Privacy impact of COVID19-related shift to online activities (payments, virtual meetings, e-commerce/e-banking) – WS 14 2021

From EuroDIG Wiki
Revision as of 15:37, 19 July 2021 by Eurodigwiki-edit (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

30 June 2021 | 14:45-15:45 CEST | Studio Trieste | Video recording | Transcript
Consolidated programme 2021 overview / Day 2

Proposals: #15 #28 #43 #75

You are invited to become a member of the session Org Team! By joining an Org Team, you agree to your name and affiliation being published on the respective wiki page of the session for transparency. Please subscribe to the mailing list to join the Org Team and answer the email that will be sent to you requesting your subscription confirmation.

Session teaser

COVID-19 led to a push towards digitalization. This went from online education, online collaboration, online information exchange to online commerce. It became obvious that digital human rights are an indispensable part of human rights.

  • How have risks manifested in this unplanned leap in online use?
  • How did privacy rights fare when the amount of data collected increased tremendously?
  • How about inclusion when for example poorly designed websites to register for a vaccination could not be used by many elderly people?
  • What about fake news about COVID-19 that did also originate from official sources?

Does such a crisis, and the need for preparedness for future crises, change the approach Europe should have domestically and abroad on data access, sharing, and use?

Session description

Until .

Always use your own words to describe the session. If you decide to quote the words of an external source, give them the due respect and acknowledgement by specifying the source.


Until .

Please try out new interactive formats. EuroDIG is about dialogue not about statements, presentations and speeches. Workshops should not be organised as a small plenary.

Further reading

Links to relevant websites, declarations, books, documents. Please note we cannot offer web space, so only links to external resources are possible. Example for an external link: Main page of EuroDIG


Until .

Please provide name and institution for all people you list here.

Focal Point

Focal Points take over the responsibility and lead of the session organisation. They work in close cooperation with the respective Subject Matter Expert (SME) and the EuroDIG Secretariat and are kindly requested to follow EuroDIG’s session principles

  • Olga Stepanova

Organising Team (Org Team) List Org Team members here as they sign up.

Subject Matter Expert (SME)

  • Jörn Erbguth

The Org Team is a group of people shaping the session. Org Teams are open and every interested individual can become a member by subscribing to the mailing list.

  • Roberto Gaetano, EURALO
  • Minda Moreira, Internet Rights and Principles Coalition
  • Amali De Silva-Mitchell, Dynamic Coalition on Data Driven Health Technologies / Futurist
  • Auke Pals

Key Participants

  • Paul Breitbarth
is a privacy lawyer from the Netherlands. He currently serves as Director, Global Policy and EU Strategy at TrustArc’s office in The Hague (Netherlands) and is visiting fellow at European Centre on Privacy and Cybersecurity (University of Maastricht). Before, Paul worked as senior international officer at the Dutch Data Protection Authority.
  • Esen Esener
is a Turkish law qualified lawyer, holding two LL.M degrees in IT/privacy. Currently, she works as compliance/privacy manager at the German FinTech Nuri (ex-Bitwala), which provides banking solutions while linking Euro and Cryptocurrency.
  • Meike Erbguth-Feldner
is a teacher at a school for children with learning difficulties in a small Bavarian town.
  • Teresa Widlok
works as advisor for Manuel Höferlin, a member of the German parliament who is actively promoting digitization and privacy topics. Besides, Teresa is vice chair of LOAD e. V., a German Association for liberal network politics and is speaker for Civil Rights at Friedrich Naumann Foundation, Berlin.

Key Participants are experts willing to provide their knowledge during a session – not necessarily on stage. Key Participants should contribute to the session planning process and keep statements short and punchy during the session. They will be selected and assigned by the Org Team, ensuring a stakeholder balanced dialogue also considering gender and geographical balance. Please provide short CV’s of the Key Participants involved in your session at the Wiki or link to another source.


  • Olga Stepanova, WINHELLER Rechtsanwaltsgesellschaft mbH
Certified Specialist for Intellectual Property Law, External Data Protection Officer

The moderator is the facilitator of the session at the event. Moderators are responsible for including the audience and encouraging a lively interaction among all session attendants. Please make sure the moderator takes a neutral role and can balance between all speakers. Please provide short CV of the moderator of your session at the Wiki or link to another source.

Remote Moderator

Trained remote moderators will be assigned on the spot by the EuroDIG secretariat to each session.


  • Arvin Kamberi

Reporters will be assigned by the EuroDIG secretariat in cooperation with the Geneva Internet Platform. The Reporter takes notes during the session and formulates 3 (max. 5) bullet points at the end of each session that:

  • are summarised on a slide and presented to the audience at the end of each session
  • relate to the particular session and to European Internet governance policy
  • are forward looking and propose goals and activities that can be initiated after EuroDIG (recommendations)
  • are in (rough) consensus with the audience

Current discussion, conference calls, schedules and minutes

See the discussion tab on the upper left side of this page. Please use this page to publish:

  • dates for virtual meetings or coordination calls
  • short summary of calls or email exchange

Please be as open and transparent as possible in order to allow others to get involved and contact you. Use the wiki not only as the place to publish results but also to summarize the discussion process.


