The Brussels Privacy Symposium is a joint programme of Future of Privacy Forum and BPH that every year brings together leading thinkers from around the world to debate on the latest developments and challenges within the data protection and privacy realm.
Past symposia addressed the issues related to the de-identifiability of personal information; the privacy and data protection concerns arising from the use of artificial intelligence and machine learning; the intersection of data protection and competition law; the interactions between data protection and research.
5th Annual Brussels Privacy Virtual Symposium 2021 - Introducing the Age of AI Regulation: Global Strategic Directions
On November 16, 2021, the fifth iteration of the Brussels Privacy Symposium, “The Age of AI Regulation: Global Strategic Directions”, will occur as a virtual international meeting where policymakers, academic researchers, and civil society will discuss how the EU and other jurisdictions around the world envision fostering the deployment of, but also addressing the fundamental rights risks posed by, artificial intelligence (AI) systems through regulation.
The use of AI systems in several sectors of society is seemingly becoming ubiquitous. Media reports on and legal challenges against consumer-, employee- and taxpayer-facing algorithms have shed light on innovative (and often abusive) practices implemented by State and private actors. While some national and regional data protection and sectoral laws already place restrictions on players wishing to use AI-based solutions, legislators are expected to tackle specific challenges brought by such technologies in AI-focused diplomas.
Earlier this year, the European Commission proposed what is regarded as the first comprehensive legal framework for AI systems, which is generally centered around ensuring such systems function properly and with appropriate human oversight. This approach – which also includes prohibiting certain intolerably risky AI practices – may serve as an inspiration for other policy makers in the future. But some others may be planning different approaches to AI regulation, in accordance with their local customs, traditions, legal systems and economic priorities.
In this year’s Brussels Privacy Symposium (which will take place online), leading rulemakers, lawyers, academics and civil society representatives will discuss the merits and potential flaws of the EU’s and other jurisdictions’ approaches to AI regulation, and see whether common global principles exist or need further development.
Opening panel: The EU’s Road to an AI Act: views from the co-legislators
The European Commission’s April 2021 proposal for a Regulation aiming at harmonized rules across the EU for AI sent shockwaves throughout the continent and beyond. Materializing one of the Von der Leyen Commission’s priorities, it lays down a European approach to AI, which includes “ensuring that AI works for people and is a force for good in society”. Civil society organizations and other stakeholders, including the European Data Protection Board and Supervisor, have recommended the EU legislature to push further towards the protection of citizens’ fundamental rights against algorithmic harms. On the other hand, businesses have lauded the text’s proposed risk-based approach but asked for greater clarification of the roles and responsibilities of AI “providers” and “users”. In this session, EU lawmakers will weigh in on whether the proposed draft of the Regulation is fit to promote trustworthy AI in Europe, the expected timelines and areas of tension during upcoming negotiations and the feedback received during the Commission’s public consultation.
Panel 1: Global comparative discussion on approaches to AI regulation, governance and oversight
States and international organizations are advancing strategies and frameworks to manage the future of AI systems’ use in the private and public sectors. Some of the approaches that are surfacing diverge substantially on the number of obligations imposed on AI developers and users and on their governance and supervision structures. In this session, speakers will explore AI regulation models other than the EU’s, notably the ones proposed or adopted in other leading or emerging economies. To what extent do existing laws around the world already significantly limit the design and use of these systems, including with an extraterritorial impact? And where is it possible to find regulatory convergence towards a globally relevant set of principles and rules governing AI?
Panel 2: Should certain uses of AI be banned?
Are there any AI uses or applications that should be subject to a regulatory moratorium or outright ban? If so, what should make the cut? In this session, speakers will share their thoughts on the matter, starting from the list of prohibited AI practices advanced by the European Commission’s AI Regulation proposal. Some undertakings that replied to the Commission’s public consultation have asked for clarifications on the proposed prohibited practices, which they believe should be limited. On the other hand, commentators and NGOs have pointed towards the use of automated facial recognition technologies in public spaces and leveraging AI systems to (arguably) detect people’s emotions and gender as practices to which the EU should devote further prohibitions. But could very comprehensive bans negatively impact the ability of benevolent researchers and healthcare providers to deliver better outcomes for patients (in particular) and society (in general)?
