Artificial Intelligence (AI) applications are increasingly used in areas of importance both to fundamental rights and public interest, such as health, education, elections, recruitment and workplace management, security and e-commerce. The privacy impacts of AI are not negligible, neither in the private nor in the public sector. How can AI applications be regulated to ensure a future proof protection of individuals while at the same time fostering innovation? AI applications and systems will have to be evaluated from an ethical perspective and on the basis of fundamental rights, according to principles such as accountability, fairness, transparency, non-discrimination, proportionality and data minimization. And what is the relationship of “explainability” in AI ('XAI') to these concepts?
Paul Nemitz, Principal Advisor, Directorate-General for Justice and Consumers, European Commission
FRT applications, which are used for the purposes such as verification, identification and classification, raise privacy concerns. In this session, the discussion will be on whether both public and private sectors observe the principles that need to be followed for the use of this technology in a manner that will not harm fundamental rights and not lead to discrimination. In addition, possible solutions will be evaluated to provide a balance between the use of FRTs and the right to protection of personal data while ensuring public security. The discussion will also draw from the data protection principles and expectations for the development and use of FRT, risk mitigation policies and the need of global policy.
Marc Rotenberg, Director, Center for AI and Digital Policy
Measures that can be taken from the initial development of technological systems and throughout their use will be discussed in order to prevent the misuse of personal data, in the balance of protection of personal data and development of artificial intelligence. In this context, privacy impact assessment, privacy by design and default, privacy enhancing technologies will be covered in the light of latest improvements of AI.
Michael McEvoy, Commissioner, British Columbia Information and Privacy Commission (OIPC), Canada
The “Big Data” phenomenon has enabled the systematic collection and rapid analysis of data, and its use to serve various purposes. Since data sets mostly include personal data, it requires application of data protection rules. Within that context, the term of big data and the tension between big data applications and data protection regulations will be discussed.
Alessandro Mantelero, Associate Professor of Private Law and Law & Technology, Polytechnic University of Turin
In this session, the focus will be on the protection of privacy in the face of “big data”, which plays a crucial role in making personal data the backbone of many digital markets in today’s data-driven economy. In this context, the discussion will cover the following topics; the privacy risks of big data applications, regulation of big data based on the interaction between the consumer rights and competition law, the rapidly increasing economic use of big data sets in the digital platforms. The work will draw from the GPA’s work in the DCCWG and past GPA resolutions relating to big data, seeking future regulatory solutions and actions to address the greatest challenges.
Andrea Jelinek, Chair, European Data Protection Board (EDPB); Director, Austrian Data Protection Authority
Even though surveillance has been traditionally studied in terms of state-citizen relationship, due to developing technologies, it has become easier for the private sector to monitor the individuals and, therefore, data emerges as an economic value. Within this scope, how can data protection authorities ensure that the right to data protection is assured while promoting the development of private sector in a proportional approach using people’s data in a legitimate, transparent and accountable way?
Ashkan Soltani, Executive Director of the California Privacy Protection Agency
Tracking on the internet is carried out in an increasingly invisible and opaque way for the data subjects through online identifiers such as cookies, device fingerprinting, tracking pixels, and beacons used on the web. Thus, personal data could be widely used in behavioural targeting via the tracking technologies including Adtech. People can be exposed to discrimination through profiling and inferences from the profiles of individuals tracked through different domains and different devices. Besides, information collected for such targeting purposes is transferred between different parties in the advertising networks. This session covers the issues: potential solutions and measures for transparency, how to obtain the consent effectively, how to ensure accountability and transparency and various enforcement approaches.
Brent R. Homan, Deputy Commissioner, Office of the Privacy Commissioner of Canada
In the digital era, the need to use the technological advancements for the benefit of humans is beyond dispute. In this session, the balance between technology and the protection of personal data will be discussed from the standpoint of trust. Mechanisms for building trust for the individuals will be evaluated in the light of recent technological advancements.
Perihan Elif Ekmekci, Associate Professor, Faculty of Medicine, TOBB University of Economics and Technology
The application of existing data protection regulations may prove to be challenging at the light of the development of certain new technologies as Blockchain and Metaverse. Thus, the primary themes to be addressed in this panel with regard to blockchain technology can be listed as; “how to determine the jurisdiction and applicable law”, “determining data controller and data processor”, and “how to ensure that data subjects exercise their rights (especially the right to be forgotten) in non-editable and non-erasable blockchain”. In terms of metaverse, the focus in this session will be on the challenges posed by the universes built on augmented reality and virtual reality in the perspective of privacy. In this framework, the following topics will be evaluated; the concept of “Metaverse”, challenges that may arise when applying existing data protection regulations to the Metaverse (such as determination of the data controller-data processor / data sharing-transfer / ensuring that data subjects exercise their rights), advertising technology, cybersecurity and new cyber threats that may emerge in the Metaverse.
Gianclaudio Malgieri, Associate Professor, EDHEC, Business School, Lille
In such a period where cross-border data flows have accelerated, it has become crucial to ensure cooperation among governments, regional and international organisations having a view to protecting personal data with a common understanding. Accordingly, legal and technical barriers to data transfers, solutions to such barriers, and examples from existing practices will be evaluated all together.
Ulrich Kelber, Federal Commissioner for Data Protection and Freedom of Information (BfDI), Germany
Marie-Laure Denis, President of CNIL
Regulations and practices for cross-border data transfers differ from each other globally. There are also mechanisms in place allowing cross-border data flows under certain conditions. In this context, this panel will cover the issues such as: (i) the latest updated mechanism/s, such as the Global CBPR (Cross Border Privacy Rules) Forum certification or the EU-US Transatlantic Data Privacy Framework that can be used to ensure free flow of data, (ii) standards to be applied to ensure protection of personal data against mass data flow in the digital age, (iii) the requirements to build trust in cross-border data transfers, (iv) cross-border data transfers from the perspective of data localization.
Wojciech Wiewiorowski, European Data Protection Supervisor, EDPS
Individual privacy and dignity are among the elements of the human rights agenda. International recognition on privacy for vulnerable groups should be increased and minimum standards should be discussed in international level. How to ensure that the personal data processed only to provide the service for persons in need of humanitarian aid by considering the principles of data minimisation and proportionality? What are the factors causing privacy risks and additional protections for privacy risks mitigation for children?
Christopher Kuner, Professor of Law, Free University of Brussel (VUB)
Presenter: Francisco Javier Acuña Llamas, Commissioner, INAI, Mexico
Protection of rights of the individuals in the event of emergencies and humanitarian aid deployment will be possible by creating an environment where their privacy is protected. Mass data processing, including sensitive data, is carried out during emergencies and humanitarian aid operations that are beyond the control of national authorities. In this session, the following issues will be addressed: “the possibility of a global standard on how to ensure the security of the data processed for humanitarian aid”, “measures to be taken to protect health/biometric data of victims”, “challenges faced by humanitarian organizations with limited resources to apply appropriate security measures to the data”, and “what monitoring/oversight measures should be applied to the national or international NGOs that process sensitive data”.
Trevor Hughes, President and CEO of the International Association of Privacy Professionals (IAPP)
The focus will be on local or international legislation and regulation on the protection of children’s personal data, existing and potential problems that may arise in the future and ensuring cooperation among countries. In this framework, the following issues will be addressed; circumstances where the consent of the child or the parent should be obtained, validity of the parent’s consent in relation to the principle of the best interest of the child, the criteria for child’s age verification and for providing information to the child.
Ruth Boardman, Partner, Bird & Bird