National RFID Centre (FR) et au renforcement des mesures sécuritaires visant à TILL 13.00 lutter contre le terrorisme et les comportements délic- academic •• policy •• business •• In the popular story, a frog put into a pot of boiling tueux, entre autres, sur le web. Certaines de ces organised by the Advise Project and VUB-IES water immediately jumps out. But put in a pot of cold mesures mettent clairement en danger le respect de Chair Dariusz Kloza, Vrije Universiteit Brussel water that is gradually heated, the frog allows itself la vie privée des citoyens et créent une forte tension (BE) to be boiled alive, not realising it is in any danger. entre deux libertés fondamentales: le droit à la sécu- Panel Jose Ramon Carrasco, Madrid Mu- The same can be said about modern surveillance rité et le droit à la vie privée. Quels sont les droits nicipal Police (ES), Paul Chartier, Convergent practices. Were these introduced now, out of the et les outils à disposition des citoyens pour protéger Software (UK), Michał Czerniawski, Ministry blue, they would face overwhelming societal resist- leur vie privée? Quel équilibre trouver entre une of Administration and Digitization (PL), Anasta- ance. Instead, we have become used to them in certaine volonté politique de renforcer les mesures sios Dimou, CERTH/ITI (GR), Gemma Galdon gradual doses. Thus, the idea of this roundtable is to sécuritaires, le besoin de mieux protéger les données Clavell, Eticas (ES), Emilio Monteagudo, Madrid examine how various stakeholders attempt not to boil personnelles des citoyens et des internautes et le re- Municipal Police (ES), Carmela Occhipinti, the frog, i.e. how they deal with the gradual increase spect impérieux de ce droit fondamental qu’est la vie Engineering Ingegneria Informatica (IT), Tomas of surveillance practices. privée?

28 Computers, Privacy & Data Protection Data Protection on the move 29 T • Which technical factors lead to poor privacy fea- • What are the relationships between DPAs and E H Thursday 22 January 2015 tures in the Internet? organisations’ DPOs? URS

• What can engineers do to improve the priva- • Where do these relationships lie on a continuum A LL cy features of their products? between adversarial and collaborative? CPDP2015 PANELS AT GRANDE HALLE H D • How can we enable better privacy engineering? • Is there a danger of ‘regulatory capture’ through E AY D • How can we bridge the communication gap be- close relationships, whereby DPAs ‘go native’ and

AT 8.45 - Accountable organiSa- demonstrate an effective privacy management tween lawyers and technologists? restrict the possibility of enforcing compliance on tions deserve benefits from program, do these organizations deserve bene- companies? G RAN

regulators fits? 11.45 - DATA PROTECTION AUTHOR- • How are these relationships likely to change un- G RAN policy •• business •••• ITIES AND DATA PROTECTION der the proposed Data Protection Regulation? AT organised by CPDP 10.00 - Coffee break OFFICERS: THEIR RELATIONSHIPS D Chair Marty Abrams, Information Accountability policy ••• business ••• 13.00 - Lunch AY E D H Foundation (US) 10.30 - ENGINEERING PRIVACY INTO organised by CPDP

A LL Moderator Colin Bennett, Victoria University (CA) THE INTERNET Chair Charles Raab, University of Edinburgh 14.00 - EU DATA PROTECTION URS Panel Christopher Docksey, EDPS (EU), Terry academic • policy ••• business •• (UK) REFORM: Have we found H E

McQuay, Nymity (BE), Michael Scuvée, Johnson organised by European Data Protection Moderator Ivan Szekely, Eötvös Károly Policy the right balance between T Controls (BE), Scott Taylor, Hewlett Packard (US) Supervisor (EDPS) Institute (HU) fundamental rights and Chair Achim Klabunde, EDPS (EU) Panel Emma Butler, LexisNexis/Elsevier (UK), economic interests? Several interrelated forces have emerged making the Moderator Rob van Eijk, CBP (NL) Waltraut Kotschy, Data Protection Compliance policy •••••• conditions perfect for an accountability approach to Panel Marit Hansen, Independent Centre for Consulting (AT), Stephen McCartney, Royal Mail organised by CPDP demonstrating compliance and moving beyond the Privacy Protection Schleswig-Holstein (DE), Jaap- Group (UK), Peter Schaar, European Academy Chair Paraskevi Michou, European Commission compliance checklist. Accountable organizations have Henk Hoepman, Radboud University Nijmegen for Freedom of Information and Data Protection (EU) effective privacy management and are compliant with (NL), Simon Rice, Information Commissioner’s Of- (DE) Moderator Ruth Boardman, Bird&Bird (UK) privacy laws. Research has shown that organizations fice U( K), Florian Stahl, OWASP Top Ten Privacy Panel Jan Albrecht, MEP (EU), Michał Boni, can be compliant without an effective privacy man- Risks Project (DE), Hannes Tschofenig, ARM (AT) DPAs and DPOs (or CPOs) both play important roles MEP (EU), Claude Moraes, MEP (EU), Axel agement program, but organizations cannot be ac- in ensuring legal compliance and promoting good Voss, MEP (EU) countable without an effective privacy management While regulators and legislators invest in improving data protection practice, but there may be tensions program. Join the panellists as they discuss the merits legal rules for the protection of personal data and between them. An organisation might expect its DPO It has been three years since the European Commis- of this approach and address the following questions: privacy, Internet tools and applications are deployed to be: (a) the DPA’s ‘agent’, reporting on unlawful sion released the data protection reform package. with data collection and processing mechanisms, activities; (b) the controller’s quasi-defence lawyer, Despite the recognition of the need for reform and • Could regulators create a policy that provides but without proper privacy and data protection safe- concealing questionable operations from the DPA the generally positive reaction to the initial reform accountable organizations with benefits if they guards in place. This trend unfortunately increases risk and discouraging data subjects from complaining; package, progress has been slow. Now, although volunteer to stand ready to demonstrate compli- to individuals’ privacy despite the best efforts of data (c) a compliance officer, acting as an internal audi- the Parliament approved its initial version of the Reg- ance and demonstrate an effective privacy man- protection authorities and privacy advocates. In reac- tor. The DPO acts in a buffer zone between the data ulation in March last year, the Regulation sits before agement program (demonstrate accountability) to tion to the Snowden revelations in 2013, many Internet controller’s organisation and the DPA, but companies the Council and it seems a number of issues remain the Regulator through an onsite inspection? engineers realised the need to implement more robust vary in the way they have developed and embed- unresolved. In this special debate, we gather togeth- • Could an onsite inspection and incentive based privacy protection at all technical levels. Accordingly, ded DPO roles in their organisational practice, and er four Members of the European Parliament to dis- approach use existing laws as the framework for a number of initiatives have been lauched. For exam- in their intended purposes. DPAs vary in the way they cuss their views on the process, the current state of demonstrating accountability? ple, the Internet Privacy Engineering Network (IPEN) relate to DPOs of regulated organisations, and in the Regulation and prospects moving forward. • Could this then empower the privacy office in an aims to bring together participants from data protec- their expectations. This panel examines the DPA-DPO accountable organization to contextualize evi- tion authorities, academia, open source and business, ‘pair’ through the eyes of experienced practitioners • What is the current status of the reform package? dence of compliance to the Regulator? to work on finding engineering solutions to privacy on both sides of the fence. They will address the • Which are the key areas of disagreement ob- • If accountable organizations can stand ready to challenges. Considering the need to enginner privacy following questions: structing further progress, and which parties disa- demonstrate compliance with privacy laws and into the internet, the panel will consider: gree?

30 Computers, Privacy & Data Protection Data Protection on the move 31 Les HaLLes sponsors PLATINUM

ã petite HaLLe Le village CpDp panels stairs to GranDe HaLLe Coffee breaks, Lunches, mezzannine CpDp panels Cocktails ã PREMIER

main entrance BRUSSELS ã stairs to entranceã ã ã Bar PR IVAC Y La Cave GranDe HUB & registration desk HaLLe Vrije Universiteit Brussel La rueLLe ã toilets information innovating compliance stairs to maison Des arts EVENTSPONSORS maison Des arts

P P passage to Les HaLLes PRIVRIVIVACY P PRESERERRVING

ã ä P P PERIMETERER PROTECTION PROJECT

+0,5 Coffee/tea Buffet maison EVENTPARTNERS Des arts

panels +1 ã meeting -1 room +1 stairs to CeLLar

-1 X PRIVACY FIRST

your choice in a free society MORAL SUPPORTERS

0 5

32 Computers, privaCy & Data proteCtion Data ProteCtion on the move 33 T • Which solutions have been proposed and how 16.45 - BETWEEN TWO COMMIS- CPDP2015 PANELS AT PETITE HALLE E H have these been received? SIONS: THE EUROPEAN URS • Has a fair balance between individual rights and COMMISSION MEETS THE LL A economic interests been found in the course of FEDERAL TRADE COMMISSION 8.00 - BIG DATA BREAKFAST critical than ever. The issues to be discussed include: D the reform process? policy •••••• by invitation only AY • What is the outlook for the reform? organised by IAPP organised by the Byte Project & CPDP • Notion, reason, relevance and legal consequenc-

AT Moderator Omer Tene, IAPP (US) es of the “public” and the “private” 15.15 - Coffee break Panel Julie Brill, Federal Trade Commission 10:00 coffee break • Use of privacy law notions for the legal construc- G RAN (US), Paul Nemitz, European Commission (EU) tion of “private space” in copyright 15.30 - THE EMERGENCE OF PRIVACY 10.30 - PRIVATE USE IN PUBLIC AND • Technology-neutral or technology-specific applica- COMPANIES: PRIVACY AS As with every year in recent memory, 2014 has PUBLIC USE IN PRIVATE: PRIVA- tion of the public/private dichotomy D A COMPETETIVE ADVANTAGE? been a landmark year for privacy on both sides of CY AND DATA Protection law • Need for a “private space” in copyright in online H petite AT AY E D H policy ••• business ••• the Atlantic. In Europe, the General Data Protection to the rescue of the “Pri- social environments

A LL organised by Fraunhofer ISI Regulation continues to make its way through the leg- vate” in copyright URS Chair Philip Schütz, Fraunhofer ISI (DE) islative process, the CJEU delivers its landmark judg- academic •••••• 11.45 – Exploration of the H E

