GDPR Implementation – Blind spots, opportunities, and the way forward – WS 02 2019

From EuroDIG Wiki
Revision as of 16:20, 1 March 2019 by JoernE (talk | contribs) (Proposals added)
Jump to: navigation, search

Consolidated programme 2019 overview

To follow the current discussion on this topic, see the discussion tab on the upper left side of this page

Final title of the session: Please send the final title until latest to Do not edit the title of the page at the wiki on your own. The link to your session may otherwise disappear.

Working title: 1 year GDPR – status quo and future challenges

Proposals assigned to this session: ID 10, 27, 38, 66, 70, 72, 79, 102, 107, 129, 145, 176, 179 – list of all proposals as pdf


GDPR came into force this year, and it has its direct consequences not only for Europe and or South Eastern Europe, but also for other countries. Will there be a systemic approach to increase the competences of the users on the EU/SEE/Global dimension?


I think that for the countries of South and Eastern Europe it's crucial to define borders for the protection of data. Such as to create common framework for assisted anti-spam activities. They may arrise at any point, but collective action is important. Especially against fraudulent activities. They have to use suficient tools for data security.


If we want to safeguard individual privacy, we can’t rely on the market to do so: we need new tools and better rules to ensure individuals have a reasonable baseline of respect online. What could these tools look like?


Right to informational self-determination and the GDPR


Blockchain, Privacy and GDPR: An increasing number of applications use blockchain to provide superior privacy and data sovereignty to their users. This is perfect privacy by design, since users do not have to trust powerful intermediaries not to abuse their data, but they are protected by algorithms and design. No malicious administrator or CEO has the power to abuse their data. However, blockchain-based applications have a hard time to complying with GDPR. There is the conflict between the right to be forgotten and the immutability and transparency of public blockchains. But, even more importantly, GDPR is designed for applications under central control. Peer-to-peer applications like blockchains do not provide this central control. Users are simultaneously “controllers”, “processors” and “data-subjects”. There is nobody to make “processing agreements”, create a record of processing activities or reply to data protection authorities. Can we risk banning better privacy for these formal reasons?


In my opinion, human rights and personal data protection topics are essential not only for Europe and/or South Eastern Europe but for all parts of World. It is necessary becuse each of individual should to have own place, no matter in real life or virtual. Moreover, according to EU GDPR, for European organizations digital human rights and personal protection it's not topic for discussion but the regulation which must be applied.


The impact of Europe GDPR on economic, international development and human rights interactions of Europe, it's citizens and businesses with Africa and other nations.


Internet governance issues: How to deal with GDPR and Blockchain? Can GDPR Block Blockchain? Personal Data in Blockchains – Anonymous Content?


Improving privacy resilience in information societies.


RIghts Denied? As the GDPR enters its second year, how are its provisions being applied to populations and communities who are not yet citizens or residents due to their status as refugees or asylum-seekers? How can data protection regulations be considered as part of humanitarianlaw?


EU ePrivacy Regulation. Currently the Council is slowing down the adoption process of the new ePrivacy Regulation which would complement the GDPR and ofer additional protection to individuals by requiring specific data protection provisions in the electronic communications sector. The ePrivacy Regulation is an important tool for increasing individual’s protection and for safeguarding fundamental rights, however, there are intense lobbying eforts from the industry side against this Regulation to be finalised.


Human Rights Impact Assessments — Impact assessments are formal, evidence-based processes increasingly used in the public and private sectors to mitigate harms and manage risk. GDPR-based Data Protection Impact Assessments have become commonplace in Europe, however privacy is not the only right at stake in digital policy-making. Impact assessment methodologies can be tailored to address specific, or various, categories of rights, such as children’s, cultural, or LGBTQ rights. As a result, such tools can make the subject of human rights more practical and tangible while allowing people with divergent positions to engage in a constructive way.


The GDPR is the first data protection regulation ever that diferentiates by age and suggest to provide a higher grade of protection for children. Although this was meant to benefit children it seems the regulation has unintended consequences for the safety of children. The phrasing of Art. 8, decided upon in the very last minute at the end of 2015, has caused a judicial hotchpotch across Europe, leading to a fragmentation of the legal bases for the processing children’s data by service providers. Also it can be questioned if the right of children to be protected is to be put before their right to freedom of information, expression, participation and peaceful assembly.

You are invited to become a member of the session Org Team by subscribing to the mailing list. If you would just like to leave a comment feel free to use the discussion-page here at the wiki. Please contact to get access to the wiki.

Session teaser

Until .

1-2 lines to describe the focus of the session.

Session description

Until .

Always use your own words to describe the session. If you decide to quote the words of an external source, give them the due respect and acknowledgement by specifying the source.


Until .

Please try out new interactive formats. EuroDIG is about dialogue not about statements, presentations and speeches. Workshops should not be organised as a small plenary.

Further reading

Until .

Links to relevant websites, declarations, books, documents. Please note we cannot offer web space, so only links to external resources are possible. Example for an external link: Website of EuroDIG


Until .

Please provide name and institution for all people you list here.

Focal Point

  • Collin Kurre, Article 19

Organising Team (Org Team) List them here as they sign up.

The Org Team is a group of people shaping the session. Org Teams are open and every interested individual can become a member by subscribing to the mailing list.

Key Participants

Key Participants are experts willing to provide their knowledge during a session – not necessarily on stage. Key Participants should contribute to the session planning process and keep statements short and punchy during the session. They will be selected and assigned by the Org Team, ensuring a stakeholder balanced dialogue also considering gender and geographical balance. Please provide short CV’s of the Key Participants involved in your session at the Wiki or link to another source.


The moderator is the facilitator of the session at the event. Moderators are responsible for including the audience and encouraging a lively interaction among all session attendants. Please make sure the moderator takes a neutral role and can balance between all speakers. Please provide short CV of the moderator of your session at the Wiki or link to another source.

Remote Moderator

The Remote Moderator is in charge of facilitating participation via digital channels such as WebEx and social medial (Twitter, facebook). Remote Moderators monitor and moderate the social media channels and the participants via WebEX and forward questions to the session moderator. Please contact the EuroDIG secretariat if you need help to find a Remote Moderator.


Reporters will be assigned by the EuroDIG secretariat in cooperation with the Geneva Internet Platform. The Reporter takes notes during the session and formulates 3 (max. 5) bullet points at the end of each session that:

  • are summarised on a slide and presented to the audience at the end of each session
  • relate to the particular session and to European Internet governance policy
  • are forward looking and propose goals and activities that can be initiated after EuroDIG (recommendations)
  • are in (rough) consensus with the audience

Current discussion, conference calls, schedules and minutes

See the discussion tab on the upper left side of this page. Please use this page to publish:

  • dates for virtual meetings or coordination calls
  • short summary of calls or email exchange

Please be as open and transparent as possible in order to allow others to get involved and contact you. Use the wiki not only as the place to publish results but also to summarize the discussion process.


A short summary of the session will be provided by the Reporter.

Video record

Will be provided here after the event.


Will be provided here after the event.