15 June 2017

Understanding the risk-based approach to data protection (PhD Defence: Raphael Gellert)

The main goal of this dissertation is to provide an understanding of what is commonly referred to as “the risk-based approach to data protection”. The analysis put forth is both conceptual and practical. It first puts the adoption of the risk-based approach into perspective, highlighting its theoretical and historical roots. It then goes on to describe the modalities of the adoption of the risk-based approach in the most prevalent data protection statutes (e.g., GDPR, PIPEDA, etc.). It also provides a number of methodological discussions and insights around the main tool used for the risk-based approach (i.e., so-called data protection impact assessments). Finally, it also contains a number of lessons gathered from the use of risk-based approaches in other fields.

Date: 15 June 2017, 18:00

Venue:  Promotiezaal D.2.01,  Campus Brussels Humanities Sciences Engineering, Pleinlaan 2 1050, Brussels

Promoters: Prof. dr. S. Gutwirth & Prof. dr. P. De Hert

Exam Committee: Prof. dr. M. Hildebrandt (VUB), Prof. dr. G. Gonzàlez Fuster (VUB), Prof. dr. C. Kuner (VUB), Prof. V. Heyvaert (London School of Economics and Political Science), Prof. R. Leenes (Tilburg University), Prof. D. Le Métayer (Inria, Lyon)

Registration:   doctorrc@vub.ac.be

30 May 2017

Lunchtime lecture: The Potential for Impact Assessments in eHealth and mHealth Projects 

The use of Impact assessments has gradually become more common in areas of technological innovation or novel practices where questions of privacy arise. This trend will likely take further root given the requirement set forth by article 35 of the General Regulation on Data Protection (GDPR). This article requires that data controllers conduct an impact assessment in a number of instances, including where the rights and freedoms of data subjects are at risk. As this BPH presentation will discuss, the nature of such an impact assessment and the situations in which it is required make it ideal for use in projects related to eHealth and mHealth. Such projects frequently make use of large amounts of sensitive data and raise risks in terms of a number of important rights, including but not limited to rights linked to data protection. The broad nature of the impact assessment invoked in article 35 GDPR is suitable for not only considering questions linked to data protection and privacy but also issues related to stigmatisation, discrimination and other ethical issues that are often linked to health care projects. This presentation will discuss the potential use of impact assessments in such instances and discuss the benefits they can bring. It will also discuss the challenges that such a requirement will possess.

The programme is now available.

The workshop will be held from 12:00 - 14:00 at the Institute of European Studies. Lunch will be included.

The event is free to attend but capacity is limited, so registration is required. For more information please contact info@brusselsprivacyhub.org.

19 May 2017

Lunchtime lecture: The Right to Data Portability 

The right to data portability is listed among the most important novelties within the GDPR, both in terms of new control rights granted to data subjects and in terms of its intersection between data protection and other fields of law (for example, competition law, intellectual property, consumer protection, etc.). Despite of its internet social media origins, that perhaps continue to shape its public perception, the right to data portability, particularly if interpreted in an expansive manner, may find application in numerous fields and industries involved in personal data processing. Its exact content is, therefore, of crucial importance. This lunchtime seminar is aimed at highlighting the raison d’ etre of this new right to data portability, its potential scope, as well as its relationship to other individual rights within the GDPR.

The programme is now available.

The workshop will be held from 12:00 - 14:00 at the Institute of European Studies. Lunch will be included.

The event is free to attend but capacity is limited, so registration is required. For more information please contact info@brusselsprivacyhub.org.

5 May 2017

Lunchtime lecture: Data Ownership: A data protection perspective 

The notion of data ownership is surfacing more and more frequently in discussions about data policies, in particular at European level. As different types of knowledge production, the economy, and even our societies as such are increasingly portrayed as being 'data-driven', the issue of who can decide what happens to data (and with data) has become critical. 

The programme is now available.

The workshop will be held from 12:00 - 14:00 at the Institute of European Studies. Lunch will be included.

The event is free to attend but capacity is limited, so registration is required. For more information please contact info@brusselsprivacyhub.org.

24 April 2017

GDPR Workshop Series: Health and Well-being Apps – Problematic Legal Issues 

The phenomena of 'appification' has, amongst other areas, made major inroads into the area of health and well being. Such a development has manifested itself with the availability of a wide range of apps of varying application and quality. Within this range one can discern a broad spectrum ranging from apps that perform important functions associated with traditional medical devices to more frivolous activities loosely associated with the concept of well being. Within such a spectrum it may often be difficult to draw a line distinguishing activities that are genuinely 'medical' in nature from those that are not.

Each of these types of 'app' pose varying legal issues ranging on the one hand from questions associated to privacy and data protection to issues of liability related to the potential of such apps to be used as a medical device. This session aims to explore the most salient of these issues, and in doing so, attempt to highlight why the development and use of such apps remains fraught with difficulties.

This presentation, which represents a co-operation between the Brussels Privacy Hub and International law firm Bird will explore these issues taking into account recent evolutions in the regulatory landscape of the EU, including most importantly the effect of the EU's new General Data Protection Regulation and other key initiatives.

The programme is now available.

