Sustainability Policy


Privacy Policy


Cookie Policy

News & Media
Education & Training

Summer Academy For Global Privacy Law 2023

From Data Access to Data Transformations: How to Govern Data in the Age of Analytics and AI?


BPH Privacy & Data Protection

Doctoral Seminars


Visiting Scholars Programme


Meet the Author Series


Brussels Privacy Symposium


Data Protection In the World Series


Enforcing Europe Series 2


Data Sustainability Series


Ad-Hoc Events


Working Papers

Data Protection & Privacy


Workshop Summaries

From BPH Events




Data Protection in Humanitarian Action





Brussels Privacy Symposium

About the Symposium

The Brussels Privacy Symposium is a joint programme of Future of Privacy Forum and BPH that every year brings together leading thinkers from around the world to debate on the latest developments and challenges within the data protection and privacy realm.

Past symposia addressed the issues related to the de-identifiability of personal information; the privacy and data protection concerns arising from the use of artificial intelligence and machine learning; the intersection of data protection and competition law; the interactions between data protection and research.


November 15

6th Annual Brussels Privacy Symposium

Vulnerable People, Marginalization and Data Protection

The sixth edition of the Brussels Privacy Symposium will take place on November 15, 2022, jointly presented by the Brussels Privacy Hub of Vrije Universiteit Brussel (VUB) and the Future of Privacy Forum (FPF). This year’s topic is “Vulnerable People, Marginalization and Data Protection”. This year’s event will be held in-person at Les Ateliers des Tanneurs, Rue des Tanneurs 58-62, 1000 Brussels Belgium.

The Brussels Privacy Symposium is a global convening of practical, applicable, substantive privacy research and scholarship, bringing together policymakers, academic researchers, civil society and industry representatives. This year they will explore to what extent data protection and privacy law protect and empower vulnerable and marginalized people. They will also debate how to balance the right to privacy with the need to process sensitive personal information in order to uncover and protect against biases and marginalization.

This will also be the occasion to officially launch a new joint project: “VULNERA,” the International Observatory on Vulnerable People in Data Protection, co-led by the Brussels Privacy Hub and the Future of Privacy Forum. The observatory aims to promote a mature debate on the multifaceted connotations that the notion of human “vulnerability” and “marginalization” may assume in the data protection and privacy domains.


8:30 am – 9:20 am CET

Registration, welcome, and breakfast

9:20 am – 9:30 am CET

Introduction from Co-Hosts

Jules Polonetsky, Future of Privacy Forum
Prof. Gianclaudio Malgieri, VUB

9:30 am – 10:00 am CET

Keynote I

Prof. Scott Skinner-Thompson, UC Boulder Law

10:00 am – 11:00 am CET

Panel I: The role and concept of vulnerability and marginalization under data protection law: who is vulnerable and how should they be protected?

When understanding how data protection and privacy law puts safeguards in place to protect the rights of vulnerable and marginalized people, it is crucial to start with understanding who are the vulnerable and marginalized individuals and groups that need protection. Data protection laws in Europe and around the world identify “special categories of personal data” or “sensitive data” – usually designating protected categories of individuals and groups. Non-discrimination or civil rights laws advance their own protected categories of people. This panel will discuss how to define vulnerability and marginalization in a way that is relevant for the data-driven society, before exploring what are the actual mechanisms in privacy and data protection law to ensure protection of vulnerable and marginalized people. It will also touch on the tension between the need to provide enhanced protection for sensitive data and the need to rely on sensitive data to counter bias and discrimination.
Katerina Demetzou, Future of Privacy Forum

Confirmed Speakers:

Malavika Raghavan, LSE/Future of Privacy Forum
Kim Smouter, ENAR
Quirine Eijkman, Dutch Human Rights Council
Joanna Szumanska, European Commission

11:00 am – 11:30 am CET

Coffee Break

12:00 pm – 1:00 pm CET

Panel II: Assessing data processing impacts on vulnerable and marginalized populations: what is the role of harms, and can we measure them without processing sensitive information?