Moderator Marit Hansen, Independent Cen- ment in the Costeja case, and the repercussions of organised by FWO Project on “Public and Pri- adequacy of privacy T tre for Privacy Protection Schleswig-Holstein (DE) the Snowden revelations continue to be felt. In the vate Use: An online private sphere in copyright?” protection law of states Panel Nicolas Dubois, European Commission U.S., the FTC builds on its record of privacy and data Chair Miquel Peguera, Open University of with federations: Could the (EU), Ali Jelveh, Protonet (DE), Nico Sell, Wickr security enforcement actions, the President submits an Catalonia (ES) state of California qualify (US), Marc van Lieshout, TNO (NL), Phil Zimmer- ambitious legislative agenda, and cybersecurity data Moderator Sari Depreeuw, Vrije Universiteit for adequacy status? mann, Blackphone (US) breaches rattle industry leaders in finance, retail and Brussel (BE) academic •••• policy •• healthcare. In this session, policy leaders from both Panel Maurizio Borghi, Bournemouth University organised by CPDP Until recently, only a few start-ups and niche suppli- sides of the Atlantic discuss the future of Safe Harbor, (UK) , Severine Dusollier, University of Namur/ Chair Lillie Coney, Privacy and Cyber Security ers had explored the possibility to offer IT services the Right to be Forgotten, government access, com- Sciences Po (BE/FR), Stavroula Karapapa, Expert (US) and products with privacy-by-design features as a petition, innovation and regulation. University of Reading (UK), Orla Lynskey, London Moderator Stephanie Perrin, Digital Discretion unique selling point. Fuelled by the NSA spying scan- School of Economics (UK) (CA) dal, these companies now face rapidly increasing • Hear leading policymakers discuss the most com- Panel Leonardo Cervera Navas, EDPS (EU), Lau- demand for privacy-friendly technologies. Especial- plex issues on the transatlantic data protection The dichotomy between the “public” and the “private” ra de Boel, Wilson, Sonsini, Goodrich and Ro- ly in the highly dynamic field of mobile computing, agenda. is fundamental in many fields of law, including in cop- sati (BE), Claire Gayrel, University of Namur (BE) innovative services and products such as encrypted • Learn about operationalizing the right to be for- yright. It matters whether music is listened to in the pri- instant messaging and bug-proof smartphones have gotten across different legal cultures. vacy of one’s room, among family members, or shared The panel will consider the results of a survey of the started to successfully enter the market. The panel • Explore different approaches to the balance be- with “friends” on Facebook. The absence or presence State of California’s privacy laws and mechanisms for aims to discuss the following questions: tween competition, innovation and regulation. of a “public” will qualify such act as a private (unpro- the protection of personal data of state residents to tected) use or a public (restricted) use of a protected determine if the state’s laws, policies and enforcement • Is there a business case for privacy in practice? 18.00 - Cocktail sponsored by EPIC work. This dichotomy has come under pressure in authority are sufficient to qualify California for “Ade- • What prospects do privacy companies have? the digital environment, which blurs the distinction be- quacy Status” under EU law. This is an opportunity to • What are the legal and practical boundaries? 18.15 - Award Ceremonies EPIC tween public and private spaces. Can privacy and consider the policies and laws of state governments • What role will the new EU Data Protection Regu- data protection law come to the rescue? that comprise federations, wherein states, under their lation play in promoting or hindering privacy as This panel will examine the origin, the purpose and the own legal framework may establish a level of privacy a competitive advantage? consequences of this dichotomy in copyright, privacy protection that is on a par with Europe even if the • What implications does the idea of ‘privacy as a and data protection law. It will provide critical insights federation itself does not. The panel will consider the commodity’ have? as to whether the public/private distinction has be- potential for bilateral or multilateral state agreements come obsolete in our networked world or whether the when data protection norms, values and laws are legal construction of an “online private space” is more commensurate with what EU law requires.

34 Computers, Privacy & Data Protection Data Protection on the move 35 T • How would the state of California fare under the Highlighting the need for trained people, effective Are we prepared? The panel will, in particular, consid- Following the recent CJEU landmark rulings in Digital E H process of determining “adequacy” for the pur- tools and robust rules, concrete examples requiring er the following: Rights Ireland and in Google Spain, which touched URS pose of processing data on EU citizens? DPA cooperation, as well as proper techniques and • Privacy as a competitive advantage: an enhanced directly upon the issue of how to guarantee the effec- LL A • If the state of California did apply for “Adequacy” best practices, will be presented and discussed. En- role for the DPO? tive protection of personal data, this panel will provide D what laws, policies and enforcement mechanisms hanced Data Protection Authority cooperation is at • Why appoint a DPO when he/she is not imposed a unique opportunity to hear the views of supervisory AY AT petite H are its strongest and which are its weakest? the heart of the forthcoming data protection reform by law? authorities on how they interpret and apply data pro- • What would be the economic benefits to the State package and it can undoubtedly be explored through • Data subjects’ rights in a global environment: the tection law in the context of complaints and their ap- of California and the EU in the state achieving “Ad- concrete examples. The aim of this session is to: role and challenges for global DPOs. proach to litigation. DPAs will present their perspective equacy” status? • Provide examples of DPA cooperation based on • A demanding profession: what are the minimum on procedural issues (e.g. the type of decisions and • What would be the consequences for internation- today legal framework qualification standards for DPOs to perform all the enforcement actions, sanctions, the role of the DPA al relationships between the EU and federations • Explore best practices in DPA cooperation tasks (to be) entrusted to them by the EU Data Pro- in litigation cases, cooperation with other DPAs, etc.),

should individual states be allowed to pursue Ade- • Explore the challenges of DPA cooperation tection Reform. substantial issues (e.g. interpretation and application H petite AT AY D quacy Status? • Scan the horizon for emerging problems and solu- of data protection concepts) and policy issues (e.g. se- A • Would it be fruitful to explore other consumer tions. 16.45 - COMPLAINTS HANDLING AND lectivity approach, use of powers, etc.) in the context LL URS protection legal norms and values where existing LITIGATION BY DPAS of complaints handling and litigation. In particular, the H E

laws, policies and practices in federated states 15.15 - Coffee break academic • policy •• business ••• panel will consider the following: T are on a par with EU law? organised by CRIDS and the European Data • How DPAs apply data protection law in concrete 15.30 - DPO ON THE GROUND: KEY Protection Supervisor (EDPS) cases 13.00 lunch break CHALLENGES OF THE EU RE- Chair Jan Dhont, Lorenz (BE) • The role of DPAs in interpreting the law, from com- FORM FOR PRIVACY PROFES- Moderator Diana Alonso Blas, Eurojust (EU) plaints to litigation 14.00 - COOPERATION BETWEEN SIONALS Panel Willem Debeuckelaere, Belgian Com- • Procedural, substantial and policy aspects of com- DATA PROTECTION AUTHOR- academic • policy ••• business •• mission for the Protection of Privacy (BE), Mathias plaints handling and litigation ITIES: THREATS, CHALLENGES organised by CEDPO Moulin, CNIL (FR), Udo Oelen, Dutch Data • Present and Future challenges AND OPPORTUNITIES Chair Cecilia Alvarez, CEDPO (EU) Protection Authority (NL), María Verónica Pérez policy •••• business •• Moderator Stewart Dresner, Privacy Laws and Asinari, EDPS (EU) 18.00 - Cocktail in Grande Halle organised by European Commission JRC-IPSC Business (UK) Chair Laurent Beslay, European Commission Panel Jennifer Barrett-Glasgow, Acxiom (US), (EU) Delphine Harou, EDPS (EU), Gabriela Krader, Moderator Gwendal Le Grand, CNIL (FR) Deutsche Post (DE), Leticia López-Lapuente, Panel Emmanuelle Bartoli, Allen & Overy (FR), Sanitas (SP), Philippe Renaudière, European CPDP2015 PANELS AT LA CAVE Ignacio Sanchez, European Commission (EU) Commission (EU) Max Schrems, Privacy Activist (AT), David Wright, Trilateral Research & Consulting (UK) The EU data protection reform has re-introduced a 8.45 - CYBERCRIME SOCIAL ENGI- engineering challenge award debate regarding the increasingly important role of NEERING ANALYSIS CHALLENGE The aim of this session is to explore the challenges of the DPO. Mandatory or not, there is a real need academic •• policy •• business •• Cybercrime increases rapidly all around the globe. cooperation between EU Data Protection Authorities, for organizations to have privacy professionals with organised by the TREsPASS Project Methods such as phishing, scamming and hacking both from the perspective of the authorities and from adequate skills – whether to embrace privacy as a Chair Efrain Castaneda Mogollon, Vrije Univer- are in use in very sophisticated ways. A vast majority the perspective of representative stakeholders interact- business driver and a competitive advantage or just siteit Brussel (BE) of cyber-attacks include some form of manipulation of ing with those Authorities. A growing number of data to guide businesses through their privacy compliance Moderator Sven Übelacker, TU Hamburg- people. This so-called social engineering is becoming protection issues are indeed affecting individuals in programs in view of the numerous legal and techni- Harburg (DE) an art, and scientists and policy makers from diverse multiple countries. These issues are usually multifacet- cal duties (to be) imposed by the reform, in particular, Panel Margaret Ford, Consult Hyperion (UK), backgrounds are trying to understand the mechanisms ed, technologically complex and therefore require mul- when organizations are managed on a global basis. Marianne Junger, University of Twente (NL), behind it. The TREsPASS project aims at integrating so- tiple types of expertise, strong collaboration and effec- The EU Reform definitely creates key challenges for Roeland van Zeijst, National High Tech Crime cial engineering in cyber security and privacy policy tive decision making to be appropriately addressed. current and future generations of privacy professionals. Unit, (NL), Winner of the TREsPASS social and risk management practices. As part of the project,

36 Computers, Privacy & Data Protection Data Protection on the move 37 15.30 - THE RIGHT TO BE FORGOTTEN T we hand out a social engineering challenge award. In spective, and (3) how technical solutions contribute to ers, but also for enforcement agencies.

H the challenge participants are asked to think of manip- Data Protection by Design for location privacy. – EUROPEAN AND INTERNA-

URS ulative scenarios that could be used to bypass existing • How can automated and semi-automated natural TIONAL PERSPECTIVES AVE security controls, as well as suitable countermeasures. • What can be learnt from taking a global perspec- language processing be used to interpret privacy academic •• policy •• business •• The panel will discuss the state of the art in social tive, for instance, taking into account that location policies? organised by Chuo University and Tilburg D A C

AY AT L engineering research and policy, and will include the data of people(s) in sub-Saharan Africa may en- • What implications do these technological tools University award ceremony. danger the life of both groups and individuals? have for drafting privacy policies? Chair Ronald Leenes, TILT/PI.Lab (NL) • Which threats against location privacy can be • How can these technologies help users? Moderator Anna Fielder, Privacy International • What is the state of the art in cybercrime social detected from a technical perspective and what • How might these tools be used by enforcement (UK) engineering? socio-technical strategies have been developed to agencies (e.g. large scale identification of faulty, Panel Hiroshi Miyashita, Chuo University (JP),

• Which perspectives are available to understand enable location privacy? confusing or deceptive privacy policies)? Artemi Rallo Lombarte, Jaume I University (SP), L AT AY A C

this? • How should we understand the relationship be- Marc Rotenberg, EPIC (US) D • What are the possible policy responses? tween the fundamental right to conduct a business 13.00 - Lunch AVE The Right to be Forgotten is one of the most controver-

and purpose limitation, especially where business URS

10.00 - Coffee break models thrive on re-use of location data? 14.00 - THE PRICE TO BE LEFT sial (new) rights in the proposed upcoming General H

