Inspiring Insights from the CPDP Conference: Advancing Privacy and Data Protection in a Digitized World

30 mei 2023 / in Nieuws / door Dogan Varlioglu

The Computer Privacy and Data Protection (CPDP) conference brings together experts from various fields to discuss pressing issues surrounding privacy, data protection, and emerging technologies. In this blog article, I will delve into some of the program highlights from the conference, shedding light on key discussions and exploring potential solutions. From the impact of the General Data Protection Regulation (GDPR) to blockchain-based identity management systems, secondary use of health data, and the implications of artificial intelligence (AI), let’s explore the thought-provoking sessions that unfolded at CPDP.

The conference kicked off with an impactful opening session led by the esteemed Paul de Hert, a renowned expert in privacy and data protection. Notably, de Hert was my Privacy and Data Protection professor at Tilburg University during my Law and Technology master. His presence set the tone for the event, highlighting the topics in our modern digital landscape. With his profound insights, de Hert delved into significant developments and challenges in the field, captivating the audience from the very beginning.

Here are a few of the captivating topics that piqued my interest during the conference:

Exploring the many faces of the GDPR in search of effective data protection regulation:

One of the central pillars of the CPDP conference was an in-depth analysis of the GDPR. This session aimed to examine how various legal fields and enforcement measures have influenced the GDPR and the roles played by Data Protection Authorities (DPAs), companies, and data subjects. The discussion likely revolved around the effectiveness of the GDPR in protecting individuals’ fundamental rights and explored opportunities for promoting more robust data protection frameworks globally. I believe the session’s focus on such a critical aspect demonstrates the commitment to addressing the evolving challenges and promoting effective data protection practices.

Blockchain-based identity management systems: Opportunities and Challenges:

The rise of blockchain technology has brought forth innovative solutions for identity management. This session addressed the rationale behind using blockchain-based identity systems, highlighting their potential benefits and risks. The legal challenges associated with integrating biometric data into these systems, along with safeguarding fundamental rights and data protection, were also examined. Overall, the session aimed to shed light on the opportunities and challenges inherent in these decentralized identity management systems. Fun fact: one of the speakers for this, Bilgesu Sumer, is a close friend of mine from my bachelor’s degree in Istanbul. Currently, she is a doctoral researcher at KU Leuven University. It was a pleasure to discuss with her on this topic.

The EHDS and Secondary Use of Data: Is It Possible to Balance Individual Interests with The Ultimate Need for Data Sharing to Facilitate Research?

The discussion on the secondary use of health data sparked interest among attendees, exploring the potential revolution in legal regimes for data. This session aimed to delve into how the secondary use of health data could facilitate scientific research while considering its compatibility with data protection, privacy, and other individual interests. The European Health Data Space (EHDS) likely served as a focal point to understand the future direction in balancing individual interests with the crucial need for data sharing. What I explored from this session is the potential revolution in data regulations and considered the compatibility of secondary health data use with data protection and privacy. Concerns were raised regarding the purposes of processing, interplay with Article 9 of the GDPR, and the inclusion of health data access bodies. The importance of legal expertise, applicable laws for cross-border data permits, and transparency in exemptions were emphasized. Additionally, concerns about wellness apps highlighted the need for informed consent and data subject choice in utilizing health data generated by these apps.

Technical Standards and The Ai Act: Legitimate and Sufficient?

One crucial aspect of implementing the EU AI Act is the development of harmonized technical standards related to risk, quality, data management, testing, and verification. However, concerns arise regarding the legitimacy of standards developed by expert committees dominated by multinational corporations. The panel aimed to address questions about the preparedness of bodies responsible for AI certification and market surveillance, ensuring the protection of fundamental rights. Additionally, it explores the extension of democratic oversight to standard development, quick responses to emerging AI harms, and collaboration among regulators, stakeholders, and standards developers to assess AI risks appropriately.

Examining Fundamental Rights in a New Era of AI:

The rapid advancements in AI technologies have raised concerns about their impact on collective security and fundamental rights. This session sought to explore the implications of the AI revolution on global policy frameworks, emphasizing the need to adapt legislation to address emerging challenges. Discussions likely revolved around the responsibilities of both the private sector and regulators in governing AI and how global initiatives could learn from ongoing discussions on the AI Act.

Enforcement Of Data Protection by Design & By Default: Consequences for The Uptake Of Privacy-Enhancing Technologies In The Eu:

Data Protection Authorities (DPAs) across the EU have been rigorously enforcing Article 25 of the GDPR, focusing on Data Protection by Design & by Default (DPbD&bD). This panel discussed DPbD&bD enforcement precedents and their relationship with data integrity and confidentiality principles, particularly in the context of adopting Privacy-Enhancing Technologies (PETs). The discussion showed how DPAs apply Article 25 in relation to technical measures adopted by data controllers and processors. It also emphasized the need for clarity and guidance from the European Data Protection Board (EDPB) and alignment with policymakers from other jurisdictions to foster widespread adoption of PETs.

CPDP Congress: Shaping the Future of Privacy and Data Protection in the Digital World

As my first-time experience at CPDP, I can say that conference offered a platform for experts and professionals to come together and engage in critical discussions surrounding computer privacy and data protection. From analyzing the effectiveness of the GDPR and exploring blockchain-based identity management systems to understanding the secondary use of health data and examining fundamental rights in the era of AI, the conference shed light on the evolving landscape of privacy and data protection. By addressing these topics and fostering collaboration, the conference aimed to shape policies and practices that align with individuals’ rights in an increasingly digitized world. The CPDP congress left me feeling inspired and motivated in a profoundly positive way. The discussions and insights shared by experts in computer privacy and data protection highlighted the significance of these issues in our digital world. Learning about the ongoing efforts to develop harmonized technical standards, enforce Data Protection by Design & by Default, and regulate accountability in AI value chains showcased the dedication and progress being made in safeguarding privacy and data rights. The conference sparked a sense of optimism, reminding me of the collective efforts and collaborations driving positive change in the field, and reinforcing the importance of continued advocacy for robust privacy and data protection measures.

Will I be attending CPDP again in the future?

Attending the 3-day CPDP conference in Brussels was an enriching and unforgettable experience for me. The vibrant city served as the perfect backdrop for this gathering of experts and professionals in the field of privacy and data protection. The conference provided a unique platform for meaningful discussions, networking, and knowledge sharing. Can’t wait to join next year!