Data Protection Day 2022: Top PrivSec Global Sessions of the Past 12 Months

In recognition of Data Protection Day, GRC World Forums is looking back over our most-attended sessions of the past 12 months.

Since 28 Jan 2021, we’ve brought together thousands of data protection and security professionals to learn, meet and debate, and we’ve hosted hundreds of fascinating talks and conversations on everything privacy and security.

Here are the sessions that attracted the largest audiences, with links to each session so you can catch up.

Vaccine Passes: The Tech, The Law and the Importance of Data Protection and Privacy 

A key reason people attend PrivSec Global is to improve their knowledge of the sector and keep up with the latest compliance trends. But most data protection professionals also harbour a passionate curiosity about privacy—they “walk the walk.” 

So perhaps it’s not surprising that our most highly-attended session of the past 12 months was about vaccine passes—an extremely important privacy-related topic, but one that would have been only indirectly related to most attendees’ day-to-day work.

Vaccine passes are a highly contentious concept in the data protection community. Requiring people to present their sensitive health data to strangers at ports, venues and nightclubs has significant implications for privacy and human rights.

This PrivSec Global session brought together Severa Sandu, Partner at Newmeyer Dillion, Eric Piscini of IBM Watson Health, and Jody Ranck, EVP Global Health Strategy at Ram Global.

The trio had a highly nuanced, technical discussion on the merits and demerits of imposing vaccine passes, with a particular focus on how to implement this technology in the most privacy-sensitive way possible.

Creating a PrivSec Cross-Functional Alliance

One of the great things about PrivSec Global is how it attracts audiences and speakers from across both the privacy and security fields. 

Both these professionals don’t work in silos—increasingly, these two departments need to work together to overcome mutual challenges.

In this April 2021 session, privacy and security experts joined together to discuss how to create a cross-functional alliance that better protects personal data and improves business operations.

Moderated by Giorgia Vulcano, EU Privacy Counsel at Coca Cola, the panellists discussed themes including adapting to remote work, defining a strategic data governance programme and how to leverage opportunities for cross-departmental collobation.

Keynote: Max Schrems

Max Schrems—founder of privacy advocacy group NOYB (None of Your Business) and perennial thorn-in-the-side of big tech firms—is probably best known for destroying the EU-US data transfer framework by bringing the case known as “Schrems II” in June 2020. 

Just over one year on from the EU’s Schrems II judgment, Schrems spoke to GRC World Forums Analyst and Research Director Robert Bateman, who asked him how well he felt regulators were implementing the decision. 

Schrems’ answer? Not well at all.

Shortly after the Schrems II decision hit, NOYB submitted 101 complaints about EU companies they alleged were breaching the rules, mostly by using tools provided by Google for marketing and analytics purposes.

None of those complaints had been resolved at the time of the interview. When asked whether it was possible for EU-based companies to use Google services while remaining GDPR-compliant, Schrems replied with a firm “no.”

It wasn’t until January 2022—when the Austrian and Dutch data protection authorities declared that using Google Analytics was incompatible with the ruling in Schrems II—that Schrems appeared to have been proven right.

Big Tech and The Power of Privacy, Carissa Veliz

Oxford professor Carissa Veliz’s book Privacy Is Power is one of the best-selling mainstream books on privacy. 

PrivSec Global delegates flocked to watch this interview with BBC Cybersecurity Correspondent Joe Tidy in which the two discussed the power of big tech, the issues with excessive data collection, and the harms caused by social media algorithms.

“The more power you have, the more you get to say what counts as knowledge,” Veliz said. Thus the more data Google has about you, the more power the company has to define who you are.

The pair also discussed alternatives to the current data-hungry social media model and the rise of services that enable consumers to better control their personal data.

Schrems II and International Data Transfers: The Journey to a new Privacy Shield and Who Is Leading the Way  

The problem of international data transfers is probably the most contentious and challenging topic in data protection. 

Since the collapse of the Privacy Shield framework threw EU-US data transfers into uncertainty, privacy professionals have been trying to figure out when a new agreement will emerge—and how to facilitate data transfers until it does.

PrivSec Global June 2021 brought together a panel of data protection experts moderated by Jacob Hoedt Larson of Wired Relations to discuss whether the overreach of US surveillance law could ever be resolved in the eyes of the EU.

“It’s not unreasonable for the Europeans to argue for a system in the US that provides a level of transparency… redress (and) a level of judicial oversight,” said Bill Mew of Crisis Team. “This is not something unreasonable for the Europeans to be demanding.”

Six months on from the panel, it appears that such demands are still falling on deaf ears in the US.

PrivSec Global returns on 15th-16th February 2022 featuring over 120+ speakers across 52+ sessions, cover the most pressing and challenging topics from across the data protection, privacy and security sectors.

Register for PrivSec Global February 2022