  • In the field of online participation and online work, we need to start introducing more thorough privacy policies, and appropriate training for present and future remote industries.
  • Digital literacy is important to prevent increased attacks on users in the financial sector. This was evidenced by all sorts of scams and attacks amplified during the period of extensive use of online finance.
  • With the introduction of online tools in telemedicine, online education, and the public sector, a big task will be to actively promote the idea that data protection is not an obstacle to productivity and innovation.
  • Even with the GDPR in place, compliance of services is often overlooked in search of the right balance on tech advancements and user rights. A good way forward might be to see what the specific goal is, and address that particular issue. Data protection is a different issue for different users. We might need a talk on how the future of data protection will look like.

Find an independent report of the session from the Geneva Internet Platform Digital Watch Observatory at

Video record


Provided by: Caption First, Inc., P.O. Box 3066, Monument, CO 80132, Phone: +001-719-482-9835,

This text, document, or file is based on live transcription. Communication Access Realtime Translation (CART), captioning, and/or live transcription are provided in order to facilitate communication accessibility and may not be a totally verbatim record of the proceedings. This text, document, or file is not to be distributed or used in any way that may violate copyright law.

>> MARCO ZENNARO: So good afternoon and welcome to workshop number 14. My name is Marco Zennaro and I’m based at the international center for theoretical physics in Trieste, which hopefully we host you in person next year.

So this is workshop 14 about “Prive Sith Impact of COVID-19-Related Shift to Online Activities, Payments, Virtual Meetings, ECommerce and Ebanking.”

The moderator will be Olga Stepanova. And before giving her the floor, a few session rules please enter with your full name, as your hand using the Zoom function. You will be unmuted when the floor is given to you, and when speaking, please switch on the video. State your name and affiliation.

The chat will not be stored or published and do not share the Zoom meeting ID with your colleagues. And that’s it for the session rules. So please, the floor is yours.

>> OLGA STEPANOVA: Hello. It’s nice to have you here. I’m very glad that we the have opportunity to meet online. I hope you can hear me and hopefully you can also see me.

Can you see me? Actually, yes. Okay.

Now hello to everybody. Now you can see me. So the session today is on the privacy impact of COVID-19-related shift to online activities. Unfortunately, COVID is something we did not get rid of in the past year and it’s something that we took into 2021. So it is really important to talk also about the privacy impact and the impact on all the other questions and issues of civil society, but today, it is the privacy impact we will be talking about.

And I’m very glad to have a very, very diverse group of key participants who I will now introduce to you. It was actually important to me that I don’t have just one stakeholder group in here. So rather, I present the views on the COVID-19-related impact from different angles. So first of all, I’m very glad to introduce Paul Breitbarth to you. He’s a privacy lawyer from the Netherlands. He currently serves as the director of global policy and EU strategy provider and a visiting fellow at the European Center on privacy and cybersecurity at Maastricht University. This is what is important. Paul used to work at the Dutch Data Protection Authority. So he has a few on different angles on privacy-related topics and the COVID shift.

So first of all, hi, Paul. It’s great to have you here.

Our second participant is Esen. Esen has a very interesting background. She’s a Turkish qualified lawyer, but still holding two degrees in privacy and she currently works as a privacy manager at German FinTech, who serves to provide global and also very interesting banking solutions because it links the Euro currency with cryptocurrency. This is a very, very new field which is developing in Germany, all over the world, but also related to eCommerce and ebanking.

Then we have got a very different participant in here. We have got a teacher from a school for children with learning difficulties and this is Meike. It’s great to have you here on board, because I’m very, very interested to listen on how the COVID-19 pandemic influenced school. Because all people were talking about school and how peoples get along with online teaching, eteaching. So I’m very, very glad to receive some information on your experience.

And last but not least, we have got Teresa on board. Teresa is an advisor of a parliamentarian at the German parliament, who is actively promoting digitalization and privacy topics. Besides she’s a speaker of Civil Rights and the vice chair of the German Association for Liberal Network Politics meaning that she’s also very much into privacy topics and I’m very interested as well to listen on how she felt about the shift to online activities and what kind of things she thinks may be necessary to somehow improve, but perhaps there are also things which are working well. So Teresa, I’m also very, very glad to welcome you here on the panel.

So just to give you the kind of information of how the session will be held. I first will introduce the topic to you. Afterwards, first I will give the floor to Paul and then to Esen, Meike and last but not least Teresa. So they will present their views and experiences on this topic. Afterwards, we will have a discussion between the key participants on the identified issues and also, please, feel very much encouraged asking questions. I will review what you are posting in the chat box. So I’m very glad in case you have questions so we can discuss them among the key participants.

And at the end, we’ll have some closing words on the session. This is just for you to know. Eye refrain from posting some kind of slides. I think we are all a bit tired of online sessions and slides and thought it best just to talk free about topics which are interesting and about topics which are influencing all of our lives since they are somehow related to the online activities and our rights to privacy.

So my aim is to understand what kind of different impacts we have seen during the last one year, one and a half years. It’s very nice to see on what kind of things were working very well, the things we need to improve not only from a German perspective, and European-wide perspective.

Now I think I talked enough, and Paul, I’m glad to give you the floor and to report on your experience regarding the shift to online activities.

>> PAUL BREITBARTH: Thank you, Olga. And first of all, thank you to EuroDIG for the invitation to be here today. Of course, it would have been much nicer to be in beautiful Trieste. This is the Hague calling for now. To be honest, I think the biggest shift to online activities is to follow. That’s not to say that we have a big change. But from a privacy and data security perspective, I think we are still due the worst of what is yet to come and that is a whole range of data breaches and compromises that will be flooding over us in the next one or two years. I hope I’m wrong, but I fear that is the consequence of everybody shifting a lot of their activities to online over the past 16 months.

