Sustainability Policy


Privacy Policy


Cookie Policy

News & Media
Education & Training

Summer Academy For Global Privacy Law 2024

The Future of Data Protection : Navigating Between Data Regulations, Data Spaces and Data Dogmas


BPH Privacy & Data Protection

Doctoral Seminars


Meet the Author Series


Brussels Privacy Symposium


Data Protection In the World Series


Enforcing Europe Series 2


Data Sustainability Series


Ad-Hoc Events


Working Papers

Data Protection & Privacy


Workshop Summaries

From BPH Events




Data Protection in Humanitarian Action





Summer Academy For Global Privacy Law 2023

From Data Access to Data Transformations: How to Govern Data in the Age of Analytics and AI

About the Academy

19-23 June 2023

Subjects covered will include:

  • Personal data & Algorithmic Processing
  • Third Party Data Access
  • Comparative Perspectives
  • Data Access from Third Countries & Data Transfers
  • Data Transformations & PETs

The Brussels Privacy Hub is proud to announce its 2023 Summer Academy for Global Privacy Law, after 7 years of successful editions.

Summer Academy Organisers:
Professor Sophie Stalla-Bourdillon, Scientific Coordinator

Barbara da Rosa Lazarotto, Managing Coordinator

Professor Gianclaudio Malgieri, Co-Director Brussels Privacy Hub

The Brussels Privacy Hub would like to acknowledge the collaboration and assistance of the following organisations:

The Faculty

Leonardo Cervera Navas

Director of the Office of the European Data Protection Supervisor

Prof. dr. Ronald Leenes

Professor in Regulation by Technology at Tilburg Institute for Law, Technology and Society

António Biason

European Commission legal  and policy officer

Joris Van Hoboken

Professor of Law, Vrije Universiteit Brussel

Isabelle Servoz-Gallucci

Head of the Data Protection Unit of the Council of Europe 

Inge Graef

Associate Professor of Competition Law at Tilburg University. She is affiliated to the Tilburg Institute for Law, Technology, and Society (TILT) and the Tilburg Law and Economics Center (TILEC)

Nikolaos Theodorakis

Of Counsel at Wilson Sonsini Goodrich & Rosati

Gianclaudio Malgieri

Brussels Privacy Hub Co-Director

Benjamin Wong

Lecturer at Faculty of Law, National University of Singapore

Yves Lapierre

Legal adviser and a member of the project co-Design Team of CULTUREPÉDIA

Prof. dr. Christopher Kuner

Affiliate Professor, University of Copenhagen

Laura Drechsler

Postdoctoral researcher, Centre for IT & IP Law KULeuven

Bilgesu Sumer

Doctoral researcher KU Leuven (CiTiP))

Flavia Giglio

Research Associate KU Leuven (CiTiP)

Giuseppe D’Acquisto

Senior Technology Policy Advisor – Garante per la Protezione dei dati personali – (Italian Data Protection Authority)

Olivier Blazy

Professor in Cybersecurity, École Polytechnique, France

Mireille Hildebrandt, FBA

Research Professor on ‘Interfacing Law and Technology’ at Vrije Universiteit Brussels, co-Director of the Research Group on Law Science Technology and Society studies (LSTS) at the Faculty of Law and Criminology

Lauren Murphy

Lawyer, Clifford Chance

Alfred Rossi

Andrew Burt

Managing Partner at BnH and Visiting Fellow at Yale Law School’s Information Society Project

Sophie Stalla-Bourdillon

Professor of Law, Vrije Universiteit Brussel; Principal Legal Engineer, Immuta

Audrey Plonk

Head of the Digital Economy Policy (DEP) Division of the Directorate for Science, Technology and Innovation (STI) at the OECD

Hinda Haned

Professor by special Appointment of Data Science, University of Amsterdam

Andrea Gadotti

Honorary Research Associate at Imperial College London

Tania Schroeder

European Commission, Directorate General for Justice and Consumers

Johan Bodenkamp

European Commission, Directorate General CONNECT

Andrée Harvey

LaCogency and Culturepédia

Romain Robert

Program Director at noyb

The Programme

The Brussels Privacy Hub Summer Academy for Global Privacy Law 2023 will focus on the topic “From Data Access to Data Transformations: How to Govern Data in the Age of Analytics and AI?.Each day of the Academy will focus on a topic and will deliver  a keynote session, lectures, and a workshop, which will give participants the opportunity to apply their knowledge through practical exercises. On top of this, exciting side and networking events  with other researchers and civil society will complement the Summer Academy.


