The Annual Privacy Forum (APF) celebrates its first 10 years, as the links between privacy protection & cybersecurity continue to grow

Back to News

Artificial Intelligence (AI), data sharing and privacy-by-design were the top data protection and cybersecurity topics at the APF 2022 in Warsaw.

The first Annual Privacy Forum (APF) took place in Cyprus in October 2012 and was born out of a need to better understand the links between privacy and cybersecurity. It has since growth into a major annual event, as the need to tackle these two sides of the same coin continues to grow and is more relevant than ever before.

This year’s tenth APF anniversary brought together over 30 speakers and over 200 participants both physically and remotely and was organized by the European Union Agency for Cybersecurity (ENISA), the European Commission’s Directorate General for Communications Networks, Content & Technology (DG CONNECT), in close cooperation with the Cardinal Stefan Wyszyński University and the Koźmiński University in Warsaw, Poland.

In three lively panel discussions, the APF 2022 covered: AI and privacy challenges; privacy preserving data sharing and Privacy by Design and cookies.

ENISA’s Executive Director Juhan Lepassaar commented: “An open debate needs to accompany the legislative developments on such important topics – and the APF continues to do just that. I look forward to the next ten years of APF.”

Lorena Boix Alonso, DG CONNECT’s Director for Digital Society, Trust & Cybersecurity stressed that “...the Commission places individuals at the centre of any technological solutions and initiatives. To build trust in our digital society and promote innovation, we need to strengthen privacy, data protection and cybersecurity.”

Professor Jerzy Cytowski of the Cardinal Stefan Wyszyński University: “Strong artificial intelligence is used more and more commonly, the political, legal and IT actions are needed to prevent a real and serious danger. Therefore, The APF fits in with the current interdisciplinary and important research on security in all its aspects.”

Professor Grzegorz Mazurek of the Koźmiński University in Warsaw: “Today, what is digital and virtual seems more real and has a greater impact on people's lives than all that occurs in direct relationships and in the material world. This is why a concerted action on cybersecurity is so important. Concern for the ethical use of data and artificial intelligence algorithms is a key issue for the future of this new digital world. It must be backed by democratic institutions and international laws that effectively protect users, which is what we are discussing during the Annual Privacy Forum 2022, an annual meeting of science, business and politics that takes place at our Academy.”

Key take-aways

What became clear from the discussion is that:

  • The issues touched upon at the APF affect an ever-broader cross-sector of stakeholders and the open debate needs to continue.
  • AI systems may process personal information independently without taking into account compliance with GDPR data protection principles such as: purpose limitation, data minimization, accountability, fairness or transparency. This may lead to unexpected consequences and negative impacts for individuals, demanding action in terms of adequate safeguards.
  • The risks for privacy stemming from the rapid advancement of digital solutions and the use of multiple sources represent ever-moving targets. They require an approach which addresses the continuously evolving technological and legal challenges, such as:
    • The rule-based use of large AI models in relation to how they may be combined and for what purposes they should be used;
    • The definition of criteria for trustworthiness in the technologies used providing a sufficient, adequate and meaningful information to users of the technologies and the data subjects;
    • Drawing attention to the increasing power of large platforms to predict data subject behaviour and considering a rule-based approach on collective data protection in addition to data subject protection;
    • A collaboration strategy between DPAs which fosters effective enforcement;
    • Privacy preserving data sharing which remains a challenge in the current new EU legislative initiatives. This should take into account the technical aspects of secure date transfers, anti-money laundry and anti-terrorism enforcement, as well as the different roles and bodies that are involved in the supervision related to data sharing including which of these bodies acts as the coordinating authority; and finally
    • New tools to adequately respond to the new emerging EU Regulations like the Digital Services Act, Digital Markets Act, the AI Act and NIS2 Directive in order to better protect our fundamental rights.
  • From a privacy regulator perspective, it is important to build bridges between scientific research and the practice in data protection to effectively deal with new technologies. The principles of transparency, interpretability, explainability and fairness are key.
  • If privacy by design is applied in cookie banners, data subjects would not be required to define the settings, as they are set in a way that only the minimal settings are default. This especially should be the case for third party cookies. The attention of those parties using cookie banners should be placed on explaining the purpose of using cookies instead of technology-based explanations.
  • This 10th version of the Annual Privacy Forum provided great points to consider for the challenges ahead and set the scene for future Annual Privacy Forums.
  • The next Annual Privacy Forum is planned in 1st and 2nd of June, 2023 in Lyon, France. The APF invites you to join us in

Further Information

Relevant ENISA publications:

Other information:

About the Annual Privacy Forum

The Annual Privacy Forum (APF) has become a renowned forum among policy-makers, researchers and industry stakeholders in the area of privacy and personal data protection who join forces to advance information security. The forum is set against the EU legislative background that is mainly, but not exclusively, comprised of the GDPR and the draft ePrivacy Regulation. The event sets the stage for new research proposals, solutions, models, applications and policies. In the last few years, the forum has also developed a deeper industry footprint to complement its original research and policy orientation.

About the European Union Agency for Cybersecurity (ENISA)

The EU Agency for Cybersecurity has been working in the area of privacy and data protection since 2014, by analysing technical solutions for the implementation of the GDPR, privacy by design and security of personal data processing. Since 2018, the Agency has been providing guidance on data pseudonymisation solutions to data controllers and processors.

Contact

For press questions and interviews, please contact press (at) enisa.europa.eu