Analyzing the impact of data technologies on vulnerable and marginalized people is a crucial and problematic task. The question is: “vulnerable to what?” The notion of “harm” to fundamental rights (used even in the draft AI Act to define vulnerable people) is problematic in legal terms, in its ambiguous position between quantifiable damages and less significant effects. The DPIA in the GDPR might be a good tool to face human vulnerabilities in the data protection framework but there is still little guidance on how particular forms of vulnerabilities might be addressed and mitigated through that tool. What are the best practices to assess the impact of data processing taking into account human vulnerabilities?
Gianclaudio Malgieri, Brussels Privacy Hub

Confirmed Speakers:

Helena Koning, Mastercard
Tanya Krupiy, Newcastle Law School
Sarah Chander, EDRi
Dale Sunderland, Irish DPC

1:00 pm – 2:30 pm CET


2:30 pm – 3:30 pm CET

Panel III: Protecting preventively and proactively: promoting participation, mitigating risks and adjusting design

One of the criticisms against the previous Data Protection Directive 95/46, was its reactive approach to harm to individuals. The GDPR and the new generation data protection laws around the world it inspired aim to offer a different, proactive approach by introducing tools and processes that prevent (high) risks to the rights and freedoms of natural persons from materializing: risk assessments and DPIAs, data protection by design and by default and the encouragement of individuals’ participation are only a few of these tools. This panel will explore whether and how proactive approaches in the GDPR and other modern data protection laws like Brazil’s LGPD can guarantee a more effective protection for vulnerable people, notably in the design of widely-used online services and tools.
Sebastião Barros Vale, Future of Privacy Forum

Confirmed Speakers:

Alessandra Calvi, VUB
Rafael Zanatta, Data Privacy Brasil
Adam Bargroff, TTC Labs (Meta)
Grace Mutung’u, Open Society Foundation (East Africa)

3:30 pm – 4:00 pm CET

Coffee Break

4:00 pm – 5:15 pm CET

Have your say: What is vulnerability, why and how to address it?

After hearing from leading experts on the topic of the Symposium, attendees will be invited to share their own thoughts, in more restricted focus groups on how to define and address vulnerabilities under EU data protection law: is the current approach focused on the protection of special categories of data, minors and consent freedom, in addition to risk assessments and accountability, fit for purpose? What other marginalized individuals or groups are not – and should be – considered in the GDPR? And is prohibiting the processing of personal data related to their specific attributes the best option to protect them from harm and discrimination?

“What does it mean to be vulnerable? Exploring power imbalances online and offline” – Mercy King’ori, FPF
“Vulnerable consumers and data power: lessons from the DSA and DMA” – Muhammed Demircan, BPH
“Vulnerability in the context of AI: ensuring fairness and mitigating biases” – Vincenzo Tiani, BPH
“Mitigating vulnerability and/or its effects through data protection law” – Hunter Dorwart, FPF

Alessandra Calvi, BPH

Confirmed Speakers:

Mercy King’ori, FPF
Muhammed Demircan, BPH
Vincenzo Tiani, BPH
Hunter Dorwart, FPF

5:15 pm – 5:45 pm CET

Closing Remarks

Gabriela Zanfir-Fortuna, FPF
Wojciech Wiewiórowski, EDPS


Jules Polonetsky – Chief Executive Officer, FPF
Gianclaudio Malgieri – Associate Professor, VUB
Scott Skinner-Thompson – Associate Professor of Law, University of Colorado Boulder Law
Katerina Demetzou – Policy Counsel for Global Privacy, FPF
Quirine Eijkman – Member, Dutch Human Rights Council
Sarah Chander – Senior Policy Advisor, EDRi
Dale Sunderland – Director – Deputy Commissioner, Data Protection Commission, Ireland
Grace Mutung’u – Coordinator, Open Society Foundation (East Africa)
Adam Bargroff – Privacy and Public Policy Manager, TTC Labs at Meta
Kim Smouter – Director, ENAR
Hera Hussain – Founder and CEO , Chayn
Tanya Krupiy – Lecturer in Digital Law, Policy & Society, Newcastle Law School
Helena Koning – Senior Managing Counsel Privacy & Data Protection, Mastercard
Sebastião Barros Vale – EU Policy Counsel, FPF
Alessandra Calvi – Researcher, VUB
Dr. Gabriela Zanfir-Fortuna – Vice President for Global Privacy, FPF
Wojciech Wiewiorowski – European Data Protection Supervisor, EDPS
Malavika Raghavan – Senior Fellow, FPF
Rafael Zanatta Research Director and Professor, Data Privacy Brasil Research Association and Data Privacy Brasil


November 16

5th Annual Brussels Privacy Virtual Symposium

Introducing the Age of AI Regulation: Global Strategic Directions

On November 16, 2021, the fifth iteration of the Brussels Privacy Symposium, “The Age of AI Regulation: Global Strategic Directions”, will occur as a virtual international meeting where policymakers, academic researchers, and civil society will discuss how the EU and other jurisdictions around the world envision fostering the deployment of, but also addressing the fundamental rights risks posed by, artificial intelligence (AI) systems through regulation.

