The seventh edition of the Brussels Privacy Symposium will take place on Tuesday, 14 November 2023, jointly presented by the Brussels Privacy Hub of Vrije Universiteit Brussel (VUB) and the Future of Privacy Forum (FPF). This year’s topic is “Understanding the EU Data Strategy Architecture: Common Threads – Points of Junction – Incongruities”.
The Brussels Privacy Symposium is a global convening of practical, applicable, substantive privacy research and scholarship, bringing together policymakers, academic researchers, civil society and industry representatives. This year’s program will focus on how the EU data strategy package overlaps, interacts, supports or creates tension with provisions within the GDPR. More specifically, the Symposium will provide a forum for in-depth discussions on key principles of the upcoming EU AI Act, the Digital Services Act (DSA), the Digital Markets Act (DMA), in addition to other relevant acts from the Data Strategy package, and their interaction(s) with the existing personal data protection framework created by the GDPR.
This event will be held in live, in-person-only format in the U-Residence, Generaal Jacqueslaan 271, 1050 Brussels.
AGENDA
Time |
Event |
Speakers |
|---|---|---|
8:30 am –
|
Welcome Coffee and Registration |
|
9:15 am –
|
Introduction from Co-Hosts |
Co-Hosts
|
9:20 am –
|
Opening Remarks |
|
9:45 am –
|
Panel I – Shifting the Paradigm? Dispelling the Push for Access to Data in the Data Strategy Package Facilitating access to data seems to be a leitmotif of the Data Strategy package, regardless of whether the data is personal or not. This can be seen from including specific legal requirements for very large online platforms to provide access to data to researchers and supervisory authorities under the Digital Services Act (DSA); and from imposing extensive and real time data portability obligations and interoperability obligations to gatekeepers in the Digital Markets Act (DMA), to facilitating access to data held by public authorities in the Data Governance Act (DGA), and creating specialized European data spaces to pool data. Questions of whether this represents a paradigm shift away from the strict rules regulating personal data processing, including making it available, under the GDPR, are essential in order to make sense of the new data regulatory framework in the EU. At the same time, individual “consent” seems to transform into a gatekeeper itself, ensuring access to personal data across services, platforms, authorities and NGOs – if we look at the provisions of the DMA and the DGA. This panel will discuss how data access and consent rules in the Data Strategy package are reconciled with the provisions of the GDPR. |
Moderator
Panelists
|
10:45 am –
|
Coffee Break |
|
11:15 am –
|
Panel II – A network of Impact Assessments: from the GDPR to the DSA and the AI Act This panel aims to shed light on the different risk-based impact assessment provisions embedded in key EU digital regulations such as Article 34 of the DSA, and the Fundamental Rights Impact Assessment in the EU Parliament version of the Artificial Intelligence Act (AIA). Additionally, it will explore the intersection between the new legislation and the GDPR‘s Article 35 to evaluate data protection implications and with already existing “Human Rights Impact Assessment” models existing around Europe (like in the Netherlands). The panel will feature experts in the field who will present their analysis and engage in a stimulating discussion, providing a deeper understanding of the approaches to impact assessments and their implications for stakeholders across the evolving sphere of EU digital regulation. By unraveling these intricacies, the panel aims to facilitate constructive dialogue and offer an opportunity to learn about the different types of impact assessments, their interconnectedness, and their relation to the GDPR. Moreover, key considerations for conducting an impact assessment will be discussed. The panel will be of interest to anyone who is involved in the development or implementation of the EU digital strategy, including policymakers, regulators, businesses, and civil society organizations. It will explore the following questions:
|
Moderator
Panelists
|
12:15 pm –
|
Lunch Break |
|
1:30 pm –
|
Panel III – What future then for data enforcement in Europe? The GDPR, with its cooperation and consistency mechanism under the One-Stop-Shop, created one of the most complex and multi-layered enforcement structures in EU law. In fact, five years after the GDPR became applicable, the European Commission proposed new rules to reform this system on its margins, looking primarily at modifying national administrative procedures. With the data strategy legislative package, the EU legislator shifted focus and added to a dispersed enforcement model across the EU Member States a centralized enforcement model, reserving competences for the European Commission to enforce the DSA in relation to VLOPs and VLOSEs, and the DMA. The Data Strategy package is also significantly enhancing the web of national supervisory authorities that might have a word to say about data, algorithms, AI and the digital world. At the same time, Data Protection Authorities will continue dealing with any and all processing of personal data, including those that underpin the scope of application of all other laws in the Data Strategy package. To complicate matters further, recent rulings by national and European courts have ascertained the ability of antitrust authorities to make their own findings based on issues concerning the processing of personal data, thus laying the first brick towards the possible creation of a super authority dedicated to the data economy, tackling it from different points of view, all intertwined. |
Moderator
Panelists
|
2:30 pm –
|
Coffee Break |
|
3:00 pm –
|
Breakout Workshops – Have your say: How do the different proposals of the Data Strategy package interact, overlap, or create tension with key provisions of the GDPR? After hearing from leading experts on the topic of the Symposium, attendees will be invited to share their own thoughts, in more restricted focus groups on how to define and address the common threads, incongruities and points of juncture of the Data Strategy package. From the DSA to the DMA, DGA, AI Act and the GDPR, what are some of the implementation challenges related to the different elements of the Data Strategy package? How does the Data Strategy package interact with ongoing challenges related to emerging technologies, including, but not limited to, Generative AI? Does the Data Strategy package allow for further protection of fundamental rights in the digital space, including for vulnerable individuals? |
Workshop Leaders
|
4:00 pm –
|
Workshop Report Outs |
|
4:30 pm –
|
Closing Keynote |
|
4:45 pm –
|
Closing Remarks |
|
5:00 pm –
|
Cocktail Reception Join us for further conversation over drinks and snacks to close the day. |
More information is available on the FPF website.
Update: unfortunatly, the Brussels Privacy Symposium has reached capacity and is sold out. We hope to see you at next years edition.