C&R News 10 min read

Highlights from the Data Protection Day Conference

Jan 29, 2025 Highlights from the Data Protection Day Conference

This blog was originally posted on 29th January, 2025. Further regulatory developments may have occurred after publication. To keep up-to-date with the latest compliance news, sign up to our newsletter.

AUTHORED BY ANI NOZADZE, SENIOR REGULATORY COMPLIANCE SPECIALIST & TEAM LEAD, COMPLIANCE & RISKS


To mark Data Protection Day, on 28 January 2025, a conference entitled “A New Mandate for Data Protection” was co-organised by the Council of Europe (CoE), CPDP Conferences and the European Data Protection Supervisor (EDPS). Some of the topics discussed at the conference included emerging technologies and their regulation, challenges to innovation posed by regulatory frameworks, regulatory and enforcement priorities, the issue of protecting data internationally in the context of new AI systems, etc.

Below are some highlights of the panel discussions.

Policy Priorities and a Look Ahead on Digital Legislation

The first main session aimed to gather insights from various EU bodies, EU Member State representatives and the UK Information Commissioner on the priorities in the coming months and years. Representatives of the EU Commission, EU Parliament, and the Polish Government gave some insights into the topics of focus in the digital space. Common themes referred to by the speakers included the desire to eliminate the administrative burden for the business sector in order to support innovation; however, it was also stressed that the EU will ensure the fundamental rights are protected in this process. The speakers noted that even though the EU General Data Protection Regulation (GDPR) is delivering results, some divergence in enforcement has been identified and needs to be addressed. The safe development of artificial intelligence and boosting the EU’s cybersecurity resilience were highlighted as the topics that will be high on the agenda during the Polish presidency of the Council of the EU (1 January – 30 June 2025). The industry association representatives stressed the need for the involvement of businesses so that the discussions around privacy protection are practical and not too academic.  

The keynote speech from the Chair of the CoE’s Convention 108 Consultative Committee highlighted the importance of having a common instrument as a basis of personal data protection across the world, which can potentially be the CoE Convention 108+ (as of today, this Convention requires seven more ratifications to enter into force).Another keynote speech, delivered by the Vice Chair of the European Data Protection Board (EDPB), underlined that the EDBP will continue its efforts in relation to the GDPR, and will also cooperate with other regulators to ensure the coherent implementation of the various EU digital laws (Digital Markets Act, Digital Services Act, AI Act, etc.). She also noted that in addition to the guidelines issued by the EDPB and the national DPAs, the case law from the Court of Justice of the European Union is also helping in clarifying the rules and concepts of the GDPR, so it is important to stay up-to-date with the jurisprudence.

Neurotechnologies and Data Protection

The second main session examined neuroscience and data protection from various perspectives — academia, regulators, international organisations such as the OECD, and the European Court of Human Rights. The panel discussed the concept of mental privacy, emerging neurotechnologies and their regulation, the impact of neurotechnologies on the advances in the medical field, the threats that neurotechnologies may entail and the need for mental privacy impact assessments, etc.

Data Protection Enforcement and its Challenges

During one of the side sessions, entitled “Beyond Privacy: Unveiling the True Stakes of Data Protection”, the panelists discussed the current priorities in the work of various stakeholders (companies, data protection authorities (DPAs), NGOs, courts), stressing the importance of vigorous enforcement, especially in the case of individual complaints lodged with the data protection authorities in the EU Member States. However, in another session, the Belgian DPA representative mentioned that the DPAs’ enforcement actions should be planned in a strategic manner to assess the biggest risks and focus on those rather than just individual complaints. 

In this side session the discussions also touched upon the ethics of data protection, challenges arising from using personal data in online advertising, and the necessity of privacy-enhancing technologies in order to maintain the balance between innovation and business interests on the one hand, and privacy protection and user trust on the other. The third and final main session, titled “Forging the Future: Reinventing Data Protection?”, featured panelists who exchanged views on the overarching aim of data protection (including protecting democracy), systemic risks that privacy protection addresses and various other issues such as “consent or pay”, enforcement models for various EU digital regulations and best possible ways to approach enforcement.

Conclusion

As seen from the above discussions, businesses should anticipate further enforcement activities within the framework of the GDPR and other EU digital regulations. To stay compliant, in addition to regulations, companies will need to monitor further guidance documents, case law and other developments in privacy and its intersecting fields.

Stay Ahead Of Regulatory Changes

Want to stay ahead of these regulatory developments?

Accelerate your ability to achieve, maintain & expand market access for all products in global markets with C2P – your key to unlocking market access, trusted by more than 300 of the world’s leading brands.
C2P is an enterprise SaaS platform providing everything you need in one place to achieve your business objectives by proving compliance in over 195 countries.

C2P is purpose-built to be tailored to your specific needs with comprehensive capabilities that enable enterprise-wide management of regulations, standards, requirements and evidence.
Add-on packages help accelerate market access through use-case-specific solutions, global regulatory content, a global team of subject matter experts and professional services.

  • Accelerate time-to-market for products
  • Reduce non-compliance risks that impact your ability to meet business goals and cause reputational damage
  • Enable business continuity by digitizing your compliance process and building corporate memory
  • Improve efficiency and enable your team to focus on business critical initiatives rather than manual tasks
  • Save time with access to Compliance & Risks’ extensive Knowledge Partner network

Updates on Key EU Environmental Regulations and China RoHS

Uncover recent key updates and issues that could have significant effects on manufacturers, their approaches to product development, and their supply chains.