If we go back to February/March of last year, suddenly almost every single company in the western world, at least had to decide to stop people coming to the office, to stop all international travel and make people work from home. We saw that lots of organizations had to quickly change to using online tools. They were very reluctant to let people work from home, because especially for product development, for software development, it can be very efficient to be in the same room and have those scrum discussions if person, the stand-up meetings, the 15-minute a day. You know all the big hype words. But it actually works.

And with talking to each other in person, you can get a lot of work done. Also at Trustarc, we used to do that in the office and suddenly we had to do that from home. And that was the same for lots of companies around the world. For many, that also meant that they needed to quickly invest in online conferencing tools, in cooperation platforms like Google meeting and Slack, and they were implied overnight, without privacy assessments, and risk assessments and without maybe implementing the specific security requirements.

We saw, for example, with Zoom that the platform grew very quickly but also came under a lot of scrutiny overnight, which showed a lot of faults also from the privacy and the security perspective.

And that is no different for Google chat or Microsoft Teams or any of the other big platforms. They were addressed. All of the big platforms also took to criticism to – to address those, but it also shows that a lot of companies did not do the due diligence when selecting their platform. Choices were made on availability, and price and usability and the same for cooperation platforms.

When we did our annual privacy survey last year, we saw that almost two-thirds of respondents actually saw changes in the tech that were employed – deployed within the organization.

58% of privacy professionals that we spoke to also mentioned that there were additional measures taken to stay up to date on developments in the privacy community. Newsletters that were subscribed to, online resources, databases that were added, 48%. So not even half of the companies did actually update their policies or extend the policies to work from home, where that might have been welcomed. And only 39% offered additional training to employees and also that could have been helpful, and could still be helpful even going forward, because it looks like the new normal will not be five days a week going into the office.

So looking at the training and looking at those policies, working from home, they should in any case cover what kind of devices are you allowed to use? Are you allowed to share or work from your personal devices? Are you allowed to share your devices your roommates or house mates? Are you allowed to install your own software on your work device or not? All of those kind of things could have an impact also on the data security from a company. Some have advocates only use thin clients for using at home where you are not able to store anything to actually ensure that no data can be breached via working from home or at least to lower the chances.

What I think is that working from home, in these COVID days, will actually show in the time going forward some failures to control the sharing of information on a need-to-know basis, roles based access controls and also making sure that you have those relationships with your vendor properly documented and secured. It will also show that this is an over retention of information, as well as a failure to dispose security of data.

As well as failures to conduct privacy and impact assessments. I think those are things that we need to think about more carefully going forward and it’s timely to put those in place right now because as mentioned, the world has fundamentally changed and people will be more working from home going forward.

Maybe leave it at that as an introduction.

>> OLGA STEPANOVA: Yes, Paul. I believe that many, many problems we were faced during the pandemics were not so much because of pandemics, but the issue was perhaps in 2018, 2019 as well, because companies did not sufficiently implement all – all requirements of GDPR. I believe it would be much easier in case company would have obeyed the rules, but anyway, this is also a learning we need to take into account.

I think this is about the discussion we will have later on. Esen, now it is your turn to provide brief information on your experience.

>> ESEN ESENER: , I’m happy to be here today and share your experience in regards to the development in privacy and digital banking at Nuri. Before I start, I would like to explain what we do at Nuri to give the audience a clear picture.

At Nuri, or formerly Bitwala, we built a bridge between the traditional world of finance and the decentralized world of finance by leveraging blockchain technology. Nuri is the abbreviation of new reality, because we believe we are entering a new reality of banking.

We have been keeping our money in traditional finance for years and now the financial system is opening up. We have a traditional Euro, along with crypto wallets for bit coin and also a bit coin interest account. We believe we are the pioneer in mixing up two worlds of finance.

So in our industry we have the observation that from the start of the pandemic, an increased tendency towards digital banking, less people see the need for physical bank branches and more people are getting acquainted with mobile banking.

In the beginning of the pandemic, we saw that many retail stores in Germany started to accept card payments or digital payments instead of cash payments to decrease the contact, which was also quite a big step for Germany where cash payments are still dominant. A recent Deloitte survey which was conducted in Switzerland with 1,500 working age individuals state that almost 20% of all retail banking customers have used at least one online service for the first time during the crisis.

And most first-time users say that they want to continue to use at least some online services, once the crisis has passed. According to another research published by the VERI group, mobile banking services have increased by 72% during the pandemic.

Another area where we see is investment opportunities. Due to uncertainty, people took precautions and saved money and – or looked for alternatives to grow their money. In our company, we see a similar tendency in use of our services.

So the question is how all of these actually includes the private affairs of individuals. So first of all, we have seen an increase in phishing attacks. They reach them through SMS or via email to collect user data or to gain access to their bank account.

And secondly, we were reported more fraud lens. They are called by a legitimate founding broker, and asked to send funds or customers are asked to give the remote control of their devices and make the financial activity.

For they make a background check and make sure the individual is our customer before approaching. This check happens usually on social media and customers publicly available digital footprint, such as comments on the renew retreat. This kind of case gives a wrong impression to customers that we share their data with unauthorized parties. Based on this, we received a request of information from a customer about our third parties.

