Founder’s Voice: Insights from the European Data Protection Summit 2024

On June 20, 2024, Brussels hosted the European Data Protection Summit, organized by the European Data Protection Supervisor (EDPS), which brought together a distinguished array of policymakers, industry leaders, and privacy advocates. This pivotal event provided a platform for deep discussions about the present and future of data protection.

Expert Dialogue on GDPR Compliance and Data Protection: 

The European Data Protection Summit was an invaluable platform for deepening connections with leading figures in the data protection landscape. Among the most enlightening interactions was my conversation with Peter Hustinx, the EDPS Supervisor from 2004 to 2014. Peter addressed my questions on GDPR private enforcement, listened attentively to my concerns about aligning national health authorities and data protection authorities, and validated some strategies I've employed with clients to ensure compliance—particularly when these strategies must navigate discrepancies between authority practices and GDPR requirements.

Additionally, I had a significant conversation with Bettina Gayk, the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia since 2021. Bettina discussed the lawful basis for processing data in clinical research, we delved into how the national ICF template is drafted and the forthcoming changes, and how to effectively employ strategies in global clinical trials to ensure that data subject rights are respected while adeptly navigating the complex challenges posed by GDPR implementation in global context.

The conference also allowed me to engage with colleagues from multiple countries, including Germany, Belgium, and Brazil, discussing the strategic implementation of privacy programs, the evolving role of the Data Protection Officer (DPO), and the importance of expertise and ongoing training in the field.

Key Questions Driving the Summit Discussions

The summit structured its dialogue around five essential questions, each designed to probe deeply into the critical aspects of data protection:

1. What is ‘data protection’ protecting?

2. Is data protection law suitable for public authorities?

3. How to build a functioning democratic oversight within the framework of democracy and the rule of law?

4. Can data protection take a proactive stance instead of being reactive?

5. How can the aspirations of data protection laws be transformed into concrete proposals?

These questions sparked engaging discussions about the role and future of data protection within a democratic society and how data protection is not solely about safeguarding individual rights but also about fostering societal evolution through the respect for fundamental human rights. Trust was frequently cited as the key enabler of societal progress, with data protection serving as a crucial means to foster and maintain that trust.

Much discussion at the summit focused on the critical balance between data protection and national security, emphasizing that both are fundamental rights. It was acknowledged that to ensure safety, certain limitations on individual data privacy rights might be necessary, but these should always be implemented with appropriate checks and balances.

Enforcement emerged as another critical topic during the summit. There were extensive discussions about the shortcomings in enforcement and how these gaps contribute to widespread non-compliance. From my perspective, while authorities are indeed exercising their powers, the consensus at the summit suggested that these efforts are insufficient. Consequently, strengthening enforcement was identified as a top priority, emphasized as crucial for both private and public entities to ensure better compliance and adherence to data protection laws.

Visionary Insights from Vivienne Reding

The concluding session of the summit featured a notable guest, Viviane Reding, the former EU Commissioner responsible for drafting the proposal of the European Data Protection Regulation. She detailed the substantial challenges and the intense lobbying efforts that sought to thwart her initiative, demonstrating the complex interplay between policy development and international business interests.

Ultimately, through substantial support and a determined fight for democratic principles, the GDPR was ratified. Viviane Reding's vision was to establish an EU-wide standard for data protection, governed by a single authoritative body to ensure uniform enforcement. This approach aimed to simplify the implementation of data protection measures to ease operations for global businesses but faced significant challenges for implementation across diverse sovereign nations. The GDPR represents what was feasible to accomplish, secured by the dedication of national authorities to work toward greater harmonization.

The most poignant reflection from Viviane that resonated with me was her realization about the broader impact of her work:

“When I drafted the proposal of the GDPR, I thought I was creating a regional standard of data protection—it evolved to be a global standard, being adopted in multiple countries around the world, and serving as a model for global regulations worldwide. This demonstrates that the European Union can export not only goods, but also values and ideas."

Closing Reflections and Future Directions

The EDPS summit offers significant value, particularly when compared to privately held conferences, due to the unique opportunity it provides to interact directly with the lawmakers and enforcers of the GDPR. This interaction is invaluable not only for understanding their perspectives but also for strategically shaping our compliance efforts. Such engagements are crucial for navigating uncertainties and ensuring the highest level of protection for individuals, thereby setting this summit apart as a critical platform for influence and insight in the field of data protection.

Looking ahead, the summit could further enhance its value by incorporating more sector-specific sessions to delve deeper into specific issues, allowing for the submission of questions in advance to enrich the discussion during presentations, and organizing open roundtable discussions on targeted data protection topics.

By continuously improving and consistently maintaining high quality in its presentations and speakers, the summit will remain a pivotal event for professionals in the field of data protection. I am eagerly anticipating attending the next one.

Sincerely,

Diana