Version of 10 March 2020

The 10th Annual European Data Protection and Privacy Conference Responsible Data Use in Data-Driven Societies

19 March 2020 – Brussels 09:00 –09:05 Welcome and Introduction 09:05 – 10:00 Keynote Speeches 09:05 – 09:20 Věra Jourová, Vice-President for Values and Transparency, European Commission (confirmed) 09:20 – 09:35 Davor Božinović, Deputy Prime Minister and Minister of the Interior, Republic of Croatia (confirmed) 09:35 – 09:50 Wojciech Wiewiórowski, European Data Protection Supervisor (confirmed) 09:50 – 10:00 Discussion and Q&A Moderated by: Paul Adamson, Chairman, Forum Europe (confirmed) 10:00 – 11:15 Session 1 - Assessing the GDPR two years on By May 2020, the European Commission is expected to issue a report on the evaluation and review of the GDPR, two years after the regulation came into force. Ahead of the release of this report, this session will be an opportunity for different stakeholders to come together to discuss how they have been impacted by the regulation, take stock of the benefits it has unleashed, and explore how the outstanding challenges and concerns around compliance and enforcement can be best addressed amid a new policy landscape in Europe and the continuous development of new data-driven innovations. Topics to be covered include: - The implementation level across member states - The interplay with sectorial policies - The impact the implementation of the regulation has had on European businesses, including SMEs, and on the European tech community - The extent to which it has affected the level of trust from individuals

Version of 10 March 2020

- How effective and consistent enforcement by DPAs has proven to be - How greater cooperation and coordination amongst DPAs can be further encouraged - Areas where further progress is still necessary Moderated by: Eline Chivot, Senior Policy Analyst, Center for Data Innovation (confirmed) Olivier Micol, Head of Unit, Data Protection, DG Justice (confirmed) Dale Sunderland, Deputy Commissioner at the Data Protection Commission, Ireland (confirmed) Lorena Marciano, Director, EMEAR Data Protection & Privacy Officer, Cisco (confirmed) Estelle Masse, Senior Policy Analyst and Global Data Protection Lead Access Now(Confirmed) 11:10 – 11:30 Coffee Break 11:30 – 13:00 Session 2: Encouraging cooperation to shape the future of Data Privacy globally Since the GDPR has come into force, many countries and other regions of the world have adopted new rules or updated their existing ones with stricter requirements, often inspired by the European framework. As we are seeing convergence between the approaches on privacy taken globally, new opportunities to facilitate data flows across borders and boost international trade are emerging. However, some differences still persist and the path towards a common global set of principles for data privacy requires greater compatibility between the different frameworks. This session will examine the core privacy principles that the EU system shares with third countries, ask where the main persisting differences lie, and how these can be best addressed. Notably, it will examine the GDPR principles underlying the California Consumer Privacy Act (CCPA) and the more recently developed Washington Privacy Act, which are two leading States’ privacy laws that will likely influence the direction of a new U.S. national privacy law and will also discuss the provisions of India’s Personal Data Protection Bill that was recently passed. It will also explore the concrete work that is being done on the convergence between privacy rulebooks, on the adoption of additional adequacy decisions with third countries by the EU and discuss if progress towards common standards is being achieved. It will address compliance challenges faced by global data-driven businesses relying on international data transfers, explore best practices, and discuss how cooperation between governments, policy-makers, enforcement authorities, and businesses can be best fostered globally. Moderated by: Eline Chivot, Senior Policy Analyst, Center for Data Innovation (confirmed) 11:30 – 11:50 Part 1: Interview: The EU-US Privacy Shield Exploring progress being made at the transatlantic level since the introduction of the Privacy Shield Programme concerning EU-U.S. data transfers. This interview will discuss issues related to certification, compliance, oversight, enforcement and sanctions. Jim Sullivan, Deputy Assistant Secretary for Services, at the Department of Commerce (confirmed)

Version of 10 March 2020

Bruno Gencarelli, Head of Unit, International data flows and protection, European Commission (confirmed) 11:50 – 13:00 Part 2: Panel discussion Bruno Gencarelli, Head of Unit, International data flows and protection, European Commission (confirmed) Jim Sullivan, Deputy Assistant Secretary for Services, at the Department of Commerce (confirmed) Thomas Boué, Director General, Policy — EMEA, BSA | The Software Alliance (confirmed) Jens-Henrik Jeppesen, Director, European Affairs, Center for Democracy & Technology (confirmed) 13:00 – 14:00 Networking Lunch 14:00 – 14:20 Afternoon Keynote Speech:

Didier Reynders, Commissioner for Justice, European Commission (confirmed)

