Talking about the ePrivacy regulation, or an alternative GDPR birthday party
The 25th May was the birthday of GDPR – the European general data protection regulation came into force. Most of us will have noticed this based on the incredible amount of emails we received from websites we didn’t even remember ever giving our data to. With GDPR, we now have more rights with regards to organisations that hold data about us. Among others, this includes the rights to access our data, restrict how it is used, or have it deleted.
Also on the 25th May, a group of about 30 students, academics, politicians and industry representatives came together to debate whether GDPR was going far enough. Keynote speaker Julia Reda – better known for her work on copyright reform as a Member of the European Parliament – picked up on the timeliness of this debate: The right time to discuss the value and intention of a new regulation is not when it is introduced, but when it is formulated. And for the new European ePrivacy Regulation, which will eventually complement GDPR, that is right now.
In the first panel, we discussed whether an ePrivacy Regulation was needed at all (Spoiler: Yes, of course!). Jennifer Baker, a journalist specialised in digital, security and tech, shared her insight into the ‘sausage making machine’ of Brussels, where these laws are made. Daniel Westman, an independent legal and policy advisor, offered a detailed look at the effect of the new regulation on how content can be filtered. Lastly, Peter Wright from DigitalLawUK shared some insight into his work around GDPR, and what the current legislation is based on – including a journey back to 2009, when the current directive was last amended, to include the requirement to consent to cookies. He made a convincing case that GDPR compliance cannot be a checklist exercise, there is no one document to make organisations compliant. Instead, being – and staying! – compliant requires cultural change.
After lunch, we swapped over from law to computer science, and discussed the practical implications of the ePrivacy regulation. Federica Paci explained how content and metadata can be protected, and argued that metadata should be considered even more sensitive than the content of messages! Richard Gomer explained how online advertising works, and just how pervasive tracking of individual users is – and how the new regulation might tackle this. Concluding the day, Faranak Hardcastle continued the theme on online advertising, and explained which stakeholders are involved.
Overall, it was a really interesting day, with a very engaged audience and lots of interesting discussion. Everyone came away with a feeling that we should be doing this again – maybe to discuss the next hot topic when the ePrivacy Regulation is introduced?!
The GDPR and ePrivacy conference was hosted by Sophie Stalla-Bourdillon from iClic, and Gefion Thuermer for the Web Science Institute and Centre for Doctoral Training. All pictures are CC0. Julia Redas keynote can be watched here.