ALONE: CAN THE MARKET YIELD Data Protection Regulation. The Google Spain ruling T 10.30 - LOCATION PRIVACY: WHAT 11.45 - CAN AUTOMATED PROCESS- PRIVACY by the CJEU (Google Spain SL, Google Inc. v Agen- PROBLEMS, WHICH SOLUTIONS? ING MAKE privacy NOTICE/ academic •• policy •• business •• cia Española de Protección de Datos, Mario Coste- academic ••• policy •• business • CHOICE MORE EFFECTIVE FOR organised by University of Washington ja González, C131/12, ECLI:EU:C:2014:317) of 13 organised by COSIC KU Leuven & USERS, businesses AND DPAs? Chair Michael Hintze, University of Washington May 2014 made clear that an RtbF in fact already LSTS, Vrije Universiteit Brussel academic •• policy •• business •• (US) exits under the Data Protection Directive 95/46/EC. Chair Claudia Diaz, KU Leuven (BE) organised by Fordham University Moderator Hanna Draper, Open Society (UK) The Court held that the processing of data which is “in- Moderator Mireille Hildebrandt, Vrije Universi- Chair Ann-Katrin Habbig, Vrije Universiteit Panel Renata Avila, World Wide Web Foun- adequate, irrelevant or excessive” (i.e. not merely inac- teit Brussel (BE) Brussel (BE) dation (GT), Stewart Room, PwC (UK), Tanguy curate) might also be incompatible with the Directive. Panel Rosa Barcelo, European Commission Moderator Joel Reidenberg, Fordham Univer- van Overstraeten, Linklaters LLC (BE), Tal Zarsky, In such cases, where the data is incompatible with (EU), Michael Herrmann, KU Leuven (BE), Linnet sity (US) University of Haifa (IL) the provisions of article 6(1)(e) to (f) of the Directive, Taylor, Oxford Internet Institute (NL), Laura Tiele- Panel Aaron Burstein, Federal Trade Commis- relating to data quality, the information and links in the mans, Vrije Universiteit Brussel (BE) sion (US), Alexander Dix, Berlin Data Protection The panel will discuss whether market forces are up to list of results must be erased by search engines. Since Commissioner (DE), Clarisse Girot, CNIL (FR), policing privacy. Recent events suggest that firms are the CJEU ruling the debates regarding the meaning People expose their whereabouts on a daily basis Cameron Russell, Fordham University (US), Florian competing on privacy and security as never before. and scope of an RtbF have taken a new turn, Google while using modern communication devices. Such Schaub, Carnegie Mellon (US) But many in and outside of academia have strong and others have taken steps to implement the judg- devices, with their positioning capabilities, persistent- reservations that the market could or should protect ment and policy makers and supervisory authorities ly and often surreptitiously, disseminate location data Online privacy policies are a pillar of the consent mod- personal and societal privacy. The panel will examine have taken further steps to clarify the right and devise to friends, services providers, and third parties (such el for the protection of individuals. Yet, website privacy how market forces interact with privacy in the U.S. practical procedures for implementing it. as law enforcement or intelligence services). In prac- notices are notoriously confusing, verbose and ineffec- and Europe. It is fair to say that there have been a variety of re- tice, users run software provided by a wide variety of tive for users. Technologists have sought to develop a sponses to the CJEU judgment. One of the factors in- parties on their mobile devices, many of which find variety of mechanisms to improve the effectiveness of • Is the market capable of producing greater priva- fluencing peoples‘ responses to the very idea of ‘a ways to gain (lawfully or unlawfully) access to the us- privacy notices as a means to convey policies to users. cy? right to be removed from search engine results’ is their er’s location data. These data may then be stored, Most recently, experiments show that automated and • If not, what conditions would have to obtain for cultural background. Another important point of dis- aggregated and sold to other entities that will use the semi-automated natural language processing may be this to become the case? cussion is the enforceability of this ‘right’. In this panel location information with unforeseeable consequences able to extract on a mass scale the meaning of terms • How, if at all, is this question different in the U.S. we explore the different perceptions of the RtbF as to the individual. This panel discusses (1) what is the from website policies and then convert those terms to and the EU? framed by the CJEU with respect to search engines problem with location data, (2) how location privacy understandable information in a meaningful way for in the US, Europe and Asia. The panel will address can be protected from a legal and a technical per- users. These experiments hold promise not just for us- 15.15 - Coffee break topics such as:

38 Computers, Privacy & Data Protection Data Protection on the move 39 T • What are the dominant opinions about the right could not be traced. A whole new market of commer- tions, however, introduce novel challenges and exac- (US), Nishant Shah, Leuphana Universität Lüne-

H as clarified by the CJEU in different regions around cial opportunities and solutions has seen the light, serv- erbate old issues in dealing with data protection and burg (DE)

URS the globe? ing the needs of the privacy-sensitive. The demand ex- privacy. Regulations or guidelines for non-governmen- • How does the RtbF relate to other rights, such as ists, is persistent and growing. It drives innovation and tal actors operating in this space tend to be lacking or The non-consensual disclosure of sexually explicit im- ARTS ES freedom of expression and freedom of information the development of new products, technologies, ser- out-dated, if they exist at all. Additional complexities ages, referred to by some as ‘revenge pornography’, D

AY AT L in different regions? vices and approaches. Entrepreneurs are seizing the emerge in the effort to balance the challenges of instill- raises a number of legal and policy issues. There • Who decides what to take down and under what opportunity, marketers are developing the market, and ing responsible data protection and privacy measures have been recent initiatives to criminalise ‘revenge criteria? researchers are trying to find the next breakthrough. without undermining or needlessly stifling the positive pornography’ in various countries, including the US, • How we can ensure a transparent and accounta- There is no way back. But what’s next? How mature contributions of NGOs in this space. This Panel will Australia, Brazil, to name a few. There is also a Bill ble deletion mechanism? is this market? How to determine fab from fad? Many seek to address some of the challenges in this do- going through Parliament in the UK, which aims to • How we can streamline the RtbF in different juris- claimed solutions are not always what they pretend main including identifying applicable privacy issues, criminalise ‘revenge-pornography’. Whilst it is clear A C dictions offered by the same global service? to be, with and without prejudice. As investments are outlining concrete measures for establishing sound that non-consensual disclosure of sexual images can rolling in, how to ensure that the right approaches can information systems and instituting operational practic- cause distress and harassment to the victims, there D MAISON AT AY D AVE 16.45 - HOW PRIVACY INNOVATORS be protected against the hoaxes? es that address organizational objectives while also are diverging views on the proportionality of a crim-

ARE TRYING TO SEIZE THE The panel will address some of the typical, and spe- proactively ensuring responsible data stewardship as inal offence and its impact on a wider range of free URS

BUSINESS OPPORTUNITY OF cific, challenges privacy innovators – companies such it pertains to particularly vulnerable populations. In expression. Critics argue that civil remedies might H T PERSONAL DATA PROTECTION as Blackphone and Silent Circle, QiY, Sedicii and Intel particular, the panel will: offer a better solution. The role of content providers, policy • business ••••• – face in their day-to-day development. The panel will search engines and social networking sites in ad- organised by LSEC and the IPACSO project consider in particular: • Further the discourse on data protection and hu- dressing the issue also feature in the wider debate. Chair Bart Renard, Vasco Data Security (BE) man trafficking The panel aims to explore the various legal, poli- Moderator Ulrich Seldelslachts, LSEC (BE) • Business innovations, products and solutions in- • Discuss best practices in approaching research in cy and practical implications of regulating so called Panel Paula Bruening, Intel (US), Rob Leslie, spired by privacy line with ethical and data protection requirements ‘revenge pornography’. In particular, the panel will Sedicii (IE), Marcel van Galen, QiY (NL), Toby • Innovators’ drivers, challenges and best practices • Identify applicable privacy issues. consider the following: Weir-Jones, Blackphone (US) • Privacy business drivers • Outline best practice measures including con- • The future prospects for innovating for privacy and crete measures for establishing sound information • What is ‘revenge pornography’? In the course of 2014, many innovative products went data protection systems, and instituting operational practices that • What privacy issues does it raise? mainstream – from new types of internet firewalls to address organization objectives while also proac- • What is the relationship between consent and special pouches ensuring your cell phone or GPS 18.00 - Cocktail at Grande Halle tively ensuring responsible data stewardship as it revenge pornography? pertains to particularly vulnerable populations. • Which regulatory approaches are available and what are their implications? 10.00 - Coffee break 11.45 - WHEN PORN AND PRIVACY CPDP2015 PANELS AT maison des arts 10.30 - REVENGE PORNOGRAPHY: COLLIDE – WHO’S TRACKING LEGAL AND POLICY ISSUES YOUR DIRTY LITTLE SECRET? academic ••• policy ••• academic •••• policy •• 8.45 - UNDERSTANDING THE DATA teit Brussel (BE) organised by CPDP & University of Strath- organised by University of Luxembourg and PROTECTION AND PRIVACY Panel Felicity Gerry, 36 Bedford Row (UK), clyde University of Münster ISSUES SURROUNDING HUMAN Baerbel Heide Uhl, datACT (DE), Jennifer Kimball, Chair Abhilash Nair, University of Strathclyde Chair Franziska Boehm, University of Münster TRAFFICKING Polaris Project (US), Ryszard Piotrowicz, Aberyst- (UK) (DE) academic ••• business ••• wyth University (UK) Moderator Lawrence Siry, University of Moderator Mark Cole, University of Luxem- organised by CPDP Luxemburg (LU) bourg (LU) Chair Courtney Bowman, Palantir Technologies Increasingly, civil society and academics focused on Panel Christina Gagnier, Gagnier Margossian Panel Julia Hörnle, Queen Mary University (US) anti-human trafficking issues are turning to “big data” (US), Laura Higgins, UK Safer Internet Centre of London (UK), Abhilash Nair, University of Moderator Julia Muraszkiewicz, Vrije Universi- analytics to support their efforts. These data applica- (UK), Holly Jacobs, Cyber Civil Rights Initiative Strathclyde (UK), Lawrence Siry, University of

40 Computers, Privacy & Data Protection Data Protection on the move 41 T

H Luxembourg (LU), Aurelien Savart, Flex Multime- Everyone has the right to privacy and to the protec- Specific Formal System Model by Anthony Oblivion to the Right of Reply by José M. del Ála-

URS dia entertainment (LU) and Pierre de la Celle, tion of personal data concerning him… or her. But Morton mo and Yod Samuel Martín García E Flex Multimedia Entertainment (LU) do women have the same chances of enjoying these • The ‘Silver Bullet’ of Interoperability by Marijn D

rights as men? Or are female nude pictures more like- 16.45 - ACADEMIC SESSIONS Hoijtink and Matthias Leese A LL AY AT MAISON D

The panel focuses on the relationship between the ly to be the object of hacking attacks and unsolicited academic •• policy •• business •• • Could CE Marking Be Relevant to Enforce Pri- H regulation of pornography, including child pornogra- over-exposure? And what happens when public dis- organised by CPDP vacy by Design in the Internet of Things? by Eric E D phy and privacy. It intends to shed light on how the course, in those cases, blames the women affected? Chair Ronald Leenes, Tilburg University (NL) Lachaud regulation of pornography (and sometimes child por- In a(n online) world predominantly designed and run • The GDPR and the Future of a European Privacy nography) is used to “censor” content on the Internet. by men, where automated profiling on the basis of • Data Protection in the Deep Web: Diving With Seal by Rowena Rodrigues, David Barnard-Willis, We will first speak about the difference between the gender is often presented as not interfering with any the Right to Be Forgotten Household Exemption Paul de Hert and Vagelis Papakonstantinou G RAN

search for perpetrators of child pornography on the fundamental rights, and where feminists are regularly by Napoleon Xanthoulis AT Internet and the legal use of regular pornography. (more or less violently) threatened, has time come to • Forget About Being Forgotten: From the Right to 18.00 - Cocktail in Grande Halle AY ES ARTS Whereby the search for perpetrators of child pornog- make sure women can take back their privacy, offline D raphy may even be deterred by privacy concerns (we and online? This panel considers, in particular, the RI

