The panel seeks to provide a holistic perspective on the legitimate pursuit of own business purposes for data holders like large-scale (cloud) service providers and other processors with a focus on GDPR and also reflecting on the UK and US point of view. 

The discussion would cover the differentiation between the controller’s and the provider’s purposes and how to transparently and legitimately process the affected personal data for own business purposes. The discussion would equally elaborate on the questions related to the use of personal data for training AI functionalities. 

Key questions and objectives 

• What are the typical own business interests providers aim at pursuing? 
• How is the pursuit of own interests reflected in the application of the GDPR by authorities and courts? 
• What are the boundaries for public sector customers? 
• How can digital altruism come to play? 
• How can the necessities of developing powerful AI tools be aligned with GDPR requirements regarding accountability, compliance and transparency? 
• Where are the UK and the US heading in terms of allowing secondary use? 
• What might be a best-practice approach to deal with the overall challenges?