Programme structure


DAY 1 – Personal Data and Algorithmic Processing

The first day will focus on the interplay between data protection and algorithmic processing, covering the following topics:

  • Data protection, data subjects’ rights and AI
  • The interplay between GDPR and AI Act
  • Data reuse and risk assessment


DAY 2 – Third-party Data Access

The second day will focus on third-party data access. This will be looked from different perspectives and will dive into the implications of new relevant EU Regulations:

  • Data Act and IoT data access
  • Access to platform data
  • EU Data Spaces


DAY 3 – Comparative Perspectives on Data re-use and sharing

The third day will have a look  at how different legal system around the world  address the topic of data reuse and sharing, comparing these different approaches.

  • Global perspective (e.g., Convention 108+)
  • European perspective (e.g., GDPR)
  • North American perspectives (e.g., CCPA, PIPEDA)
  • Asian perspectives (e.g., DSL, PIPL, DPDP)


DAY 4 – Data Access from third countries and data transfers

The fourth day will focus on the topic of international data transfers. The lectures will look into recent regulations to understand how this works and its complexities.

  • Data transfers and the use of data by law enforcement
  • International data transfers regulations and risk-based approach


DAY 5 – Data Transformations and PETs

The fifth and final day of the Summer Academy will provide an overview of Privacy Enhancing Technologies (PETs), their application and use cases, the expectations and their possible inconsistencies.

Practical Information


The Summer Academy will take place from 19-23 June 2023.


The participation at the Summer Academy will take place in a hybrid format.

Online participants will be able to watch lectures and interact via Teams.

The in-person participants will be welcomed in the U-Residence, located at the VUB Main Campus in Brussels. More information on how to reach the venue and a campus map (look for building U) are available on the VUB website.



For whom?

The Summer Academy is aimed at legal practitioners, data protection professionals – including compliance officers, data protection officers, chief privacy officers – civil society representatives and activists, early-career researchers, and all those working in the privacy, data protection and data governance space, at the interface between law and technology. 

Prerequisite for participating in the Summer Academy: Familiarity with EU data protection law. 

How to register?

Registration is open via Jotform, accessible here. Registration is open until 15 May.

Registration Fees

• Professionals – €1.250 (early bird: €1.050)
• Ph.D Students – €1.050 (early bird: €825)
• Students – €850 (early bird: €600)

Early bird applies until 31 March 2023


Cancellation Policy

More information on cancellation will be provided at a later date on this page. To receive information on the Summer Academy, be sure to follow Brussels Privacy Hub on LinkedIn or Twitter, or subscribe to the newsletter below..

Ukrainian Scholarship

Brussels Privacy Hub announces three registration fee waivers for the Summer Academy for Global Privacy Law 2023 for Ukrainian applicants.

Waivers do not include accommodation or transportation support. Applicants may choose to join either in-person or online. Ukrainian applicants will be subject to a separate registration procedure.

Prior familiarity with the data protection law is required. Selection will be concluded by the Brussels Privacy Hub team on an objective basis.

Ukrainian applicants shall apply by selecting the Ukrainian Scholarship option in the registration form.

Applicants will be contacted by the Brussels Privacy Hub team and will be asked to submit proof of their Ukrainian citizenship or (prior) residency, a short cover letter (max 350 words) explaining their background and another short statement (450 words) about why they are in need of the waivers.

Criteria that will be applied by the Brussels Privacy Hub will aim to choose:
• Applicants who are Ukrainian citizens,
• Applicants who have been relocated from Ukraine as of 2022, or, who are still
residing in Ukraine.

