| Monday 30 June 2025 | |
| 9:00-9:30 | Welcome, reception and coffee |
| 9:30-12:30 | Session 1: Walk the Talk: Cross-border transfer of personal data by Kristina Irion This lecture covers EU rules on cross-border transfers of personal data and discusses recent enforcement decisions against Meta/ Facebook in Ireland and against Uber in the Netherlands as well as the instructive ruling of the General Court in the case Bindl v Commission (Case T-354/22). |
| 12:30-14:00 | Lunch provided |
| 14:00-17:00 | Session 2: A conversation between privacy professionals by Sjoera Nas (Privacy Company) and Laura Poolman (Kennedy van der Laan) Moderated by Ot van Daalen and Stefan Kulk This session will take a more practice-oriented approach to current privacy problems. Privacy professionals will share some of their experiences and answer questions from participants. |
| 17:30-19:30 | Boat tour on Amsterdam canals and welcome dinner |
| Tuesday 1 July 2025 | |
| 9:30-12:30 | Welcome, Reception and Coffee Session 3: Privacy and cybersecurity by Els De Busser & Varun Aggarwal In this session, we will combine a legal/governance view on privacy and cybersecurity with a technical/management look at it. A key feature will be security-by-design and how privacy protective elements can be made part of it. |
| 12:30-14:00 | Lunch provided |
| 14:00-17:00 | Session 4: Privacy and (government) Data Law by Heleen Janssen, Hannah Ruschemeier & Marten Steketee In two sessions (a lecture followed by a breakout session), we focus on two emergent and urgent topics arising in local public policymaking context. The first zooms in on legal considerations (AI-Act, GDPR) that arise whenever government, being close to the citizens, makes use of foundation AI-models. The second session focuses on government’s desire to access and use of data held by other organisations for better public service provision, whereby we question whether the Data Governance Act and Data Act offer a coherent legal framework that protects the rights and interests involved |
| Wednesday 2 July 2025 | |
| 9:30-12:30 | Welcome, Reception and Coffee Session 5: Social Justice and AI: Data Protection or Protected Data? by Laurens Naudts & Charlotte Ducuing Focusing on AI-driven technologies as knowledge production tools, this module investigates how legal discussions surrounding data governance – such as data creation, curation, commodification, and ownership – intersect with questions of social justice, including structural inequality and disparities in political power. |
| 12:30-14:00 | Lunch provided |
| 14:00-17:00 | Free |
| Thursday 3 July 2025 | |
| 9:30-12:30 | Welcome, Reception and Coffee Session 6: Latest GDPR developments + Crash course CJEU case law by Joost Gerritsen & Els De Busser The elaborate recent output of rulings from the CJEU in the privacy and data protection realm will lie at the heart of this session. The most important case law will be covered to bring participants up to speed on the latest developments. |
| 12:30-14:00 | Lunch provided |
| 14:00-17:00 | Session 7: Privacy and platform law by Max van Drunen & Jan Penfrat This session will provide an overview of recent intersections between privacy and platform regulation. It will explore these issues from a civil society perspective, and provide a deep dive into new restrictions imposed on the use of personal data for targeted advertising. |
| Friday 4 July 2025 | |
| 9:30-12:30 | Welcome, Reception and Coffee Session 8: Decisional Privacy and Manipulation by Marijn Sax & Marjolein Lanzing In this session, we explore the versatility of privacy theory by drawing on theories of decisional privacy to show how one can also address worries on the manipulation of behavior within a privacy framework. |
| 12:30-14:00 | Lunch provided |
| 14:00-16:30 | Group exercise |
| 16:30-17:30 | Closing and handing out certificates followed by drinks at De Burcht |
| 17:30 | Drinks at Crea (Roeterseiland Campus) |