David is director of Identitas Consulting, working in digital transformation, specifically the areas of digital identity and cybersecurity, data protection and privacy regulation as well as the impact of AI and quantum computing.
He co-authored the books 'Data Privacy Program Guide - How to Build a Privacy Program that Inspires Trust' with Justine Philips and Matt Stamper, as well as 'Protect Your Business' and 'Protect Your Practice' with Bill Bonney.
David has worked in senior management positions across a wide range of companies in Europe and North America from start-ups (Soft-Switch, Metamerge) to global brands (Lotus Development, IBM, Nokia Siemens Networks and Ericsson) as well as University College London.
David is currently a director and senior consultant with the Trust in Digital Life association, chief information and security officer with iGrant.io and a principal consulting analyst with TechVision Research. He was responsible for dissemination, communication and exploitation in the CyberSec4Europe large scale pilot and participates in one of the four large scale projects piloting the EU digital identity wallet (EWC) as well as the EBSI-VECTOR project.
David has a BA from the University of Manchester and a D.Phil. from the Oriental Institute, University of Oxford.
Sessions in which David Goodman participates
Tuesday 31 August, 2021
Tuesday 5 April, 2022
Wednesday 6 April, 2022
Thursday 7 April, 2022
This session will provide an overview of cybersecurity and privacy-preserving innovative solutions in the areas of banking, smart cities, higher education, and medical data exchange
This session will describe common collaborative activities and innovative solutions envisioning new cybersecurity assets in the areas of cyberthreat intelligence and financial incident reporting.
Tuesday 18 April, 2023
Following the completion of the funding for the CyberSec4Europe project, one of the post-project initiatives is EU-CHECK (European Community Hub of Expertise in Cybersecurity Knowledge), sponsored for five years by CNRS (Centre National de la Recherche Scientifique) and involving numerous representative organisations from CyberSec4Europe, including TDL, as well as the other pilots. This sess...
The European Commission funded four pilots in order to establish a European Cybersecurity community and its governance. Now that the pilots ended, the French CNRS (Centre National de la Recherche Scientifique) started the Project EU-CHECK (European Community Hub of Expertise in Cybersecurity Knowledge, running from 2023 to 2027), whose aim is to consolidate such a community. This session will promote an open conversation to identify the best ways to energize the European Cybersecurity comm...
Wednesday 19 April, 2023
With soaring expectations and regulations on privacy, the co-authors of the book, 'Data Privacy Program Guide: How to build a privacy program that inspires trust' will provide actionable guidance to revive and inspire organisational trust in your enterprise privacy program. Hear true stories of successes and failures involving the human dimension and how to levera...
Tuesday 11 June, 2024
Introduction The regulatory landscape, ethical considerations and best practices are outlined by EU-CHECK to ensure responsible and trustworthy AI applications. In this session, attendees will gain valuable insight into the European Union’s Coordinated Universal Compliance for Keeping User Privacy and Security perspective, especially in the context of AI deployment. The speakers will ...
Wednesday 12 June, 2024
Introduction The right to private communication is enshrined in several international treaties in the telecommunication, human rights, and humanitarian law domains. Quantum technology is expected to be soon able to uncypher encrypted communications. It poses a threat on conventional encryption methods and will constitute a major blow on confidentiality and privacy of electronic commun...
Monday 12 May, 2025
Compliance with the AI Act relies a great deal on robust risk management. However, small and medium entreprises (SMEs) often do not have a risk management policy in place and it is difficult for them to identify, analyse, assess, and mitigate risks related to AI systems privacy and security. On the other hand, whichever methodology an organisation chooses, the underlying cybersecurity and privacy issues that accompany the use of AI systems remain technically the same. This session will ...
This panel will explore the new era of data governance, emphasising the importance of building simplified programs that inspire trust. It will take a holistic approach to data, privacy, cybersecurity, and artificial intelligence, incorporating global laws, regulations, and emerging trends. The discussion will highlight the secular nature of global laws, data sovereignty, restrictions on data transfers, and data minimization.
Sessions in which David Goodman attends
Monday 20 June, 2022
Tuesday 18 April, 2023
Sicurezza della catena di fornitura ICT, conoscere e gestire in modo efficace il rischio Nella complessa realtà attuale il processo di esternalizzazione di una parte della gestione dei servizi ICT è da ritenersi scontato: l’affermazione crescente di piattaforme elaborative basate su servizi cloud ha impresso al mercato una rapida crescita, che nella maggior parte dei casi non risu...
