IPEN Workshop on Digital Identity

The EDPS and the Cardinal Stefan Wyszyński University are organising on 22 June 2022 an Internet Privacy Engineering Network (IPEN) workshop on Digital Identity.

Where : Cardinal Stefan Wyszynski University, Wóycickiego 1/3, Warsaw, Auditorium Maximum (building no. 21), Robert Schuman Auditorium.

"A wide debate has been ongoing on organisational and technological choices to design digital identity schemes and portfolios of personal attributes for digital authorisation purposes that can fully implement the GDPR principle of data protection by design and by default. 

All this while the European co-legislators are discussing an EU policy initiative establishing a framework for a European Digital Identity and recommending the design of a toolbox to support that framework. 

The workshop aims at understanding the challenges and identifying the state of the art of the available options for compliant and privacy-enhancing solutions."


Remote participants can use the following link to connect to the streaming:


IPEN Workshop 22 June 2022

“Digital Identity” in data protection by design current developments and future trends


9:00 - 9:45

Registration and Coffee


9:45 - 10:15

Welcome Keynotes

Professor Grażyna Szpor and Dr Kamil Czaplicki, Cardinal Stefan, Wyszynski University 

Wojciech Wiewiórowski, EDPS

10:15 - 10:40

Invited talk

Anders Gjøen, European Commission 

10:40 – 11:00

Coffee Break


11:00 - 12:20

Session 1: State of the art of privacy preserving digital IDs

Q&A Session

Thomas Lohninger, EPICENTER

Rossen Naydenov, ENISA

Stephan Engberg, CitizenKey

Bart Jacobs, Radboud University Nijmegen, IRMA

Moderator: Piotr Drobek, UKSW

12:20 - 12:50 Invited talk

Marie-Charlotte Roques-Bonnet, ID Side

Carlos Velasco, ByEvolution

12:50 - 13:50



13:50 – 15:20

Session 2: Current developments in digital IDs and digital wallets projects

Q&A Session

Daniela Pöhn, Universität der Bundeswehr München

Ruth Puente, Digital Identification and Authentication Council of Canada

Dalius Kubylis, Center for Informatics Technology, Poland

Jan Willemson, Cybernetica

Moderator: Dina Kampouraki, EDPS

15:20 – 15:40

Coffee Break


15:40 – 16:50

Session 3: Future Developments

Q&A Session

Alessandro Ortalda, Vrije Universiteit Brussel

Luca Castellani, UNCITRAL

Roberto Garavaglia, Innovative Payments and blockchain Strategic Advisor

Jacoba Sieders, EU SSIF Lab

Moderator: Prokopios Drogkaris, ENISA

16:50 - 17:00

Concluding remarks - EDPS

Massimo Attoresi, EDPS
17:00 - 17:30 Networking chat  


IPEN invites participants from different areas such as regulators, academia, open source and business development, and other individuals who are committed to finding engineering solutions to privacy challenges. The overall objective is to integrate data protection and privacy into all phases of the development process, from the requirements phase to production, as most appropriate depending on the development model and the application environment.

The event is followed by the Annual Privacy Forum 2022, which is organised also in Warsaw on 23-24 June by ENISA, DG Connect,  the Cardinal Stefan Wyszyński University and the Koźmiński University.

Registration details

The workshop is organized in Warsaw and online and is free of charge.

Participants attending the workshop in Warsaw will carry their own expenses.

For remote participation, registration is not obligatory and the connection link will be published in the IPEN website a day prior to the event.

To register to attend the workshop in Warsaw or remotely, please click here.

To know how we process your persona data please read the Data Protection Notice.

For more information about the Internet Privacy Engineering Network, please check the IPEN homepage, the IPEN Wiki and/or consider joining the IPEN mailing list.



Practical information

Cardinal Stefan Wyszynski University, Auditorium Maximum (building no. 21), Kazimierza Wóycickiego 1/3, 01-938 Warszawa , Robert Schuman Auditorium.

The Campus can be reached by bus lines:

  • No. 181 (stop Żubrowa-UKSW);
  • No. 114 (stop Żubrowa-UKSW or Młociny-UKSW);
  • No. 303 (Żubrowa-UKSW bus stop);
  • No. 150 (Park Młociński stop);
  • No. 750 (Park Młociński stop).

