Data Protection and Privacy: Detailed Programme

Since the Snowden revelations, the adoption in May 2016 of the General Data Protection Regulation and several groundbreaking judgments of the Court of Justice of the European Union (Costeja, Digital Rights Ireland, Schrems, Tele2, PNR Canada), data protection and privacy are at the centre of attention of policymakers, industries and the legal research community. Panel discussions will focus on

  1. privacy and data protection tensions in EU-US relations,
  2. privacy challenges related to EU-level security, control and surveillance mechanisms,
  3. big data and automated decision-making across sectors and (iv) targeted advertising.

Keynote:

Prof. dr. Joseph Cannataci, UN Special Rapporteur on the right to privacy; Chair in European Information Policy & Technology Law, University of Groningen; Department of Information Policy and Governance, University of Malta
Games people play...and some other unvarnished truths about privacy

Panel Session 1: Privacy and data protection tensions in EU-US relations

Since the early 2000s, the (in)adequacy of the US data protection regime has been a persistent point of discussion and concern in EU-US relations, both commercial and in the sphere of national security, public interest and law enforcement. This notwithstanding, the post 9/11 climate gave rise to the conclusion of agreements between both Europol and Eurojust and the US, an EU-US mutual assistance treaty in criminal matters, the EU-US PNR agreement and the TFTP-agreement (Terrorist Financing Tracking Program). For 15 years, commercial data transfers from the EU to the US were legitimized if corporate US recipients were self-certified under the Safe Harbour principles, until invalidated in late 2015 by the CJEU in the Schrems case following the Snowden revelations in the Summer of 2013. The panel will explore whether the 2016 remedial successor of Safe Harbour, the EU-US Privacy Shield, which is said to provide for limitations and safeguards against generalised and bulk surveillance by US intelligence services and law enforcement that equal the EU requirements of strict necessity and proportionality, will be CJEU-proof. Similarly, the panel will tackle data protection issues around the 2016 Umbrella Agreement, relating to all personal data exchanged between police and criminal justice authorities of the EU member states and the US federal authorities for the purpose of prevention, investigation, detection and prosecution of criminal offences, including terrorism. In addition to the above topics, the panel will further explore jurisdictional issues around the competence of EU DPA's and courts to urge US companies having their head office in the US (and either or not having regional or lobbying offices in the EU) to comply with EU data protection law, before and after entry into force of the GDPR, respectively allow access to personal data held by them for EU-based criminal investigation purposes.

Chair:

Prof. dr. Joseph Cannataci, UN Special Rapporteur on the right to privacy; Chair in European Information Policy & Technology Law, University of Groningen; Department of Information Policy and Governance, University of Malta

Speakers:

Bruno Gencarelli, European Commission, DG Justice and Consumers, Data Protection, Head of Unit
From tensions to solutions?

Prof. dr. Gert Vermeulen, director Institute for International Research on Criminal Policy (IRCP), Ghent University; Commissioner, Commission for the Protection of Privacy, Belgium
Fake news: EU data shielded from bulk or mass collection and unnecessary or disproportionate access and use by US intelligence and law enforcement authorities

Dr. Brendan Van Alsenoy, Commission for the Protection of Privacy, Belgium
The jurisdictional reach of European data protection authorities: Reconciling EU data protection law with public international law

Dr. Alberto Miglio, University of Turin
Back to Yahoo!? Regulatory clashes in cyberspace in the light of EU data protection law

Dr. Stefano Saluzzo, Università della Valle d'Aosta
Finding Safe Harbours outside the European Union: the Issue of Onward Transfers in EU Data Protection Law

Panel Session 3: Privacy challenges related to EU-level security, control and surveillance mechanisms

Initially in the aftermath of 9/11, and more recently with the migration crisis and renewed problems with terrorism, radicalism and extremism, the EU has continued to step up internal security, by putting in place and further enhancing control or surveillance mechanisms and databases, and making them interoperable for multiple purposes: irregular migration control, internal security and law enforcement. The Schengen Information System (SIS) was upgraded to SISII (allowing to store and check more personal data, including biometrics), the Visa Information System (VIS) was created, a European Criminal Records Information System (ECRIS) was established, Europol data collection and processing is enhanced with the new Europol Regulation, the EU is rolling out its own EU PNR system, Frontex was turned into a European Border and Cost Guard Agency proper, Eurodac, initially established as fingerprint-based control system for asylum seekers, will be radically turned into an irregular migration control database as a result of the Recast Regulation proposed in 2016, a newly established Entry/Exit System (EES) for third country nationals should be up and running by 2020 and a Frontex-hosted European Travel Information and Authorisation System (ETIAS), which by 2021 must allow to check visa-exempt third country nationals against the SISII, VIS, Europol's database, Interpol's database, the EES, Eurodac and ECRIS, has been proposed. This panel will explore related privacy and data protection challenges, especially as a result of the ever growing interoperability and possible interconnection (and related purpose-blurring) between border control (SISII, Eurodac, VIS, EES, PNR) and law enforcement systems and databases (Europol, ECRIS) and of the use therein of biometrics (fingerprints and facial images). At the same time, the European Data Protection Supervisor (EDPS) has largely taken over or is in the process of taking over data protection oversight responsibility from former intergovernmental supervisory bodies and mechanisms. The panel will also assess the de facto impact thereof on guaranteeing data protection in the member states.