This panel will explore the interconnected nature of transatlantic cross-border data transfers with a variety of stakeholders. It will touch upon the EU-US Data Privacy Framework and other adequacy decisions as a means to bridge the gap between transatlantic data flows and standards. The panel will also explore key challenges to transatlantic data transfers, such as government access to data, and discuss international initiatives taken to develop a co...
Wednesday 19 April, 2023
The role of the Data Protection Officer has greatly evolved since the nomination of the first DPO in the Land of Hesse, Germany in 1971. Originally designed to protect citizens privacy against too much scrutiny from the state, it shall now protect people from the invasive curiosity of private companies, large and small, as well as from increasingly active criminal organizations. New EU regulations aim at controlling large internet actors with the Digital Services Act and the Data Marketing...
Wednesday 12 June, 2024
Introduction The right to private communication is enshrined in several international treaties in the telecommunication, human rights, and humanitarian law domains. Quantum technology is expected to be soon able to uncypher encrypted communications. It poses a threat on conventional encryption methods and will constitute a major blow on confidentiality and privacy of electronic commun...
Monday 12 May, 2025
The AI and Compliance track serves as a dynamic platform for dialogue, knowledge exchange, and collaboration on the evolving legal and regulatory landscape of AI, in addition to its increasing involvement in all aspects of our personal and professional lives. This opening session brings together distinguished Italian academics, officials of the region and the Director of the Privacy Symposium to set the stage for insightful discu...
Compliance with the AI Act relies a great deal on robust risk management. However, small and medium entreprises (SMEs) often do not have a risk management policy in place and it is difficult for them to identify, analyse, assess, and mitigate risks related to AI systems privacy and security. On the other hand, whichever methodology an organisation chooses, the underlying cybersecurity and privacy issues that accompany the use of AI systems remain technically the same. This session will ...
This remarkable session brings together leading experts from Microsoft, the German Data Protection Authority, the European AI Agency, and the Italian State Secretary to discuss how organizations and governments can navigate AI risks while ensuring compliance. From balancing innovation with regulation to addressing ethical concerns, this discussion will provide critical insights into the future of AI governance.
AI systems are becoming more integrated into critical decision-making processes, which makes questions of liability and accountability more pressing than ever. If an AI-based decision goes wrong, who is responsible? This session will unite experts from Meta, Italian Institute for Privacy and Data Valorisation, AI Law Tech Institute, SGS, and CNPD to explore the evolving frameworks for AI liability and the role of certification in building respons...
Tuesday 13 May, 2025
The International Cooperation track serves as platform for exchanging ideas, building meaningful partnerships, and exploring innovative solutions beyond borders and across various disciplines. This session opens with an insightful discussion featuring an esteemed panel of high-level speakers and experts, such as the Secretary General of the Inter Parliamentary Union, Chairman of the GPA, members of the GDPD and EDPB, and European...
Modern vehicles are more than just simple transportation; they are data hubs constantly collecting and transmitting information. From GPS tracking and in-car entertainment systems to AI-powered assistance, connected cars are revolutionizing the concept of mobility. The exceptional panel of this session will explore the fine line between convenience and surveillance, geolocation tracking, and how regulations are adapting.
The European Data Protection Supervisor (EDPS) plays a critical role in shaping the EU’s privacy agenda, as there is a growing need to balance technological advancements, international cooperation, and the complexity of data governance. Attendees of this session will develop a deeper understanding of the EDPS Roadmap, a strategic vision shaping Europe’s data protection landscape. From regulatory chall...
This panel will discuss emergent technologies that may reduce AI risks and possible regulatory responses to such technology.
It is people, not laws, that drive privacy. What about privacy makes it universal across the world and throughout history? How do non-Western societies demonstrate how individuals, communities and civilizations instinctively cherish privacy? How did the Ancient Romans solve universal and timeless privacy problems around maintaining and verifying identity? In this session of the “Philosophy of Privacy” stream, hear ...
The transformative power of data could drive positive social impact and advance humanitarian causes. This session will explore inspiring use cases of data processing for good. From using data analytics for disaster response to studying insights for sustainable development goals, the speakers of this panel will explore innovative projects that demonstrate how data can be used for the greater good.
From GDPR to emerging AI regulations, organizations must navigate complex frameworks while ensuring seamless data flows across borders. This session will bring together experts to discuss practical strategies for overcoming regulatory conflicts, enabling responsible data practices, and fostering global cooperation. Key questions
The last few years have seen a significant increase in digital solutions that support privacy friendly electronic identification and authentication: mobile identity wallets, zero knowledge proofs, verifiable credentials, age assurance applications, and so forth. Legislators are also increasing their support for these solutions. But are they actually trustworthy from a privacy perspective? This session will explore the potential, and the pitf...