The use of AI systems in several sectors of society is seemingly becoming ubiquitous. Media reports on and legal challenges against consumer-, employee- and taxpayer-facing algorithms have shed light on innovative (and often abusive) practices implemented by State and private actors. While some national and regional data protection and sectoral laws already place restrictions on players wishing to use AI-based solutions, legislators are expected to tackle specific challenges brought by such technologies in AI-focused diplomas.

Earlier this year, the European Commission proposed what is regarded as the first comprehensive legal framework for AI systems, which is generally centered around ensuring such systems function properly and with appropriate human oversight. This approach – which also includes prohibiting certain intolerably risky AI practices – may serve as an inspiration for other policy makers in the future. But some others may be planning different approaches to AI regulation, in accordance with their local customs, traditions, legal systems and economic priorities.

In this year’s Brussels Privacy Symposium (which will take place online), leading rulemakers, lawyers, academics and civil society representatives will discuss the merits and potential flaws of the EU’s and other jurisdictions’ approaches to AI regulation, and see whether common global principles exist or need further development.

Opening panel

The EU’s Road to an AI Act: views from the co-legislators

The European Commission’s April 2021 proposal for a Regulation aiming at harmonized rules across the EU for AI sent shockwaves throughout the continent and beyond. Materializing one of the Von der Leyen Commission’s priorities, it lays down a European approach to AI, which includes “ensuring that AI works for people and is a force for good in society”. Civil society organizations and other stakeholders, including the European Data Protection Board and Supervisor, have recommended the EU legislature to push further towards the protection of citizens’ fundamental rights against algorithmic harms. On the other hand, businesses have lauded the text’s proposed risk-based approach but asked for greater clarification of the roles and responsibilities of AI “providers” and “users”. In this session, EU lawmakers will weigh in on whether the proposed draft of the Regulation is fit to promote trustworthy AI in Europe, the expected timelines and areas of tension during upcoming negotiations and the feedback received during the Commission’s public consultation. 

Panel 1

Global comparative discussion on approaches to AI regulation, governance and oversight

States and international organizations are advancing strategies and frameworks to manage the future of AI systems’ use in the private and public sectors. Some of the approaches that are surfacing diverge substantially on the number of obligations imposed on AI developers and users and on their governance and supervision structures. In this session, speakers will explore AI regulation models other than the EU’s, notably the ones proposed or adopted in other leading or emerging economies. To what extent do existing laws around the world already significantly limit the design and use of these systems, including with an extraterritorial impact? And where is it possible to find regulatory convergence towards a globally relevant set of principles and rules governing AI?

Panel 2

Should certain uses of AI be banned? 

Are there any AI uses or applications that should be subject to a regulatory moratorium or outright ban? If so, what should make the cut? In this session, speakers will share their thoughts on the matter, starting from the list of prohibited AI practices advanced by the European Commission’s AI Regulation proposal. Some undertakings that replied to the Commission’s public consultation have asked for clarifications on the proposed prohibited practices, which they believe should be limited. On the other hand, commentators and NGOs have pointed towards the use of automated facial recognition technologies in public spaces and leveraging AI systems to (arguably) detect people’s emotions and gender as practices to which the EU should devote further prohibitions. But could very comprehensive bans negatively impact the ability of benevolent researchers and healthcare providers to deliver better outcomes for patients (in particular) and society (in general)?


  • Jules Polonetsky, FPF
  • Christopher Kuner, VUB/LSTS
  • Gianclaudio Malgieri, EDHEC Augmented Law Institute (Lille), VUB/LSTS
  • Gabriela Zanfir-Fortuna, FPF, VUB/LSTS
  • Brando Benifei, European Parliament, AIA Rapporteur, S&D
  • Lucilla Sioli, European Commission, Director of Artificial Intelligence and Digital Industry, DG CONNECT
  • Simon Chesterman, National University of Singapore Faculty of Law
  • Luca Belli, FGV
  • Elham Tabassi, NIST
  • Ivana Bartoletti, Women Leading in AI network
  • Frank Pasquale, Brooklyn School of Law
  • Theodore Christakis, University Grenoble Alpes
  • Ursula Pachl, BEUC
  • Cornelia Kutterer, Microsoft

detailed agenda and speakers’ bios are available. 


