IAPP Data Protection Congress – Key Takeaways – Brussels, Nov. 2022

December 21, 2022

Romane Geurts

The IAPP – International Association of Privacy Professionals Europe Congress has already come to an end after two intensive days of keynotes and networking. The main questions in the air were the UK data reform, how the #GDPR is enforced in the EU and abroad, and how EU-US data transfers will unfold.

Here are some key takeaways from the Congress:

🔐Lively debate between Max SchremsEduardo Ustaran and Caitlin Fennessy on the #USExecutiveOrder (EO): according to Schrems, the main issues are that the EO does not establish a real court as that concept is understood under the CJEU’s standards and that the EU and the US don’t agree on the meaning of the term ‘proportionality’

🔐the #FTC said that they have bilateral arrangements in place to cooperate and collaborate on specific enforcement actions with #DataProtectionAuthorities around the world but that this topic is too sensitive to discuss publicly

🔐Bruno Gencarelli stated that the next set of #SCCs (between controllers/processors that are both subject to the GDPR) are expected in the first half of 2023

🔐The new #UKDataProtectionReform will not be submitted to public consultation, but round tables will be organized to discuss specific issues with stakeholders

🔐Multi-jurisdiction #compliance is a growing issue. The solution is to tweak a global baseline to keep consistency at a reasonable level of compliance. It’s also time to rethink our privacy policies: having just one may not be the right approach anymore.

🔐#DSA#DMA and other new legislation: there are intersections between them but there are also many conflicts. We need a more coherent EU approach.

🔐Didier Reynders: the EU-US data transfer adequacy decision is expected in spring 2023

🔐the newly proposed #EDPBguidelines on the obligation for non-EU companies to notify #DataBreaches to data protection authorities in multiple EU jurisdictions are a major headache for non-EU companies. Setting up an establishment in the EU to avoid this obligation may not be sufficient as the DPA’s will look into whether the establishment serves a real purpose.

🔐Nina Schick explained the great potential but also the real dangers of #GenerativeAI. By 2030, 90% of digital productions is expected to be synthetic AI-generated content. Neither humans nor AI will recognise synthetic from authentic content. This new future will be powered by data, whether gathered appropriately or not.

#IAPPDPC22 #DPC22 #DataProtection #DataProtectionCongress #PrivacyProfessionals #IAPP #Privacy #Data

Subscribe to EDPO’s newsletter here: https://lnkd.in/dwK8sde

We asked some thought leaders in the privacy world what they thought are some of the burning topics in data privacy at the moment. AI, Data Transfers, EU-US Executive Order, the increasing number of data protection laws…

Thank you to Odia KaganAnn BevittRomain RobertNatascha Gerlach CIPP/EChristopher Schmidt, FIP CIPP/E CIPM CIPT CDPO/FR CDPO/BR and Caitlin Fennessy for their time and insightful opinions! See you at the next conference!

Check the section below to find the links to the full interviews

Want to discuss some of these subjects with us? Reach out here to book a call: https://edpo.com/contact/

Christopher Schmidt and Natascha Gerlach: https://dai.ly/x8ge3k6 

Romain Robert: https://dai.ly/x8gdskv

Odia Kagan: https://dai.ly/x8gdrw8

Caitlinn Fennessy: https://dai.ly/x8gcwzb

Ann Bevitt: https://dai.ly/x8gcwpb


Follow us on Linkedin for daily breaking GDPR news!

Get our weekly newsletter in your inbox every Monday with fresh GDPR and Data Protection news!