EDPS Assistant Supervisor Wojciech Wiewiórowski gave the opening keynote speech, in which he emphasised the need to develop practical solutions for privacy engineering. The role of privacy engineering is now more important than ever, since, under the General Data Protection Regulation (GDPR), data protection by design and by default are now enforceable legal obligations. Ensuring that privacy and data protection are incorporated into all new technologies from the development phase is a crucial step in ensuring that we are able to protect personal data in the digital age.
The main aim of the workshop was to assess the state of play for privacy engineering and privacy-enhancing technologies (PETs) in the wake of the GDPR and to follow-up on the outcome of last year’s trans-Atlantic workshop. Some IPEN participants provided updates on ongoing initiatives, such as the IPEN wiki on privacy related standardisation initiatives and the PETs maturity repository.
Beyond current legal obligations, the relationship between ethics and technological developments was also a topic of discussion. We challenged those present to try to answer the question of whether privacy engineering can help solve the ethical problems posed by artificial intelligence (AI). We also asked them to think into the future, from data protection by design to human rights by design. The idea of introducing a Human Rights, Ethical and Social Impact Assessment (HRESIA) was presented as a possible way forward from Privacy Impact Assessments.
The workshop was also an opportunity for businesses to present and demonstrate solutions which combine innovation and data protection. Companies including SAP, Jolla, Qwant and Brave shared their best practices and how to give users more control over their personal data, implementing the spirit of the GDPR to its full extent. Academics from European and American universities reported on recent research results, not only at a theoretical level but also through the presentation of practical tools which help to detect privacy compliance issues and might support regulatory authorities or controllers that wish to act in full accountability.
The workshop marked an encouraging start to the GDPR era and we are looking forward to continue this valuable interdisciplinary dialogue over the months and years to come.
The workshop was web streamed and the presentations are still available on the UPC web site.