2 December

4th Annual Brussels Privacy Virtual Symposium

Research and the Protection of Personal Data under the GDPR

The COVID-19 pandemic has brought to the fore the crucial role that data collection, analysis, sharing, and dissemination play for governments, academic institutions, and private sector businesses racing to advance research to help contain, mitigate and remedy the disease. It also illustrates that data protection safeguards are essential to build public trust for the swift adoption of data-based solutions that respect fundamental rights. But the effect of privacy and data protection laws on scientific research extends beyond the pandemic and healthcare. The interactions between data protection and research are complex, with privacy and data protection enhancing individuals’ trust and ensuring respect of fundamental rights and ethical standards, while at the same time creating friction for data collection and sharing across organizations and borders. 

The EU General Data Protection Regulation (GDPR) provides a tailored framework for processing personal data for research purposes, which allows for differences in implementation at the Member State level and presents questions about the interpretation and implementation of issues such as the scope of research; repurposing personal data – including sensitive data; access of researchers to corporate databases; sharing data across international borders; and the use of data protection enhancing techniques such as key coding and pseudonymization. Other legal frameworks, including emerging US privacy laws, call for the creation of ethical review boards for data research in organizations, including businesses that have not traditionally adhered to ethical standards such as the Common Rule. In this year’s Brussels Privacy Symposium (which will take place online), leading ethicists, scientists, lawyers and policymakers discuss the present and future of data protection in the context of scientific data based research under the GDPR.


Conversation about the future EU Data Governance Regulation, data altruism, EU data pools, data sharing for good, how it interplays with the GDPR and what its role will be for research and innovation in the EU and cross-border.

Panel 1

Complex Interactions: the GDPR, Data Protection and Research

The GDPR provides safeguards and derogations relating to the processing of personal data for scientific research purposes. At the same time, the framework limits the collection of sensitive data and its sharing across organizations and national borders. 

In an era when EU institutions and international organizations advocate for data philanthropy and the sharing of personal data for compelling public interest grounds, legal frameworks must strike a delicate balance between public interests and individual rights. How do experts assess the interactions between scientific progress and the protection of rights under the GDPR? What have the effects of GDPR been on research in academic and corporate settings? Against the backdrop of the COVID-19 pandemic, this session explores whether GDPR has facilitated or hindered data research for healthcare purposes as well as in a broader context.

Panel 2

Using Sensitive Data in Research to Counter (Hidden) Bias and Discrimination  

ArScientific research often depends on the broad collection, use, and sharing of special categories of data. In the context of COVID-19, organizations may study not only individuals’ health, but also data about the  geolocation, proximity, genetics, biometrics, and racial and ethnic origins of entire populations. While research often entails the processing of sensitive data, and hence presents privacy risks, it can also unearth covert bias and discrimination (for example, in the context of education, credit, housing, criminal justice and more). In this session, experts discuss the scope of the definition of sensitive data as well as the rules that should apply to the processing of sensitive data in the research arena. How can researchers ensure data based practices minimize privacy risks while at the same time not glossing over existing societal imbalances? What are the risks that methods such as differential privacy obfuscate underlying inequities? How will organizations use sensitive data to unearth and counter hidden bias and discrimination without abusing their access to such information? Where are the bounds of ethical data research in corporate environments, including healthcare, financial, advertising, and digital platforms?  


  • Jules Polonetsky, FPF
  • Christopher Kuner, VUB/LSTS
  • Malte Breyer-Katzenberg, DG CONNECT, European Commission
  • Gianclaudio Malgieri, EDHEC Augmented Law Institute (Lille), VUB/LSTS
  • Claire Gayrel, EDPS
  • Dara Hallinan, FIZ Karlsruhe – Leibniz Institute for Information Infrastructure
  • Ciara Staunton, School of Law, Middlesex University, London and Centre for Biomedicine, EURAC, Bolzano, Italy
  • Henrik Junklewitz, JRC, European Commission
  • Gabriela Zanfir-Fortuna, FPF, VUB/LSTS
  • Elettra Ronchi, OECD
  • Paul Quinn, VUB/LSTS/HALL
  • Heng Xu, American University
  • Knut Mager, Novartis
  • Wojciech Wiewiórowski, EDPS


19 November

3rd Annual Brussels Privacy Virtual Symposium

Exploring the Intersection Of Data Protection and Competition Law

On 19 November 2019, the Brussels Privacy Symposium will bring together thought leaders in data protection and privacy law, competition law and regulators from both the EU and the US to discuss the complex issues arising from the intersection of these two areas of law.