Simon Chesterman, National University of Singapore Faculty of Law
Audrey Plonk, OECD
Frank Pasquale, Brooklyn School of Law
Theodore Christakis, University Grenoble Alpes
Ursula Pachl, BEUC
Cornelia Kutterer, Microsoft
4th Annual Brussels Privacy Virtual Symposium 2020 - Research and the Protection of Personal Data under the GDPR
On 2 December 2020, the Brussels Privacy Symposium will focus on Research and Data protection.
The COVID-19 pandemic has brought to the fore the crucial role that data collection, analysis, sharing, and dissemination play for governments, academic institutions, and private sector businesses racing to advance research to help contain, mitigate and remedy the disease. It also illustrates that data protection safeguards are essential to build public trust for the swift adoption of data-based solutions that respect fundamental rights. But the effect of privacy and data protection laws on scientific research extends beyond the pandemic and healthcare. The interactions between data protection and research are complex, with privacy and data protection enhancing individuals’ trust and ensuring respect of fundamental rights and ethical standards, while at the same time creating friction for data collection and sharing across organizations and borders.
The EU General Data Protection Regulation (GDPR) provides a tailored framework for processing personal data for research purposes, which allows for differences in implementation at the Member State level and presents questions about the interpretation and implementation of issues such as the scope of research; repurposing personal data - including sensitive data; access of researchers to corporate databases; sharing data across international borders; and the use of data protection enhancing techniques such as key coding and pseudonymization. Other legal frameworks, including emerging US privacy laws, call for the creation of ethical review boards for data research in organizations, including businesses that have not traditionally adhered to ethical standards such as the Common Rule. In this year’s Brussels Privacy Symposium (which will take place online), leading ethicists, scientists, lawyers and policymakers discuss the present and future of data protection in the context of scientific data based research under the GDPR.
Conversation about the future EU Data Governance Regulation, data altruism, EU data pools, data sharing for good, how it interplays with the GDPR and what its role will be for research and innovation in the EU and cross-border.
The GDPR provides safeguards and derogations relating to the processing of personal data for scientific research purposes. At the same time, the framework limits the collection of sensitive data and its sharing across organizations and national borders.
In an era when EU institutions and international organizations advocate for data philanthropy and the sharing of personal data for compelling public interest grounds, legal frameworks must strike a delicate balance between public interests and individual rights. How do experts assess the interactions between scientific progress and the protection of rights under the GDPR? What have the effects of GDPR been on research in academic and corporate settings? Against the backdrop of the COVID-19 pandemic, this session explores whether GDPR has facilitated or hindered data research for healthcare purposes as well as in a broader context.
Scientific research often depends on the broad collection, use, and sharing of special categories of data. In the context of COVID-19, organizations may study not only individuals’ health, but also data about the geolocation, proximity, genetics, biometrics, and racial and ethnic origins of entire populations. While research often entails the processing of sensitive data, and hence presents privacy risks, it can also unearth covert bias and discrimination (for example, in the context of education, credit, housing, criminal justice and more). In this session, experts discuss the scope of the definition of sensitive data as well as the rules that should apply to the processing of sensitive data in the research arena. How can researchers ensure data based practices minimize privacy risks while at the same time not glossing over existing societal imbalances? What are the risks that methods such as differential privacy obfuscate underlying inequities? How will organizations use sensitive data to unearth and counter hidden bias and discrimination without abusing their access to such information? Where are the bounds of ethical data research in corporate environments, including healthcare, financial, advertising, and digital platforms?
Heng Xu, American University
Knut Mager, Novartis
Time: The event will take place from 14.00 till 17.15 Brussels Time
A detailed agenda is available here.
On 19 November 2019, the Brussels Privacy Symposium will bring together thought leaders in data protection and privacy law, competition law and regulators from both the EU and the US to discuss the complex issues arising from the intersection of these two areas of law.
Join Symposium Co-chair Dr. Orla Lynskey, Associate Professor at the London School of Economics, and thought leaders in data protection, privacy and competition law, as well as regulators from both the EU and the U.S., to discuss the complex issues arising in a digital economy at the intersection of these two disciplines.
