Patricia DEL CARMEN is a Franco-Salvadorean Lawyer in Digital Law, CIPP/E certified and a Computational Linguistic Engineer, experienced in data protection, data privacy, cybersecurity and change management.
After having worked for more than 30 years with global business leaders in their sector (LVMH, Sephora, American Express, Axa, Alstom, Merck…) as a senior manager of complex digital projects for which Data security and protection were crucial, Patricia decided to create her own consulting firm, Smart Privacy Consulting, and become an external DPO to help NGOs, public bodies and private companies to optimize the knowledge and quality of their data, to ensure the compliance and security of their information assets and to increase the trust of their internal and external customers and the regional and local citizens.
Pragmatism, a good understanding of the business challenges of data protection and security as well as a long successful experience in change management, data governance and staff training and awareness of data protection and cybersecurity issues are the values that characterize her DPO role.
Patricia has organized panel discussions at the Sorbonne about “The role of the DPO in public and private organizations”. She has lectured at Telecom Business School in Paris and, by Visio conference, at the University of Lima, Peru about “International transfers of Personal Data”, "Data Protection, a Further Step Towards Transparency and Respect for Human Rights" and about “GDPR and Cybersecurity.” She is engaged in various teachings and research assignments related to Data Protection, cybersecurity, and Artificial Intelligence at the master's in digital law at the Sorbonne in Paris.
Patricia thinks that the most important thing for a DPO is to be passionate about its work, curious about the new technical and legal developments, and most of all open minded to live and work in a multi connected world driven by technology.
Sessions in which Patricia Del Carmen participates
Friday 16 May, 2025
Get ready for an engaging session that will unite professionals from distinguished establishments to discuss the key skills that DPOs need to thrive in an ever-changing environment, in addition to some strategies for building their capacity to tackle new challenges. From legal expertise to tech-savvy adaptability, the speakers will dive into how DPOs can continue to evolve and make a real impact in their organizations and communities.
Sessions in which Patricia Del Carmen attends
Monday 12 May, 2025
The AI and Compliance track serves as a dynamic platform for dialogue, knowledge exchange, and collaboration on the evolving legal and regulatory landscape of AI, in addition to its increasing involvement in all aspects of our personal and professional lives. This opening session welcomes the Rector of Ca' Foscari University of Venice and the Chair of the Privacy Symposium to set the stage for insightful discussions.
Compliance with the AI Act relies a great deal on robust risk management. However, small and medium entreprises (SMEs) often do not have a risk management policy in place and it is difficult for them to identify, analyse, assess, and mitigate risks related to AI systems privacy and security. On the other hand, whichever methodology an organisation chooses, the underlying cybersecurity and privacy issues that accompany the use of AI systems remain technically the same. This session will ...
Discussions surrounding the interplay of AI and Data Protection Laws will reveal how academics and practitioners from around the world manage the intersectionality of these laws. How do data protection laws and emerging AI intersect, and how do they complement each other? If you’re a privacy professional, legal expert, AI developer, or policymaker, this is your must-attend session, as it will feature professionals from Google, EDRI, DG Justice, a...
This panel will explore the new era of data governance, emphasising the importance of building simplified programs that inspire trust. It will take a holistic approach to data, privacy, cybersecurity, and artificial intelligence, incorporating global laws, regulations, and emerging trends. The discussion will highlight the secular nature of global laws, data sovereignty, restrictions on data transfers, and data minimization.
Generative AI development and deployment is exploding, but the recent EDPB Opinion 28/2024 and early enforcement actions (notably the fine against OpenAI by the Garante in Italy) signal that compliance with the GDPR must be taken seriously from the outset. Against this backdrop, our panel will explore how to build trust and avoid pitfalls when developing and deploying LLMs in Europe. We’ll examine the evolving legal landscape—and whether it leaves enough room for meaningful innovation....
This enriching session will shed light on the consequences of data scraping in regard to privacy and intellectual property rights. Data scraping refers to the automated extraction of data from websites, APIs, and other online sources, which consequently raises questions surrounding the secondary uses of such data. Attendees of this session will have the opportunity to hear from several European and global authorities on how they perceive and addr...
