Conference TILTing Perspectives 2017: 'Regulating a connected world'
17-19 May 2017, Tilburg University, Tilburg, the Netherlands
Technology is transforming society on many fronts. In recent years, we have seen the rise of social media and the sharing economy, a sustained move from atoms to bits, and the rapid development of cloud computing, big data, smart devices, and robotics. Along with these developments we see a continuous stream of new legal and regulatory issues. For every problem solved, two new problems seem to surface.
When looking at
current phenomena, it is particularly notable that that everything seems to be
connected. Individuals are being connected through networks and data flows from
and through connected devices; the field of Data Science seems to revolve
around connecting the dots between various bits of data and between data and
persons. Disciplines and regulatory domains are also increasingly connected:
contemporary issues require involvement from legal scholars, regulation and
governance scholars, and social scientists, who must work together, but who
also occasionally clash. Similarly, different domains of law become
intertwined, such as public law and private law or data protection and
intellectual property, but do not always coexist harmoniously. Regulation is no
longer the prerogative of sovereign states; rather, complex interconnected
multi-level governance arrangements are at play.
developments and transformations give good reason to adopt 'Regulating a
connected world' as the theme for the 5th Bi-annual TILTing Perspectives
conference on the intersection of law, technology, and society.
TILTing conferences had a specific focus, ‘robotics and neurotechnologies’ in
2011, ‘health and surveillance’ in 2015, the 2017 conference will open the
floor to an entire spectrum of topics and disciplines under the broad umbrella
of law, technology and society.
TILTing 2017 brings together researchers, practitioners, policy makers, and civil society at
the intersection of law and regulation, technology, and society to share
insights, exchange ideas and formulate, discuss and suggest answers to contemporary
challenges related to technological innovation. The conference will include
plenary sessions, parallel sessions, and panel discussions with invited
speakers, as well as presentations from respondents to this call for papers.
The conference features five large tracks: Privacy, Health, Intellectual property, Data Science, and PLSC Europe. But within the context of these general tracks, we are adopting an open and bottom-up organizational strategy: it is up to you (the participants) to determine what happens at the conference and how. With that in mind, we invite scholars, practitioners, policy makers, and others, to propose papers, workshops, panels, mini-symposia and the like, both within and in addition to the large tracks. If you have an idea and would like to check whether it fits the open theme of the conference, feel free to contact firstname.lastname@example.org
TILTing 2017 will contain a ‘GikII’ inspired event. On Friday afternoon, or even Friday all day submissions permitting, we will host a GikII style Workshop. GikII brings together the worlds of law, technology and popular culture.
GikII represents serious academic scholarship, but with a twist. Topics of the first GikII in 2006 included surveillance strategies in the novels of Harry Potter; how to avoid building open source killer robots; whether we need a new legal regime for the regulation of virtual property; copyright law, anime, fansubs; comparative pornography law, TRIPS and Japanese manga; virtual world governance; the law of entropy and old computers; technophobia and technophilia; and much, much more.
If you have a paper burning for the oxygen of publicity on any aspect of law AND technology, science, geek culture, blogs, popular culture, wikis, science fiction or fantasy, computer games, digital culture, gender on-line, MMORPGS, virtual property or online human personae, then GikII is your place. Check out the Gikii website for presentations of the 2016 GikII held in London.
The TILTing 2017 conference system contains a GikII track selector allowing you to enter your suggestion for a GikII presentation on Friday 19 May 2017. A geeky title and abstract suffices for now.
Privacy track and PLSC-Europe
The definition and boundaries of privacy, as both a philosophical concept and a legal right, have been hotly debated in recent years. Indeed, emerging technologies have continually challenged traditional conceptions of privacy that relate to “private life,” the public/private dichotomy, or property (e.g. “my home is my castle”). Many people now carry devices throughout the public sphere that contain (access to) vast quantities of information about their private lives or maintain technologies in their homes that sense and collect potentially sensitive data—technologies that often have porous digital walls, connect to external networks, and store information in distant servers. As a consequence, governments and companies (as well as other private parties) have an increasing number of entry points to invade personal privacy.