will refer to a German example), the use of regular following questions: F pornography becomes increasingly regulated and this regulation also impacts Article 8 ECHR/CFR. • What are the challenges to ensuring women’s For the latter case we will refer to the UK example rights to privacy and personal data protection? and discuss how recent British opt-in content policies • What about girls and young girls? effect individual rights. We will also take a look at • How to empower women in the defence of their Friday 23 January 2015 the technical side of identifying and tracking users of rights? pornography. In particular, the panel will consider: • How to further strengthen their role in relevant de- CPDP2015 PANELS AT GRANDE HALLE cision-making? • The regulation of pornography in Europe • The relationship between privacy and pornogra- 15.15 - Coffee break 8.45 - STAYING AHEAD OF THE tions cannot just be reactive but need to proactive- phy WAVE: FROM CYBER SECURITY ly manage their cyber risks so that they can both • The UK opt-in policy and Article 8 ECHR/CFR 15.30 - ACADEMIC SESSIONS TO CYBER RESILIENCE respond and recover from a security incident. This • The identifiability of customers of pornography academic •• policy •• business •• academic •• policy •• business •• panel will consider how organizations can embrace organised by CPDP organised by CPDP cyber risk management not as a necessary evil, but 13.00 - Lunch Chair Laurent Beslay, European Commission (EU) Chair Erik Luysterborg, Deloitte (BE) as a positive and an integral component of strate- Moderator Jeanette Fitzgerald, Epsilon (US) gic planning that supports the achievement of their 14.00 - FEMINIst perspectives • Transborder Biometric Information Flows: Legal Panel Laurent Bernat, OECD (INT), Lillie Coney, core mission and strategic objectives. Cyber secu- on privacy and data Challenges by Vanessa Díaz Privacy and Cyber Security Expert (US), Dou- rity threats, as well as initiatives to prepare for such protection • Metadata, Traffic Data, Communications Data, we Korff, London Metropolitan University (UK), threats, will also be discussed. In particular, the pan- academic ••• policy ••• Service Use Information... What is the Differ- Maarten Stassen, European Privacy Academy el will consider: organised by CPDP ence? Does the Difference Matter? An Interdisci- (BE) Chair Gloria González Fuster, Vrije Universiteit plinary View From the UK by Sophie Stalla-Bour- • Current cyber threats and challenges Brussel (BE) dillon The rapid pace of change in technology has provid- • How both private and public sector address Moderator Anne Roth, NSA Inquiry Commit- • On Location Privacy in the Absence of Anony- ed huge opportunities for organizations to develop these challenges tee of the German Bundestag (DE) mous Payments by Tilman Frosch, Sven Schäge, new models, services and products. But while the • How organizations create resiliency by identify- Panel Nighat Dad, Digital Rights Foundation Martin Goll and Thorsten Holz digital revolution has evolved the way they operate, ing threats and prepare to respond in advance (PK), Nicole Dewandre, European Commission • “I See the Solution to Each Problem as Being De- it has also created a sophisticated and complex set • How privacy and (cyber) security matters are (EU), Heather Morgan, University of Aberdeen tectable in the Pattern and Web of the Whole”: of security issues. With security and privacy breach- closely linked (UK), Valerie Steeves, University of Ottawa (CA) Privacy Failure as System Failures - A Privacy- es on the rise, it has become clear that organiza-

42 Computers, Privacy & Data Protection Data Protection on the move 43 F 10.00 - Coffee break 11.45 - LAW ENFORCEMENT AND Privacy Researcher (FR) Panel Caspar Bowden, Independent Privacy RI INTERNET JURISDICTION Panel Joanna Cavan, Interception of Commu- Researcher (FR), Tim Edgar, Brown University E D 10.30 - ‘WE GIVE UP – PLEASE FIX academic •• policy •• business •• nications Commissioner’s Office U( K), Ahmed (US), Chris Hopfensperger, BSA/The Software AY AT G

THE INTERWEBZ’ – Privacy, organised by CPDP Ghappour, UC Hastings (US), Eleni Kosta, Alliance (US), Florence Reynal, CNIL (FR), Peter A LL

predictability and ‘pre- Chair Paul De Hert, Vrije Universiteit Brussel Tilburg University (NL), Anne Roth, NSA Inquiry Swire, Georgia Tech. (US) H scribed by law’ after the (BE) Committee of the German Bundestag (DE) E D CJEU Google/spain and UPC Moderator Cristos Velasco, ProtDataMx (MX) It has been over a year since the Snowden revela- telekabel cases Panel Julia Hörnle, Queen Mary University of Any reforms expected as a result of the Snowden tions and the PRISM scandal. The repercussions of RAN academic • policy ••• business •• London (UK), Cornelia Kutterer, Microsoft (BE), revelations have so far not materialised on either side this continue to be felt on both sides of the Atlantic. organised by CPDP Dan Svantesson, Bond University (AU), of the Atlantic. The “USA Freedom” bill failed in the The revelations have opened up considerable de- G RAN

D Chair

Joe McNamee, EDRi (BE) Anna-Maria Osula, NATO (INT) US, the UK and France have legislated to extend bate on both the function of intelligence agencies AT E H Moderator Ben Wagner, Centre for Internet surveillance powers, and a Parliamentary inquiry and as to the relationship between the US and the and Human Rights (DE) The application of contemporary approaches of ju- in Germany was spied on by the CIA. The Art.29 EU. One element of these discussions is how US intel- AY D A Panel Anna Buchta, EDPS (EU), Gwendal Le risdiction to the online environment has so far been Working Party have failed to take any enforcement ligence agencies should behave toward third country RI LL

Grand, CNIL (FR), Paul Nemitz, European Com- a rather unhappy saga, marked by controversy and action, declined the job of arbitrating special access nationals. In the EU, concern has naturally been fo- F E mission (EU), Katarzyna Szymielewicz, Panop- failures. This is unsurprising given the stark contrast to data by foreign intelligence agencies, abandoned cused on how they should behave towards EU citi- tykon (PL), James Leaton-Grey, BBC (UK) between the Internet’s relatively borderless nature their 10-year legal strategy to control surveillance of zens. In response to these debates, there have been and the territorial focus of most jurisdictional rules. exported EU data, and ignore the problem of the a number of political proclamations and quasi-legis- The panel will discuss the social and political con- Currently, more attention is given to this topic than “exceptionally exceptionalist “ discriminations in US lative responses and a number of US government an- sequences of the CJEU Google Spain and UPC ever before, and this session will consider in par- law in favour of US citizens. In the aftermath of the nouncements are currently scheduled. This panel will Telekabel decisions and their implementation across ticular: terrible attack on freedom of expression in Paris, gov- discuss the current state of affairs and will consider Europe by internet companies. In the former case, ernments have immediately proposed an intensifica- the following questions: search engines can be obliged to amend search • What is jurisdiction in today’s society? tion of surveillance, and perhaps curtailing individual results that are produced on the basis of a name • What does jurisdiction mean when news spreads freedom to use encryption. This panel will explore: • Over the last year, what shape has the political and are out of date, in order to comply with data globally at the very moment of posting and com- and legal response to these revelations taken? protection obligations – the initial decision on how to panies are located worldwide? • The fundamental legal requirements for surveil- • Is this response adequate, if not, what is missing? restrict information lies with the search engine. In the • Why would states collaborate via mutual legal lance to be justifiable • How has it shaped relations between the US and latter case, Internet access providers can have block- assistance if they can get, or try to get, the data • How oversight is presently conducted in the UK the EU? ing or filtering obligations imposed on them, with the they are looking for not from companies abroad and its limitations • How has it practically impacted the behavior of (privacy invasive?) tool to impose this restriction be- but from their subsidiaries at home – where the • Progress of the inquiry and prospects for future intelligence agencies? ing chosen in the first instance by the Internet access law enforcement agency is based? reform in Germany • Where does intelligence reform go from here? provider. Do safeguards exist that ensure balanced • How should corporations organize themselves • US Constitutional considerations for arriving at implementation of both of these rulings? If not, how when they are faced with such requests? any settlement with the United States 16.45 - CONCLUDING NOTES can these be created? Speakers will come from EU by Giovanni Buttarelli institutions, industry and civil society. In particular, the 13.00 - Lunch 15.15 - Coffee break panel will consider: 17.00 - Cocktail sponsored by Brussels Privacy 14.00 - SURVEILLANCE AND 15.30 - REVIEWING INTELLIGENCE Hub • The implications of the CJEU Google-Spain case INTELLIGENCE AGENCIES – SERVICES, DATA COLLECTION • Privacy and Free expression in Europe AFTER SNOWDEN, AND AFTER AND EU/US RELATIONS • The overlooked CJEU UPC Telekabel decision CHARLIE academic •• policy •• business •• • Safeguards, processes and mechanisms to pro- academic •• policy •••• organised by CPDP tect human rights online organised by CPDP and University of Passau Chair Jacob Kohnstamm, Article 29 Working Chair Gerrit Hornung, University of Passau (DE) Party (EU) Moderator Caspar Bowden, Independent Moderator Giovanni Buttarelli, EDPS (EU)

44 Computers, Privacy & Data Protection Data Protection on the move 45 CPDP2015 PANELS AT PETITE HALLE 13.15 - Lunch 15.30 - CROSS-BORDER FLOW OF

F PERSONAL INFORMATION FOR E RI 14.00 - SMART PHONES AND LAW FINANCIAL SERVICES LL D 8.00 - DPA MEETING IRISS BREAKFAST 11.45 - JUDICIAL ACTIVISM IN THE ENFORCEMENT academic •• policy •• business •• A AY AT PETITE H MEETING BY INVITATION ONLY FIELD OF DATA PROTECTION academic •• policy •• business •• organised by Korea University organised by IRISS LAW: A THREAT TO THE organised by CPDP Chair Erik Valgaeren, Stibbe (BE) EUROPEAN REGULATOR? Chair Mario Oetheimer, FRA (EU) Moderator Hee-Eun Kim, Samsung Electronics 10.00 - Coffee break academic •• policy •• business •• Moderator Tobias Bräutigam, Microsoft (FI) (KR) organised by Maastricht University Panel Diana Alonso Blas, Eurojust (EU), Els De Panel Nohyoung Park, Korea University (KR), 10.30 - WHO BEST WATCHES THE Chair Bruno de Witte, Maastricht University (NL) Busser, Max Planck Institute (DE), Daniel Drewer, Dervish Tayyip, Microsoft (US), Jan-Willem Verhei- WATCHERS? Moderator Orla Lynksey, London School of Europol (EU), Michael Olmsted, US Mission to jden, European Commission (EU), Steve Wood, academic •• policy •• business •• Economics (UK) the EU (BE) Information Commissioner’s Office U( K) H PETITE AT AY A organised by CPDP Panel Maja Brkan, Maastricht University (NL), D LL Chair Diane Whitehouse, The Castlegate Con- Johannes Eichenhofer, University of Bielefeld Smartphones are used to manage many aspects Cross-border flows of personal data are vital to the RI E