This session will explore how to design data spaces that aren’t just legally compliant but also fundamentally structured around privacy, security, and trust. By embedding compliance in the core of data infrastructure design, we can move beyond reactive measures and create environments that foster confidence and cooperation. Key questions
As AI usage seems to proliferate, international regulations may be the way to go to develop cross-border compliance and cooperation. Featuring representatives from both sides of the Atlantic, as well as renowned global think tanks, this session will discuss how organizations can effectively align themselves with international regulations to achieve convergence and interoperability. ...
This panel focuses on integrating the new cybersecurity obligations introduced by the NIS 2 Directive with the GDPR’s existing requirements for data integrity and confidentiality.
This remarkable session brings together leading experts from Google, Microsoft, the German Data Protection Authority, the European AI Agency, and the Italian State Secretary to discuss how organizations and governments can navigate AI risks while ensuring compliance. From balancing innovation with regulation to addressing ethical concerns, this discussion will provide critical insights into the future of AI governance.
This session brings together industry leaders and regulators to explore the essential aspects of designing compliant AI training models. In the discussion, panelists will provide a comprehensive overview of the intersection between regulatory requirements and innovative AI practices, offering practical advice and actionable insights for professionals in the field. Key topics include:
Agentic AI is ushering in a new era of technological capability, with systems designed to autonomously achieve complex goals by reasoning, planning, and using digital tools. This innovation holds transformative potential. Our panel will explore the evolving data protection considerations that accompany these advancements. Join leading experts as they discuss how familiar privacy principles apply in this new context and identify emerging questions, fostering a di...
Cyber threats are evolving at an unprecedented pace, which makes AI and machine learning essential tools in the fight against cybercrime, by enabling faster threat detection, automated responses, and predictive defense strategies. However, with these advancements come new challenges. The panel of this session will explore the future of AI-driven defense and what it means for privacy, security, and resilience.
We will inaugurate the fourth edition of the Privacy Symposium at the Official Welcome Reception. This event marks the beginning of a week rich in insightful discussions and open exchange, set in the inspiring atmosphere of Venice. Guests will have the opportunity to admire the remarkable works of Tintoretto, one of the city’s most celebrated painters, while connecting with professionals from diverse backgrounds and engaging in fruitful discussions. The evening will be enriched by...
Tuesday 13 May, 2025
The International Cooperation track serves as platform for exchanging ideas, building meaningful partnerships, and exploring innovative solutions beyond borders and across various disciplines. This session opens with an insightful discussion featuring an esteemed panel of high-level speakers and experts, such as the Secretary General of the Inter Parliamentary Union, U.N.
The session will begin with the presentation of research work on the evaluation of the benefits of compliance (combining costs, returns, gains of compliance analysis). The objective will be then to discuss on the KPIs that can be used to measure the positive returns of compliance by incorporating the perspectives of stakeholders who advocate, monitor, implement, control, or finance compliance actions.
With evolving regulations and shifting privacy frameworks, how can businesses and privacy professionals navigate the global advancements of cross-border data transfers? This insightful session will explore the latest developments on a global scale, in addition to the latest trends and practical strategies for ensuring compliance. The panel includes high-level professionals from DG Justice, Information Commissioner’s Office, European Digital Right...
In this thought-provoking session, the panel will dive into the intriguing world of neuro privacy. As breakthroughs in neuroscience offer unprecedented insights into the human brain, important ethical questions arise regarding the collection, use, and potential misuse of neural data. The speakers will explore the intersection between neuroscience, privacy, and fundamental human rights, while focusing on the emerging challenges and potential solut...
Modern vehicles are more than just simple transportation; they are data hubs constantly collecting and transmitting information. From GPS tracking and in-car entertainment systems to AI-powered assistance, connected cars are revolutionizing the concept of mobility. The exceptional panel of this session will explore the fine line between convenience and surveillance, geolocation tracking, and how regulations are adapting.
The European Data Protection Supervisor (EDPS) plays a critical role in shaping the EU’s privacy agenda, as there is a growing need to balance technological advancements, international cooperation, and the complexity of data governance. Attendees of this session will develop a deeper understanding of the EDPS Roadmap, a strategic vision shaping Europe’s data protection landscape. From regulatory chall...
While regulators worldwide are fighting the same battles, too often they’re doing it in isolation. This session brings together industry experts and distinguished officials from EDPS, Dutch Data Protection Authority, Office of the Privacy Commissioner of Canada, and US Department of Justice. Attendees will learn about the real challenges of cross-border privacy enforcement and explore the ways in which regulators can work together to turn fragmen...