This track will include both
a general privacy track as well as the 2nd European edition of the Privacy Law
Scholars Conference (PLSC-Europe).  The general track will encompass a variety of
events, including paper presentations, panels, roundtable discussions, and
invited talks. PLSC-Europe events will follow the traditional PLSC model, in
which papers will be presented and commented on by discussants and other
participants (who are all expected to have read the papers in advance). For
submissions to the general track, proposals are especially welcomed within the
theme of privacy, technology, and space(s), including issues related to privacy
in private or public spaces (e.g., homes or streets), and privacy issues
generated by the fact that information that used to be stored in private
physical spaces (e.g. inside a person’s home, office, desk, or safe) is now
often stored on mobile devices or in less-private “virtual” spaces (e.g., cloud
storage) that offer less practical and/or legal protection against intrusions
by private or public actors. The primary focus of the general track is on
privacy law, rather than data protection, but proposals focusing on data
protection are also welcome. Submissions to PLSC-Europe may focus on any aspect
of privacy or data protection law. Submissions to the general privacy track and
PLSC-Europe will be handled separately.
Possible topics include, but
are not limited to, the ethical, legal, organizational and/or social challenges
- The relationships between privacy, technology, and public/private spaces
- The evaporation of the physical home as a stronghold for privacy
- Privacy crimes (e.g. voyeurism, revenge porn, stalking, eavesdropping, trespassing, hacking)
- Privacy, criminal procedure, and the regulation of police powers
- Surveillance and privacy
- Privacy and mobile devices
- Privacy in the cloud
- Technologically-facilitated intrusions into private life
- Privacy in smart cities
- Privacy and the Internet of Things (e.g., smart toys, connected devices)
- Privacy of body and mind
For questions about possible presentation topics for the Privacy Track, please contact Dr. Bryce Clayton Newell: email@example.com
 Based on the popular PLSC event in United States, PLSC-Europe is dedicated to bringing together privacy law scholars, practitioners, and privacy scholars from other disciplines from across Europe and beyond to discuss current issues and foster greater connections between academia and practice. The first PLSC-Europe was held in October 2015 in conjunction with the Amsterdam Privacy Conference. From 2017 onwards, PLSC-Europe will become an annual event co-organized by the University of Amsterdam (IvIR), Tilburg University (TILT), and the Free University Brussels (LSTS/Brussels Privacy Hub), alternating between Amsterdam, Tilburg, and Brussels.
Healthcare has long been a “protected sector” that relies on a principle of confidentiality between the individuals needing care and the trained professionals able to provide that care. Without this principle of confidentiality, patients would be reluctant to provide the information professionals find necessary to addressing illness and other health concerns and professionals would be unable to provide adequate care to patients. As part of the principle of confidentiality, health data (which includes not only clinical data, but also data derived from biomedical research and patient-generated data) is privileged and protected by legal mechanisms worldwide. Western health systems increasingly use networked information and communication technologies (ICT), such as electronic records, information networks and exchanges, and large-scale databases, to collect, structure, store, manage and exchange the various types of data central to delivering patient care. Consumers are also increasingly encouraged to use (commercial) ICT (including, but not limited to, web-based logs, social media, applications (‘apps’) on mobile devices and/or sensors placed near, on or in the body) to generate data about their daily lives and individual behaviors relevant to personal and population health. Such ongoing technical and social developments not only reshape the structure and organization of care delivery, but also increasingly challenge the aforementioned protective legal mechanisms and raise a multitude of ethical questions.
For this track, we are interested in papers or panels that interrogate the mutually dependent relationship between changing developments in how health data is collected, structured, stored, managed and/or exchanged and emergent ethical, legal, organizational and social issues. We are interested in papers demonstrating lessons from practice as well as more theoretically-oriented papers.