sultancy (UK) (DE), Gloria González Fuster, Vrije Universiteit of life – both work and private. Accordingly, smart- financial services sector. However, the added conven- F Moderator Jay Stanley, ACLU (US) Brussel (BE), Marko Ilešic, Court of Justice of the phones contain large amounts of personal infor- ience and efficiency resulting from global data flows Panel Emma Carr, Big Brother Watch (UK), European Union (EU), Giovanni Sartor, European mation – address book, e-mails, facebook profile also increases the risk to individuals’ privacy. Protec- Bryan Cunningham, Cunningham Levy (US), Nils University Institute (IT) etc. The data stored on smartphones makes them tion of privacy and of the confidentiality of personal Leopold, Bundestag (DE), Nico van Eijk, Universi- much more useful for law enforcement than ordinary and commercial data in an international context has ty of Amsterdam (NL) The panel will address the question as to how much phones. Additionally, the user is often unaware of the become inextricably linked with other important glob- the European courts actively shape the content of the amount of personal data that is accessible through al issues, such as human rights, security, and trade. This panel will discuss the structure, institutions, pro- fundamental right to data protection. In the light of their smartphone. Recently, the Korea-EU FTA and Korea-US FTA includ- cesses, and effectiveness of parliamentary oversight brisk development of information technologies and Recent court cases – such as Riley v. California – have ed very important provisions for financial services. Al- of intelligence and national security activities in Ger- the inability of the existing and proposed legislation drawn out this tension and have reached novel conclu- though the Korean government regulated for transfer of many, the Netherlands, the UK, and the United States, to quickly adapt to these changes, the courts seem sions as to what a smartphone is, and therefore, what financial data, including personal data, from Korean using the US system as a baseline. The panellists will to take an increasingly proactive role in this field, for a fair balance between privacy and law enforcement territory in 2013, the application of the regulation is briefly describe the institutions, evolution, and overall example, by creating new fundamental rights, such as interests should look like as far as smartphone search- not clear for the business sector. This panel will discuss effectiveness of these several different systems, com- the right to be forgotten (CJEU: Google Spain case) or es are concerned. this issue from the viewpoint of the EU and Korea, and paring and contrasting them with recent events as the the right to Internet access (German Supreme Court: The panel will consider the following issues: make policy recommendations. In particular, the panel backdrop, including revelations about National Secu- Decision No. III ZR 98/12). However, can such judi- will consider: rity Agency surveillance activities, and those of their cial activism be legally justified and is it desirable from • When and why do law enforcement authorities European counterparts. Key points to be discussed a policy perspective? The panel will thus address the seek access to smartphones? • How to manage the risk of cross-border data flows include: question as to whether the courts are, in their (over) • What is the current legal framework regulating in financial services zealous attempts to enhance data protection, actually access? • How to comply with the financial data flow provi- • The parliamentary institutions that conduct the overstepping their judicial competence and encroach- • Is this framework adequate? sions in international agreements oversight of intelligence and security activities; ing upon those that are traditionally vested in the legis- • If not, what needs to change? • How the users of financial services should be pro- • The extent to which such institutions and oversight lator. In particular, the panel will consider: tected in their financial transactions actions are independent of the executive authori- 15.15 - Coffee break • What the most desirable model dealing with ties directing intelligence and security activities; • Judicial activism in data protection law cross-border data flows is • The effectiveness of such oversight in recent • The fundamental right to data protection years, and particularly in response to recent sur- • The separation of powers between legislative and 17.00 - Cocktail in Grande Halle veillance revelations; judicial branches • Any complimentary executive or judicial oversight • The interplay between the Court of Justice of the mechanisms. European Union and national courts

46 Computers, Privacy & Data Protection Data Protection on the move 47 CPDP2015 PANELS AT LA CAVE 11.45 - DO-IT-YOURSELF PRIVACY 14.00 - CITIZENS’ ATTITUDES TO PROTECTION: EMPOWERMENT PRIVACY, SURVEILLANCE AND F

RI OR BURDEN? SECURITY (1) 8.45 - DRONES AT THE MARGINS: 10.30 - ONLINE PRIVACY VERSUS academic ••• policy •• business • academic ••• policy ••• D AVE

AY AT L RPAS APPLICATIONS FOR FREEDOM OF SPEECH: organised by Forum Privacy and Self-Deter- organised by the PRISMS and SurPRISE COMMUNITY AND CITIZEN-LED BALANCING RIGHTS IN THE mined Life in the Digital World Projects

APPLICATIONS EUROPEAN CONTEXT Chair Michael Friedewald, Fraunhofer ISI (DE) Chair Rocco Bellanova, Peace Research Institute A C academic •• policy •• business •• academic ••• policy ••• Moderator Shara Monteleone, University Oslo (NO) organised by European Commission JRC-IPSC organised by Vrije Universiteit Amsterdam (NL) Groningen (NL) Moderator Jacob Skjødt Nielsen, Danish Chair Philip Boucher, European Commission Chair Arno Lodder, SOLV Advocaten (NL) Panel Seda Gürses, New York University (US), Board of Technology (DK) A C (EU) Moderator Tijmen Wisman, Vrije Universiteit Paul C. Johannes, University Kassel (DE), Tobias Panel Jim Dratwa, EGE (BE), Sara Degli Esposti,

Moderator Kristin Bergtora Sandvik, Peace Amsterdam (NL) Matzner, University Tübingen (DE), Kostas Ros- ISMS Forum (ES), Michael Friedewald, Fraunhofer L AT AY AVE Research Institute Oslo (NO) Panel Magdalena Jozwiak, Vrije Universiteit soglou, BEUC (BE) ISI (DE), Sarah St. Vincent, CDT (US) D

Panel Kathleen Bartzen Culver, University of Amsterdam (NL), Argyro Karanasiou, Bourne- RI

Wisconsin-Madison (US), Austin Choi-Fitzpatrick, mouth University (UK), Marco Pancini, Google Citizens’ privacy is increasingly challenged not only Citizens are ever more confronted with ubiquitous F Central European University (HU), Apostolos (BE), Bart van der Sloot, University of Amsterdam by intelligence services but also by law enforcement surveillance practices. Both in physical and in virtual Malatras, European Commission (EU), Serge (NL) agencies, companies and even fellow citizens. Due space, behaviour does not go unnoticed. Two recent Wich, Liverpool John Moores University (UK) to the obvious problems with enforcing the current FP7 projects, PRISMS (Privacy and Security Mirrors) The right to privacy has gained momentum. Different legal framework, it has been suggested by actors and SurPRISE (Surveillance, Privacy and Security) Remotely piloted aviation systems (RPAS/‘drones’) are studies show that people do care about their online ranging from activists to governments that ordinary have surveyed how citizens perceive these practic- aerial vehicles that fly without an on-board pilot, as privacy. But what if one person claims a right to free citizens should be enabled to protect their privacy es. PRISMS has used the survey to study whether the well as their wider support systems. Perhaps the most speech, and another wants respect for her privacy? themselves. Numerous tools for “do-it-yourself privacy oft-mentioned trade-off hypothesis is present in how established RPAS applications are for military purpos- With a growing number of Internet users and the par- protection” have been developed over the last 20 citizens assess security situations. SurPRISE has held es, but many applications exist for civil purposes (en- ticularities of online speech, values inherent in the fun- years that are, however, hardly used. Factors behind a number of citizens’ summits to discuss these issues vironment, security, emergency response, surveillance, damental right to privacy seem to be particularly vul- this failure story include technical, economic, political, with citizens directly. The panel aims to address the and recreation). These technologies are (largely) ready nerable. Europe, where privacy is rooted in the notion and last but not least social. This panel will discuss the following questions raised by the projects: for market, but regulatory barriers remain. of dignity, became the norm entrepreneur in this re- value and shortcomings of the do-it-yourself privacy Some privacy and data protection implications of spect. Both on the legislative and judicial levels, there protection approach and ask what role it can play • What can be learned from the ethics of surveil- RPAS for state and commercial actors have been is an ongoing trend towards enhancing the protection in a networked and globalised world where power- lance technologies? identified. However, less attention has been paid to of privacy, reputation and other personality rights in ful opponents have a vested interest in fewer privacy • Is there grounds for the trade-off hypothesis? non-institutional or ‘marginal’ users, such as grassroots the online environment. However, such a trend does safeguards. In particular, the panel will consider: • How do people perceive security and privacy is- communities, development contexts, and citizen-led not come without an impact on the right of online free- sues in various contexts? activities. These operators may face different challeng- dom of speech. The panel will look closer at different • Who should be responsible for privacy protec- • What lessons can be learned from the inclusion of es, such as not fully understanding their privacy and aspects of balancing privacy and freedom of speech tion? the public? data protection responsibilities, or not having sufficient online. The following key points will be addressed in • What would be the negative effects of effective resources to meet them effectively. The aim of this ses- this panel: and widely used do-it-yourself privacy protection, 15.15 - Coffee break sion is to explore: if any? • Examples of marginal RPAS applications; differ- • Online applicability of ECtHR balancing criteria • Is do-it-yourself privacy protection feasible in an 15.30 - CITIZENS’ ATTITUDES TO ences with state and commercial uses. for privacy and freedom of speech increasingly globalized and interconnected Inter- PRIVACY, SURVEILLANCE AND • The privacy and data protection aspects of these • Private actors entrusted with the responsibility of bal- net (of things and services) and in the face of Big SECURITY (2) applications. ancing data? academic ••• policy ••• • The emerging problems and potential solutions. • Big data, freedom of speech and privacy organised by the PRISMS and SurPRISE • Implications of the future General Data Protection 13.00 - Lunch Projects 10.00 - Coffee break Regulation on the balancing of rights Chair Johann Cas, Austrian Academy of

48 Computers, Privacy & Data Protection Data Protection on the move 49 Sciences (AT) to decision-making that fully take privacy into account, 10.30 - GOVERNING CREDIT practices of the past, neighbourhood watch schemes Moderator Marc van Lieshout, TNO (NL) and that should help including privacy constraints in SCORING: DATA PROTECTION, take place and are implemented in contemporary de- F

RI Panel David Barnard-Wills, Trilateral Research the process, will be presented and actively discussed. ALGORITHMS & SURVEILLANCE mocracies. Whether or not these practices are legally & Consulting (UK), Lilian Mitrou, University of The audience will be involved in an interactive manner academic •• policy •• business •• and/or politically legitimised, they are widely socially D

AY AT L organised by

the Aegean (GR), Jacob Skjødt Nielsen, Danish in decision-making on the spot. The panel will con- IRISS Project accepted as they respond to public order and safe- ARTS ES Board of Technology (DK), Daniel Trottier, Eras- sider: Chair Rocco Bellanova, Peace Research Institute ty concerns. This panel focuses on neighbourhood mus University Rotterdam (NL) Oslo (NO) watch as a surveillance practice implying care and • How to organise the real involvement of citizens in Moderator Kristie Ball, Open University (UK) control of citizens within communities. In particular, the The emergence of ubiquitous surveillance, and the decision support for security–privacy issues Panel Julia Horwitz, EPIC (US), Agniezka following questions will be addressed: manifold manner in which individuals’ data is cap- • How to integrate awareness for privacy in security Marzec, BiK (PL), Keith Spiller, Open University A C tured, monitored and used for surveillance and se- decisions (UK), Hågen Thomas Ljøgodt, Datatilsynet (NO) • What are the reasons for establishing neighbour- curity measures of different kinds, enhance the need • The role of integrative and interactive Decision hood watch schemes? AVE for balanced decision making. This balanced deci- Support Systems in policy making Credit scoring of individuals is a rather overlooked top- • Which benefits and risks derive from the deploy- D MAISON AT AY

sion-making should capture the interests of all involved • What lessons can be learned from the inclusion of ic in Europe, both at political and academic level. Yet, ment of neighbourhood watch practices (for both D