While the EU has set a global benchmark with GDPR, effective privacy enforcement requires collaboration beyond its member states. This simply means that privacy doesn’t stop at borders, and neither should data protection. European Data Protection Authorities face growing challenges in aligning regulations, sharing strategies, and tackling cross-border data transfers with non-EU countries. This session brings together data protection professionals...
The role of data regulations in enabling economic growth is currently a topic of intense interest in many parts of the world. Attendees of this enriching session will hear discussions on the nature and design of data regulations, and balances to be struck, including the extent to which regulators seek to enable good outcomes as well as prevent bad ones. Key questions
From GDPR to emerging AI regulations, organizations must navigate complex frameworks while ensuring seamless data flows across borders. This session will bring together experts to discuss practical strategies for overcoming regulatory conflicts, enabling responsible data practices, and fostering global cooperation. Key questions
The last few years have seen a significant increase in digital solutions that support privacy friendly electronic identification and authentication: mobile identity wallets, zero knowledge proofs, verifiable credentials, age assurance applications, and so forth. Legislators are also increasing their support for these solutions. But are they actually trustworthy from a privacy perspective? This session will explore the potential, and the pitf...
Convention 108+, the ‘modernised’ version of the Council of Europe’s data protection treaty, is positioned to play a key role in shaping global data governance and privacy regulations for years to come. This treaty aims to create a more solid framework for data protection to keep pace with the digital world, and to extend beyond Europe’s borders. The esteemed speakers of this panel will present Convention 108+ in the context of striking a balance...
After a productive day of engaging sessions, what better way to refresh than by enjoying a traditional Aperol Spritz at the Privacy Professionals’ Meet-up? Join us for a relaxed evening of conversation and connection over this iconic Italian cocktail. It’s a unique opportunity to get to know other participants of the Privacy Symposium, while enjoying a taste of the dolce vita in true Venetian style.
Wednesday 14 May, 2025
This session promises to dive deep into the real-world impact of data anonymization and synthetic data, exploring how these techniques are being used to protect privacy in different industries. Experts of the panel will break down the myths and realities of these privacy-enhancing technologies, tackling their benefits, limitations, and regulatory challenges head-on. Key questions&nbsp...
Europe’s data regulations are very intricate to form the whole picture, which means that each piece is essential, yet constantly shifting. The Data Act, Data Governance Act and GDPR are not isolated frameworks; they are deeply intertwined to shape the way we interact with the digital reality. This session unites esteemed professionals and officials from Euroconsumers, DG Justice, DG Connect, and Lativia DPA, diving beyond the legal aspect to unco...
With countries adopting their own unique approaches to data protection and compliance, organizations are left to navigate a maze of regulatory frameworks. The distinguished panel of this session is composed of high-level professionals and officials, from Timelex, EDPS, Digital Regulation Cooperation Forum, the Indian Ministry and many more. Together, they will explore how to address global data regulations while ensuring privacy and compliance. T...
Imagine this: A multinational company grappling with an unexpected ransomware attack. Stakeholders are on edge, the clock is ticking, and swift decisions are paramount. This isn’t just a test of your expertise, but also a measure of how well you can handle pressure, make crucial decisions with your team, and lead during chaos. This two times award finalist service (Finnish Comms Awards 2025 and 2025 SABRE EMEA ...
Explore the critical issues shaping HR data privacy in the age of AI. This panel of government and legal experts will address the complexities of cross-border data flows, emerging compliance requirements, and the implications of AI for human resources data. Discover strategies for fostering international cooperation and ensuring robust employee data protection in a rapidly evolving regulatory landscape.
Age assurance is a growing requirement for online safety, but one that comes with clear interdependencies with data protection. Requirements for highly effective age assurance have to be considered alongside data minimisation requirements under the GDPR. The limitations of working in silos must be overcome, and one way of doing so is via a multistakeholder dialogue that brings data protection regulators, safety regulators, academics, companies an...
Growing up in the digital age means that children are exposed to data collection before they even learn to read. This insightful session explores ways in which a safer online space can be created for the next generations, and how to enforce meaningful protection, while balancing innovation with responsibility and empowering young users to navigate the internet safely. Key questions
This expert panel will delve into the multifaceted challenges surrounding cybersecurity and privacy incident management, as well as personal data breaches within the European regulatory landscape. With contributions from industry leaders, privacy professionals, and regulators, the discussion will highlight the interplay between key regulations such as the GDPR and the NIS 2 Directive, emphasizing their evolution in the context of AI systems and m...
