Co-located Event


Notes from the discussions.  

Day 1 - Thursday, October 22, 2020

10:00 - 10:20 CEST

Opening Remarks

  • Juhan Lepassaar (ENISA)
  • Jakub BoratyƄski (European Commission – DG Connect)
 10:20 - 11:20 CEST

“Talk with the regulators”

The crossroad of privacy and technology 

  • Ventsislav Karadjov (EDPB)
  • Wojciech Wiewiórowski (EDPS)
  • Filipa Calvão (CNPD)
 11:20 - 11:30 CEST
 Coffee Break
  11:30 - 12:30 CEST

Paper Session I: Impact Assessment

Chair: Luís Filipe Coelho Antunes

 The Data Protection Impact Assessment as a tool to enforce non-discriminatory AI  Yordanka Ivanova
 Processing operations ‘likely to result in high risks for the rights and freedoms’ - Lessons to be learned from national authorities’ DPIA ‘blacklists’  Katerina Demetzou
 Analysing the Impacts of Facial Recognition - Towards a Rigorous Methodology  Claude Castelluccia, Daniel Le Métayer
  12:30 - 13:30 CEST

Lunch Break




13:30 - 14:30 CEST





Paper Session II: Transparency

Chair: Giuseppe F. Italiano

Purposes in IAB Europe’s TCF: which legal basis and how are they used by advertisers? Célestin Matte, Cristiana Santos, Nataliia Bielova
Towards Transparency in the Internet of Things Stephan Escher, Benjamin Weller, Stefan Köpsell, Thorsten Strufe
Tracking without Traces—Fingerprinting in an Era of Individualism and Complexity Florian Adamsky, Stefan Schiffner, Thomas Engel
14:30 - 14:40 CEST  Coffee Break  
 14:40 - 15:40 CEST

Panel Session I: Data pseudonymisation: from theory to practice

Moderator: Athena Bourka (ENISA)


  • Paolo Balboni (ECPC)
  • Monir Azraoui (CNIL)
  • Damien Desfontaines (Google)


 15:40 - 16:00 CEST Day 1 Closing Remarks
 Andreas Mitrakas (ENISA)


Day 2 - Friday, October 23, 2020

10:30 - 10:40 CEST

Opening Remarks

Jorge Pereira da Silva (Católica University of Portugal)

10:40 - 11:00 CEST

 The NIST Privacy Framework

A Tool for Improving Privacy through Enterprise Risk Management

Naomi Lefkovitz (NIST)
11:00 - 12:00 CEST

Paper Session III: Data Protection and Security

Chair: Kai Rannenberg

Webs of Trust: Choosing Who to Trust on the Internet Matteo Dell'Amico
Italian National Framework for Cybersecurity and Data Protection Marco Angelini, Claudio Ciccotelli, Luisa Franchina, Alberto Marchetti-Spaccamela, Leonardo Querzoni
Operationalization of privacy and security requirements for eHealth IoT applications in the context of GDPR and CSL Oleksandr Tomashchuk, Yuan Li, Dimitri Van Landuyt, Wouter Joosen
 12:00 - 13:00 CEST Lunch Break


13:00 - 13:20 CEST 

 Browser Privacy

 Pedro Adão (University of Lisbon)

13:20 - 14:20 CEST  

Paper Session IV: Privacy by Design

 Chair: Maurizio Naldi

 Privacy through data recolouring Giuseppe D'Acquisto, Maurizio Naldi, Alessandro Mazzoccoli, Fabio Ciminelli
 Privacy by Design Identity Architecture Using Agents and Digital Identities Kalman Toth, Ann Cavoukian, Alan Anderson-Priddy
Preliminary remarks and practical insights on how the Whistleblower Protection Directive adopts some of the GDPR principles Rita de Sousa Costa, Inês de Castro Ruivo
 14:20 - 14:30 CEST  Coffee Break
14:30 - 15:30 CEST

Panel Session II: To track and to get tracked: new innovative methods and advancements

Moderator: Prokopios Drogkaris (ENISA)


  • Fernando Silva (Banco de Portugal)
  • Rob van Eijk (Future of Privacy Forum)
  • Marit Hansen (ULD)


15:30 - 16:00 CEST

Closing Remarks

APF 2021 Announcement

Andreas Mitrakas (ENISA)

Nils Gruschka (University of Oslo)