It is also convenient and fast to get from the city centre to Młociny underground station and then take a taxi or bus to UKSW. You can also check how to get to the UKSW campus on A map of the campus is available here.


Massimo Attoresi

Massimo is the Acting Head of the Technology & Privacy unit of the EDPS, which he joined in 2012. From October 2014 to September 2020 he was also the Data Protection Officer of the EDPS. He provides advice on the impact of technology on privacy and other fundamental rights due to the processing of personal data. Among the topics he has focused on: cloud computing, online tracking and profiling, privacy of electronic communications, privacy and data protection by design and by default, data protection engineering, DPIAs. He graduated as an Electronic Engineer. After some years in the private ICT sector, he joined in 2002 the European Anti-fraud Office. From 2007 to 2012 he worked as Data Protection Coordinator and Local Informatics Security Officer in a Directorate General of the European Commission

Luca Castellani

Luca Castellani is a legal officer in the Secretariat of the United Nations Commission on International Trade Law (UNCITRAL). As secretary of UNCITRAL Working Group IV (Electronic Commerce), he oversaw the preparation of the UNCITRAL Model Law on Electronic Transferable Records as well as work on the use and cross-border recognition of identity management and trust services. He has assisted several countries in the enactment of UNCITRAL texts on electronic commerce. He is also active in the field of paperless trade facilitation and has contributed to drafting the Framework Agreement on Facilitation of Cross-border Paperless Trade in Asia and the Pacific.

Piotr Drobek

Lawyer. Graduated from the University of Warsaw in 2000. Then he worked in several departments of the Bureau of the Inspector General for Personal Data Protection. Afterwards he fulfilled the function of the Deputy Director of the Social Education and International Co-operation Department and the function of the Director of the Analysis and Strategy Section in the Personal Data Protection Authority. At present, he fulfills the function of the councellor of the President of the Personal Data Protection Office. He was a Chairman of the Joint Supervisory Authority for Customs and is the Chairman of the Coordination Group for the Supervision of the Customs Information System (CIS). He participates in the work of the European Data Protection Board on behalf of the Polish Data Protection Authority. He is also a lecturer at the Faculty of Law and Administration of Cardinal Stefan Wyszyński University in Warsaw.

Prokopios Drogkaris

Dr. Prokopios Drogkaris is a Cybersecurityn Expert at European Union Agency for Cybersecurity (ENISA) working in the areas of Privacy and Data Protection and the EU Cybersecurity Competence Centre. Prior to that, he was also involved in Cybersecurity Certification and Trust Services. Before joining ENISA in 2015, he was involved in several EU funded research projects in the greater area of Information Security within the Hellenic Ministry of Citizen Protection and he held teaching assistant positions in higher education institutions.

Stephan Engberg

At a 2009 French/Danish Conference, Caspar Bowden introduced Stephan Engberg as the strongest champion for privacy in Europe following 10 years as member of the international advisory board of Privacy International. From a background specializing in how complex systems evolve and 15 years in the privacy sector, he focused on Identity and Privacy with two startups focused on trustworthy design, active participation in EU security and digital economics research including member of the strategic advisory board of FP7 Security Research Road-mapping and numerous keynotes, talks, panels etc. Stephan’s consistent effort and argument is that there - with sufficient nuance in design - are no real trade-offs between privacy and other legitimate society interests such as research, anti-crime, taxation, public sector effectiveness, innovation, convenience etc. On the contrary – properly aligned privacy would be the active enabler of data sharing for other purposes. Together with people like Caspar Bowden and others this understanding was actively incorporated as requirements of trustworthy structures and pseudonymity into eIDAS and the focus on state-of-the-art data minimization in GDPR as the main legal drivers. In 2014 with the failure of Identity mixer, U-Prove and governments failure to incorporate pseudonymity in national id Structures, Stephan Engberg realized that the complexity of identity cannot be resolved through reports and partial input but calls for dedicated long-term efforts across hardware, software, processes and economic models designed around citizen control of keys and data while enabling solutions to secondary societal agendas. This started the CitizenKey project as a technology framework enabling Trustworthy Identity and data sharing and aiming to provide an add-on infrastructure enabling Trustworthy Inclusive Interoperability and now emerging.