parties and should pay special attention to privacy the public credit-scoring practices are in use across the EU, and the watcher and the watched)? RI F needs. The oft-cited trade-off model presumes people are an important field where data protection, algorith- • What role should the state and the police have are willing to trade privacy for security. Empirically, this 17.00 - Cocktail in Grande Halle mic surveillance and economics meet. This panel aims in the implementation of neighbourhood watch has been proven wrong. This implies that due respect at fostering a conversation with important and diverse schemes? should be paid to privacy concerns in decision mak- 22.00 - Privacy party with Data Concert players in the field. It also considers a cross-country • How can democracy be increased in the face of ing about security measures. In this panel, approaches comparison at European and transatlantic level. Key this surveillance practice? questions to be discussed include: 13.00 - Lunch CPDP2015 PANELS AT maison des arts • What are the main practices and the main purpos- es of credit scoring in Europe and in the US? 14.00 - PRIVACY IN COMPUTER • What are the most relevant legal frameworks that SCIENCE EDUCATION 8.45 - ASSESSING THE SOCIETAL projects have sought to facilitate the harmonization of govern credit scoring? academic ••• policy •• business • IMPACT OF AUTOMATED ABC in the European Union and have provided an • What are the key controversies surrounding credit organised by University of Ulm BORDER CONTROL GATES opportunity for the societal impacts of factors such as scoring? Chair Frank Kargl, University of Ulm (DE) academic • policy ••• business •• biometric technologies and automated processing to Moderator Jaap-Henk Hoepman, Radboud organised by ABC4EU project be assessed. Panelists will discuss questions related to 11.45 - NEIGHBORHOOD WATCH: University Nijmegen (NL) Chair Ann-Charlotte Nygård, European Union the assessment of desirability, acceptability, ethics and TOWARDS SECURITY SELF-MAN- Panel Claudia Diaz, KU Leuven (BE), Claudia Agency for Fundamental Rights (EU) privacy, and the way in which societal concerns can AGEMENT OF INTERPERSONAL Roda, American University Paris (FR), Raj Samani, Moderator Sadhbh McCarthy, Centre for Irish be incorporated into the technological development AND COMMUNITY RELATIONS McAfee (UK), Carmela Troncoso, GRADIANT and European Security (IE) and implementation of ABC projects. Issues to be ad- academic •• policy •• business •• (ES) Panel Gemma Galdon Clavell, Eticas Research dressed include: organised by IRISS Project & Consulting (ES), Peter Graham, IBM (UK), Chair Chiara Fonio, UCSC (IT) Privacy plays a more important role in new computer Mark Maguire, National University of Ireland • The societal impact of automated border control Moderator Reinhard Kreissl, IRKS (AT) science and information systems curricula as reflected, Maynooth (IE), Anne-Marie Oostveen, Oxford harmonization in the EU Panel Joachim Kersten, German Police Univer- e.g., in the ACM/IEEE CS curriculum 2013. Still, the Internet Institute (UK), Irma van der Ploeg, Maas- • The specific solutions to incorporate societal con- sity (DE), James Maddan, UK Neighbourhood topic is often scattered between being presented as tricht University (NL) cerns into technological design and decisions Watch (UK), Alexander Neumann, IRKS (AT) a pure policy/civil rights topic (being treated non-tech- • Methodologies useful in the assessment of the so- nically), an HCI topic, or being part of a security This panel brings together diverse perspectives on the cietal impact of data-intensive technologies ‘If you suspect it, report it’, asserted the London Met- course (where it is often neglected in favor of core role of societal impact assessment in the design of au- ropolitan Police in one of its campaigns in 2008. Al- security aspects). In this panel we will discuss different tomated border control (ABC) systems. Recent research 10.00 - Coffee break though such patrolling may remind us of the totalitarian approaches to privacy in CS education and how to

50 Computers, Privacy & Data Protection Data Protection on the move 51 make it a first-class citizen. In essence, how to allow University of Namur (BE) from individuals’ biological samples. However, with However, there remain a number of unanswered le- F AR

RI an integrated treatment of policy, organizational and this scientific advance, the practical uses to which gal and ethical questions. The aim of this panel is LL D technical approaches so that students can learn that Since the 1990s, a new constraint has been included insights from genetics can be put also increase. For to take a snapshot of the state-of-the-art in the use, E AY AT MAISON D good privacy comes from understanding policy and in European Research & Development projects. We example, conclusions drawn as to significant genetic and the problems, associated with genetic data. The the implications of absent privacy, knowing how to refer here to the need to address the ethical, legal and differences between groups may be used to support panel will consider the following questions: analyze privacy issues in IT systems (e.g., through PIAs) social issues raised by technological innovation and political agendas. Further, information sequenced and applying the right tools (like minimization or attrib- scientific research. This is of course the case for surveil- from a single individual’s genetic sample – genetic • What can genetic data tell us, and in what con- C ARTS ES ute-based credentials) to build truly privacy-preserving lance and security technologies projects. Academic data – may be used to form judgments relevant to, texts are these insights useful? systems. In particular, the panel will address: researchers are involved in these projects in order to for example, insurance or employment. In fact, there • What are the limitations to the use of genetic examine their ethical, legal and social implications. are serious concerns about the potential abuse of data? • The role of privacy in computer science education On the one hand, given that compliance with ethical genetic information (racial discrimination, denial of • Are there adequate legal frameworks in place

ES ARTS • Approaches to reflect privacy holistically in the cur- rules in European security projects is becoming a le- services based on genetic predispositions, disclosure – how suitable are traditional data protection ap- riculum gal obligation, there is a need to clearly define the of intimate familial relationships, e.g. paternity etc.). proaches, for example? • The quality of current curriculum proposals limits of the responsibility of legal researchers. On the It follows from all these elements that collection and • Which social and ethical problems arise? • Strategies for enhancements other, the mandate of ethical researchers consists of use of genetic data should be carefully considered. • How might these problems be resolved? D MAISON AT AY D

assessing the “social acceptability” of the developed RI F 15.15 - Coffee break technologies. That concept also needs to be clearly defined. The panel will consider: 15.30 - ETHICS OF THE SECURITY RESEARCHER • The scope of obligations laid out for European Re- academic •• policy •• business •• search & Development projects. organised by P5 and IPATCH projects • Ethical, legal and social issues raised by techno- Chair Bart Tommelein, State Secretary for the logical innovation and scientific research. Fight against Social Fraud, Privacy and North • The responsibility of legal and ethical researchers Sea (BE) in European security projects CPDP2015 Side Events Moderator Jean-Marc Van Gyseghem, Univer- • The definition of the concept of “social accepta- sity of Namur (BE) bility” of new technologies. WIFI HACKING DEMO Panel Andrew A. Adams, Meiji University (JP), Frank Dumortier, University of Namur (BE), James 17.00 - Cocktail in Grande Halle Ferryman, University of Reading (UK), Alain Loute, PRIVACY AND SECURITY AWARENESS POWERED BY DELOITTE

Are you aware how much information your mobile device is communicating about you? Do you want to under- CPDP2015 PANELS AT maison des arts CELLAR stand how this information can be used against you (e.g. for social engineering)? A Deloitte security expert will be giving real-life demonstrations on this matter during the lunch breaks on Wednes- day 21 and Thursday 22 at the Deloitte booth in the main exhibition hall. He will give clear guidance on what 10.30 - THE PROMISES AND PITFALLS Antoinette Rouvroy, University of Namur (BE), you can do to better protect yourself against malicious use of your personal data. OF GENETIC DATA Ruth Stirton, University of Sheffield U( K) FINIshes at 12.00 PLEASE NOTE as the protection of your personal data and the respect for your fundamental rights is of the academic •• policy •• business •• For decades, genetics - the idea that a set of bio- utmost importance, our expert will only passively read information that is proactively transmitted by mobile devices organised by CNIL logical instructions exists within each of us and plays and, thus, publicly available. This information will exclusively be used for this awareness session. The information Chair Dara Hallinan, Fraunhofer ISI (DE) a role in defining who we are - has captured the will not be stored nor used for other purposes. Moderator Florence Raynal, CNIL (FR) public imagination. Indeed, our understanding of Our expert will not hack existing WiFi networks and uses a separate and controlled WiFi hotspot for the purpose Panel Marion Albers, University of Hamburg human genetics deepens apace and it becomes of this awareness session. Therefore, do not connect to a WiFi network called “HACKING DEMO – DO NOT (DE), Thomas Landrain, La Paillasse (FR), ever faster and cheaper to sequence genetic code CONNECT”.

52 Computers, Privacy & Data Protection Data Protection on the move 53 TUE 20 JAN 2015 mission, Michał Boni, Member of the European Par- 19.30 - DEBATE: VIDEOGAMES AND age is on screen for only 20 seconds. No more, liament, Alexander Seger, Head of Data Protection ADDICTION: HOW DO YOU DEAL no less. 20 images x 20 seconds each. Tempo, and Cybercrime Division, Council of Europe AS A PARENT WITH TEENAGERS story, tension, show-and-tell. The Brussels format in- What? Technological innovation is a major driver PLAYING VIDEO GAMES? cludes designers, architects, artists, scientists, fashion 9.00 – 18.00 - PRIVACY CAMP of economic growth and opportunity. Recent events organised by Privacy Salon vzw & deBuren designers photographers, musicians, and creative “BIG DATA & EVER INCREASING and revelations have undermined trust in digital life supported by Kenniscentrum Kinderrechten entrepreneurs. Many will discuss technology and its STATE SURVEILLANCE” and created the sense that we have difficult trade-offs Location deBuren, Leopoldstraat 6, 1000 Brussel implications. Some will not. organised by European Digital Rights (EDRi), the between economic benefits, privacy and security to Moderator Dirk Bosmans, Interactive Software For registration https://www.eventbrite.com/e/ Law, Science, Technology and Society research make. With data flowing freely across borders, the Federation of Europe pechakucha-night-brussels-vol42-cpdp-halles-tick- group at the Vrije Universiteit Brussel (VUB-LSTS), Uni- traditional geographical order is also challenged. Introduction Paul de Hert, Vrije Universiteit Brussel ets-14240484673 versité Saint-Louis-Bruxelles (USL-B), FP7 project IRISS- There are often divergent, and at times conflicting Panel Tony van Rooij, expert gaming addiction Increasing Resilience in Surveillance Societies rules multiplying covering formal and informal trans- research office IVO, Roxanne Rikken, editor in chief 20.30 – 22.00 - DEBATE – A NEW KID When? 20 January 2015, 9.00 - 18.00 national law enforcement access to data. This puts Invader & Gamer, Tom Coulier, parent of a gaming IN TOWN: SCIENCE FICTION, Location Université Saint-Louis, Rue du Marais 119, both economic and societal benefits of technology teenager and 15 years of experience as a social LEGAL FRAMEWORKS AND THE 1000 Brussels at risk and poses a number of challenges for all ac- youth worker in a social youth center, Jochem de CHALLENGES OF ROBOPRIVACY What? Privacy Camp is a civil society warm-up tors involved. This lunchtime meeting will explore new Groot, Microsoft. organised by the University of Turin, LSTS - Vrije event for CPDP, dedicated to privacy and data pro- ways and solutions to ensure fundamental rights and Language Dutch Universiteit Brussel & Privacy Salon vzw supported tection challenges and possibilities in Europe. The the rule of law, regardless of data location, while What? More and more young people have com- by deBuren event aims to bring together digital rights advocates, ensuring that law enforcement can do the job that puter games as a hobby: but when does a hobby Location De Markten, Oude Graanmarkt 5, 1000 members of NGOs and civil rights groups from all is expected by citizens and businesses. It also ad- become an addiction and what are the consequenc- Brussels around Europe and beyond to discuss the problems dresses the role of the European Union at times of es? How should parents act and react if their children Moderator Ugo Pagallo, University of Turin currently facing human rights online and develop finding solutions for re-building trust in an increasingly are addicted? Which offers for help are available Panel Bibi van den Berg, Leiden University, Ronald strategies to address the key challenges. This year’s connected world. and can technology be supportive in teaching chil- Leenes, Tilburg University program will kick off with a roundtable discussion dren how to responsibly use computer games? Can What? Since Karel Čapek’s play Rossum’s Univer- on Big Data and surveillance followed by debates 19.00 - RECEPTION ON THE OCCA- parent’s violate their children’s privacy? sal Robots (1920), and Isaac Asimov’s first story on and strategy workshops on data retention, EU PNR SION OF THE 9TH EUROPEAN DATA the “three laws of robotics” (1942), science fiction has and TTIP negotiations in the wider context of transat- PROTECTION DAY on invitation only paved the way for scholarly analyses about the multi- lantic data flows. The event will end with a meeting Organized by ambassador Marek Prawda, the WED 21 JAN 2015 ple ways in which the design and construction of au- between privacy advocates and surveillance studies Permanent Representative of Poland to the EU, and tonomous machines may affect pillars of the law and, scholars. Minister Wojciech Wiewiórowski, the Inspector Gen- vice versa, how legal rules can restrain the behaviour of eral for Personal Data Protection 18.30 – 22.00 - VERNISSAGE such machines. The aim of this workshop is to show that 13.00 – 14.30 - TRUST, DATA AND Location the Permanent Representation of Poland FACELESS the future is here as several robotic applications – e.g. NATIONAL SOVEREIGNTY: to the EU, Rue Stevin 139, 1040 Brussels organised by Privacy Salon vzw & deBuren the imperceptible flying of tiny drones – are already SOLUTIONS FOR A CONNECTED What? During this informal event among friends Location De Markten, Oude Graanmarkt 5, 1000 impacting the rules and principles of privacy and per- WORLD and seasoned with the Polish cuisine, we would like Brussels sonal data protection. In light of the new generation organised by CEPS our guest speakers to share with us their views on More information see exhibition of consumer robots equipped with sensors, cameras, Location Concert Noble, Rue d’Arlon 82, 1000 how challenging the year 2015 is going to be in Join us, have a first look at the exhibition and have a GPS, facial recognition apps, Wi-Fi, microphones and Bruxelles terms of the ambitious data protection agenda for drink and a chat with some of the artists. more, what Sci-Fi scenario will turn out to be real next? Chair Sergio Carrera, Senior Research Fellow, CEPS the next months. 20.20 - PECHA KUCHA • How, or to what extent, may some robotics appli- Speakers Brad Smith, General Counsel and Exec- Speakers Wojciech R. Wiewiórowski, Assistant Organised by Architempo & CPDP cations, such as consumer robots, affect the flow utive Vice President, Microsoft European Data Protection Supervisor, Paul Nemitz, Location La Cave (Les Halles), Rue Roy- of information that individuals deem appropriate Discussants Jan Albrecht, Member of the Europe- Director, European Commission, Julie Brill, Federal ale-Sainte-Marie 22, 1030 Brussels, Belgium to reveal, share, or transfer, in a given context? an Parliament, Renate Nikolay, Head of Cabinet, Trade Commission, Representative of the European What? 10 speakers, each speaker has 6 minutes • What role could privacy by design play, so as to Vera Jourová’s Cabinet, DG Justice, European Com- Parliament tbc. 40 sec. for a presentation in 20 images. Each im- keep robots within limits that people can rationally

