Introduction This session will discuss and compare the value of synthetic data, pseudonymized data, and anonymized data for medical research. Beyond the ethical dimension and their relevance for data protection by design, the session will discuss their relevance for medical research.  Key questions and objectives ...

Session in English interpreted into Italian / Sessione in inglese con la traduzione in italianoIn an increasingly interconnected world, highly inter-dependent, dealing with the challenges of the modern data-driven and digital world, though bringing tremendous benefits for our economies and societies, also becomes increasingly challenging for privacy and the protection of personal data.  

The Lunch Break for all participants will take place in Scuola Grande di San Rocco.

Session in English interpreted into Italian / Sessione in inglese con la traduzione in italiano

Session in English interpreted into Italian / Sessione in inglese con la traduzione in italiano

Session in English interpreted into Italian / Sessione in inglese con la traduzione in italiano

This session is devoted to a core aim of the GDPR: the rights of data subjects which were significantly strengthened. The speakers will present their views on different aspects of the rights, each from his own point of view. The aim of this session is to get a clearer picture: where do we stand now?

Technology moves fast, but is privacy legislation up to speed?Since the enactment of GDPR, many companies have adopted a reactive mode, and responded to the pressure of regulations based on the fear of fines rather than embracing the change. Due to the relatively slow intervention of regulators, and the increasing complexity of technologies, there are ...

Session in English interpreted into Italian / Sessione in inglese con la traduzione in italiano

This session will be the opportunity to deepen the main aspects of Data Protection by Design in Practice.

The panel will present to the audience the marketing and advertising EU legal framework and recent decisions of EU Supervisory Authorities. The main issues related to privacy compliance for digital marketing and behavioural/ programmatic advertising will be discussed. Moreover, the speakers will share their reflections on how to convert the security &privacy "vicious cycle” into a “virtuous cycle” by providing...

Session in English interpreted into Italian / Sessione in inglese con la traduzione in italiano

This Track Opening marks the beginning of a journey into the forefront of scientific inquiry and innovation, presenting a wide range of research topics and groundbreaking technological advancement. Participants will join experts on this panel to explore the latest trends, challenges, and future opportunities, in addition to exchanging ideas and insights that will inspire and propel scientific endeavors forward.  

South Africa is a prime location for genetics and genomic research due to its combination of genetic diversity, high disease burdens, and high-quality infra-structure. Most research projects of this nature, including in South Africa, are funded by organizations such as the United States National Institutes of Health (NIH), the European Commission, the United Kingdom Medical Research Council, and the Wel...

Introduction The constant and rapid evolution of the digital landscape directly influences the roles and responsibilities of professionals tasked with safeguarding data privacy and ensuring regulatory compliance. This is especially highlighted by recent EU legislations, such as the Digital Services Act, Digital Markets Act, Data Act, Data Governance Act, together with European Data Sp...

Transparency and accountability are indispensable principles for modern data protection, from both, legal and technical viewpoints. Regulations such as the GDPR, therefore, require specific transparency information to be provided including, e.g., purposes, storage periods, or legal bases for personal data processing. However, it has repeatedly been shown that all too often, this information is practically hidden in legalese privacy ...

The concept of personal data is pivotal to understand the scope of the General Data Protection Regulation (GDPR). Since data protection regulations and directives were adopted, national courts and the Court of Justice of the European Union (CJEU) had to determine whether some data like IP addresses are personal. Courts' rulings are often based on the possibility to re-identify individuals from the datasets under dispute. The differe...

Most of the global initiatives in the field of artificial intelligence are designed as globally-minded soft regulation. “Soft” law or the Brussels Effect can complement but will not be able to replace “hard” law. In the case of AI, a technology that has the potential to revolutionise our society, what will make the difference is the enforceability of the law. In the EU’s AI Act, the EU co-legislators make a wise choice to depart fro...

This study examines the varying interpretations of data portability across different legislative frameworks. While each jurisdiction labels the concept as “portability", the underlying understanding of what constitutes portability significantly differs. This divergence in conceptualization, rather than mere definitional variation, not only leads to substantial confusion, but also affects the enjoyment of rights and obligations of re...

