Programme 2018 – PLP Summer Course

Monday
July 2
8:45-9:15 Welcome
9:15-9:30 Opening session
By Kristina Irion
9:30-12:30 An Update on European Privacy Law and Policy
By Ot van Daalen
This opening seminar will introduce participants to developments in privacy law and policy related to the Internet, electronic communications, and online and social media in Europe. It will cover the latest and most significant statutory, regulatory and judicial developments at EU and member states level. A particular focus is on the substance and the status of the new General Data Protection Regulation.
14:00-17:00 An Update on U.S. Privacy Law and Policy
By Dennis Hirsch
This seminar will provide a comprehensive update on US privacy law and policy related to the Internet, electronic communications, and online and social media. It will describe the latest and most significant statutory, regulatory and judicial developments, including Federal Trade Commission policies and enforcement actions. Following this survey, the instructor and participants will discuss overarching legal and regulatory trends and explore likely future directions in US privacy law and policy.
17:30-19:30 Boat tour on Amsterdam canals and welcome dinner

 

Tuesday
July 3
9:30-12:30 European DPAs: Enforcement of Privacy and Data Protection Rules Related to the Internet
By Sjoera Nas
Building on her experience as Internet and telecom expert at the Dutch Data Protection Authority and her work with the Article 29 Working party, Ms. Nas will discuss regulatory developments in the Internet sector from the perspective of enforcement. The seminar will provide insight into the joint investigations by a taskforce of European DPA’s into the combining of data by Google under its new privacy policy, as well as some other investigations conducted by the Dutch DPA related to Smart TV and digital tv, driver whereabouts, cookies and apps. The seminar will also shed light on the Article 29 Working Party’s recent activities and opinions related to the Internet and mobile communications. The second half of the seminar will consist of a moot court in which participants will present arguments from the DPA and the data controller perspectives.
14:00-17:00 The FTC approach to privacy enforcement
By Chris Hoofnagle
The Federal Trade Commission (FTC) is a 100-year-old regulatory agency, one of the first in America, originally intended to address the problems of monopoly and trusts. A century later, the FTC has become the United States’ primary regulator of privacy and of information policy. It primarily regulates through enforcement actions against high-profile companies and practices, and is active in online privacy, children’s privacy, direct marketing, spyware, financial privacy, and information security. Some look to the FTC as an ideal enforcement agency, as it has brought over 150 matters in its privacy and security. This seminar will provide an overview of the FTC’s jurisdictional breadth and tools, its resources, and how it has applied them to create a body of information privacy law in the US.

 

Wednesday
July 4
9:30-12:30 Intellectual Privacy in the Information Age
By Neil Richards
This seminar will examine intellectual privacy in the digital environment. What do free speech and privacy mean in this context? How do they fit together? When they conflict, how should we reconcile them? Should Big Data, the Internet of Things, and the Snowden revelations change our analysis? Drawing on his work on these topics from the past decade and his recent Oxford Press book on these issues, Professor Neil Richards will lead the group in an examination of these questions and consider the future of both privacy and free speech in the context of traditional and social media, regulation of data collection and processing, and special issues raised by both content and metadata associated with digital reading and communications.
14:00-17:00 (free)

 

Thursday
July 5
9:30-12:30 Doing Business Over the Internet: Legal and Policy Challenges
By Kristof van Quathem
This seminar will focus on some of the more controversial aspects of EU data protection law today.  Besides providing a general overview of the current EU regulatory framework, we will discuss the following “hot” topics:  the emerging “right to be forgotten”; increasing conflicts between EU data protection law and other foreign laws; employer-employee relations; the validity of consent; Big Data; and breach notification. With each topic, participants will be asked to consider case studies to help highlight the issues and concerns.
14:00-17:00 Cross-border Transfers of Personal Data
By Kristina Irion
The GDPR continues to make the transfer of personal data to third countries subject to requirements, which intend to ensure that the high level of personal data protection would not be undermined.  Remarkably, the regulation will apply directly to cross-border commercial transactions involving personal data from the EU, even if an organisation operates from outside the EU.  Such external effect will profoundly impact suppliers of goods and services from outside the EU, who will be expected to observe the GDPR in its entirety. This seminar will introduce participants to the EU rules on cross-border transfers of personal data and informs about advantages and strategic considerations when choosing an avenue.

 

Friday
July 6
9:30-12:30 E-privacy and case study
By Joris van Hoboken & Frederik Zuiderveen Borgesius
In this session, we will focus on the ongoing discussions about the new e-Privacy regulation, providing an overview of some of the proposed changes and key challenges in the debate at the EU level, including the extension of the rules to OTTs (over the top service providers), the regulation of behavioral advertising and other forms of tracking, the protection of communications confidentiality and the question of encryption of communications.
14:00-17:00 Transatlantic interoperability of privacy law and the surveillance issue
By Nico van Eijk
This seminar pursues the dual objectives to introduce how surveillance and data retention are approached under EU law and what EU regulation foresees in terms of network security and data breach. The seminar commences with discussing the CJEU ruling in Digital Rights Ireland and its implications for any lawful data retention scheme operating under EU law. In a next step, the discussion will turn to EU member states’ practice of surveillance and independent oversight as well as the legal critique on U.S. preemptive surveillance programmes. The second part is dedicated to rising relevance of information network and security policy in the EU and the requirements flowing from the Network and Information Security Directive. Finally, the new obligation under the GDPR on data breach notifications are briefly introduced.
17:00-19:00 Closing reception