On 28 January 2021, the 4th edition of the Data Privacy Day dedicated to privacy and data protection was jointly organised by the University of Luxembourg and the Restena Foundation. In the context of the COVID-19 pandemic, the event was exceptionally held online but nevertheless brought together no less than 220 participants from the research and education sectors, but also from the financial, legal and administrative sectors around the themes of the international transfer of personal data, the right to be forgotten, privacy, the General Data Protection Regulation (GDPR) and COVID-19.
Key information and tools
Opened by Gilles Massen, Director of the Restena Foundation, the Data Privacy Day 2021 brought together speakers from the European Commission, the Association pour la protection des données à Luxembourg (APDL), the National Commission for Data Protection (CNPD), BEE SECURE, the University of Luxembourg and the law firm NautaDuthil.
During this 4-hours event, the international transfer of personal data in both academic and Research and Development (R&D) contexts was discussed. In order to handle the GDPR requirements, organisations are invited to know their transfers, to check the transfer tool they rely on, or to assess if anything in the law or practice of the third country may affect the efficiency of supplemental measures. Actually the European Data Protection released guidelines on these supplemental measures. Moreover, in the context of R&D collaborations involving several research entities, the processing of personal data depends on the right qualification of all stakeholders involved: joint controllers, single controllers or data processor.
The various aspects of data retention and its application in companies were also discussed, with, in particular, the presentation of an automated data discovery and inventory retention tool. More broadly, it was demonstrated how managing permissions, activating the private mode, installing specific extensions and encrypting mail and documents directly on the browser, or even installing the Window 10 Sandbox functionality, can help everyone to get back and guarantee their privacy on the internet.
Finally, the event was also an opportunity for the CNPD to highlight how the COVID-19 pandemic has shaped the work of this national institution and, for the European Commission, to show the future evolution of the GDPR which came into force more than 2 and a half years ago and the future key evolutions.
A story that began 40 years ago
On 28 January 2021, the "Convention 108" - at the base of the European Data Protection Day established 15 years ago - celebrated 40th anniversary. This first legally binding international instrument in data protection field is covering the rights of individuals as well as free flow of data between countries. Elaborated by the Council of Europe, the treaty was opened for signature on 28 January 1981, and signed by 7 countries, including Luxembourg. Since then, the convention has been updated in 2018 to cater for the challenges of the digital age. It is now called "Convention 108+", taking with it the applicability of the General Data Protection Regulation (GDPR), the most robust privacy protection law in the world to date.