Videos from the Computers, Privacy & Data Protection 2019: Data Protection and Democracy are already available (featuring Katarzyna Szymielewicz and Karolina Iwańska).

CPDP 2019: Uncovering the hidden data ecosystem (Katarzyna Szymielewicz)

In November 2018, complaints were filed against seven data brokers, ad-tech companies and credit referencing agencies with data protection authorities in France, Ireland, and the UK. These complaints target companies that, despite exploiting the data of millions of people, are not household names and therefore rarely have their practices challenged. It’s incredibly difficult - even for experts - to understand what is happening to our data. Nowhere is such data exploitation more persistent and systemic than in the complex data ecosystem. The drive to create targeted ads has created an entire ecosystem made up of thousands of companies in the business of tracking and profiling people in virtually all aspects. Uncovering the ecosystem is hard and holding the system to account even harder. The panel will shed light on the ecosystem, raise questions around the impact of GDPR on the ecosystem, and discuss lessons learned from academics, civil society, regulators, journalists, and industry.

• Why is the data ecosystem so complex and often hidden?
• Has GDPR changed anything?
• What regulatory enforcement action are we going to see in 2019?
• How can individuals, civil society, journalists and artists shed light into the hidden data ecosystem?

CPDP 2019: Use of personal data by online platforms. Do we still own our data? (Katarzyna Szymielewicz)

Over the years, social networks, search engines, marketplaces and other online platforms accumulated vast amounts of data related to their users. GDPR entitles Internet users to access their data processed by online platforms. On the other hand, providers of new Internet services may also wish to access this data to offer their services. In practice, online platforms tend to deny full acccess to personal data to Internet users as well as to other businesses citing concerns over protection of their trade secrets and investments. The objective of this panel is to discuss to what extent online platforms can control the use of accumulated personal data and the in-formation derived from such data and how the balance can be struck between the interests of online platforms, other Internet businesses and users.

• Who should have the right to claim “data ownership”: online platforms, users or both?
• How can investments of online platforms into development of user databases be adequately protected?
• To what extent should antitrust law regulate use of personal data by online platforms?
• Do online platforms have any arguments, on the grounds of GDPR, to refuse their users full access to (generated) personal data?

CPDP 2019: Civil society and the collective redress of data protection harms (Karolina Iwańska)

The GDPR has introduced new collective redress mechanisms in the field of data protection. In some EU member states, it is even possible to sue for compensation in the frame of such collective action, and many civil society organisations have already seized this opportunity. How do we quantify harm related to the violation of data protection rights? Does the violation of a procedural obligation by a data controller, such as the obligation to maintain a register of processing operations, constitute reparable damage? Or does the law only provide for the possibility to sue for damage that was the consequence of such a violation? We will discuss all of this and more in this session, including the state of play of some of the collective action initiatives and the reaction of data controllers.

• What is the state of play of the implementation of art. 80 GDPR especially with regards to col-lective redress mechanisms?
• How to quantify harms when it comes to asking for compensation for the violation of data protection rights?
• Have collective redress mechanisms changed the landscape of data protection in Europe?
• What happens in cross-border situations where collective redress actions meet the one-stop-shop mechanism?