Chair:

Prof. dr. Gert Vermeulen, director Institute for International Research on Criminal Policy (IRCP), Ghent University; Commissioner, Commission for the Protection of Privacy, Belgium

Speakers:

Gilles de Kerchove, EU Counter-Terrorism Coordinator
Privacy challenges related to counter-terrorism

Dr. Wojciech Wiewiórowski , Assistant European Data Protection Supervisor (EDPS)
Surveillance for Public Security Purposes. Four pillars of acceptable interference in fundamental right to privacy

Dr. Mario Oetheimer, European Union Agency for Fundamental Rights (FRA), Department Freedoms and Justice, Head of Sector Information Society, Privacy and Data Protection
Surveillance by intelligence services: Fundamental rights safeguards – field perspectives

Niovi Vavoula, Queen Mary, University of London
EU Immigration Databases under Scrutiny: Towards the Normalisation of Surveillance of Movement in an Era of 'Privacy Spring'?

Panel Session 6: Big data and automated decision-making across sectors

The processing and combining of enormous amounts of information and the analysis of that data, facilitated by sophisticated algorithms, to inform decisions is becoming a standard practice in many different sectors. Businesses, financial institutions, healthcare organisations and law enforcement authorities are only a few actors that increasingly rely on big data to take decisions that, on the one hand could benefit society in general (e.g. economic growth, predictive policing, prediction of epidemics), but, on the other hand, may have a significant impact on individuals (e.g. invasion of the right to privacy, or the 'right to not to know' in healthcare). This panel explores current and future legal challenges related to the use of big data and automated decision-making, taking into account recent and imminent technological developments. This includes questions related to transparency, proportionality, purpose limitation, accountability and consumer protection.

Chair:

Prof. dr. Eva Lievens, Law & Technology, Human Rights Centre, Ghent University

Speakers:

Prof. dr. Wim Hardyns, Institute for International Research on Criminal Policy (IRCP), Ghent University
Big data in criminology: current predictive methods for crime mapping

Prof. dr. Luc Martens, Department of Information Technology, Ghent University
Can powerful profiling and data mining techniques be used while your privacy is still protected?

Dr. Julia Powles, NYU Law School & Cornell Tech
Big data, AI, and the new savants of healthcare

Prof. dr. Claudia Seitz, Department of Public Law and Center for Life Sciences law, University of Basel
Big Data in the Pharmaceutical Sector: Current Developments and Legal Challenges

Elena Kaiser, University of Milan
Social Media Intelligence as a practical instrument to protect national security: an empirical study on its effectiveness and its impact on the right to privacy and data protection

Panel Session 9: Targeted advertising

Technology enables advertisers to collect and analyse information about individual users. These consumer data are subsequently used to target and tailor advertising messages to attract those individuals' attention and persuade them to buy products or services. Such personalised advertising messages follow the user across websites, social media and mobile apps. This panel explores questions related to this phenomenon, including to what extent the commercial freedoms of advertisers should prevail over the protection of consumers' personal data, which safeguards should be put in place, whether all data subjects are subject to the same principles or whether certain target groups (e.g. minors) should be subject to stronger safeguards and whether advertising self-regulation is preferable or complementary to existing legislative instruments in the field of data protection and consumer protection.

Chair:

Dr. Frederik Zuiderveen Borgesius, Institute for Information Law (IViR), University of Amsterdam

Speakers:

Willem Debeuckelaere, President, Commission for the Protection of Privacy, Belgium
From hidden persuaders to hidden invaders

Dr. David Stevens, Nielsen, Data Protection Officer
Targeted advertising on linear TV: The experience of Telenet

Prof. dr. Eva Lievens, Law & Technology, Human Rights Centre, Ghent University
Targeted advertising aimed at children: Reconciling the best interests of children and advertisers

David McGrogan, Northumbria University
The Guarantee of Freedom is Freedom: Targeted Advertising and the Limits of Law

Mathilde Fiquet, Federation of European Direct and Interactive Marketing (FEDMA), EU Legal Affairs Manager
Targeted advertising, the cost of the ePrivacy Regulation