It’s a common myth that a trainee’s daily routine consists of making cups of coffee and photocopies. Here at the EDPS, however, that myth couldn’t be further from the truth.
One of the many important tasks we entrust our trainees with is the industrious task of organising a conference on a data protection issue of their choice.
This time round, the trainees chose to focus on the life cycle of data, specifically how our relationship with our personal data evolves over our lifetime. Our guest blogger, Elizabeth, one of the trainees responsible for organising the conference, explains more.
Today we celebrate the 14th annual Data Protection Day (DPD). This extremely important day in the EDPS calendar marks the anniversary of the Council of Europe's Convention 108, the first legally binding international framework for data protection.
This year’s DPD is made all the more special, as Europe is also celebrating its Data Protection Golden Anniversary; it is now 50 years since the first European data protection law was passed in the German Federal State of Hesse.
As has become the tradition, the EDPS and the EDPB decided to mark this year’s DPD not only through participating in and organising a number of the panels at this year’s CPDP conference, but also through the organisation of a data protection conference for trainees working at the EU institutions in Brussels.
With data protection issues becoming increasingly important to the public psyche, garnering an ever-higher level of media attention, we wanted our conference to be an engaging and informative exploration of how individuals can develop a transparent and fully-functioning relationship with their data. We wanted everyone involved to learn more about what happens to our personal data once it is recorded online, as well as the choices and options available to us.
We focused on the concept of data doubles: the digital imprints we actively or passively create while we are online, which are used to categorise and target us, lingering throughout our human lifetime and beyond. Certain recent landmark events, such as the Cambridge Analytica case, have raised awareness, and even a certain level of anxiety, about how our data can be used and misused in ways unbeknown to us, whether as a result of skim-read terms and conditions or function creep.
The conference was designed to break through the hype and break down the subject matter into clear and digestible information bytes. We wanted participants to go home feeling more confident about their relationship with their data. We therefore asked our panel moderator, Head of the EDPS Private Office Christian D’Cunha, to focus the discussion on three main topics, based on the life cycle of the data double. These were:
• profiling (birth)
• data control (life)
• digital legacy (death)
EDPS Wojciech Wiewiórowski opened the conference with an amusing and thought-provoking speech in which he explained the main concepts to the audience of trainees. He pointed out that we contribute to the life cycle of our data doubles through the chronological order in which we upload information about ourselves. He also explored the dissonance between our virtual and our real selves, and the data doubles we are creating in the present day compared to how our future selves might view them. Contrary to how we may feel, we do hold significant power over the data doubles we create, but this control depends on the choices we make in uploading data.
To encourage our audience to get involved in the discussion, we invited them to participate in Slido polls, gauging their feelings towards matters such as the level to which they should be profiled, the most important powers of control over their data and who, if anyone, should manage their online profiles after death.
It was certainly telling to see that the majority of people felt that they should not be profiled at all. The right to the deletion of data was the most popular right in terms of maintaining control over personal data, while a majority of people felt that they should be able to choose who will manage their profiles after they pass away. The results reflected the societal level of anxiety surrounding control over our data, highlighting issues of (informed) consent and regulation.
A lively panel discussion followed, featuring speakers from a variety of backgrounds - David Martin (BEUC), Cecilia Àlvarez Rigaudias (Facebook) and Gabriela Zanfir-Fortuna (Future for Privacy Forum) - in order to give our audience a multifaceted perspective of the subjects at hand. Our moderator asked thought-provoking questions of the speakers, who successfully brought their expertise and experience to the table, covering a range of topics from the legal basis of profiling under the General Data Protection Regulation (GDPR) to the ways in which social media users can manage their digital legacy settings.
One interesting point raised was that, while the GDPR makes clear that it does not apply to people who have passed away, recital 27 states that Member States may provide for rules regarding the processing of personal data of deceased persons. This means that legislation in this area is becoming more fragmented.
Isabelle Vereecken, the Head of the EDPB secretariat, excellently rounded off the conference by summarising the key discussion points and providing some closing remarks, reminding us all that the EU legal framework does afford us both the rights and legal means to defend our data, and that awareness of these rights is key.
The trainees would like to thank everyone involved in the conference. We hope that the subjects covered left a lasting impression in everyone’s mind - after all, we know our myriad data doubles will leave a lasting impression on the Internet.