Roberto Garavaglia

Independent Strategic Advisor in Innovative Payments and blockchain, for thirty years he has been helping companies in the creation of new value propositions. In 2014 he was among the first in Italy to deal with blockchain projects in the digital finance sector. In addition to his work as an independent advisor, he also works in the field of science dissemination and lectures at companies and universities. Since 2008 he has been collaborating with Politecnico di Milano - Digital Innovation Observatories, contributing with his experience to the analysis of strategies in the field of Innovative Payments and holding courses on blockchain and the market scenarios that can guide its cross-industry development. He has to his credit countless scientific publications developed within the Observatories of the Politecnico di Milano, on topics concerning innovation and regulation of innovative payment systems and blockchain. In 2013 he launched the portal of which he is scientific coordinator. Author of books, he published for Hoepli Editore the best seller " Tutto su Blockchain " inMay 2018, " Conoscere la blockchain – For dummies " in June 2021, “Tutto sugli NFT” in February 2022.

Anders Gjøen

Anders Gjøen is a legal and policy officer in the Commission, in the Unit responsible for the revision of the eIDAS Regulation. Anders has a legal background from the University of Oslo with a varied experience from the private and the public sector, including in the field of copyright, publishing of legal text books, the management of the EEA Agreement and the Open Data Directive. As an entrepreneur, Anders started a business-providing infrastructure for eLearning, and in the early days of social media looking at providing social monitoring tools for elections, inter alia providing insights on the French election in 2007 to French media. Anders has worked for DG CNECT and on the eIDAS framework since 2015.

Bart Jacobs

Bart Jacobs is a professor of computer security, privacy and identity at Radboud University Nijmegen, The Netherlands. His work covers both theoretical computer science and more practical, multidisciplinary work, esp. in computer security and privacy. Jacobs is a member of the Academia Europaea and of the Royal Netherlands Academy of Arts and Sciences (KNAW), and a recipient of an ERC Advanced Grant. He is an active participant in societal debates about security and privacy, in the media and in various advice roles e.g. for government and parliament. He chairs a non-profit spin-off on attribute-based identity management (see and is co-founder of Nijmegen's interdisciplinary hub on security, privacy and data governance ( For more information, see:

Dina Kampouraki

Dina Kampouraki works for the European Data Protection Supervisor (EDPS) as a technology and Security Officer in the Technology and Privacy Unit, which aims, on working privacy and security into technology for the EDPS supervisory and advisory functions. Dina has more than 20 years of experience in data protection and holds an IT security background. She worked for many years in the Hellenic Data Protection Authority and for the Secretariat of Data Protection at the Council of the European Union as a data protection and IT security expert.

Dalius Kubylis

Military University of Technology alumni, with a Master’s degree in Engineering. He majored in Cybernetics. Manager, Business, and System Analyst as well as a Software Developer with over 15 years of experience in both, private and public sectors. For the past 4 years, he has been leading the development of the public mobile wallet app – mCitizen as its Program Manager.”

Thomas Lohninger

Thomas is Executive Director of the digital rights NGO in Vienna, Austria and the Vice President of European Digital Rights. He was a Senior Fellow of the Mozilla Foundation working on Net Neutrality in the European Union. The Center of Internet and Society of the Stanford Law School holds him as a non-residential Fellow. He worked in Brussels as Policy Advisor for European Digital Rights on the European Net Neutrality regulation. His background is in IT, podcasting and socio-cultural anthropology.

Rossen Naydenov

Rossen is a Network and Information security expert, focusing on cyber security in Critical Sectors, specifically in Finance. Areas of expertise include Cloud Computing, Big Data and Digital wallets. He works within the ENISA Policy Development unit, conducting research on topics like security measures, incident reporting and policy implementation. He has more than 15 years of experience in information security collected from various positions in his career.

Alessandro Ortalda

Alessandro Ortalda is doctoral researcher at Vrije Universiteit Brussel and training coordinator at the Brussels Privacy Hub. He holds a bachelor degree in History from Ca' Foscari University and a master of social science in International Security and Law from Southern Denmark University. After his master's degree, Alessandro worked as cybersecurity consultant, specialising in advisory services to governments and international organisations concerning national cybersecurity, cyber-capacity building, national cybersecurity strategy, and national digital identity systems.”

