Sustainability Policy


Privacy Policy


Cookie Policy

News & Media
Education & Training

Summer Academy For Global Privacy Law 2024

The Future of Data Protection : Navigating Between Data Regulations, Data Spaces and Data Dogmas


BPH Privacy & Data Protection

Doctoral Seminars


Meet the Author Series


Brussels Privacy Symposium


Data Protection In the World Series


Enforcing Europe Series 2


Data Sustainability Series


Ad-Hoc Events


Working Papers

Data Protection & Privacy


Workshop Summaries

From BPH Events




Data Protection in Humanitarian Action





The seventh edition of the Brussels Privacy Symposium will take place on Tuesday, 14 November 2023, jointly presented by the Brussels Privacy Hub of Vrije Universiteit Brussel (VUB) and the Future of Privacy Forum (FPF). This year’s topic is “Understanding the EU Data Strategy Architecture: Common Threads – Points of Junction – Incongruities”.

The Brussels Privacy Symposium is a global convening of practical, applicable, substantive privacy research and scholarship, bringing together policymakers, academic researchers, civil society and industry representatives. This year’s program will focus on how the EU data strategy package overlaps, interacts, supports or creates tension with provisions within the GDPR. More specifically, the Symposium will provide a forum for in-depth discussions on key principles of the upcoming EU AI Act, the Digital Services Act (DSA), the Digital Markets Act (DMA), in addition to other relevant acts from the Data Strategy package, and their interaction(s) with the existing personal data protection framework created by the GDPR. 

This event will be held in live, in-person-only format in the U-Residence, Generaal Jacqueslaan 271, 1050 Brussels.






8:30 am –
9:15 am CET

Welcome Coffee and Registration

9:15 am –
9:20 am CET

Introduction from Co-Hosts


  • Jules Polonetsky, Future of Privacy Forum
  • Prof. Gianclaudio Malgieri, Leiden University & Brussels Privacy Hub 

9:20 am –
9:45 am CET

Opening Remarks 

  • Commissioner Didier Reynders, European Commissioner for Justice
  • Wojciech Wiewiórowski, European Data Protection Supervisor

9:45 am –
10:45 am CET

Panel I – Shifting the Paradigm? Dispelling the Push for Access to Data in the Data Strategy Package

Facilitating access to data seems to be a leitmotif of the Data Strategy package, regardless of whether the data is personal or not. This can be seen from including specific legal requirements for very large online platforms to provide access to data to researchers and supervisory authorities under the Digital Services Act (DSA); and from imposing extensive and real time data portability obligations and interoperability obligations to gatekeepers in the Digital Markets Act (DMA), to facilitating access to data held by public authorities in the Data Governance Act (DGA), and creating specialized European data spaces to pool data. Questions of whether this represents a paradigm shift away from the strict rules regulating personal data processing, including making it available, under the GDPR, are essential in order to make sense of the new data regulatory framework in the EU. 

At the same time, individual “consent” seems to transform into a gatekeeper itself, ensuring access to personal data across services, platforms, authorities and NGOs – if we look at the provisions of the DMA and the DGA. This panel will discuss how data access and consent rules in the Data Strategy package are reconciled with the provisions of the GDPR.


  • Christina Michelakaki, Future of Privacy Forum


  • Corinna Schulze, SAP 
  • Mathias Vermeulen, AWO Agency
  • Anna Buchta, EDPS
  • John Miller, Informational Technology Council  

10:45 am –
11:15 am CET

Coffee Break

11:15 am –
12:15 pm CET

Panel II – A network of Impact Assessments: from the GDPR to the DSA and the AI Act

This panel aims to shed light on the different risk-based impact assessment provisions embedded in key EU digital regulations such as Article 34 of the DSA, and the Fundamental Rights Impact Assessment in the EU Parliament version of the Artificial Intelligence Act (AIA). Additionally, it will explore the intersection between the new legislation and the GDPR‘s Article 35 to evaluate data protection implications and with already existing “Human Rights Impact Assessment” models existing around Europe (like in the Netherlands).

