Privacy Research Day: discover the program of the first CNIL’s international conference

The first CNIL’s international conference dedicated to research in privacy

This conference will offer the opportunity to create bridges between researchers and regulators. During the day, expert in different fields will present their works and discuss their impact on regulation and vice-versa.

This interdisciplinary day is aimed at a broad audience who is familiar with privacy and data protection and regulation. The objective is to start a discussion between, legal experts, computer scientists, designers, researchers in social science… Researchers and experts from any field related to data protection are invited to attend and be part of the conversation.

For attendants, this is also the chance to discover innovative research: new vulnerabilities, tools and solutions will be presented to them which might inspire new ways of perceiving and fulfilling their missions and draw the contours of the tomorrow’s privacy.

The Privacy Research Day aims to provide the opportunity for lasting partnerships between researchers, the CNIL and other public agencies.

Watch the replay

The program

9 a.m. to 9:15 a.m.

Greetings by Marie-Laure DENIS, Chair of the CNIL

9:20 a.m. to 10:20 a.m.

Panel 1: The Economy of Privacy

User data is at the center of the digital economy. Our panelists will present their research on how organisations and individuals manage and perceive data as an economic resource, and whether the legal frame allowing its collection and use is both implemented and accepted.

With:

• Annika SELZER (Fraunhofer-Institute, Germany) - An Economic Analysis of Appropriateness under Article 32 GDPR;
• Vincent LEFRERE (Institut Mines-Télécom Business School, France) - Privacy, Data and Competition: The Case of Apps For Young Children;
• Aileen NIELSEN (ETH Zurich, Switzerland) - Measuring lay reactions to personal data markets.

10:20 a.m. to 10:40 a.m.

Break

10:40 a.m. to 11:40 a.m.

Panel 2: Smartphones and Apps

Smartphones are becoming the main access point to digital services and content. As such, they are a treasure trove of data about users. This panel will discuss how smartphone apps collect user’s data, sometimes without their consent.

• Alvaro FEAL (IMDEA Networks, Spain) - Don’t Accept Candy from Strangers: An Analysis of Third-Party Mobile SDKs;
• Konrad KOLLNIG (University of Oxford, United Kingdom) and Pierre DEWITTE (KU Leuven, Belgium) - A Fait Accompli? An Empirical Study into the Absence of Consent to Third-Party Tracking in Android Apps;
• Naif MEHANNA (University of Lille, France) - The Price to Play: a Privacy Analysis of Free and Paid Games in the Android Ecosystem.

11:40 a.m. to 12:40 p.m.

Panel 3: Users Perspectives and perception of Privacy and Data Rights

The GDPR 4-year milestone is an opportunity to look back on the concrete changes it has brought to the implementation of users right to privacy, but also discuss the prospective studies that try to implicate the general public in the definition and exercise of their privacy rights.

• René MAHIEU (Vrije Universiteit Brussel, Belgium) - Measuring the Brussels Effect through Access Requests;
• Zaira ZILHMANN (University of Lucerne, Switzerland) - The Right to Customization: Conceptualizing the Right to Repair for Informational Privacy;
• CANCELLED - Athena CHRISTOFI (KU Leuven) et Jonas BREUER (Vrije Universiteit Brussel, Belgium) - Data Protection, Control and Participation beyond Consent: ‘Seeking the views’ of data subjects in Data Protection Impact Assessments.

12:40 p.m. to 2:00 p.m.

Lunch Break

2:00 p.m. to 3:00 p.m.

Panel 4: AI and explanation

Machine-learning algorithms are becoming ubiquitous: a need arises to not just consider optimal performance, but also propose other indicators to evaluate them, among which ethics and explainability become more and more present.

• Martin STROBEL (National University of Singapore) - Privacy at the Intersection of Trustworthy Machine Learning;
• Hannah BROWN (National University of Singapore) - What Does it Mean for a Language Model to Preserve Privacy?;
• Sallam ABUALHAIJA (University of Luxembourg) - AI-enabled Automation for Completeness Checking of Privacy Policies.

3:00 p.m. to 4:00 p.m.

Panel 5: Organisational Challenges

Members of this panel explore how organisations can be innovative with designs and techniques intended for privacy, or find ways to articulate legal requirements and new technologies, thus exploring new paths and uses for them.

With:

• Cécile CARON (EDF R&D, France) - Privacy-proofing blockchain. Socio-technical trade-offs and the design and experimentation trajectory of a service in the energy sector;
• Max VON GRAFENSTEIN (UDK – Berlin, Germany) - Effective data protection by design through interdisciplinary research methods - read also Web Tracking Under the New Data Protection Law: Design Potentials at the Intersection of Jurisprudence and HCI;
• Laurens SION (KU Leuven, Belgium) - DPMF: A Modeling Framework for Data Protection by Design.

4:00 p.m. to 4:20 p.m.

Break

4:20 p.m. to 5:20 p.m.

Panel 6: Tools for Data Protection Authorities

Data Protection Authorities are on the lookout for inventive solutions that may help identify risks and personal data breaches. Three panelists will present new methods, analysis and tools that help regulators stay ahead of the leading edge.

• Robin CARPENTIER (Université de Versailles Saint-Quentin-en-Yvelines, France) - An Extensive and Secure Personal Data Management System Using SGX;
• Asuman SENOL (KU Leuven, Belgium) - Leaky Forms: A Study of Email and Password Exfiltration Before Form Submission;
• José GONZALES (Universidad Carlos III de Madrid and UC3M-Santander Big Data Institute, Spain) - Unique on Facebook: Formulation and Evidence of (Nano)targeting Individual Users with non-PII Data.

5:20 p.m. to 5:35 p.m.

Concluding speech by François PELLEGRINI, vice-chairman of the CNIL and professor at the University of Bordeaux, France, specialist of tech and software law.