03.02.2022

Exploring the evolving world of data protection in Europe

Security

For the 5th consecutive year, the Restena Foundation and the University of Luxembourg have raised awareness of data protection among Luxembourg's academic and economic stakeholders on the occasion of European Data Protection Day.

On 28 January 2022, the University of Luxembourg and the Restena Foundation jointly organised the 5th edition of the Data Privacy Day dedicated to personal data protection. In the context of the COVID-19, the event was held online for the second year in a row. This 5th edition gathered 185 participants around current key thematic areas in the field of data protection in the research sector, the upcoming European regulations, as well as more technical issues such as cookies, open-source software as an alternative to market solutions and algorithms.

Opened by Isabella Ripota, Data Protection Officer at the International Atomic Energy Agency (IAEA), Data Privacy Day 2022 brought together speakers from the European Commission, the National Commission for Data Protection (Commission nationale pour la protection des données - CNPD), BEE SECURE, the Association pour la protection des données à Luxembourg (APDL), the University of Luxembourg and the law firm Elvinger Hoss Prussen.

An overview of current and future regulation

During this morning, participants were able to obtain a lot of information and feedback on legislative elements. They were able to find out how the AEIA, which is not subject to the GDPR, has determined and implemented its data protection programme from 2020 and to discover the elements that make it up.

As usual, the GDPR, which sets the main framework for personal data processing in the European Union since May 2018, was discussed. This discussion included an overview of the regulation, its interaction with the COVID-19 pandemic and the existing links with current European initiatives on the digital economy. Among these, proposals for European regulations have been drafted since the end of 2020: the Data Governance Act (DGA)  and the Artificial Intelligence Act (AIA), dealing respectively with European data governance and artificial intelligence. These proposals carried in their wake new challenges for their application and coordination with the GDPR. The first step will be to follow their adoption, then guidelines from the Data Protection Authorities and the European Commission concerning their application.

Research institutions, in particular, have to conciliate compliance with data processing regulations with their needs to carry out European or even international research projects and programmes. The European data protection regulation poses interpretation and application challenges impacting the processing and sharing of data. These challenges are very diverse and concern the interpretation of the whole concept of personal data, international data transfers and the implementation of data subjects' rights. The Guidelines on the Right of Access, adopted by the European Data Protection Board (EDPB) in January 2022, will provide more precise guidance in the coming months on how the right of access has to be implemented in different situations.

Increasingly exploited data

The legal framework for cookies - small text files containing identification tags installed and stored by the server of a visited website, or a third-party server, on the terminal of the Internet user consulting it to track and retain information on movements - was discussed. In October 2021, the CNPD also updated its guidelines on cookies and other tracers. Entitled Le Règlement Général sur la Protection des Données - Lignes directrices en matière de cookies et autres traceurs’, the document, only available in French, provide support to website and application operators to comply with the currently applicable rules. A conference entitled ‘COOKIES : JE TIENS À MA VIE PRIVÉE OU JE N’AI RIEN À CACHER ?’ is also being organised by the CNPD on 26 April 2022 to present these guidelines.

Data Privacy Day 2022 also focused on open-source software. By using, modifying or redistributing without technologies that monitor and control, and by making public all the hardware and software contents of their information systems, the open-source software distributed under free license could represent an ethical and alternative solution for compliance with the RGPD. 

Finally, a presentation went into more detail on algorithms - explicit, logical instructions or rules on how to solve a problem - which are increasingly ubiquitous in everyday life. Fuelled by our actions, algorithms are also influenced by emerging developments in Artificial Intelligence, facial recognition and surveillance.

>> Relive the event by viewing the Data Privacy Day 2022 photo gallery or by accessing the presentations on the event website: dataprivacyday.lu. The video will be published afterwards.