54 Computers, Privacy & Data Protection Data Protection on the move 55 accept? and post-doctoral researcher at New York University. EXHIBITION FACELESS • Is today’s legal framework around privacy and For more information and registration data protection well equipped to tackle the new please contact Laura Jacques: laura.jacques@cpdp- When? Vernissage 21 January 18.30 - 20.30 • legal challenges of robotics? conferences.org Exhibition 22 January - 08 February, Tuesday – Sun- • What Sci-Fi scenario will turn out to be real next? day: 12:00 - 18:00 • World Privacy Day Symposi- For more information and registration FACELESS FRI 23 JAN 2015 um 28 January please contact Laura Jacques: laura.jacques@cpdp- 22/01/15 organised by Privacy Salon vzw and Restart vzw. conferences.org EXPO > 08/02/15 Supported by deBuren, Vrije Universiteit Brussel DE MARKTEN 21.00 - DATA CONCERT & PRIVACY (Research Group on Law Science Technology and OUDE GRAANMARKT 5 THU 22 JAN 2015 PARTY Society), De Markten, IAPP (International Association 1000 BRUSSEL WWW.DEMARKTEN.BE

organised by Privacy Salon vzw and Constant vzw for Privacy Professionals) and freiraum quartier21 IN- WWW.DEBUREN.EU Location Les Halles, Rue Royale-Sainte-Marie 22, TERNATIONAL / MuseumsQuartier Vienna ENTRANCE FREE 19.30 – 22.00 DEBATE - DISCRIMINA- 1030 Brussels Location De Markten, Oude Graanmarkt 5, 1000 TION AND BIG DATA What? Data can be analysed, correlated and cqr- Brussel organised by Constant vzw, Privacy Salon vzw related, discussed, visualised, and sonorised. During What? FACELESS, curated by artist Bogomir and deBuren a live-coding concert Alexandra Cárdenas, a Colom- Doringer in support of Brigitte Felderer from the Ap- Location deBuren, Leopoldstraat 6, 1000 Brussel bian composer living in Berlin, will cqrrelate some of plied Arts Academy in Vienna, is an exhibition explor- Moderator Seda Gürses, New York University the data the artists in deBuren experimented with. Af- ing a phenomenon present all around us: the fashion Panel Geoffrey Bowker, University of California, terwards Belgian mathematician and musician Valery of facelessness that first appeared in the creative arts MARINA ABRAMOVIĆ | JEREMY BAILEY | WILLIAM BASINSKI | ZACH BLAS | NEZAKET EKICI | SHAHRAM ENTEKHABI | REN Antoinette Rouvroy, University of Namur and Solon Vermeulen offers us a first listening of Krystall Ball, a at the beginning of this century and has remained HANG | ADAM HARVEY | JILL MAGID | SLAVA MOGUTIN | Borocas, Princeton University composition on the base of econometric data, algo- popular since then. The exhibition reminds us of the ARI VERSLUIS & ELLIE UYTTENBROEK | AND MANY MORE... Photo: Sterling wood, 2008 © Levi van Veluw, Courtesy Galerie Ron Mandos, Amsterdam Photo: Sterling wood, 2008 © Levi van Veluw,

RESTART What? In the context of the Cqrrelations project rithms and models that shape the global financial impact that media-generated images can have on VZW and the annual Computers, Privacy and Data Protec- industries. His sound waves will be taken on by dj’s the creative arts and the ways in which they respond tion Conference Constant vzw in cooperation with and transformed in a steaming dance experience. to public images, pop culture, and the mainstream in Privacy Salon vzw and deBuren presents an evening The DJs Onda, Vienna, Austria; Martin; Ehrenhaus- general. The exhibition shows, the appeal that hiding, veiling, or masking the face exerted on art and fashion after program around the shadow effects of Big Data. Re- er, Bruxelles, Belgium; Mombo, Malaga, Spain; Duct 9/11. The fear of terrorist attacks led to a change in security concepts and the installment of surveillance systems searchers and experts Geoffrey Bowker, Antoinette Taüe, Rostock, Germany in public spaces – presented to us as if for our own safety. As a result, we feel that our faces are becoming “com- Rouvroy and Solon Borocas will present us their latest pressed” and exposed. The only way for us to regain this lost privacy is through subversive media strategies or by ideas, and will comment on some of the local Brus- WED 28 JAN 2015 reinventing privacy. By wearing a “mask” we form a collective critical body. Visitors are kindly invited to upload sels’ experiments developed and framed by a group “faceless” images and gif and join the ongoing research and future exhibitions www.facelessexhibition.com of artists during their residency in deBuren. Their The artists are Marina Abramovic, Lisette Appeldorn, Martin Backes, Jeremy Bailey, William Basinski, Zach respective views will be challenged by moderator Blas, Thorsten Brinkmann, DAWAMESK (Thomas Mercier), Ondrej Brody & Kristofer Paetau, Ben DeHaan, Sofie 18.00 – 22.00 - World Privacy Seda Gürses and the people present in the audi- Groot Dengerink, Nezaket Ekici, Arthur Elsenaar, Shahram Entekhabi, Caron Geary aka FERAL is KINKY, David Day Symposium – IN THE ence. Geoffrey Bowker is a respected voice in the Haines, Ren Hang, Adam Harvey, Sabi van Hemert, Jwan Yosef, Katsuya Kamo for Junya Watanabe COMME CONTEXT OF THE EXHIBITION reflection on Big Data and the importance of looking des GARÇONS, KATSU, Brian Kenny, Miodrag Krkobabic, Vanessa Lodigiani, Zachari Logan, Jill Magid, Sla- FACELESS at the values represented in the design of knowledge va Mogutin, Veljko Onjin, Bernd Oppl, Tanja Ostojic, Marco Pezzotta, Gerda Postma, Eva-Maria Raab, RAF Location De Markten, Oude Graanmarkt 5, 1000 systems. Antoinette Rouvroy coined the concept of SIMONS, Daphne Rosenthal, Tarron Ruiz-Avila, Mustafa Sabbagh, Olivier de Sagazan, Daniel Sannwald for Brussels ’Algorithmic government’, to name decision making WOODKID, Carmen Schabracq, Frank Schallmaier, Hester Scheurwater, Tim Silver, Jan Stradtmann, Sergei For more information watch the CPDP web- that is based on statistics. Solon Borocas is post-doc- Sviatchenko, Filippos Tsitsopoulos, Saša Tkacenko, Marc Turlan, Levi van Veluw, Ari Versluis & Ellie Uyttenbroek, page about the art exhibition: http://www.cpdpcon- toral researcher at Princeton University, where he Philippe Vogelenzang & Majid Karrouch, Martin C de Waal, Bernhard Willhelm, Andrew Norman Wilson and ferences.org/Exhibition.html conducts research into the epistemological and ethi- Lucy Wood. cal issues that are raised by new applications of ma- chine learning. Seda Gürses is ex-Brussels inhabitant

56 Computers, Privacy & Data Protection Data Protection on the move 57 CPDP2015 Sponsors PREMIER sPONSORS PLATINUM sPONSORS

ing technology to bear for the benefit of all people. Microsoft opened its first office in Europe in 1982. BSA | THE SOFTWARE ALLIANCE EUROPEAN UNION AGENCY FOR We have been investing in and growing with Europe BSA | The Software Alliance is the leading advo- FUNDAMENTAL RIGHTS (FRA) ever since, and today we have over 20,000 local cate for the global software industry. Its members The European Union Agency for Fundamental Rights employees, working alongside more than 180,000 are among the world’s most innovative companies, (FRA), established by the EU as one of its special- DEBUREN partners to empower millions of European consumers creating software solutions that spark the economy ised agencies in 2007, provides independent, ev- The Flemish-Dutch House deBuren (“the neighbors”) and to help transform businesses. In the last decade and improve modern life. With headquarters in idence-based advice on fundamental rights to the presents beauty and wisdom of the Low Countries, alone, Microsoft has invested nearly €18.2 billion in Washington, DC and operations in more than 60 institutions of the EU and the Member States on a and offers a platform for debate about culture, sci- European companies, such as Nokia or Skype, as countries around the world, BSA pioneers compli- range of issues. The staff of the FRA, which is based ence, politics and the society in Flanders, The Neth- well as employed thousands of European researchers ance programs that promote legal software use and in Vienna, includes legal experts, political and social erlands and Europe. It is a place where artists, jour- and engineers. We invest in Europe because we be- advocates for public policies that foster technology scientists, statisticians, and communication and net- nalists, academics and politicians get the opportunity lieve in the power of European innovation to shape innovation and drive growth in the digital economy. working experts. to voice their thoughts. not only the future of the region but also the world.