So in Germany, it would be accurate to say that people are sensitive about their privacy, but as long as the sensitivity is not supported by digital literacy of citizens, it’s not I believe to protect privacy effectively.

>> OLGA STEPANOVA: Yes, I think it’s very important to emphasize what you said in the very beginning that Germany, actually, before the pandemics, most people were either – they were in favor of cash payment. I think when we see the statistics, across all the other European Member States, this is very interesting because for example, the Scandinavian states like Finland or Sweden, were very much into digital payments even before pandemics. And the Germans – I don’t know for what kind of reason, actually, but they were all paying cash. And this is so interesting to see that even now when you go to a bakery, just to buy some bread for 3 Euro, it is the new normal to pay by card.

So it is even that you question yourself, okay, am I allowed to pay by cash? And I think this is very important development when we see the German population, because for the German population, cash payment is very important, or was even very important. And now people get acquainted with the new normal. So this also is a heavy challenge for the banks and banking service providers because they have much more data which they need to store and also much more transactional data. And we don’t only need to think of, for example, of sensitive data like payments at pharmacy or donations to a party, political party or something like that.

>> That’s not me.

>> Olga froze, at least for me.

>> ESEN ESENER: For me too.

>> Yes, it’s only Olga.

>> MARCO ZENNARO: So should we move to the next speaker?

Which I believe is Meike, right?

>> Meike, you are on mute.

>> MEIKE ERBGUTH-FELDER: Oh, sorry. Same problem all the time.

>> OLGA STEPANOVA: Okay. Just continuing. So yes, so we should all be here – Teresa. Teresa is missing somehow. She’s here. Okay. Great. What I wanted to say, actually, is that there is a new not only threat but a special impact on privacy when we take all of these new factors and data processes into account.

So I believe that the normal banking won’t be the normal in the future and banks need to work on their privacy and also and especially on cybersecurity.

So that the breaches Paul was talking about won’t happen too often, because now, of course, we see that data breaches occur and a lot of them occur, and I believe that a lot occurred and we don’t know about them. So what I want to say is we need to focus on cybersecurity especially because of this new normal which has shifted to the online activities, which I believe we won’t get away from because this is the new normal and people got acquainted with this and also saw the advantages of having things digital.

So I think it is very, very interesting to see what Meike has to report right now. Meike is a totally different stakeholder and I’m very grateful to have her here today because I think we all focus on business activities and on clients and on scaling our – our products and so on. But the educational sector is very, very much important since this is the future of all of us. So Meike, the floor is yours and I’m very interested in hearing what you can report us, what has happened and how schools and educational facilities survived COVID pandemics in regards of online activities.

>> MEIKE ERBGUTH-FELDER: Yeah, hello, all together.

So thank you very much that I can be here and that I’m involved in this topic, and that we can sort of put all the different stakeholders together and different interests together.

Yeah. I’m a teacher in vocational school, and the pupils are, as you said, sort of slow learners or people with special needs. And I’m a mother of three children, from 12 to 16. So I’ve had – I could see the lockdown from different sides. The first lockdown, which was last year, from March to summer, there were hardly any rules and there was there were hardly any videoconferences or videoconference tools used. And so it was very optional to the pupil to do how much they ever wanted and it was also optional to the pupils to use these tools which was very, very hard because our goal is to get the pupils involved and to get in contact and to stay in contact and so it was really very, very hard.

Then we had the second lockdown from December until nearly now and there it was different. There were these videoconference tools you could use and mainly it was Teams used because the others – the other schools which were – you could use or you had the opportunity to use crashed a lot of times but also there it was because of privacy rules, it was optional to the pupils or to the teachers to show that picture. And that was a very, very big problem because when the pupil was older, they didn’t show the picture. And so you could just guess that they were doing other things at the same time, like watching a video or gaming or whatever. So it was hard to get in contact and get the motivation of the pupils very high.

On the other hand, it was also hard because you – a lot of pupils had – like, they don’t have an office to work. They were very many children in one room. So then you could also guess that there were other children in the same room when you work with the pupil.

Once I wondered because it was very noisy when I – when I talked to and tried to explain to a boy in math and then he explained, well, that was his brother, having a videoconference at the same time, in the same room. So it was really, really hard. The other problem was the equipment. I’m also a member of the on the city council of my town. And so I noted – I know that the German government decided to sustain a lot of equipment for all the pupils so everyone should have them, but it took more than half a year or three-quarters of a year in my town. Other towns were a lot quicker. So the – the equipment was in the end on the families. So they had them in April or so, when a lot of – well, it’s not the most important time to had, yeah.

Just for the beginning, I hope it’s also interesting and I hope we can link it to the other themes as well. Thank you.

>> OLGA STEPANOVA: Thank you, Meike, to see how this happened in Germany. I have seen it coming that in case we have a lockdown, Germany won’t be – won’t be too well prepared. Actually, Germany was very bad prepared because on the one hand, we didn’t have enough end user devices and on the other hand, there’s barely no digitalization in schools right now unfortunately.

Neither pupils nor their parents or their teachers, whoever was prepared on the situation. Meaning that it was kind of – at least it was a kind of possibility that there won’t be any kind of lessons at school, because there is a lack of software or end user devices but some schools made it very well and just in the following week or the following two weeks they somehow managed to get enough end user devices to get some software, but this is a huge issue which was raised due to the pandemics because obviously the Internet. There’s no Internet in schools. They are not prepared and also pupils are not well acquainted with all of these kind of possibilities of using these devices and software.

