Programme 2019 – PLP Summer Course

Monday
July 1
8:45-9:15 Welcome
9:15-9:30 Opening session
By Kristina Irion
9:30-12:30 An Update on European Privacy Law and Policy
By Ot van Daalen
This opening seminar will introduce participants to developments in privacy law and policy related to the Internet, electronic communications, and online and social media in Europe. It will cover the latest and most significant statutory, regulatory and judicial developments at EU and member states level. A particular focus is on the substance and the status of the new General Data Protection Regulation.
14:00-17:00 An Update on U.S. Privacy Law and Policy
By Dennis Hirsch
This seminar will provide a comprehensive update on US privacy law and policy related to the Internet, electronic communications, and online and social media. It will describe the latest and most significant statutory, regulatory and judicial developments, including Federal Trade Commission policies and enforcement actions. Following this survey, the instructor and participants will discuss overarching legal and regulatory trends and explore likely future directions in US privacy law and policy.
17:30-19:30 Boat tour on Amsterdam canals and welcome dinner
Tuesday
July 2
9:30-12:30 European DPAs: Enforcement of Privacy and Data Protection Rules Related to the Internet
By Sjoera Nas
Building on her experience as Internet and telecom expert at the Dutch Data Protection Authority and her work in drafting opinions for the Article 29 Working party, Ms. Nas will discuss past en future regulatory approaches to enforcement by the European data protection authorities.
The seminar will provide insight into some past joint investigations by a taskforce of European DPA’s of data processing activities by Google, Facebook en Microsoft. The seminar will discuss the way DPAs collaborate under the GDPR in the new European Data Protection Board (EDPB) and provide an overview of the published enforcement results in the different EU member states since 25 May 2018, the day the GDPR became enforceable.
The seminar will provide detailed insights in the GDPR requirements on consent. The second half of the seminar will consist of a moot court in which participants will present arguments about compliance with the GDPR consent requirements from the DPA and the data controller perspectives.
14:00-17:00 The FTC approach to privacy enforcement
By David Vladeck
The Federal Trade Commission (FTC) is a 100-year-old regulatory agency, one of the first in America, originally intended to address the problems of monopoly and trusts. A century later, the FTC has become the United States’ primary regulator of privacy and of information policy. It primarily regulates through enforcement actions against high-profile companies and practices, and is active in online privacy, children’s privacy, direct marketing, spyware, financial privacy, and information security. Some look to the FTC as an ideal enforcement agency, as it has brought over 150 matters in its privacy and security. This seminar will provide an overview of the FTC’s jurisdictional breadth and tools, its resources, and how it has applied them to create a body of information privacy law in the US.
Wednesday
July 3
9:30-12:30 Ethics of privacy in the digital society
By Beate Roessler
What we call ‘private’ and also what we should call ‘private’ has changed enormously over the last 20 or so years. Privacy in the digital society obviously has to be conceptualized and (ethically, politically) justified in new ways. We will discuss the value of privacy for individuals and for the society, the connection between privacy and freedom, and the rol of privacy in and for the digital democratic society.
14:00-17:00 (free)
Thursday
July 4
9:30-12:30 Doing Business Over the Internet: The legal governance of customer-centric innovation 
by Axel Arnbak
This seminar will focus on the clash between EU data protection law and the relentless pace of customer-centric innovation. After providing a general overview of the current EU regulatory framework, we will discuss the eternal and only equation that actually matters to most data-driven companies: maximising value, while minimising costs and risk. Framing the session as a perpetual quiz, we will cover hot topics such as behavioural targeting; adtech; profiling; artificial intelligence; algorithmic governance, and data breach notifications. With each topic, participants will be asked to participate in real-life case studies to help highlight the issues and concerns.
14:00-17:00 Cross-border Transfers of Personal Data
By Kristina Irion
The GDPR continues to make the transfer of personal data to third countries subject to requirements, which intend to ensure that the high level of personal data protection would not be undermined.  Remarkably, the regulation will apply directly to cross-border commercial transactions involving personal data from the EU, even if an organisation operates from outside the EU.  Such external effect will profoundly impact suppliers of goods and services from outside the EU, who will be expected to observe the GDPR in its entirety. This seminar will introduce participants to the EU rules on cross-border transfers of personal data and informs about advantages and strategic considerations when choosing an avenue.
Friday
July 5
9:30-12:30 Data surveillance: national security and law enforcement
By Nico van Eijk
In this session the focus will be on the use of personal data in the context of national security and law enforcement. Both issues are of great interest for the protection of privacy. Decisions by the two European Courts have (and are still) creating new challenges for regulation and enforcement. In the aftermath of the ‘Snowden-revelations’ many countries have modified their regulatory frameworks. Nonetheless, substantial challenges remain, for example when data are exchanged between security services. Law enforcement meets similar challenges as we can learn from the Microsoft Ireland-case, resulting in the adoption of the US Cloud Act. At the same time, the European Police Directive entered into force and a special e-evidence directive was proposed.
14:00-17:00 E-privacy 
Panel by Rosa Barcelo, Joris van Hoboken (moderator), Johnny Ryan, Nicole Wolters Ruckert & Frederik Zuiderveen Borgesius
In this session, we will focus on the ongoing discussions about the new e-Privacy regulation, providing an overview of some of the proposed changes and key challenges in the debate at the EU level, including the extension of the rules to OTTs (over the top service providers), the regulation of behavioral advertising and other forms of tracking, the protection of communications confidentiality and the question of encryption of communications.
17:00-19:00 Closing reception