Programme

Data is not the new oil, it is the new uranium. Dangerous to manipulate and explosive. Application Programming Interfaces (API) allow several information systems to communicate together on behalf of users without the need for a graphical interface and manual intervention. Exchanging data, sometimes highly sensible and private, along the chain of connected systems presents unique challenges. What does it imply for the data subject? How can we be sure that, in an ever growing API economy, data is handled and processed everywhere according to the consents provided by the data subject? This presentation draws a quick overview of how data exchanges work in an API ecosystem and what the challenges are, especially in relationship to identification/authentication and authorization enforcement.

The Commission is exploring what can be done to facilitate the uptake of digital identity solutions. This with a focus on the financial services industry, but which might also be quite inspirational across other industries. The development of digital identity solutions which are interoperable across borders would represent (especially in this era of COVID) a significant boost to the development of an internal market, while at the same time they can be an important and powerful tool to fight cybercrime and fraud and to improve regulatory compliance. The upcoming review of the eIDAS regulation and the planned revision of AML rules represent important opportunities as they would provide further clarity and standardisation with regards to digital onboarding and identity proofing.

The corona pandemic is the first major pandemic in times of big data, AI and smart devices. Some nations have demonstrated that these technologies can be deployed successfully at a large scale to support a trace/quarantine/test/isolate strategy in order to contain a pandemic. However, serious concerns have been raised on the privacy implications of some solutions, which makes them incompatible with privacy and human rights that are protected by EU law. This talk presents a survey of these attempts and the related privacy concerns. It will also present the contact tracing solution developed by the DP-3T (Distributed Privacy-Preserving Proximity Tracing) consortium that is being rolled out in more than 20 countries and states, with support of Google and Apple. This solution combines privacy-by-design with a data minimization approach.