Of course, they can use their mobile tone or a computer, in some regards but they have no understanding ever how privacy works, for example. I really doubt that the schools met the requirements of GDPR as far as information, when it comes to Article 13, meaning the information on how data is processed.

I think this clearly showed on the one hand by GDPR, we forced companies to take a lot of money and to invest a lot of effort in implementing all GDPR rules but, on the other, hand when it comes to administrative bodies, somehow we don’t pay too much attention. I don’t know if this is related, that there is an exemption in the law so that governmental bodies condition be fined. I don’t know if that’s why they don’t care too much about it.

I believe it’s related to the fact that no money or just a lot of other things to do instead of keeping an eye on schools. So what I think and this is a good link to Teresa who represents civil societies and also politics in a way that she can make us understand how this occurred on a governmental level and how she thinks the experiences we made in the past, 15, 16 months, that it may show us we can’t stay on the same level as we did before and we definitely need to improve ourselves, starting from ourselves going to governmental organizations to administrative bodies and of course the private sector. So Teresa, the floor is yours and we are very much looking forward to receiving your information on how you see the situation and what changed in the past 16 or 15 months.

>> TERESA WIDLOK: Yes, thank you, Olga. Thank you, everyone, for having me in this discussion today. A couple of words on my perspectives. It’s possible you mentioned my – I will share my experiences firstly as a vice chair of the Association, LOAD which focuses on the Internet on the civil society level and then as a policy advisor, first for a German MP, and then as of March of this year for the Liberal Naumann Foundation in Berlin. So I’m focused on the overall privacy debate from a policy point of view and from civil society point of view.

So first, I think one big issue was corona contact tracing, one big issue in the overall debate. I think what we have seen is for the first time in ages or the least since I looked at political debates, there was a wildly held public debate about the differences and the technical setups of the digital solution and not in the first place to see which one of the setups performs better, but to see which one of the setups is more privacy friendly. So I think that was a kind of really new development and we haven’t seen it or we haven’t seen a deep political debate, I think ever, and this was a first development I want to share with everyone.

And the other thing is that another issue was the big question if data protection, caused a big problem. Some called it a super fundamental right. So saying it’s the only fundal right that cannot be infringed upon or which cannot be restricted in anyway.

Of course, this was over exaggerated because in many ways, we have seen that privacy rights have been restricted. I mean, look at having to address everything where you go, in order to being able to trace you back if there was a COVID argument. So this super fundamental right was not accurate, but it has been stated many times during the political debates.

These two observations or maybe say the impacts of these various debates were on the one hand that the involvement and the understanding of the different stakeholders and policy making intensified in a way so that was a good point. I predict we will see more projects that will be developed on a governmental level using open source. Using the impact from the community to make projects more data protection friendly to make data more safe, not only protect but safe.

And frankly, I think that’s what we need, tying back to what you said, Olga, to make this pandemic or to get something good out of this pandemic on the digital turnouts of this pandemic.

On the other hand, I would say an impact was that sadly, you my say data protection’s image has not become better during the pandemic. Could you argue that it even got worse.

So if we want to make – and this is something that ties back into Meike’s statement. If we want to make sure using video tours in tools, telemedicine or other digital services in the future, the big task of politicians is that data protection is not the roadblock in getting a good product or getting good policies but rather something that you can kind of bring in the project and which will not hinder you in getting a good result. I think the general attitude to data protection has not changed in the pandemic. It’s the entrenchment has become even worse on some levels but, on the other hand, I think the understanding Yugoslav some people say our data protection this is something – I can’t do it because of data protection as an argument, maybe understanding why people say that sometimes as a really easy excuse for why things don’t work in their eyes. Maybe that understanding has become better.

So I think – I don’t know if this is very good or positive outcomes of the political debates in the end but I think that’s been made some ground which we could build on if we want in the future.

>> OLGA STEPANOVA: Thank you, Teresa. I thought how to get into the discussion, and what can be the motto of this discussion, and I think – but perhaps Paul, Meike, Esen, you have another view on that. I think it should be something about the super fundamental right versus other rights because as we clearly have seen, data protection is very important, and it should be actively promoted. The image should somehow increase in a good way but on the other hand, we see that we have got a lot of issues because of data protection.

So the question is. Does data protection as GDPR wants us to have it in place fit in what we have right now or is this another right reality which is not fitting to our reality and we try to make it somehow working but it doesn’t work. As Meike has told us it was difficult with the tools and how to supervise the children with eLearning and I think this was a very, very top priority. We don’t think too much about privity when the question arose on how to teach our pupils at schools. And this is what Teresa said or Paul said, that from one day to another, we needed to shift everything to online. So that privacy rights was not that important. Is privacy misunderstood GDPR fitting to the concept of civil society and the concept of the level of digitalization we have right now in Europe to GDPR?

So Paul, perhaps what – what is your opinion on this thesis?

>> PAUL BREITBARTH: Well, to be honest, I believe that GDPR fits a crisis like the pandemic that we have been facing for the past year and a half. And it does contain quite a lot of exceptions that can be used in emergencies whether it is for medical research, whether it is as a grounds for processing in life and death situations, whether it is to also let people delay certain individual rights as we have also seen.