This is a special moment to bring together thought leaders and regulators in data protection and privacy and competition law to discuss the complex issues arising at the intersection of these two areas. A recent decision of the German Competition Authority; the creation of the Digital Clearinghouse hosted by the European Data Protection Supervisor; the recent series of public hearings on competition, consumer protection and privacy hosted by the Federal Trade Commission in the U.S.; the Report on “Competition Policy for the Digital Era” published by the European Commission – these are only some of the core developments shaping a new approach towards digital markets, competitors, and consumers.
The full-day conference will begin with a “boot camp” covering the fundamentals of competition law for data protection professionals.
The symposium also will feature three panel discussions:
• Panel 1: Competition in Data-Driven Markets
Is personal data a barrier to entry to digital markets? What are the implications of data-sharing and interoperability from a data protection perspective? Are new limits on data-driven mergers desirable? What is the role of data protection in competition analysis and of competition analysis in data protection?
• Panel 2: Excessive Pricing, Value, and Personal Data in the Digital Environment
How does the value of data figure in competition analysis? What are the differences between valuation of data by consumers and by companies? Could competition law provisions on excessive pricing or unfair trading place limits on data collection by dominant companies? How is ‘excess’ measured or determined? How does data minimization fit in?
• Panel 3: Remedies and Institutional Design
Are current data protection and competition remedies up to the task of ensuring fair digital markets? Should DPAs deploy an antitrust toolbox with structural remedies in privacy cases? Are competition authorities in the EU well-equipped to make data protection considerations and if so, are they stepping into an exclusive competence of DPAs? Do DPAs and competition authorities have the tech expertise needed to address issues like machine learning and AI?
BootCamp: Fundamentals of EU Competition Law (by Orla Lynskey and Nicolo Zingales)
Origins of Analysis of Intersection of Privacy & Competition Law (by Peter Swire)
Excessive data extraction as an abuse of dominance: how and why? (by Giorgio Monti)
Value and Personal Data in the Digital Environment (by Gabriela Zanfir-Fortuna)
On 6 November 2017, the Brussels Privacy Symposium will focus on privacy issues surrounding Artifical intelligence. Enhancing efficiency,increasing safety, improving accuracy and reducing negative externalities are just some of AI's key benefits. However, AI also presents risks of opaque decision making, biased algorithms, security and safety vulnerabilities, and upending labor markets. In particular, AI and machine learning challenge traditional notions of privacy and data protection including individual control, transparency, access and data minimization. On content and social platforms, it can lead to narrowcasting, discrimination, and filter bubbles.
A group of industry leaders recently established a partnership to study and formulate best practices on AI technologies. Last year, the White House issued a report titled Preparing for the Future of Artificial Intelligence and announced a National Artificial Intelligence Research and Development Strategic Plan, laying out a strategic vision for federally funded AI research and development. These efforts seek to reconcile the tremendous opportunities that machine learning, human–machine teaming, automation, and algorithmic decision making promise in enhanced safety, efficiency gains, and improvements in quality of life, with the legal and ethical issues that these new capabilities present for democratic institutions, human autonomy, and the very fabric of our society.
There are deep disagreements about the efficacy of de-identification to mitigate privacy risks. Some critics argue that it is impossible to eliminate privacy harms from publicly released data using de-identification because other available data sets will allow attackers to identify individuals through linkage attacks. Defenders of de-identification counter that despite the theoretical and demonstrated ability to mount such attacks, the likelihood of re-identification for most data sets remains minimal. As a practical matter, they argue most data sets remain securely de-identified based on established techniques.
There is no agreement regarding the technical questions underlying the de-identification debate, nor is there consensus over how best to advance the discussion about the benefits and limits of de-identification. The growing use of open data holds great promise for individuals and society, but also brings risk. And the need for sound principles governing data release has never been greater.
Selected authors from multiple disciplines including law, computer science, statistics, engineering, social science, ethics and business will present papers at this full-day programme.
Keep up to date of our activities and developments. Sign up to our newsletter:
Copyright © Brussels Privacy Hub