topics include, but are not limited to, the ethical, legal, organizational
and/or social challenges related to:
- The networked, distributed nature of health data collection and exchange
- Security weaknesses in health information systems
- Use of social media as part of health information provision or exchange
- Use of mobile Health (mHealth) applications and/or sensors in the clinical setting
- Use of mHealth applications and/or sensors for personal health tracking
- The rise of invisible/ingestible sensors
- Internet of (Health-related) Things
- Gamification in health education (for patients or professionals)
- 3D printing for health
- Datafication in Personalized and Precision Medicine
- Emergent ICT and medical education (professionals)
For questions about possible presentation topics for this track, please contact Dr. Samantha Adams: firstname.lastname@example.org
Intellectual Property track
The digital economy is one of the most important drivers of innovation and economic growth today. Intellectual property rights, conceived as institutions designed to accelerate technological progress, are its important part. Yet, there is mounting criticism that present day’s design of IP rights and/or their enforcement sometimes works against its own purposes. Newspapers daily surface examples of abusive industry practices or application of outdated laws. Next to the criticism, however, we also observe a wave of demands for novel IP rights or re-adjustment of the old rules to better ‘reflect new technological realities’. In both constellations, new technologies and unfamiliar realities of digital economy are taking the center stage. The goal of this track is to explore the pertinent legal, economic and social issues on both sides of the debate.
For this track, we are interested in (i) papers, (ii) panels, (iii) roundtable discussions and (iv) lightning talks. Suggested themes for contributions include, but are not limited to:
- EU copyright reform
- New ancillary right for publishers
- Ownership, exclusivity and portability of data
- IP enforcement against intermediaries: standardization, automation and beyond
- Open source, standardization and IP
- New developments in collective management of rights
- IP in the supply chain of digital goods
- Online freedom of expression: intermediaries, trade secrets and beyond
For questions about possible presentation topics for this track, please contact Dr. Martin Husovec: email@example.com
Data Science track
Data science —the practice of organizing, analyzing and using new sources of digital data—, is transforming societies around the world, but that transformation is largely invisible. Algorithmic sorting and categorization, machine learning and artificial intelligence, data emitted through people’s use of technology, from the internet of things and by smart environments are contributing to new types of visibility and changing power dynamics between people, corporations and governments. The use of digital data in policy and planning creates the power to understand and visualize in new ways, but also to monitor and influence to an unprecedented extent. Similarly, the use of digital traces in research is transforming many fields, but with associated shifts in power and practice. Data science therefore has implications for rights, for culture and research, for how economic growth, development and social justice are conceptualized and practiced, and also for modes of resistance and organizing. How are societies balancing the use of data analytics for economic growth, knowledge and security with the need to preserve ‘the play of everyday practice’ (Cohen 2012)? How is data science influencing the social contract? And what are the opportunities for evolving international norms and rules in response to transnational practices of data science and global data markets?
Suggested topics for contributions include, but are not limited to:
- Cybersecurity and data governance
- Algorithmic cultures and related political and social dynamics, including algorithmic accountability
- The global implications of data science and data markets
- Social and regulatory challenges relating to the Internet of Things
- The social and regulatory implications of smart environments
- The effects of data science on media and communications
- The interaction between data science and culture
- The ethics of data science and related technologies
- The implications of data science for academic research
For questions about possible presentation topics for this track, please contact Dr. Linnet Taylor: firstname.lastname@example.org
The Alumni track which will be held on 19 May 2017 is designed for TILT MA alumni and TILT PAO alumni (practitioners). This track comprises refresh courses on the General Data Protection Regulation, by and for alumni. The track offers a form of post academic education as well as a possibility to meet other TILT alumni.
The day is organized around implications of the General Data Protection Regulation. In the first session prof. Lokke Moerel and prof. Paul de Hert will share their insights on the impact of the GDPR, both from an academic and a practical perspective. After these introductions, four TILT alumni will shed light on the practical impact of specific provisions of the GDPR. Rachel Marbus, privacy officer at KPN, will discuss privacy governance. Mark Wijnhoven, Global Legal and Privacy lead at Philips, will address Data Protection Impact Assessments. Simone Fennell, consultant at Privacy Company, will address the ins and outs of data breach notification. And Aleksandrina Banusheva, expert at the Commission for Personal Data Protection in Bulgaria, will discuss the role of Data Protection Authorities under the GDPR.
NOvA credit points
Alumni participating in this track will be entitled to NOvA credit points (Certificate and Maintaining Professional Competence of the Dutch Order of Lawyers (Nederlandse Orde van Advocaten) for providers of courses to lawyers in the context of the policy of maintaining professional competence. You are responsible for applying the relevant credit points yourself.