Privacy policies often fail to uphold the goals of transparency – for individuals to understand the processing of their data and exercise their rights in a user-centered manner – which may lead to misalignment between privacy expectations and practices. Direct-to-consumer (DTC) genetic companies, expected to grow to more than 2.7 billion USD by 2032 in Europe, process sensitive data with many risks. The...

Introduction Experts on this panel will investigate the latest developments in Privacy Enhancing Technologies by examining their effectiveness in protecting user data and fostering trust in online environments. The panel will also address the emerging trends and evaluate their potential impact on privacy landscapes, which is helpful in navigating the ever-evolving terrain of privacy r...

The adequacy requirement plays a significant role in EU data protection law. The third country must provide adequate data protection to make personal data transfer free, i.e., treat the transfer as if it happens within the EU. A third country must pass the assessment conducted by the European Commission to do so. The doctrine describes the assessment as not transparent enough and influenced by the political background. There are few...

Although the number of smart home users is increasing, privacy regulations such as the GDPR exempt data collected from household environments for personal use. Previous research has considered how smart homeowners might be seen as joint data controllers due to the amount of data available to them. The self-surveillance capabilities of smart homes allow homeowners to generate personal data both regarding themselves and people in...

Introduction As Europe continues to strengthen its cybersecurity framework in response to evolving threats and challenges, understanding the intricacies of this legislative landscape is essential for org...

Introduction This session provides an in-depth analysis of the recent evolution and current status of cross-Atlantic data protection collaboration and convergence. It will discuss the challenges and opportunities for both regions to overcome their differences and develop common frameworks. The panel will consider the common interests and interdependencies of the two regions and their ...

Introduction With the increasing digitization of healthcare information, finding a balance between data accessibility and individual privacy rights is crucial. Academics and experts on this panel will explore approaches to sharing health data while prioritizing privacy and security. In addition to this, attendees will discover cutting-edge strategies and frameworks designed to facilit...

Introduction This session will analyze the policies, initiatives, and collaborative efforts undertaken by G7 member countries to establish solid frameworks that prioritize individuals’ privacy rights, while maintaining innovation and economic growth. The attendees will explore the challenges, responsibilities, opportunities, and aspirations in building a world where privacy and data r...

Introduction The panel of this session will examine the dynamic interplay among various European Data Regulations, including the Digital Markets Act (DMA), Digital Services Act (DSA), Data Act (DA), Artificial Intelligence Act (AIA), and Market in Crypto-assets Regulation (MICA). It will also focus on unraveling the complexities surrounding these regulations and offer insights into ov...

Introduction There has been an emerging innovative approach to marketing in the digital realm that utilizes the concept of privacy by design. In this session, attendees will discover this approach, especially regarding online marketing that prioritizes user privacy from the outset. From data minimization to transparent consent mechanisms, the speakers will unveil strategies for buildi...

Introduction The regulatory landscape, ethical considerations and best practices are outlined by EU-CHECK to ensure responsible and trustworthy AI applications. In this session, attendees will gain valuable insight into the European Union’s Coordinated Universal Compliance for Keeping User Privacy and Security perspective, especially in the context of AI deployment. The speakers will ...

Introduction The EU GDPR entered into force on 24 May 2016 and is applicable since 25 May 2018. It had a worldwide impact and triggered the adoption of many similar regulations across the world. This session will explore the lessons learned. What has been successful and what could be considered for future regulatory evolution? Join top-level authorities and experts for an insightful e...

Introduction The EU GDPR makes over 70 references to certification, and its Article 42 sets the basis for a European Data Protection Seal. In October 2022, the European Data Protection Board approved the Europrivacy criteria to serve as European Data Protection Seal. In March this year, European Accreditation validated the accreditation of Europrivacy at European level in line with Ar...

Introduction While the GDPR has established a powerful mechanism to reinforce cooperation for data protection among EU an EEA Member States, major European countries, such as UK, Switzerland, and others, are not associated to this cooperation mechanism. They often benefit from adequacy decisions but are not involved in EDPB discussions. This session will explore the potential to reinf...