Wednesday 14 May, 2025
This session promises to dive deep into the real-world impact of data anonymization and synthetic data, exploring how these techniques are being used to protect privacy in different industries. Experts of the panel will break down the myths and realities of these privacy-enhancing technologies, tackling their benefits, limitations, and regulatory challenges head-on. Key questions&nbsp...
Aiming to balance a safe and competitive digital space with the right of free expression, the interplay of these two Acts forms a critical discussion when considering the place of freedom of expression in the broader topic of privacy and data regulation. Hearing from representatives from the European Commission and legal experts, attendees of this session will gain an insight into the interplay of the Acts and how they currently sit in relation t...
Europe’s data regulations are very intricate to form the whole picture, which means that each piece is essential, yet constantly shifting. The Data Act, Data Governance Act and GDPR are not isolated frameworks; they are deeply intertwined to shape the way we interact with the digital reality. This session unites esteemed professionals and officials from Euroconsumers, DG Justice, DG Connect, and Lativia DPA, diving beyond the legal aspect to unco...
With international data transfers under increasing regulatory and judicial scrutiny, organizations must adapt to evolving compliance challenges. From the European General Court’s ruling in Bindl v Commission to ongoing discussions around the EU-US Data Privacy Framework, the need for redundancy in GDPR transfer tools to avoid overreliance on a single transfer mechanism is crucial. This panel will explore key legal developments, risks, and ...
Explore the critical issues shaping HR data privacy in the age of AI. This panel of government and legal experts will address the complexities of cross-border data flows, emerging compliance requirements, and the implications of AI for human resources data. Discover strategies for fostering international cooperation and ensuring robust employee data protection in a rapidly evolving regulatory landscape.
This session will bring together a distinguished panel of professionals from Kenya, Senegal and Nigeria to share their perspectives on the obstacles and opportunities of data regulations in Africa, unpacking the complexities of compliance, enforcement and the digital market. If you are navigating privacy and data laws in Africa, this is a conversation you cannot afford to miss. Key ...
The intersection of freedom of expression and religious beliefs is perhaps one of the most well-known and publicized topics in the last two decades. Addressing an incredibly important and topical issue, attendees will hear how the panelists perceive and have challenged the line between freedom of expression and restriction, from their own experience. Key questions
This expert panel will delve into the multifaceted challenges surrounding cybersecurity and privacy incident management, as well as personal data breaches within the European regulatory landscape. With contributions from industry leaders, privacy professionals, and regulators, the discussion will highlight the interplay between key regulations such as the GDPR and the NIS 2 Directive, emphasizing their evolution in the context of AI systems and m...
Thursday 15 May, 2025
This session will welcome industry professionals to explore the adoption of the European Health Data Space (EHDS) regulation and its impact on obligations and compliance requirements. Drawing on the panel's insights, the discussion will cover the practical aspects of implementing EHDS, while also addressing the challenges and opportunities it presents. Key questions
Patients trust healthcare providers with their most sensitive data, but are their rights truly being upheld in practice? From the right to access medical records to the challenge of data portability and consent management, ensuring compliance becomes not only a legal requirement but also an ethical responsibility. This session tackles the real-world struggles of ensuring data subjects’ rights in the healthcare system and explores practical soluti...
This session will take a deep dive into the evolving process of assessing AI’s impact on fundamental rights, transitioning from traditional Data Protection Impact Assessments (DPIA) to the Fundamental Rights Impact Assessment (FRAIA). The speakers will explore how to practically apply these assessments in AI development and deployment, ensuring that privacy and human rights remain at the forefront.
This session will cover the legal implications and real-world use cases of anonymization, pseudonymization, and synthetic data. From enabling secure data sharing for research and ensuring compliance in clinical trials, the panel will dive into how some techniques can help meet privacy requirements while still fostering scientific progress. Key questions
Digital health is reshaping the way patient care is approached. This offers exciting new opportunities for personalized medicine, real-time health monitoring, and remote care, which makes healthcare more accessible and efficient. With all these advancements, however, comes great challenges. This session will explore the incredible potential of digital health, its impact on patient care, and the obstacles and opportunities it presents. ...
Friday 16 May, 2025
Imagine a future in which medical research, innovation, and patient care seamlessly benefit from secure data sharing across Europe. European Health Data Spaces are designed to make this vision a reality, but how do they work in practice? This session goes beyond policy and legal frameworks to explore the real-world implementation of European Health Data Spaces and what they mean for future healthcare innovation.