14:20 – 15:30 Session 3: Responsible data use, trust and AI: Towards A European way of handling data? Data-driven innovation has become an important factor of socio-economic growth in Europe, bringing unprecedented benefits to individuals, businesses and the public sector. It is also widely recognized that confidence in the way personal data is collected, processed, used and shared is crucial for innovation to flourish and new business models to emerge. As Europe is now looking to develop its own strategy to fully leverage the potential of artificial intelligence, maintaining and improving an environment of trust in the ways that personal data is managed in this context remains key. This session will discuss how the current European data protection and privacy framework may impact the development of artificial intelligence, examining the specific obligations and rights that are particularly relevant for the processing of personal data in AI systems. It will ask what can be done so that stakeholders continue to work together to maximize the value brought by algorithmic decision-making based on personal data while combatting potential harmful threats, and will explore issues around automated decision-making, transparency, liability and accountability. Moderated by: Alea Fairchild, Research Fellow, The Constantia Institute (confirmed) Speakers: Gabriele Mazzini, Policy Officer, Technologies and Systems for Digitising Industry, DG CONNECT (confirmed) Maite Pagazaurtundúa MEP, European Parliament (tbc) Ursula Pachl, Deputy Director General, BEUC (confirmed) Mathias Cellarius, Global Data Protection Officer & Head of Data Protection and Privacy, SAP (confirmed) Ellis Parry, Data Ethics Adviser, UK Information Commissioner's Office (confirmed)

Version of 10 March 2020

15:30 – 15:45 Coffee Break 15:45 – 16:45 Session 4: Cross-border electronic evidence and law enforcement: what it means for data privacy and fundamental rights Data and access to electronic evidence are becoming crucial factors in the success of the investigation and prosecution of crimes. In this context and in order to accelerate efficient cross-border investigation, detection, and prosecution of offenders, the European Commission put forward, in 2018, a proposal aimed at introducing a EU-wide framework that facilitates access to electronic evidence by law enforcement authorities in any Member States. In addition, formal negotiations on a EU-U.S. agreement to facilitate access to electronic evidence in criminal investigations have now begun. While the objective of these initiatives is to ensure more effective and rapid law enforcement cooperation, the right balance needs to be found in order to ensure that they are led in a way that guarantees respect for the rule of law, privacy, and civil liberties. This session will examine the latest status of these initiatives and best practices that have been identified for the promotion of privacy protection and transparency in connection with law enforcement activities. It will also ask if the ongoing challenges and concerns linked to the protection of civil liberties and procedural safeguards for defendants are being addressed appropriately. It will explore how cooperation between law enforcement agencies, the judiciary, data protection supervisory authorities and other stakeholders can concretely be enhanced, both at EU level and with international partners, while supporting individuals’ fundamental rights. Moderated by: Dan Michaels, Brussels Bureau Chief, The Wall Street Journal (confirmed) Speakers: Birgit Sippel, Member, European Parliament (confirmed) Xavier Tracol, Senior Policy Officer, Eurojust (confirmed) Jeremy Rollison, Director, EU Government Affairs, Microsoft Europe (confirmed) Chloe Berthélémy, Policy Advisor, EDRi (confirmed) 16:45 – 17:45 Session 5: An update on the E-privacy file - a future-proofed framework fit for the digital society? After previous talks amongst Member States ended in a deadlock and failed to produce a general approach on the proposal for an e-Privacy Regulation that the previous European Commission released in January 2017, the Commission announced in in December 2019 that a new proposal, matching all Member States’ concerns and interests could be put forward. This session will discuss the state of play of this proposal, the key principles agreed so far, the main sticking points left and the next steps towards the possible finalization and implementation of the new regulation. Issues around the interplay between the GDPR and the ePrivacy Regulation and their respective enforcement will be explored, and the extent to which the latest proposed updates to the directive offer the necessary balance between privacy requirements and support for innovation to flourish.

Version of 10 March 2020

Moderated by: Paul Timmers, Research Associate University of Oxford (confirmed) Speakers: Birgit Sippel, Member, European Parliament (confirmed) Peter Eberl, Deputy Head of Unit, Cybersecurity and Digital Privacy Policy, DG CONNECT, European Commission (confirmed) Domagoj Maričić, Counsellor Permanent Representation of Croatia to the EU and co-chair Working Party on Telecommunications and Information Society, Council of the EU (confirmed) Mathilde Fiquet, Director General at FEDMA and Vice-Chair of EDAA (confirmed) Alberto di Felice, Senior Policy Manager for Infrastructure, Privacy and Security, DIGITALEUROPE (confirmed) 17:45 – 19.00 Conference Close and Drinks Reception