Also there you can take certain decisions and it could be that you would need some additional national legislation in place.

To make use of those exceptions and exceptions but in principle, GDPR would be flexible enough.

I believe that not all of us, maybe including myself already understand all the possibilities that the law has. And I think it probably the pandemic came a few years same too soon, while we were still trying to learn how to work with the GDPR that we also were able to work with all the exceptions and exemptions.

>> OLGA STEPANOVA: Actually, this is also something that came to my mind, is that the time frame between GDPR and pandemics was too short.


So we should have asked the pandemic to knock on the door later. Just kidding and hopefully we never have – we will solve this situation right now, and we will never be forced with pandemics in the future.

But this is actually what I also realized because a lot of companies were still implementing, they were in the process of implying, GDPR and they were hit very unprepared somehow and then they did what they could do in order to not top their active business.

So Esen, how did it work in your organization. I believe FinTech was acquainted with new methods of working with digitalization. So how did it work for you when you had all of your meetings online or in person?

>> ESEN ESENER: Actually, we were prepared for the home working and the remote working situation, because remote working was actually sort of a rule at our company. So we didn’t really struggle that much. However, we actually struggled with the onboarding of new people, new colleagues, and actually raising awareness of the privacy and security and all of their home equipment, et cetera. So I would say that the most of the struggle was actually establishing the company culture over all of Germany and other external colleagues who work from different Member States.

In general, as a rule, we were quite pro remote working. So in terms of GDPR compliance, we really did not struggle that much.

>> OLGA STEPANOVA: I think you are kind of an exception because I know that a lot of companies, they even had no hardware and I remember that when the pandemic started, March last year, the prices for hardware increased because a lot of people had very bad old notebooks and they just needed new hardware. But since we have a global world and we don’t produce things on our own, we had to wait for things from China and other countries. This was also an issue. And I was really wondering because it was hard to get service in Germany, and additional power because all the videoconference tools.

I even heard something like, okay, please don’t use the Internet for other things other than Internet conference calls. Gamers were refrained from playing games online because there was not enough power on the Internet. So it sounds a bit crazy to me in 2021 and I believe unfortunately, we in Germany don’t have the best Internet. I don’t dare to think how bad our Internet connection is. This is something that we identify and really need to work on.

It’s good to here that they are great companies, Esen, that switched very, very quickly and well.

And only had struggles with onboarding. So you did not do it with A plus plus, but perhaps an A grade is fine.

So as I just asked you, perhaps somebody wants to ask some questions? I just wrote in the chat, that the participants are invited to ask questions to our key participants. If this is the case, please just drop a line there. Meike, what is also interesting is there any kind of improvement, a kind of change? Is there – what is also interesting is there any kind of improvement, any kind of change, by the government saying, yes we are prepared. It seems to me that unfortunately, there will be something going on starting autumn of this year. And it’s not that much unlikely that there will be a new lockdown, perhaps.

So is there any kind of formal communication saying, okay, this time we are really prepared? Or do you think that the things will go on as they ended with the last lockdown?

>> MEIKE ERBGUTH-FELDER: Make Jacques would like to answer the question before. Because he’s raising his hand.

>> PARTICIPANT: Well, I was not raising a question. I merely wanted to point out that in Swiss IGF, which took place last week, we had a session particularly dedicated to the question of whether digitalization could be used to the right measure in combatting the COVID on all levels, including research and the outcome as it pointed out and also the messages that we drafted afterwards. We put a link in the chat, that the outcome was actually, the administration had a huge problem in finding the right methods due to a sometimes overzealous use of data protection. And so the message was that there should be a right balance between fundamental rights and the benefits to society by digitalization, taking into account that there is not just data protection, fundamental right, but also fundamental rights such as right for good health or well-being in general. So just a hint. We discussed it in the Swiss IGF last week.

>> OLGA STEPANOVA: So what is the super fundamental right, actually, because we have also the right to have a healthy life and right to education which is even stipulated in the German constitution, and as Jörn just put in the chat, what has happened in Berlin, that the Berlin Data Protection Authority stopped schools using videoconference tools because the authorities said, okay, this is not a compliant tool. Actually, there are very, very hardliners and they also posted a huge document on accusing all videoconference tools that are not compliant for this or that reason and the question is how we want to – how we want to tackle this issue. Because currently, I don’t think that there’s super good solutions and that this is rather the question of shouldn’t we perhaps – shouldn’t privacy be a super based fundamental right. And this is the question to Teresa like, what do you think we have got, for example in Germany we have got elections in autumn. But this is not a German question, but European wide question. It’s applicable in all of Europe S. there any kind of possibility on overcoming this super fundamental right or what would be your approach on that?

And then Marianne has a question and then we will ask her.

>> TERESA WIDLOK: I think we have seen good and bad examples on kind of striking the right balance between all the fundamental rights which have been kind of seen or touched on during the pandemic. One the good examples I have already told you about in Germany, for example, or Germany at least was the corona-born app, and the tracing HAP. Once you bring data protection into the debate from the first step of the project on. So you don’t develop some – you’re not like, oh, we should see if it’s compliant with GDPR. If you can’t bring it into the equation at a very early stage, then in the end you won’t have a problem with that fundamental right, weighing it against other fundamental rights on the way.

