The 9th edition of the Annual Privacy Forum was co-organised by the EU Agency for Cybersecurity (ENISA), the European Commission (Directorate General for Communications Networks, Content and Technology) and the University of Oslo, with the support of the Norwegian Data Protection Authority.
Privacy goes hand in hand with security. This is what is aimed to be achieved with the EU’s Cybersecurity Strategy of December 2020. A harmonised approach in security and data protection is also evident to the recent proposal on European Digital Identity and the EU Regulation for Digital COVID-19 Certificates, which aim to ensure a high level of both cybersecurity and data protection.
Juhan Lepassaar, EU Agency for Cybersecurity Executive Director said: “The pandemic and recent technological innovations such as 5G and AI have highlighted the importance of a “by design” approach, for both security and data protection. The Annual Privacy Forum provides the opportunity for the different actors to enhance this approach together.”
Lorena Boix Alonso, Director for Digital Society, Trust and Cybersecurity in the European Commission’s Directorate General for Communications Networks Content and Technology (DG CONNECT) said: ‘The COVID crisis has demonstrated the usefulness of electronic communications metadata in the fight against the pandemic. Therefore, clear and updated rules will help us to use these data in an even more optimal manner in order to protect European citizens. This trust environment will unlock the potential for our digital society with innovative solutions for the future.’
Aleid Wolfsen, European Data Protection Board Deputy Chair said: "The EDPB is committed to supporting the co-legislators and be a part of ongoing discussions, especially in those areas where the rights to privacy and protection of personal data are important factors.”
Wojciech Wiewiórowski, European Data Protection Supervisor stated “The world is watching us, Europe, on how we will frame the rules for Artificial Intelligence. The race to AI shall not justify cutting corners on the framing of the legal framework. We want it to be fair for people, and to bring additional protection, not any less to what is right in EU from a fundamental rights perspective.”
Among 800 participants, policymakers, data protection practitioners, researchers, industry representatives and the wider privacy community connected online to discuss current privacy and data protection issues and emerging challenges on securing personal data.
Key highlights of the conference
This year’s APF welcomed keynote speeches from the Director of Directorate CNECT H, Digital Society, Trust and Cybersecurity, Lorena Boix Alonso, the European Data Protection Supervisor Wojciech Wiewiórowski, the Deputy Chair of the European Data Protection Board, Aleid Wolfsen and the General Director of the Norwegian Data Protection Authority, Bjørn Erik Thon.
On day one, researchers presented their work on implementing data protection principles and promoting compliance with the General Data Protection Regulation (GDPR). The European Commission presented the EU Digital Principles initiative, which is part of the Commission’s vision for Europe’s digital transformation by 2030 and the European Fundamental Rights Agency presented the Agency’s work on Artificial Intelligence and fundamental rights. Later in the day, ENISA moderated a panel discussion on the security considerations of personal data in the “new” normality, discussing how the aftermath of the pandemic and new technologies such as AI could affect personal data processing. Further to legal provisions, protection can also be achieved by deploying correctly appropriate security measures, such as pseudonymisation and encryption.
On day two, a panel discussion on the draft ePrivacy Regulation took place with interventions from the European Parliament rapporteur MEP Birgit Sippel, Ursula Pachl from European Consumer Organisation (BEUC) and Antonio Muñez from the telecommunications sector (Telefónica). The discussion focused on the importance and relevance of the ePrivacy Regulation for the protection of confidentiality of communications and the processing of electronic communications metadata and its use in the fight against the pandemic. The ePrivacy Regulation will modernise the current rules and will enhance the protection of our citizens' rights to their privacy and confidentiality of communications.
Researchers presented their work on Privacy-Enhancing Technologies (PETs) and the Norwegian Consumer Council discussed the traction between consumers and the online advertising industry. The final panel discussion was moderated by the European Data Protection Board where the Norwegian Data Protection Authority, the European Data Protection Supervisor and ENISA discussed how to engineer data protection principles into practical guidelines for developers.
Conclusions
As European Union we should continue to put forward and adopt legislative initiatives, such as ePrivacy Regulation, NIS2, AI, Digital Identity and DORA that promote a high level of protection and respect fundamental rights and freedoms. Similar to the recent legislative initiatives on AI and Digital Identity, we must provide assurance to the end-user not only on the level of cybersecurity but also on whether their personal data are being processed according to legal provisions.
Security and data protection are two sides of the same coin. To achieve this, respect for fundamental rights is essential. This is why we need to develop the appropriate legal and policy framework. After the GDPR's recent third anniversary, it is now high time to progress with the ePrivacy Regulation that will complete the legislative framework.
Implementation is another important challenge. There is no need though to start from scratch. We have to use available techniques and technologies, incorporate security and privacy by design and default into new products and services and adopt security measures proportional to the level of risk presented.
Relevant ENISA publications:
- Data Pseudonymisation: Advanced Techniques and Use Cases
- Pseudonymisation techniques and best practices
- Reinforcing trust and security in the area of electronic communications and online services
Other information:
- Event website
- Annual Privacy Forum 2020 video
- General Data Protection Regulation
- Cybersecurity Act
- EU Cybersecurity Strategy 2020
- ePrivacy Regulation Proposal
- Artificial Intelligence Act Proposal
- European Digital Identity Regulation Proposal
- Measures for a high common level of cybersecurity across the Union (NIS2) Directive Proposal
- European Commission Public Consultation on Digital Principles
About the Annual Privacy Forum
The Annual Privacy Forum (APF) has become a renowned forum among policy-makers, researchers and industry stakeholders in the area of privacy and personal data protection who join forces to advance information security. The forum is set against the EU legislative background that is mainly, but not exclusively, comprised of the GDPR and the draft ePrivacy Regulation. The event sets the stage for new research proposals, solutions, models, applications and policies. In the last few years, the forum has also developed a deeper industry footprint to complement its original research and policy orientation. The 10th edition of the Annual Privacy Forum is scheduled to take place in Warsaw, Poland, on 23rd and 24th June 2022, in cooperation with Cardinal Stefan Wyszyński and Koźminski Universities.
About the European Union Agency for Cybersecurity (ENISA)
The EU Agency for Cybersecurity has been working in the area of privacy and data protection since 2014, by analysing technical solutions for the implementation of the GDPR, privacy by design and security of personal data processing. Since 2018, the Agency has been providing guidance on data pseudonymisation solutions to data controllers and processors.
Contact
For press questions and interviews, please contact press (at) enisa.europa.eu