Introduction The speakers on this panel will embark on a comprehensive exploration of the diverse mechanisms available to safeguard data, such as Certification, Standard Contractual Clauses (SCC), Binding Corporate Rules (BCR), and Codes of Conduct (CC). With the use of digital technologies and cross-border data flows, organizations and professionals face mounting pressure to adapt sa...

Introduction While several mechanisms exist to support international data transfers, certification is characterized by a higher level of trustability. Contrary to SCCs, for instance, a certification relies on effective third-party audit and validation by qualified experts. It ensures that data is effectively adequately handled without having to cross borders. This session will discuss...

Introduction With the proliferation of artificial intelligence technologies, challenges are inevitable to ensure that data practices comply with evolving legal requirements while utilizing the potential of AI innovation to the maximum capacity. With this session, the speakers will explore the integration of AI legal frameworks into data protection compliance programs. 

Introduction This session will discuss the interplay between data protection and economic development. It will try to move beyond position statements, to explore the facts and evidence of such interplay and potential trade-off. Is privacy limiting or accelerating economic development? What are the risks and economic impact on countries that do not provide high-level standards for...

Introduction Different EU regulations have adopted distinct provisions related to consent. This session will discuss the practical implications of consent management under the Digital Markets Act (DMA), GDPR, and ePrivacy Directive. Using examples, such as consent paywall implementation, the speakers on this session’s panel will explore how to navigate the complexities of ob...

Introduction This session offers an outstanding opportunity to learn how the US regulation on privacy and data protection work, with a focus on the Data Protection Framework in Practice. This deep dive-in session organized by the US Department of Justice will be delivered by senior representatives and experts, who will present the framework, clarify potential misperceptions, and addre...

Introduction From the GDPR to the ePrivacy Directive and beyond, Europe has established a comprehensive regulatory framework for data processing, some of which have their own implementation scheme with dedicated bodies. This session will discuss data regulations interplay and oversight in practice. Key questions and objectives...

Introduction Artificial intelligence ingests existing data to generate new data. AI technologies continue to revolutionize industries, but questions surrounding the ownership of data and the protection of intellectual property have become increasingly complex. In this session, the speakers will explore the intersection of artificial intelligence, data ownership, and intellectual prope...

Introduction Under European law, Transfer Impact Assessment is mandatory when transferring personal data in third world countries that are not recognized as adequate. It is the responsibility of the data controller to perform the transfer impact assessment and to assess, for instance, the legal framework of third world countries. This session will focus on practical guidance to perfor...

While users value personalization, they also want brands and platforms to be responsible and transparent about data practices. Privacy-enhancing technologies will be critical to maintaining user expectations regarding both privacy and utility of digital marketing. Trusted execution environments (TEEs) are a form of PET often used to protect sensitive information such as passwords and credit card numbers. They can also be used to improve data privacy while still providing utility, by allowing ...

Introduction This deep dive-in session will focus on how to ensure compliance with emerging artificial intelligence regulations, such as the AI Act, in light of AI technologies raising several complex compliance challenges for organizations and professionals across industries. The speakers of this session will explore strategies for navigating these challenges and establishing solid c...

Introduction This session will focus on the adoption of the European Health Data Space (EHDS) regulation and its implications in terms of obligations and compliance. It will share the views of the European Commission and experts in this field. The speakers will also discuss the practical implementation of EHDS, in addition to the challenges and opportunities it presents.  

Introduction This session will present and discuss innovative technologies and methodologies aimed at overcoming the barriers associated with secondary data use. Speakers will focus on solutions and innovative approaches for data reuse, including synthetic data generation, federated machine learning, and self-assessment methodologies. They will also unveil how these approaches are sha...

Introduction In the field of healthcare data processing, consent has long been considered the primary legal basis. However, with evolving medical research and innovation, alternative legal bases are gaining more attention. This session will discuss and review these alternative approaches to support lawful medical data processing.