The panel will feature experts in the field who will present their analysis and engage in a stimulating discussion, providing a deeper understanding of the approaches to impact assessments and their implications for stakeholders across the evolving sphere of EU digital regulation. By unraveling these intricacies, the panel aims to facilitate constructive dialogue and offer an opportunity to learn about the different types of impact assessments, their interconnectedness, and their relation to the GDPR. Moreover, key considerations for conducting an impact assessment will be discussed.

The panel will be of interest to anyone who is involved in the development or implementation of the EU digital strategy, including policymakers, regulators, businesses, and civil society organizations. It will explore the following questions:

  • What are the different types of impact assessments applicable?
  • What are the key considerations for conducting an impact assessment?
  •  Is the DPIA different from a Fundamental Rights Impact Assessment?


  • Gianclaudio Malgieri, Leiden University & Brussels Privacy Hub



  • Alessandro Mantelero, Polytechnic University of Turin & Mediterranean Digital Societies & Law
  • Frederico Oliveira da Silva, BEUC (The European Consumer Organisation) 
  • Karolina Mojzesowicz, DG JUST, European Commission 

12:15 pm –
1:30 pm CET

Lunch Break

1:30 pm –
2:30 pm CET

Panel III – What future then for data enforcement in Europe?

The GDPR, with its cooperation and consistency mechanism under the One-Stop-Shop, created one of the most complex and multi-layered enforcement structures in EU law. In fact, five years after the GDPR became applicable, the European Commission proposed new rules to reform this system on its margins, looking primarily at modifying national administrative procedures. With the data strategy legislative package, the EU legislator shifted focus and added to a dispersed enforcement model across the EU Member States a centralized enforcement model, reserving competences for the European Commission to enforce the DSA in relation to VLOPs and VLOSEs, and the DMA. 

The Data Strategy package is also significantly enhancing the web of national supervisory authorities that might have a word to say about data, algorithms, AI and the digital world. At the same time, Data Protection Authorities will continue dealing with any and all processing of personal data, including those that underpin the scope of application of all other laws in the Data Strategy package. To complicate matters further, recent rulings by national and European courts have ascertained the ability of antitrust authorities to make their own findings based on issues concerning the processing of personal data, thus laying the first brick towards the possible creation of a super authority dedicated to the data economy, tackling it from different points of view, all intertwined.


  • Gabriela Zanfir-Fortuna, Future of Privacy Forum


  • Annemarie Sipkes, Dutch Authority for Consumers and Markets (ACM)

2:30 pm –
3:00 pm CET

Coffee Break

3:00 pm –
4:00 pm CET

Breakout Workshops – Have your say: How do the different proposals of the Data Strategy package interact, overlap, or create tension with key provisions of the GDPR?

After hearing from leading experts on the topic of the Symposium, attendees will be invited to share their own thoughts, in more restricted focus groups on how to define and address the common threads, incongruities and points of juncture of the Data Strategy package. From the DSA to the DMA, DGA, AI Act and the GDPR, what are some of the implementation challenges related to the different elements of the Data Strategy package? How does the Data Strategy package interact with ongoing challenges related to emerging technologies, including, but not limited to, Generative AI? Does the Data Strategy package allow for further protection of fundamental rights in the digital space, including for vulnerable individuals?

Workshop Leaders 

  • Vasileos Rovilos, FPF 
    • Topic: Zooming in on the DSA 
  • Barbara Lanzarotto, VUB
    • Topic: TBD
  • Bianca-Ioana Marcu, FPF
    • Topic: Fundamental rights in the data strategy package
  • Vincenzo Tiani, VUB
    • Topic: TBD

4:00 pm –
4:30 pm CET

Workshop Report Outs

4:30 pm –
4:45 pm CET

Closing Keynote

4:45 pm –
5:00 pm CET

Closing Remarks

5:00 pm –
6:00 pm CET

Cocktail Reception

Join us for further conversation over drinks and snacks to close the day.


 More information is available on the FPF website.

Update: unfortunatly, the Brussels Privacy Symposium has reached capacity and is sold out. We hope to see you at next years edition.