The workshop will be held from 12:30 - 14:30 at the Institute of European Studies. Lunch will be included.

The event is free to attend but capacity is limited, so registration is required. For more information please contact info@brusselsprivacyhub.org.

21 March 2017

GDPR Workshop Series: Data Protection and the Energy Sector: the example of smart grids   

This workshop, in co-operation with Energie Institut Linz, is aimed at increasing sensibility of data protection in the energy sector and to raise awareness. The example of smart grids, collecting sensitive information of individuals will play a central role in the workshop. Experts in the areas of energy and data protection will present their views, followed by an interactive discussion.

A re-organisation of the energy market is on the way and related challenges are not quite clear yet. Who will be a service provider in the future market, who will collect data in the energy sector? What are the main challenges? How can the objective of more efficient energy use by individuals - sometimes enabled by big data analysis - be balanced with the need for privacy?

20 February 2017

The Right to Privacy in the Age of Electronic Surveillance. Reconsidering the Extraterritorial Application of Human Rights Treaties.

The revelations about the content, and the extent of intelligence activities disclosed by former CIA analyst Edward Snowden, have shown to the public how certain States - thanks to the technological evolution – can possibly implement a real "domestic and extra-territorial electronic surveillance". This allows to massively obtain, collect and analyze personal data or telephone communication, both for foreign States authorities, and ordinary individuals, no matter where they are in the world.

6 February 2017

GDPR Workshop Series: current trends and practices in biobanking   

Data protection legislation is of fundamental importance to biobanking activities in all EU Member States. At present, whilst Directive 95/46/EC is in force it is necessary to take into account the significant variations that exist in Member State law concerning biobanking. Such difference mean that certain practices may be permissible in certain Member states but not others, fuelling the creation of important centers of concentration of biobanking practices. The enactment of the GDPR was intended in large part to bring about a harmonisation of data protection regulation across Europe. Article 9(4) of the GDPR however means that the level of harmonisation of health data is uncertain given that member states may "maintain or introduce further conditions, including limitations, with regard to the processing of genetic data, biometric data or data concerning health."

The workshop, in co-operation with the law firm Covington & Burling will discuss the state of biobanking in the EU. A focus will be on the limitations posed by European and national data protection law and the effects that the GDPR may (or may not) have.

24 January 2017

CPDP 2017 Launch Event: Patterns, Profiling and PNR: The New PNR Directive and its implications

On 21 April 2016, the EU adopted a Directive on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime. The Directive aims to regulate the transfer and processing of international air passengers' PNR data by Member States. The debate will address the concerns with regards to the implementation of this Directive and the general implications of the Directive for data protection and fundamental rights. In addition also the impact of recent developments in the United States on the transfer of PNR data across the Atlantic will be discussed. Finally the debate will also address the consequences for the directive of the recent ECJ judgments in the Tele2 /Watson cases.

Introductory Remarks:

• His Excellency, M. François Roux, Permanent Representative of Belgium to the EU

Panel debate:

• Ms Sophie in t Veld (MEP)
• Mr Marc Rotenberg (EPIC, US)
• Ms Christiane Höhn (Council of the European Union)
• Mr Willem De Beuckelaere (Belgian Privacy Commissioner) (Moderator)

A recording of the event is now available.

The event is supported by Privacy Camp and kindly hosted by the Permanent Representation of Belgium to the EU.

9 December 2016

GDPR Workshop Series: Scientific Research and Data Protection

Chaired by Professor Gloria Gonzàlez Fuster this workshop aimed at considering questions such as:

• What are the key changes brought by the GDPR to the processing of personal data for scientific research purposes?
• What does it mean to interpret data processing for scientific research purposes ‘in a broad manner’, as hinted by Recital 159 of the GDPR?
• Who ensures scientific research is carried out ‘in keeping with recognised ethical standards for scientific research’, echoing the GDPR’s Recital 33? And how?

1 - 2  December 2016

Training Seminar: Implementing the GDPR - Practical Challenges

The EU General Data Protection Regulation, that will come into effect in May 2018, is a detailed and comprehensive regulatory text that is expected to affect EU data protection compliance in numerous ways while also contributing significant novelties in the field. This two-days' training seminar will identify and focus on specific topics within the GDPR, and will attempt to provide participants with in-depth knowledge and guidance as to the practical challenges they will be faced with while dealing with them under the new regulatory environment. More information on registration, cost and programme

8 November 2016

Identifiability: Policy and Practical Solutions for Anonymization and Pseudonymization

The 2016 Brussels Privacy Symposium is the first annual academic programme jointly presented by the Brussels Privacy Hub of the Vrije Universiteit Brussel (VUB) and the Future of Privacy Forum (FPF). The all-day workshop is titled: Identifiability: Policy and Practical Solutions for Anonymization and Pseudonymization

Selected authors from multiple disciplines including law, computer science, statistics, engineering, social science, ethics and business will present papers at this full-day program in Brussels on November 8, 2016.

More information. The full programme is now available.

Please note that this event is now sold out - it is possible to be placed on a waiting list.

27 October 2016

GDPR Workshop Series: What is to be done with the ePrivacy Directive?