Of course, you are right, seeing that we have got a world where there’s personal information about every one of us out there on such a large scale that this very notion that one can be in power of every little bit or piece of information which is out there, it’s outdates. Went can’t really say that the goal of data protection is to kind of have the power to influence any and any sort of information that’s out there about you, in section with you. I mean, it’s not possible but we have to see what kind of is the real goal of data protection. And someone in the chat said, maybe we need to think about what is the wording? Are we protecting data? Are we protecting the fundamental right of people behind the data and stuff like that?

So I think the pandemic in a way brought us closer to the core questions of data protection and we may have some issues with implementing the GDPR on many very good questions, and practical questions and the underlying questions of what do we want with data protection at all?

So I think maybe this debate has been moved a couple of steps forward and I’m looking not overall debate about this question in the future.

>> OLGA STEPANOVA: So thank you, Teresa. The core question of what GDPR is actually about. As we are a bit running out of time, I would like to pass the floor to Marianne, who raised her hand. We are very interested in hearing your comments on that.

>> PARTICIPANT: This session as I understand it is looking at a range of interlocking, also very distinctive issues and I think we are a number of issues that cannot be covered by the GDPR, nor can only one human right respond to these. It’s not just privacy, issues around poor data protection, issues around lack of responsibility as my colleague here on the chat points out.

We’ve got issues like the freedom, the right to information, the right to freedom movement online. The right to an education, the right to cultural diversity. The right of persons with disabilities, the rights of children and these rights aren’t always compatible one with another. I don’t have to tell anybody that. We all know this.

What we are confronting here and what I’m finding fascinating and disturbing is this idea that if we find the magic bullet, we will have solved all the issues and I think we haven’t gotten the magic bullet. I think the GDPR is a great piece of legislation. I think there’s a lot of work to have it implemented properly. And so there’s lots of things going on. My problem with COVID is we creep into the second year, is this precise issue of mission creep – mission creep, authorities overstepping the mark. Management is not understanding what even data gathering is, let alone how to protect it.

Students and teachers, young children, being forced to use platforms run by huge global monopolies that make transparency a joke when they take that on. So I’m getting increasingly angry about the way we skip about the elephant in the room. Digitalization is not the solution to all of these problems, necessarily. It is, in fact, so possibly a problem, looking for another set of solutions. I think it’s a part of our everyday life. I would like the speakers to think really quickly. What do you think about the idea of digitalization as a value. And if it’s a value, and it’s a cultural value and social value and it has implications for some in our society. For some it’s a way forward and others it’s a way back.

As regulators and people working in the business world and the legal world, how would you want to move forward without making digitalization another tool of oppression if I may use a very sort of rhetorical term.

So we can broaden our discussion past the one piece of regulation.

Thank you.

>> OLGA STEPANOVA: Thank you, Marianne this was a fantastic discussion on. Comment right now. Two things which I – which I noted right now on the paper is the right of free movement online and on the other hand, the inclusion, because somehow I believe that do to all the tools or the shifts to online activities, the scissors between people and between the civil society people who are well-acquainted with digital tools and know about their rights to privacy, and those who are not, they get bigger and bigger. It’s not only about the digitalization but our whole society.

Perhaps we need to rethink our concept of privacy on the one hand and the possibilities that we have at hand.

Plus on the impacts on the whole society not only on the business people or the politicians or the clerks also about people with disabilities and children and that’s why it’s so valuable what you said right now. But I also want to give Jacques the –

>> PARTICIPANT: Yes. Just for the sake of the discussion, Marianne, I would just go forward to the other side and say, well, think about the works that were available. This was the only feasible on the digitalization. Digitalization is a really value that has a nasty habit of having some back – some side effects such as – now we can turn it around, such as tampering with the fundamental values and this bringing on discrimination, but science brought the release of COVID. And we’re discussing about COVID, if I’m correct.

We would have a hard time without digitalization. So we should be utterly glad to have all of these things at hand. Your turn.


>> Can I respond, Olga? I have been challenged?

>> OLGA STEPANOVA: I’m sorry.

>> PARTICIPANT: Unless somebody else has something to say.

>> OLGA STEPANOVA: I mean, what is beautiful about this discussion right now is that I think all of us can agree that the point not the pandemic, but the pandemic showed us what issues and understanding what privacy is about because privacy means different things to different people. And this is a whole, very, very deep question and issue in our society, how we want to continue. I remember there was a statistic saying in the past two years, there were 90% of data aggregated – of all data worldwide, meaning that by each and every year, we collect more and more and more data. And the question is how we want to treat it, how we want to – what is our idea? It is not about GDPR or any other rule, although I believe that what Paul said that perhaps we need additional legislation would make sense. Yes?

Because perhaps we see that some things don’t fit. So why don’t we align our reality with the laws?

But this is a very, very, very, critical discussion. We need to have everywhere, and the parliaments and the civil society, because it’s not a question about pandemics, but it’s how we want to continue with digitization.

I’m just reading the comments.

So we’re running out of time. We are even over the time. But for me it’s important to give you the last word to conclude on what is your approach. What is your idea of how we should continue in the European-wide and finding the European-wide issues we raised, not towards the pandemic but the whole concept of privacy. I will just first ask Paul to give your comments on that.

>> PAUL BREITBARTH: I have two – two beginning points of solutions.

One is a much wider use of sunset clauses for any kind of interfering legislation. So it auto expires unless it is explicitly renewed following a parliamentary debate. Two is much better accountability for all of those processing personal data with much stricter requirements and what demonstrate? Public.