Alumni can also register for this day only.
Registration fee: Euro 150 (one day)
Program 19 May 2017
Location: Dante building (DZ 2)
|9:00 - 9:30||Coffee and registration|
|9:30 - 9:45||Introduction Alumni Track||Colette Cuijpers|
|9:45 - 11:15||Session 9|
|The GDPR principles and solutions as a framework for gatekeeping in the Big Data Economy||Paul de Hert|
|Big data analytics under the GDPR: what has changed and how to implement the rules in practice||Lokke Moerel|
|11:15 - 11:30||Coffee break|
|11:30 - 13:00||Session 10|
|Data Protection Impact Assessment: reflections on how to execute the DPIA in a global environment||Mark Wijnhoven|
|Privacy governance in practice: how does it actually work?||Rachel Marbus|
|13:00 - 14:00||Lunch|
|14:00 - 15:00||Session 11|
|The ins and outs of Data Breach Notification||Simone Fennell|
|DPAs at the dawn of the GDPR||Aleksandrina Banusheva|
Information about the speakers (bio and abstract)
Paul de Hert
Paul de Hert is full professor at the Vrije Universiteit Brussel (VUB) and associated professor at Tilburg University. His main area of expertise is data protection law. With a background in criminal law he concentrates on topics such as enforcement and sanctioning within this area of law. De Hert has written several reports on behalf of the European Parliament and the Commission and often delivers talks at various gatherings, such as the International Working Group on Data Protection in Telecommunications, and the Council of Europe Committee on Data Protection, among others. He has published in European Journal of International Law, International Journal of Law and Information Technology, Computer Law & Security Review and International Data Privacy Law.
‘The GDPR principles and solutions as a framework for gatekeeping in the Big Data Economy’
This presentation looks at the impact of big data and draws conclusions on how legal frameworks can be adapted, using data protection as a case study. Big data practices affect interactions between different actors and can thereby also unsettle the legal frameworks regulating these interactions. The capacity to link and analyze data on a large scale has turned data into a network good. Positive network effects are an incentive for data-intensive business models. Data-driven business processes further involve a shift from limited, time-bound transactions to continuous services. These larger data flows penetrate an actor's boundaries and affects its gatekeeping functions. They result in an enlarged, fine-grained visibility of actors, which can be subjected to faster and targeted actions.
Lokke Moerel is senior counsel with Morrison & Foerster (Berlin), and professor of global ICT law at Tilburg University. Lokke is an expert on Big Data and Internet of Things. In February 2014, she accepted her professorship with the inaugural speech: “Big Data Protection. How to make the draft EU Regulation on Data Protection Future Proof”. She was further appointed to author (together with Prof. Corien Prins) the 2016 report for the Netherlands Lawyers Association on the impact of the digital age on society and how to regulate information technology on society and how to regulate the relationship between IT and society: “Privacy for the Homo Digitalis: Proposal for a New Regulatory Framework for Data Protection in the Light of Big Data and the Internet of Things”. Lokke has further written Binding Corporate Rules (Oxford University Press, 2012), which is considered the leading textbook on BCR and numerous international publications on global privacy, cybercrime, e-commerce, online advertising and outsourcing. Lokke is a member of the Dutch Cyber Security Council, the advisory body of the Dutch cabinet on cybersecurity. She is consistently ranked as a leader in data protection law in Chambers Global and Legal 500. "She has a formidable reputation in the field of data protection, advising numerous blue-chip clients. She is doing market-leading work." (Chambers Global 2015).
‘Big data analytics under the GDPR: what has changed and how to implement the rules in practice’
The GDPR does not provide for a specific regime on profiling. Profiling has now been defined under the GDPR and is mentioned in various provisions, including in the provision on the right to object, on automatic decision-making and when to perform a Data Protection Impact Assessment. How do these rules fit together into one comprehensive regime? The various rules are discussed and practical guidelines are given how to implement these in practice.
Rachel Marbus is a civil rights fundamentalist obsessed with the fundamental right to privacy. If someone tells her "Privacy is dead," she usually ignites a flaming speech beginning with "I have nothing to hide, but they don’t have to know."