Although not directly related to the GDPR, the review of the ePrivacy Directive, that is currently under way, broadly falls within its circle of influence: not only did the release of the GDPR ignite the amendment process itself, but the interrelationship between the GDPR provisions and these of the forthcoming Directive will be an issue of the utmost interest, given the long history of exchanges among these two data protection instruments. The recent public consultation results, as made available by the Commission, are the latest development in a process that started as early as 2015 and to which both the EDPS and the Article 29 Working Party have intervened, through release of relevant opinions.

The workshop will discuss such issues with regard to the ePrivacy Directive review as its scope, consent, confidentiality of communications, cookies, traffic and location data, as well as its ‘commonalities’ with the GDPR (ie. enforcement in cross-border cases or data breach notifications).

Programme is now available.

The workshop will be held from 12:30 - 14:30 at the Institute of European Studies. Lunch will be included.

Capacity is limited, so registration is required. For more information please contact info@brusselsprivacyhub.org

28-29 September 2016

Data protection in humanitarian action: Workshop 5 - Cloud Services and Workshop 6 - Bulk SMS and Mobile Messaging

As part of the Data Protection in Humanitarian Action project, in collaboration with the ICRC, the BPH will be hosting two more full-day workshops that consider the data protection implications on the use of cloud services and bulk SMS and mobile messaging in humanitarian action. The workshops will be held in Brussels, Belgium. For more information on the workshops, please contact info@brusselsprivacyhub.org

4-8 July 2016

Brussels Privacy Hub 1st European Data Protection Law Summer School

The Brussels Privacy Hub is organising the 1st European Data Protection Law Summer School, an innovative course on privacy and personal data protection law in the heart of Europe. The programme will explore privacy legal and institutional challenges in the European Union, and provide participants with in-depth examination of the upcoming General Data Protection Regulation (GDPR) and other EU data protection instruments - as well as global and, more specifically, transatlantic issues. With a clear multi-stakeholder dimension, it will introduce them to the multiple professional perspectives, human rights requirements and social aspects of EU-level privacy and data protection policy.

The course, will promote networking and provide participants with the opportunity to engage with the principal EU data protection institutions and actors. Teaching staff will consist of leading academics in European data protection law, public and private legal practitioners and policy makers from European institutions such as the European Data Protection Supervisor (EDPS).

For more information please visit the Summer School webpage.

7 July 2016

New European Data Protection Laws: The Belgian Perspective

The Brussels Privacy Hub will be hosting New European Data Protection Laws: The Belgian Perspective - the GDPR and the Police Directive explained a multi-lingual, multi-sector conference that seeks to provide better understanding of the implications of upcoming EU rules on legal professionals working with Belgian public authorities and companies. More information/ registration. Programme.

Le Brussels Privacy Hub organise la conférence New European Data Protection Laws: The Belgian Perspective - the GDPR and the Police Directive explained, un événement multilingue et multisectoriel visant à fournir une meilleure compréhension des implications de la nouvelles règles européennes pour les professionnels du droit qui travaillent avec les autorités publiques et les entreprises belges. Plus d'information/ insrciption. Programme.

De Brussels Privacy Hub zal organiseren New European Data Protection Laws: The Belgian Perspective - the GDPR and the Police Directive explained een multi-lingual, multi-sector conferentie die streeft naar een beter begrip van de gevolgen van de komende EU-regels voor juridische professionals die werken met de Belgische overheid en bedrijven bieden. Meer informatie/registratie. Programme.

6 July 2016

EU-Korea Data Protection Seminar 

The EU-Korea Data Protection Seminar was co-hosted by Brussels Privacy Hub and the Seoul National University Center for Law and Economics. The programme included a welcome address from His Excellency the Ambassador of the Republic of Korea to the Kingdom of Belgium and the European Union and interventions from Professor Christopher Kuner (Co-director of Brussels Privacy Hub), Professor Haksoo Ko (Professor of Law, Seoul National University School of Law), Professor Paul de Hert (Co-director of Brussels Privacy Hub) and Mr. Sang Joo Lee (SVP for Global Privacy Office, Samsung. The seminar was followed by a drinks reception.

A recording of the Seminar is now available.

Time: 16.30- 18.45 (including drinks reception)

Venue: Representation of the State of North Rhine-Westphalia to the European Union, Rue Montoyer 47, 1000, Brussels, Belgium

Registration: Participation is free, but registration is required. Please register by contacting info@brusselsprivacyhub.org

16 June 2016

GDPR Workshop Series: Freedom of Expression and Data protection in the GDPR 

The BPH Workshops Series on the Implementation of the GDPR, will deal with various aspects of the EU General Data Protection Regulation (GDPR) and how they will work in practice. As the GDPR has now been adopted, there is a need to urgently focus on the practical aspects of how the concepts and obligations it contains can actually be implemented in practice. The workshops will bring together academics, officials of EU institutions, data protection authorities, and NGOs.This workshop will consider the implementation of the GDPR and freedom of expression.

The workshop will be held from 12:30 - 14:30 at the Institute of European Studies. Lunch will be included.

Capacity is limited, so registration is required. For more information please contact info@brusselsprivacyhub.org.