Marking the halfway point of the conference, have a relaxing evening at the Privacy Professionals’ Meet-up. Enjoy a refreshing spritz while engaging with other privacy experts. After a productive day of sessions, this is an excellent occasion to meet with other participants and speakers, resume discussions, and enjoy a relaxing evening.
Thursday 15 May, 2025
Medical data is one of the most sensitive types of information, yet it is also the foundation of groundbreaking research, diagnostics, and personalized treatments. Consequently, healthcare providers, researchers, and tech companies must navigate an increasingly complex web of regulations without slowing progress. Join the panel of this unique session as it unpacks the evolving landscape of medical data regulatory compliance and data governance.&n...
This session will welcome industry professionals to explore the adoption of the European Health Data Space (EHDS) regulation and its impact on obligations and compliance requirements. Drawing on the panel's insights, the discussion will cover the practical aspects of implementing EHDS, while also addressing the challenges and opportunities it presents. Key questions
International organizations operate in a unique context and, as a result, face distinct challenges in developing privacy policies and personal data protection practices. Indeed, due to their status having privileges and immunities, International Organizations are not subject to laws and regulations (and related enforcement) from jurisdictions where they are established and/or where they operate. In this session, privacy leaders from three multilateral development banks (MDBs) will...
In pursuit of medical breakthroughs, data is considered a goldmine. At the same time, accessing medical data should not come at the expense of crossing legal and ethical lines. This session will tackle one of the most important issues in medical research today: the lawful use of patient data for secondary purposes like advancing scientific discovery and healthcare innovation. The distinguished panel of this session will explore the complex questi...
If you are interested in how to turn the principle of privacy into marketing practices that not only comply with the law but also resonate with the audience, then this session is for you. The panel will explore how to build privacy-first marketing strategies that respect consumer data while still driving engagement and delivering results. Key questions
Medical research often relies on accessing large and diverse datasets from different regions to ensure the results are comprehensive and unbiased. This session will explore the opportunities, needs, and challenges involved in sharing medical data across borders. The European Health Data Space (EHDS) offers a framework to enable such international collaboration, but how does it function in practice? What are the potential constraints in other juri...
This session will take a deep dive into the evolving process of assessing AI’s impact on fundamental rights, transitioning from traditional Data Protection Impact Assessments (DPIA) to the Fundamental Rights Impact Assessment (FRAIA). The speakers will explore how to practically apply these assessments in AI development and deployment, ensuring that privacy and human rights remain at the forefront.
Digital health is reshaping the way patient care is approached. This offers exciting new opportunities for personalized medicine, real-time health monitoring, and remote care, which makes healthcare more accessible and efficient. With all these advancements, however, comes great challenges. This session will explore the incredible potential of digital health, its impact on patient care, and the obstacles and opportunities it presents. ...
Under European law, a Transfer Impact Assessment is required when transferring personal data to third countries that are not recognized as having adequate data protection standards. It is the responsibility of the data controller to conduct the Assessment, ensuring among other factors that they evaluate the legal framework of the recipient country. This session will provide practical, hands-on guidance on how to effectively carry out a Transfer I...
The Privacy Symposium is delighted to invite you to a unique musical experience on Thursday, 15 May at 6:30 PM, where the Quartetto Pegreffi will take the audience on a musical journey inspired by Venice’s atmosphere. The concert will present a selection of pieces ranging from refined baroque elegance to rich impressionistic colours. The programme reflects the ambience and charm of the surroundings, offering a moment of pause and appreciation in the midst of the Privacy Symposium....
Friday 16 May, 2025
This unique session explores the evolving responsibilities of DPOs in the field of AI governance, focusing on the challenges, ethical dilemmas, and opportunities that come with overseeing AI systems that may impact personal data. Join the panel for a forward-thinking discussion about how DPOs can steer the future of AI governance while staying true to their core mission of data protection.
As law enforcement agencies engage in more complex and sophisticated cross-border data exchanges, the role of Data Protection Officers (DPOs) serving in law enforcement has never been more critical. With evolving technologies, increased international cooperation, and stricter regulatory requirements, DPOs must navigate the fine line between effective policing and data protection compliance, not just within their own jurisdictions, but beyond nati...