Marbus is the Privacy Officer of KPN, did scientific research on privacy and identity in the online world, is a board member of the PvIB (Platform for Information Security), often speaks about privacy & security, and has a regular column in IB Magazine.
‘Privacy governance in practice: how does it actually work?’
Many years ago I left the academia to pursue a career in business and privacy governance. I thought I knew a lot about privacy – which was basically true of course since I was taught by the best at TILT. But, knowing about privacy and putting all that knowledge through the test by implementing it in businesses was a whole other thing, I can assure you. I’ll take you through some of the trials and tribulations and show you that some of them are still and always will be current.
Mark Wijnhoven works as global legal and privacy lead for Philips Information Security Office (CISO). As part of this role, Mark is leading in safeguarding privacy compliance for the (global) initiatives that are deployed to protect the organization against cyber related threats, as well as the integrity and confidentiality of the valuable (personal) data that Philips processes. For the initiatives that are deployed by the CISO, Mark is engaged in ensuring that consultation with works councils and national regulatory bodies takes place. Mark is also the CISO privacy officer.
‘Data Protection Impact Assessment: reflections on how to execute the DPIA in a global environment’
Before addressing the DPIA in the vibrant Philips environment, first a brief overview is given of some key features of the DPIA. After addressing the underlying principles, a closer look is given at the operational side of Data Protection Impact Assessment. A very important aspect in the impact assessment is data security. This topic will be highlighted, also in view of the close connection between DPIA and Privacy by Design; requiring the implementation of security standards and safeguards to mitigate risks. In providing some insight into how a business environment like that of Philips has implemented DPIA strategies, some best practices will be addressed at different levels: Process; Execution; and Learning. The presentation is concluded by an interactive discussion where the public can engage by commenting and asking questions.
Simone Fennell is senior privacy consultant at Privacy Company and provides privacy services to companies and organizations in both the commercial and public sector. As a part of Privacy Company’s team, Simone takes care of Privacy Impact Assessments, quick scans, onboarding processes for new products and services, acting as a privacy officer, assessing and implementing privacy frameworks and data breach compliance. She develops a wide variety of in-company and public training sessions. As a senior advisor, she is responsible for permanent education within Privacy Company. Simone teaches at various universities in The Netherlands, and is a faculty member of the International Association of Privacy Professionals (IAPP). As an accredited IAPP trainer, she teaches Privacy and European Law (CIPP/E) and Privacy Management (CIPM) in both Veenendaal (NL) and Brussels (BE). Prior to working for Privacy Company, Simone worked for Fennell Roosendaal and at the Tilburg Institute for Law, Technology, and Society (TILT) at Tilburg University, where she also obtained her degree in Law and Technology.
‘The ins and outs of Data Breach Notifications’
Two data breach acts have been effective in The Netherlands; the notification obligation from the Telecommunications act (2012) and from the Data Protection Act (2016). With the General Data Protection Regulation coming into effect in 2018, all European countries will have a data breach notification duty. But how do these data breach notification duties play out in practice?
What can be your game-plan? And how do you implement and manage this?
Aleksandrina Banusheva is an expert at the Bulgarian Data Protection Authority. As a member of the Legal Affairs, International Cooperation, Planning and Training Directorate she performs legal consultations and gives opinions on the implementation of the legislation, participates in the drafting of legal acts, prepares positions of the DPA and handles individuals’ requests concerning their rights. Aleksandrina has previous practical experience in the data protection sphere in different fields including the non-profit (International Cyber Investigation Training Academy), academic (Tilburg Institute for Law, Technology and Society), business (Philips B.V.) and public field (Europol).
‘DPAs at the dawn of the GDPR’
The data protection reform will require substantial amendments in the structure and functions of the DPAs. Many DPAs will have to increase their budget and staff (both in number and qualifications) in order to meet the new requirements.
How will the day-to-day work of the DPAs change after 25 May 2018? What will be the new tasks and what tasks will have to be abandoned? What are the new DPA’s powers to ensure lawful data processing across Europe? And what is the role of the Data Protection Officer amongst the DPAs, controllers and processors?