Priority will be given to younger candidates (Ph.D. researchers, PostDoc researchers,

Selection will be completed after the application deadline. If Brussels Privacy Hub receives an excessive amount of applications, it may choose to close the application procedure, in order to better analyze the existing applications. Brussels Privacy Hub may ask for the submission of the Ukrainian ID/Passport in order to ensure the integrity of the application, during the selection procedure. In such a case, Brussels Privacy Hub Privacy Policy applies. The documents will not be stored on any
servers and will be deleted upon authentication of the citizenship.

Brussels Privacy Hub is more than happy to support Ukrainian colleagues in such a hard time.

Privacy Notice

Date: 16 February 2023


This Privacy Notice describes how we collect and use your personal data in the context of the Brussels Privacy Hub Summer Academy programme.


Identity of the controller

The Vrije Universiteit Brussel is responsible for the processing of your personal data as described in this Privacy Notice. You can reach us at info@brusselsprivacyhub.org.


The information we collect and process

We collect the following information:

  • Your name
  • Your contact details
  • Your participant category (student or professional)
  • Your affiliation
  • Your biography and motivation letter
  • Your IP-address
  • Your dietary preference


How we collect your information

We collect the information you submit in the registration form on JotForm and the information you submit to us via mail or social media.

Why do we collect your information

We collect your information to provide services in relation to our Summer Academy for Global Privacy Law (article 6(1)(b) GDPR).

  • Your name and contact details are collected to enable communication and provide personalized items such as name tags during the event.
  • Your participant category is collected to invoice according to the differentiated participation fees.
  • Your affiliation is collected to better adapt the content of the Summer Academy to the different participants.
  • Your dietary preference is collected to be able to offer lunch in accordance with the participants wishes during the Summer Academy.
  • Your biography and motivation letter is collected to be able to select participants.

We may also use personal data in other ways for which we provide specific notice at the time of collection.


Whether we share or disclose your information

We may disclose personal data to our processors or authorize them to process the data to pursue one or more of these purposes. Our processors include:




Retention and deletion of your information

The data will be stored for the period of organization and activity of the Summer Academy and for a maximum of 6 months. After this period, all personal data related to your participation will be deleted.


Your rights

You have the right to:

– To access your personal data and obtain all the information on the processing as mentioned in Article 15 Regulation 679/2016, hereinafter GDPR, (origin, purpose, lawful grounds, details about the data controller, recipients, duration, other data subjects’ rights, etc.).
– You also have the right to rectify your personal data, update, delete or request limitation of processing. The content and exercise of these rights is regulated by Articles 15-18 of the GDPR. Finally, the data subject has the right to revoke the consent for the processing of his/her personal data. The revocation of consent does not affect the lawfulness of the processing based on the consent given before the revocation.
– You have the right to lodge a complaint with the Data Protection Supervisor if he or she believes that the processing of his or her personal data is in breach of the GDPR, pursuant to and in accordance with Article 77 of that Regulation.

To exercise your data subject rights, please contact us at info@brusselsprivacyhub.org. In addition, you can also reach the Data Protection Officer of the Vrije Universiteit Brussel at DPO@vub.be.


How to contact us

You can submit a request or ask us questions about this Privacy Notice or our practices by emailing us at info@brusselsprivacyhub.org, emailing our DPO at DPO@vub.be or writing us at:

Brussels Privacy Hub

Pleinlaan 2, 1050 Elsene



Updates to our privacy notice

We may update this Privacy Notice from time to time and without prior notice to you to reflect changes in our personal data practices. We will indicate at the top of the policy when it was most recently updated.






Previous Summer schools – Academies

7th Summer Academy for Global Privacy Law: Engineering The Data Regulation(S) In An Age Of Reform (27 June – 1 July 2022)
6th Summer Academy for Global Privacy Law: International data flows: Moving challenges, new solutions (21-25 June 2021)
5th Summer Academy for Global Privacy Law: Confronting the new Challenges (22-26 June 2020)
4th European Data Protection Law Summer School: Advancing (with) EU data protection (24-28 June 2019)
3rd European Data Protection Law Summer School: Putting the GDPR into practice and in context (24-28 June 2018)
2nd European Data Protection Law Summer School: The GDPR is Now (26-30 June 2017)
1st European Data Protection Law Summer School: Getting to grips with the GDPR (4-8 July 2016)