Daniela Pöhn

Daniela Pöhn ( is senior researcher at the research institute CODE at the Universität der Bundeswehr München. Her research is mainly on identity management, in particular federated identity management, integration of security management, and level of assurance. At the same time she is active involved in projects related to interactive cyber training. In her role as a research assistant at the Leibniz Supercomputing Centre, she was task leader in the EU project GÉANT improving the global federation eduGAIN. She was doing her doctorate in parallel at the Ludwig Maximilians University of Munich on the subject of dynamic identity management in federations.

Ruth Puente

Ruth has been working in the digital identity domain for 9 years, leading the certification programs of the US, Canada and UK trust frameworks. She enjoys being part of DIACC and Kantara which contribute to promoting a human-centric Internet and help drive trust. Prior to joining the identity field, she worked 10 years in the Domain Name System industry.

Marie-Charlotte Roques-Bonnet

Marie-Charlotte Roques-Bonnet is a data protection and digital fundamental rights’ expert. She completed a Legal Ph.D. in France on the topic of “The Constitution and the Internet” and was granted the first Law Excellent Award attributed by the French DPA (CNIL) in 2010. A mainstream version of such academic research was published in 2010 (« Can the Law ignore digital revolution? »).After teaching public law and digital communications (2002-2008), she joined Microsoft as Director of EMEA Privacy Policy (2014-2018), Amazon as Head of the Privacy & Security Policy (2020-2021), supported Meta on an ad-hoc project (2021) and now is a full time Senior Data Protection Legal Expert Advisor for NEOM connected city. In 2019, following-up on her PhD work, she created the ID side start-up & project, an "Online Privacy Choices Digital Platform”, now internationally patented (WIPO-PCT) and technically enabling all users to automatically & freely share their by-default Privacy Choices with each website they browse.

Jacoba Sieders

Jacoba Sieders is an expert in Digital Identity, Access Control and Management. Jacoba is member of the Advisory Board of the EU Self-Sovereign Identity -Lab, deciding about digital innovation grants from the EU, and functioned as digital identity specialist for the Dutch Blockchain Coalition. She is a well-known speaker on the topic of digital identity and secure access at high-profile congresses across Europe, and working as a freelance expert today. Since 2001, she held executive positions leading these topics at global banks in the Netherlands; ING Group, Rabobank International, and ABNAMRO, where she was accountable for all secure digital access to the banks systems globally, including online and mobile banking. She then led the digital access control function at the European Investment Bank in Luxembourg (the financial institution of the EU).Next to access control, biometrics, and the other technical aspects of digital identity, relevant legislation for the financial industry, cyber security, and privacy, is her special topic, such as GDPR, Payment Services Directive II, e-IDAS, and AML.

Grażyna Szpor

Grażyna Szpor is a Professor of Law, Head of the Department of Informatics Law at the Faculty of Law and Administration of Cardinal Stefan Wyszyński University in Warsaw. Vice-President of the Law and Informatics Scientific Centre. Vice-President of the Sector Council for Telecommunications and Cyber Security Competence. Leader of scientific projects. Author and scientific editor of over 200 publications, including a twelve-volume monograph on openness and its limitations in a democratic state ruled by law [published by C.H. Beck 2013-2016] and a 13-volume series on Internet security [published by C.H.Beck 2011-2022].

Carlos Velasco

Carlos is a software engineer and he has been working in the technology industry since 2002.He has held all kinds of technical roles from developer, software architect, team leader to CTO positions for the last 10 years. He has worked in international banking environments and public administrations. Within the private sector, he also have experience in the Hospitality sector. His career is closely linked to R&D projects applied to all those sectors. Since 2015 he has been working together with my team at Byevolution to create a new family of software technologies that can allow the globalization of the Internet of Value and its adaptation to mass consumption environments (billions of people and machines interacting in real time to exchange secure digital assets).

Jan Willemson

Jan Willemson defended his PhD in computer science at Tartu University, Estonia, in 2002. He has been working at Cybernetica as a researcher since 1998, specializing in information security and cryptography. His areas of interest include risk analysis of heterogeneous systems, secure multi-party computations, e-government solutions and security aspects of Internet voting. He has authored more than 70 research papers published in international journals and conferences.