DELOITTE BELGIUM EUROPEAN COMMISSION JRC-IPSC GOOGLE LES HALLES DE SCHAERBEEK Deloitte Belgium is a member of the international net- The mission of the JRC Institute for the Protection and Google is a global technology leader focused on Ever since their beginnings, Les Halles have captured work of Deloitte Touche Tohmatsu Limited. Our pri- Security of the Citizen (JRC-IPSC) of the European improving the ways people connect with information. and crystallised movements stemming right from the vacy & security practice is a part of Deloitte’s Cyber Commission is to enhance safety and stability of Google’s innovations in web search and advertising edges of art and society, in an unprecedented alli- Risk Services group, a distinct practice of over 7,500 the European society on the basis of an agreed EU have made its website a top Internet property and its ance of both learned and popular culture. Open to professionals across our global organization who agenda by creating scientific results and turning them brand one of the most recognized in the world. contemporary hopes and upheavals spanning from help our clients manage risk and uncertainty. Our into measurable impact. JRC-IPSC provides European the neighborhood right out to the world at large, Les ongoing mission is to achieve robust security & pri- policy makers with scientific and technology advice Halles keep on looking for what Europe, still on a vacy through the delivery of end-to-end solutions, by on issues relevant to safety, security and stability with- quest for its own destiny, has to offer: exploration world-class experienced professionals, utilizing prov- in and outside the EU. of new passions, reason seeking out adventure, the en methodologies and tools, in a consistent manner utmost freedom of style. Les Halles resonate with a globally. Deloitte can assist you in improving enter- MICROSOFT desire for participation and involvement, be it indi- prise security and value, bring new solutions to mar- Founded in 1975, Microsoft is the worldwide leader vidually or collectively, thus characterising the digital ket and develop risk aware programs and processes. in software, services, devices and solutions that help age. people and businesses realise their full potential. HP Our software innovations generate opportunities for HP creates new possibilities for technology to have the technology sector, businesses, public sector and a meaningful impact on people, businesses, gov- consumers worldwide. At Microsoft, our mission is ernments and society. With the broadest technol- to help Europe achieve this critical goal by bring- ogy portfolio spanning printing, personal systems,

58 Computers, Privacy & Data Protection Data Protection on the move 59 software, services and iT infrastructure, HP delivers effects of surveillance from the perspective of citizens solutions for customers’ most complex challenges in in different european countries. employing this dual every region of the world. more information about analytical framework a complex interpretation of the HP (NYse: HPQ) is available at http://www.hp.com effects of surveillance emerges, demonstrating the ambivalence of resilience in surveillance societies. inteL LinKLaters intel is the leading manufacturer of computer, network- linklaters is a leading global law fi rm with a long ing and communications products. intel develops sem- history dating back to 1837. The fi rm specializes in iconductor and software products for a range of com- advising companies, fi nancial institutions and govern- puting applications. Headquartered in santa Clara, ments on their most challenging and strategic assign- California, it has 100,000 employees operating in ments. With offi ces in most major markets we assist iriss 300 facilities in 50 countries. inte’s mission is to create our clients with their complex transactions, projects The iriss project addresses the question of resilience PaLantir teChnoLogies and extend computing technology to connect and en- and dispute resolutions. Our TmT practice consists of in surveillance societies. starting from the assumption Palantir Technologies builds data analytic platforms rich the lives of every person on earth. a fully dedicated, focused team of specialists deal- that modern societies are “sleepwalking” into a sur- designed to enable human analysts to derive valua- ing with telecommunications, data protection, iT-con- veillance regime, the project understands resilience ble, actionable insights from large-scale data sets. tracts including outsourcing, offshoring and cloud primarily as a form of reaction against surveillance. Palantir’s customers range from intelligence agencies computing, e-commerce and internet-related issues in On the one hand, iriss investigates the impact of sur- to banks to health insurance providers to non-govern- Belgium and across the globe. www.linklaters.com veillance on individual freedom, democracy and pri- ment, disaster relief organizations, where we work to vacy, taking a social, legal and political theory per- solve some of the world’s hardest problems. spective. On the other hand, it sets out to reconstruct internationaL assoCiation of PrivaCy ProfessionaLs (iaPP) The international Association of Privacy Professionals event sponsors is the largest and most comprehensive global infor- mation privacy community and resource, helping maison Des arts practitioners develop and advance their careers and the cultural center of schaerbeek organizations manage and protect data. Founded BRUSSELS PR IVAC Y in 2000, the iAPP is a not-for-profi t association that HUB helps defi ne, support and improve the privacy pro- Vrije Universiteit Brussel fession globally. more information about the iAPP is innovating compliance available at www.privacyassociation.org. brusseLs PrivaCy researCh hub eLeCtroniC PrivaCy information (bPrh) Center (ePiC) nymity The Brussels Privacy research Hub (BPrH) is an ac- ePiC is an independent non-profi t research center in Nymity is a global research company specializing ademic privacy research centre with a global focus. Washington, DC. ePiC protects privacy, freedom of in accountability, risk, and compliance software As an entity of the Vrije universiteit Brussel (Free expression, and democratic values; and promotes solutions for the privacy offi ce. Nymity’s suite of soft- university of Brussels or VuB), it uses its location in the Public Voice in decisions concerning the future of ware solutions helps organizations attain, maintain, Brussels, the capital of europe, to engage eu policy- the internet. ePiC’s program activities include public Knmg and demonstrate data privacy compliance. Organi- makers, data protection regulators, the private sector, education, litigation, and advocacy. ePiC fi les ami- The royal Dutch medical Association (KNmg) is the zations all over the world rely on Nymity’s solutions and NgOs, and to produce innovative, cutting-edge cus briefs, pursues open government cases, defends professional organization for physicians of The Neth- to proactively and effi ciently manage their privacy research on important questions of data protec- consumer privacy, and testifi es about emerging priva- erlands. it was established in 1849. since January programs - empowering them to comply with confi - tion and privacy law and policy. Brussels is where cy and civil liberties issues. www.epic.org. 1st 1999 the KNmg has become a federation of dence. learn more at www.NYmiTY.com key decisions are taken on data protection in the medical practitioners’ professional associations. its european union, and eu rules set the standard for main objectives are to improve the quality of medical data protection and privacy law around the world. care and healthcare in general, and to improve public www.brusselsprivacyhub.org health.

60 Computers, privaCy & Data proteCtion Data ProteCtion on the move 61 THANK YOU

The Programming Committee of CPDP2015 is very grateful to Nicolas Dubois, Seda Gürses, Ugo Pagallo and our VUB colleagues Antonella Galletta, Raphaël Gellert, Gloria Gonzalez-Fuster, Lucas Melgaço for their precious STIBBE U.S. MISSION TO THE EUROPEAN support in helping us with the programme, Imge Ozcan and Rocco Bellanova for organizing Privacy Camp and Stibbe’s privacy & data protection specialists provide UNION as every year Dr. Bellanova deserves a special mention for his pertinent advice and great ideas! their clients with insight and experienced pragma- The United States has maintained diplomatic rela- tism. With over 20 years of experience, the team tions with the European Union and its forerunners We would especially like to thank Serge Gutwirth and Ronald Leenes together with Paul De Hert, the editors of handles privacy health checks, corporate data ex- since 1953. The U.S. Mission coordinates cooper- the Springer conference proceedings books. Without their skills, diligence and expertise producing a book of change and monitoring programs and policies, and ation between the United States and the European such high quality would not be possible! DPA’s from different jurisdictions. Stibbe is involved in Union on a wide spectrum of transatlantic priorities, Also a big thank you goes out to Marcom at the Vrije Universiteit Brussel, for all the support and help they have data governance and protection projects for (inter) from foreign policy, international development, trade, provided for the conference. Another big thank you goes to Karlien Haelterman and the job students and volun- national clients in a broad range of sectors. and agricultural issues to justice, law enforcement, teers who have done and are doing a wonderful job and to Samuel Wodinski our faithful cameraman who will and counter terrorism. provide you with youtube clips of your panel after the conference. Furthermore, this conference would not be possible without the wonderful ladies Rika Strik and Babette Cuppé and the other staff of KNMG and our always positive, creative and tireless webmaster and graphic designer Nick Van Hee.

Many many thanks to Bogomir Doringer and Jeroen De Meyer for organising the exciting art exhibition Faceless in de Markten and Ophelia Van Campenhout for the beautiful PR material, Alok Nandi (Architempo) for organis- TRILATERAL RESEARCH ing yet another fantastic Pecha Kucha, Fukami for helping us find some groovy djs for the party, An Mertens and Trilateral Research is a London-based consultancy, WILSON SONSINI GOODRICH & Constant vzw for the cooperation on organizing two amazing events and Jenny Quermia and deBuren for the specialising in high-quality research and strategic ROSATI continued support for all these great side events! advice relating to new policy and regulatory devel- Wilson Sonsini Goodrich & Rosati is a global law opments in privacy, data protection, surveillance, firm that helps clients maintain the highest standards A big thank you to Anick Xhrouet for the great partnership between CPDP and Les Halles and thank you to all the security, big data, cloud computing and impact for data protection while successfully pursuing their staff of Les Halles for making possible to hold our event in one of the most famous and well reputed cultural centers assessment. Trilateral has strong links with many or- business interests. We have a fully integrated glob- in Brussels, indeed an extraordinary and original location for a conference! And thank you very much to Fernand ganisations and research institutes across Europe. al practice with substantial experience in advising Van Bever and his team for making all this“technically” feasible. It’s a kind of magic! Thank you also to the mastery Trilateral helps policy-makers improve policy and de- companies on all facets of global and EU privacy of our caterer KoKoen, Koen Devolder and his team for providing such delicious food! cision-making. Trilateral has partnered in and co-or- laws, including on topics such as big data, con- Last but not least the Programming Committee of CPDP2015 would like to thank all sponsors, conference partners, dinated numerous European projects in the past dec- nected cards, cloud computing, and the Internet of event partners, and moral supporters for their generous support. Without this CPDP2015 would not have been ade. Trilateral has also recently conducted a study Things. We have unique experience with complex possible! on privacy impact assessment and risk management multi-jurisdictional privacy investigations, enforcement for the UK Information Commissioner’s Office. Most actions, and litigation. We also counsel clients on the of Trilateral’s staff are post-docs with extensive expe- review of the EU data protection legal framework. rience in research and strategy with strong records of More information: www.wsgr.com and WSGR Data publication in peer-reviewed journals. Protection Regulation Observatory: www.wsgr.com/ For more information about Trilateral, visit eudataregulation. www.trilateralresearch.com

62 Computers, Privacy & Data Protection Data Protection on the move 63 8th international conference • 21 22 23 January 2015 • brussels, belGium CPDP computers, privacy & Data protection 2015 Data ProteCtion on the move www.CPDPConferenCes.org

APPOINTMENTS

Information Society Project Yale Law School

ContaCt

www.facebook.com/CPDPconferencesBrussels twitter.com/CPDPconferences hashtag #CPDP2015 [email protected] www.youtube.com/user/CPDPconferences