>> OLGA STEPANOVA: Thank you, Paul. So Esen, what is your idea?

>> ESEN ESENER: Well, I also see the discussion in the chat as we are talking about the same piece of legislation is in force in all EA region, the interpretation is quite different. So I guess we would of course, United Nations one framework legislation to at least provide the minimum guarantees or safeguards within society, but I guess on the other hand of strengthening the privacy rights is also again what I spoke in my speech that the digital literacy. There’s not enough digital literacy. They are not aware of what we are giving to the online world, as well as maybe older generations. So I guess for the better protection of privacy, we also need to increase the digital literacy and start to work on this in this society.

>> OLGA STEPANOVA: Thank you, Esen. This is very, very important what you said. And I believe this is a lot about being informed, what actually happens especially for children. So while we’re talking about children, Meike is the right person to tell us on what would be your idea of how to solve it? On a solution?

>> MEIKE ERBGUTH-FELDER: Yeah. I would like to point out that we need to increase the digitalization in schools. I’m afraid that I’m not sure if it’s going backwards after corona or another lockdown, anyway.

And I also want to point out I think it’s a big problem that the ministry or the administration acts very, very slow and in this time, we don’t – we have to be very quick in acting and quick in getting knowledge and how we can show digitalization – sorry – in – well, in schools.

>> OLGA STEPANOVA: Okay. Thank you. Thank you, Meike, I believe that being ready and being quick is also very important, because the world outside is changing that quick that we have barely no option otherwise, we will be somewhere very much behind so Teresa, what is your approach or potential solution or how do you think we can manage the situation?

>> TERESA WIDLOK: Yeah, I think the one point I would like to make at the end of this ties back to what I said at the beginning. I think good policy making, good solution finding feed on a level of digitalization in general, or data protection works only with civil society and the stakeholders who need to be involved with the community.

So forums like this and the IGF or other forums are really good way and the policymakers should kind of tap into the vast resources that are out there in order to make their policies better.

>> OLGA STEPANOVA: Yep, inclusion is definitely and involving civil society is definitely something we need to do and I think there is even no other way because otherwise, we will lose a big part of the population just leaving them behind.

So now we are definitely ran out of time, and I would like to close this session, this workshop and say that it was very interesting for me at least. Hopefully it was also interesting for you. It was a really interesting seeing what I expected it would be like, while planning and what we had right now, and thank you. That’s why – thank you so much for those who participated here. I think somehow we discussed the potential solution. It’s not that there is no solution and we somehow need to get along with this. No, it’s up to us, all of us, public sector, politics, administrative bodies whoever, to work on this solution.

So I’m somehow confident and optimistic that we will find our way, even though this is a hard process and good things never come easy.

So I hope that somehow all of you who are participating in this session today will have an impact on finding and implementing a solution. It was very nice meeting you here. Thank you for your time. I hope you enjoyed the session. And a special thank you to all the key participants who participated in this session.

I value your time and appreciate you being here. What else can we say?

>> MARCO ZENNARO: The session is not over. We need to have the messages from the rap reporter right now.


>> MARCO ZENNARO: That’s the end of the session.


>> Thanks to the studio. And sorry, Olga, at the end, we will just – I will just show – you kind of concluded everything. But just shortly, Ivan, from Geneva Internet Platform and we provide the reports from the EuroDIG sessions. So I would like to have a couple of messages from this session, which I have just drafted regarding the discussion we know, these are not the final messages. These are just like in an overview, so it will be nice to read them if you don’t have any strong disagreement with this, or you do have it, please let me know. And we can go through it.

So this will be published as a first overview of this session. But full reports will be available. So please just let’s go through it. Is it correct or you find anything that was not in the spirit of discussion?

So for like the first part of the session, I highlighted and you can see in the field of online participation and online work, we need to start introduce more thorough privacy policies and appropriate training for present and future remote industries, meaning that we can start now and that will be good.

Another point is of course, digital literacy, mentioned here many times to prevent increased attack on users in a financial sector. This is having on mind all sorts of scams and attacks amplified during the period of extensive use of online finance. Is this okay with you guys? Okay. Good. So we can go the next message. With introduction of online tools in telemedicine. This is really brief example, mentioned here. With the introduction of online tools in telemedicine, online education and public sector, big task will be actively promote idea that data protection is not an obstacle to productivity, but instead great products need to have this implemented. And as an example offer of corona tracking discussion.

No objection on it. I would add education. Cool. Thanks, Jörn.

I see this. And as the last one, it’s kind of scope of this post, let’s say, question and answers part to the session. Which is even with GDPR in place, compliancy is of services is often overlooked in search of the right balance on the tech advancements and rights of users good.

Way forward might be to see what is the specific goal for the regulation and address that particular issue. Okay. I see your comments in the chat now. Okay.

>> PARTICIPANT: May I go ahead. Just replace privacy with data protection or something. Yeah.

>> TERESA WIDLOK: I second what Marianne said.

>> Thank you very much. That was my four or five main messages. Thank you, Olga.

>> OLGA STEPANOVA: Thank you. So see you. Keep healthy and hopefully perhaps next year we meet in person and we see that we have got very good – very good proper plan on how to solve the issues we identified today.

So thanks once again for having me here and bye-bye.

>> Bye all.

>> Thank you.