Join Symposium Co-chair Dr. Orla Lynskey, Associate Professor at the London School of Economics, and thought leaders in data protection, privacy and competition law, as well as regulators from both the EU and the U.S., to discuss the complex issues arising in a digital economy at the intersection of these two disciplines.

This is a special moment to bring together thought leaders and regulators in data protection and privacy and competition law to discuss the complex issues arising at the intersection of these two areas. A recent decision of the German Competition Authority; the creation of the Digital Clearinghouse hosted by the European Data Protection Supervisor; the recent series of public hearings on competition, consumer protection and privacy hosted by the Federal Trade Commission in the U.S.; the Report on “Competition Policy for the Digital Era” published by the European Commission – these are only some of the core developments shaping a new approach towards digital markets, competitors, and consumers.

The full-day conference will begin with a “boot camp” covering the fundamentals of competition law for data protection professionals.

Panel 1

Competition in Data-Driven Markets

Is personal data a barrier to entry to digital markets? What are the implications of data-sharing and interoperability from a data protection perspective? Are new limits on data-driven mergers desirable? What is the role of data protection in competition analysis and of competition analysis in data protection?

Panel 2

Excessive Pricing, Value, and Personal Data in the Digital Environment

How does the value of data figure in competition analysis? What are the differences between valuation of data by consumers and by companies? Could competition law provisions on excessive pricing or unfair trading place limits on data collection by dominant companies? How is ‘excess’ measured or determined? How does data minimization fit in?

Panel 3

Remedies and Institutional Design

Are current data protection and competition remedies up to the task of ensuring fair digital markets? Should DPAs deploy an antitrust toolbox with structural remedies in privacy cases? Are competition authorities in the EU well-equipped to make data protection considerations and if so, are they stepping into an exclusive competence of DPAs? Do DPAs and competition authorities have the tech expertise needed to address issues like machine learning and AI?



6 November

2nd Annual Brussels Privacy Virtual Symposium

AI Ethics: The privacy challenge

On 6 November 2017, the Brussels Privacy Symposium will focus on privacy issues surrounding Artifical intelligence. Enhancing efficiency,increasing safety, improving accuracy and reducing negative externalities are just some of AI’s key benefits. However, AI also presents risks of opaque decision making, biased algorithms, security and safety vulnerabilities, and upending labor markets. In particular, AI and machine learning challenge traditional notions of privacy and data protection including individual control, transparency, access and data minimization. On content and social platforms, it can lead to narrowcasting, discrimination, and filter bubbles.

A group of industry leaders recently established a partnership to study and formulate best practices on AI technologies. Last year, the White House issued a report titled Preparing for the Future of Artificial Intelligence and announced a National Artificial Intelligence Research and Development Strategic Plan, laying out a strategic vision for federally funded AI research and development. These efforts seek to reconcile the tremendous opportunities that machine learning, human–machine teaming, automation, and algorithmic decision making promise in enhanced safety, efficiency gains, and improvements in quality of life, with the legal and ethical issues that these new capabilities present for democratic institutions, human autonomy, and the very fabric of our society.


8 November

1st Annual Brussels Privacy Virtual Symposium

Identifiability: Policy and Practical Solutions for Anonymization and Pseudonymization.

On 8 November 2016, the Brussels Privacy Symposium will be hosting an academic workshop on Identifiability: Policy and Practical Solutions for Anonymization and Pseudonymization aims to address the following challenges regarding the de-identification of personal information taking into account its central role in current privacy policy, law, and practice.

There are deep disagreements about the efficacy of de-identification to mitigate privacy risks.  Some critics argue that it is impossible to eliminate privacy harms from publicly released data using de-identification because other available data sets will allow attackers to identify individuals through linkage attacks. Defenders of de-identification counter that despite the theoretical and demonstrated ability to mount such attacks, the likelihood of re-identification for most data sets remains minimal. As a practical matter, they argue most data sets remain securely de-identified based on established techniques.

There is no agreement regarding the technical questions underlying the de-identification debate, nor is there consensus over how best to advance the discussion about the benefits and limits of de-identification.  The growing use of open data holds great promise for individuals and society, but also brings risk. And the need for sound principles governing data release has never been greater.

Selected authors from multiple disciplines including law, computer science, statistics, engineering, social science, ethics and business will present papers at this full-day programme.